💾 Archived View for gemini.bortzmeyer.org › rfc-mirror › rfc4011.txt captured on 2024-05-10 at 15:27:31.

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-







Network Working Group                                      S. Waldbusser
Request for Comments: 4011                                    Nextbeacon
Category: Standards Track                                     J. Saperia
                                                    JDS Consulting, Inc.
                                                               T. Hongal
                                               Riverstone Networks, Inc.
                                                              March 2005


                      Policy Based Management MIB

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in TCP/IP-based internets.
   In particular, this MIB defines objects that enable policy-based
   monitoring and management of Simple Network Management Protocol
   (SNMP) infrastructures, a scripting language, and a script execution
   environment.

Table of Contents

   1.  The Internet-Standard Management Framework ..................   3
   2.  Overview ....................................................   4
   3.  Policy-Based Management Architecture ........................   4
   4.  Policy-Based Management Execution Environment ...............  10
       4.1.  Terminology ...........................................  10
       4.2.  Execution Environment - Elements of Procedure .........  10
       4.3.  Element Discovery .....................................  11
             4.3.1.  Implementation Notes ..........................  12
       4.4.  Element Filtering .....................................  13
             4.4.1.  Implementation Notes ..........................  13
       4.5.  Policy Enforcement ....................................  13
             4.5.1.  Implementation Notes ..........................  14
   5.  The PolicyScript Language ...................................  14
       5.1.  Formal Definition .....................................  15



Waldbusser, et al.          Standards Track                     [Page 1]

RFC 4011              Policy Based Management MIB             March 2005


       5.2.  Variables .............................................  18
             5.2.1.  The Var Class .................................  19
       5.3.  PolicyScript QuickStart Guide .........................  23
             5.3.1.  Quickstart for C Programmers ..................  25
             5.3.2.  Quickstart for Perl Programmers ...............  25
             5.3.3.  Quickstart for TCL Programmers ................  25
             5.3.4.  Quickstart for Python Programmers .............  26
             5.3.5.  Quickstart for JavaScript/ECMAScript/JScript
                     Programmers ...................................  26
       5.4.  PolicyScript Script Return Values .....................  26
   6.  Index Information for `this element' ........................  27
   7.  Library Functions ...........................................  28
   8.  Base Function Library .......................................  29
       8.1.  SNMP Library Functions ................................  29
             8.1.1.  SNMP Operations on Non-Local Systems ..........  30
             8.1.2.  Form of SNMP Values ...........................  32
             8.1.3.  Convenience SNMP Functions ....................  34
                     8.1.3.1.  getVar() ............................  34
                     8.1.3.2.  exists() ............................  34
                     8.1.3.3.  setVar() ............................  35
                     8.1.3.4.  searchColumn() ......................  36
                     8.1.3.5.  setRowStatus() ......................  38
                     8.1.3.6.  createRow() .........................  39
                     8.1.3.7.  counterRate() .......................  42
             8.1.4.  General SNMP Functions ........................  44
                     8.1.4.1.  newPDU() ............................  45
                     8.1.4.2.  writeVar() ..........................  45
                     8.1.4.3.  readVar() ...........................  46
                     8.1.4.4.  snmpSend() ..........................  47
                     8.1.4.5.  readError() .........................  48
                     8.1.4.6.  writeBulkParameters() ...............  48
             8.1.5.  Constants for SNMP Library Functions ..........  49
       8.2.  Policy Library Functions ..............................  51
             8.2.1.  elementName() .................................  51
             8.2.2.  elementAddress() ..............................  51
             8.2.3.  elementContext() ..............................  52
             8.2.4.  ec() ..........................................  52
             8.2.5.  ev() ..........................................  52
             8.2.6.  roleMatch() ...................................  52
             8.2.7.  Scratchpad Functions ..........................  53
             8.2.8.  setScratchpad() ...............................  55
             8.2.9.  getScratchpad() ...............................  56
             8.2.10. signalError() .................................  57
             8.2.11. defer() .......................................  57
             8.2.12. fail() ........................................  58
             8.2.13. getParameters() ...............................  58
       8.3.  Utility Library Functions .............................  59
             8.3.1.  regexp() ......................................  59



Waldbusser, et al.          Standards Track                     [Page 2]

RFC 4011              Policy Based Management MIB             March 2005


             8.3.2.  regexpReplace() ...............................  60
             8.3.3.  oidlen() ......................................  60
             8.3.4.  oidncmp() .....................................  60
             8.3.5.  inSubtree() ...................................  60
             8.3.6.  subid() .......................................  61
             8.3.7.  subidWrite() ..................................  61
             8.3.8.  oidSplice() ...................................  61
             8.3.9.  parseIndex() ..................................  62
             8.3.10. stringToDotted() ..............................  63
             8.3.11. integer() .....................................  64
             8.3.12. string() ......................................  64
             8.3.13. type() ........................................  64
             8.3.14. chr() .........................................  64
             8.3.15. ord() .........................................  64
             8.3.16. substr() ......................................  65
       8.4.  General Functions .....................................  65
   9.  International String Library ................................  65
       9.1.  stringprep() ..........................................  66
             9.1.1.  Stringprep Profile ............................  66
       9.2.  utf8Strlen() ..........................................  67
       9.3.  utf8Chr() .............................................  68
       9.4.  utf8Ord() .............................................  68
       9.5.  utf8Substr() ..........................................  68
   10. Schedule Table ..............................................  69
   11. Definitions .................................................  70
   12. Relationship to Other MIB Modules ........................... 113
   13. Security Considerations ..................................... 114
   14. IANA Considerations ......................................... 117
   15. Acknowledgements ............................................ 118
   16. References .................................................. 118
       16.1. Normative References .................................. 118
       16.2. Informative References ................................ 119
   Authors' Addresses .............................................. 120
   Full Copyright Statement ........................................ 121

1.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [16].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [2], STD 58, RFC 2579 [3], and STD 58, RFC 2580 [4].



Waldbusser, et al.          Standards Track                     [Page 3]

RFC 4011              Policy Based Management MIB             March 2005


2.  Overview

   Large IT organizations have developed management strategies to cope
   with the extraordinarily large scale and complexity of today's
   networks.  In particular, they have tried to configure the network as
   a whole by describing and implementing high-level business policies,
   rather than manage device by device, where orders of magnitude more
   decisions (and mistakes) may be made.

   The following are examples of "business policies":

   - All routers will run code version 6.2.
   - On-site contractors will only be connected to ports that are
     configured with special security restrictions.
   - All voice over cable ports in California must provide free local
     calling.
   - Apply special forwarding to all ports whose customers have paid for
     premium service.

   Each of these policies could represent an action applied to hundreds
   of thousands of variables.

   To automate this practice, customers need software tools that will
   implement business policies across their networks, as well as
   standard protocols that will ensure that policies can be applied to
   all of their devices, regardless of the vendor.

   This practice is called Policy-Based Management.  This document
   defines managed objects for the Simple Network Management Protocol
   that are used to distribute policies in a common form throughout the
   network.

3.  Policy-Based Management Architecture

   Policy-based management is the practice of applying management
   operations globally on all managed elements that share certain
   attributes.

   Policies are intended to express a notion of:

      if (an element has certain characteristics) then (apply an
      operation to that element)









Waldbusser, et al.          Standards Track                     [Page 4]

RFC 4011              Policy Based Management MIB             March 2005


   Policies take the following normal form:

      if (policyCondition) then (policyAction)

   A policyCondition is a script that results in a boolean to determine
   whether an element is a member of a set of elements upon which an
   action is to be performed.

   A policyAction is an operation performed on an element or a set of
   elements.

   These policies are most often executed on or near managed devices
   where the elements live (and thus their characteristics may be easily
   inspected) and where operations on those elements will be performed.

   A management station is responsible for distributing an
   organization's policies to all the managed devices in the
   infrastructure.  The pmPolicyTable provides managed objects for
   representing a policy on a managed device.

   An element is an instance of a physical or logical entity and is
   embodied by a group of related MIB variables, such as all the
   variables for interface 7.  This enables policies to be expressed
   more efficiently and concisely.  Elements can also model circuits,
   CPUs, queues, processes, systems, etc.

   Conceptually, policies are executed in the following manner:

   for each element for which policyCondition returns true, execute
      policyAction on that element

   For example:

   If (interface is fast ethernet)       then (apply full-duplex mode)
   If (interface is access)              then (apply security filters)
   If (circuit w/gold service paid for)  then (apply special queuing)

   Each unique combination of policy and element is called an execution
   context.  Within a particular execution context, the phrase 'this
   element' is often used to refer to the associated element, as most
   policy operations will be applied to 'this element'.  The address of
   'this element' contains the object identifier of any attribute of the
   element, the SNMP context the element was discovered in, and the
   address of the system on which the element was discovered.







Waldbusser, et al.          Standards Track                     [Page 5]

RFC 4011              Policy Based Management MIB             March 2005


   Policies can manage elements on the same system:

         -----------------------------------------------------
         |                                                   |
         |              Managed System                       |
         |                                                   |
         |                                                   |
         |   ------------------             Managed Elements |
         |   |                |               interfaces     |
         |   | Policy Manager | manages...    circuits       |
         |   |                |               queues         |
         |   ------------------               processes      |
         |                                    ...            |
         |                                                   |
         -----------------------------------------------------

   or they can manage elements on other systems:

                                            --------------------------
                                            |  Managed System        |
     --------------------------             |    Managed Elements    |
     |                        |             |      interfaces        |
     |  Management Station or |             |      circuits          |
     |    Mid-Level Manager   |             |      ...               |
     |                        |             --------------------------
     |   ------------------   | manages...
     |   | Policy Manager |   |             --------------------------
     |   ------------------   |             |  Managed System        |
     |                        |             |    Managed Elements    |
     --------------------------             |      interfaces        |
                                            |      circuits          |
                                            |      ...               |
                                            --------------------------

                                            ...

   PolicyConditions have the capability of performing comparison
   operations on SNMP variables, logical expressions, and other
   functions.  Many device characteristics are already defined in MIB
   Modules and are easy to include in policyCondition expressions
   (ifType == ethernet, frCircuitCommittedBurst < 128K, etc).  However,
   there are important characteristics that aren't currently in MIB
   objects, and, worse, it is not current practice to store this
   information on managed devices.  Therefore, this document defines MIB
   objects for this information.  To meet today's needs there are three
   missing areas:  roles, capabilities, and time.





Waldbusser, et al.          Standards Track                     [Page 6]

RFC 4011              Policy Based Management MIB             March 2005


   Roles

   A role is an administratively specified characteristic of a managed
   element.  As a selector for policies, it determines the applicability
   of the policy to a particular managed element.

   Some examples of roles are political, financial, legal, geographical,
   or architectural characteristics, typically not directly derivable
   from information stored on the managed system.  For example, "paid
   for premium service" or "is plugged into a UPS" are examples of
   roles, whereas the "percent utilization of a link" would not be.

   Some types of information one would put into a role include the
   following:

   political - describes the role of a person or group of people, or of
               a service that a group of people uses.  Examples:
               executive, sales, outside-contractor, customer.
        If (attached user is executive) then (apply higher bandwidth)
        If (attached user is outside-contractor) then (restrict access)

   financial/legal - describes what financial consideration was
                     received.  Could also include contractual or legal
                     considerations.  Examples: paid, gold, free, trial,
                     demo, lifeline.
        If (gold service paid for) then (apply special queuing)

   geographical - describes the location of an element.  Examples:
                  California, Headquarters, insecure conduit.
        If (interface leaves the building) then (apply special security)

   architectural - describes the network architects "intent" for an
                   element.  Examples: backup, trunk.
        If (interface is backup) then (set ifAdminStatus = down)

      Roles in this model are human-defined strings that can be
      referenced by policy code.  The role table in this MIB may be used
      to assign role strings to elements and to view all role string
      assignments.  Implementation-specific mechanisms may also be used
      to assign role strings; however, these assignments must be visible
      in the role table.  Multiple roles may be assigned to each
      element.  Because policy code has access to data in MIB objects
      that represent the current state of the system and (in contrast)
      role strings are more static, it is recommended that role strings
      not duplicate information available in MIB objects.  Role strings
      generally should be used to describe information not accessible in
      MIB objects.




Waldbusser, et al.          Standards Track                     [Page 7]

RFC 4011              Policy Based Management MIB             March 2005


      Policy scripts may inspect role assignments to make decisions
      based on whether an element has a particular role assigned to it.

      The pmRoleTable allows a management station to learn what roles
      exist on a managed system.  The management station may choose not
      to install policies that depend on a role that does not exist on
      any elements in the system.  The management station can then
      register for notifications of new roles.  Upon receipt of a
      pmNewRoleNotification, it may choose to install new policies that
      make use of that new role.

   Capabilities

      The capabilities table allows a management station to learn what
      capabilities exist on a managed system.  The management station
      may choose not to install policies that depend on a capability
      that does not exist on any elements in the system.  The management
      station can then register for notifications of new capabilities.
      Upon receipt of a pmNewCapabilityNotification, it may choose to
      install new policies that make use of that new capability.

   Time

      Managers may wish to define policies that are intended to apply
      for certain periods of time.  This might mean that a policy is
      installed and is dormant for a period of time, becomes ready, and
      then later goes dormant again.  Sometimes these time periods will
      be regular (Monday-Friday 9-5), and sometimes ad hoc.  This MIB
      provides a schedule table that can schedule when a policy is ready
      and when it is dormant.





















Waldbusser, et al.          Standards Track                     [Page 8]

RFC 4011              Policy Based Management MIB             March 2005


   A policy manager contains the following:

         -------------------------------------------------------
         | Policy Manager                                      |
         |                                                     |
         |   ----------------------------------------          |
         |   | Agent                                |          |
         |   |                                      |          |
         |   |  ---------------------------------   |          |
         |   |  | Policy Download and Control   |   |          |
         |   |  |   pmPolicyTable               |   |          |
         |   |  |   pmElementTypeRegTable       |   |          |
         |   |  |   pmSchedTable                |   |          |
         |   |  ---------------------------------   |          |
         |   |                                      |          |
         |   |  ---------------------------------   |          |
         |   |  | Policy Environment Control    |   |          |
         |   |  |   pmRoleTable                 |   |          |
         |   |  |   pmCapabilitiesTables        |   |          |
         |   |  ---------------------------------   |          |
         |   |                                      |          |
         |   |  ---------------------------------   |          |
         |   |  | Policy Monitoring             |   |          |
         |   |  |   pmTrackingTables            |   |          |
         |   |  |   pmDebuggingTable            |   |          |
         |   |  ---------------------------------   |          |
         |   ----------------------------------------          |
         |                                                     |
         |   --------------------------------                  |
         |   | Execution Environment        |                  |
         |   |                              |                  |
         |   |  -----------------------     |                  |
         |   |  | Policy Scheduler    |     |                  |
         |   |  -----------------------     |                  |
         |   |  -----------------------     |                  |
         |   |  | Language            |     |                  |
         |   |  -----------------------     |                  |
         |   |  -----------------------     |                  |
         |   |  | Function Library    |     |                  |
         |   |  -----------------------     |                  |
         |   --------------------------------                  |
         -------------------------------------------------------









Waldbusser, et al.          Standards Track                     [Page 9]

RFC 4011              Policy Based Management MIB             March 2005


4.  Policy-Based Management Execution Environment

4.1.  Terminology

   Active Schedule - A schedule specifies certain times that it will be
      considered active.  A schedule is active during those times.

   Valid Policy - A valid policy is a policy that is fully configured
      and enabled to run.  A valid policy may run unless it is linked to
      a schedule entry that says the policy is not currently active.

   Ready Policy - A ready policy is a valid policy that either has no
      schedule or is linked to a schedule that is currently active.

   Precedence Group - Multiple policies can be assigned to a precedence
      group with the resulting behavior that for each element, of the
      ready policies that match the condition, only the one with the
      highest precedence value will be active.  For example, if there is
      a default bronze policy that applies to any interface and a
      special policy for gold interfaces, the higher precedence of the
      gold policy will ensure that it is run on gold ports and that the
      bronze policy isn't.

   Active Execution Context - An active execution context is a pairing
      of a ready policy with an element that matches the element type
      filter and the policy condition.  If there are multiple policies
      in the precedence group, it is also necessary that no higher
      precedence policy in the group match the policy condition.

   Run-Time Exception (RTE) - A run-time exception is a fatal error
      caused in language or function processing.  If, during the
      invocation of a script, a run-time exception occurs, execution of
      that script is immediately terminated.  If a policyCondition
      experiences a run-time exception while processing an element, the
      element is not matched by the condition and the associated action
      will not be run on that element.  A run-time exception can cause
      an entry to be added to the pmDebuggingTable and will be reflected
      in the pmTrackingPEInfo object.

4.2.  Execution Environment - Elements of Procedure

   There are several steps performed in order to execute policies in
   this environment:

      - Element Discovery
      - Element Filtering
      - Policy Enforcement




Waldbusser, et al.          Standards Track                    [Page 10]

RFC 4011              Policy Based Management MIB             March 2005


4.3.  Element Discovery

   An element is an instance of a physical or logical entity.  Examples
   of elements include interfaces, circuits, queues, CPUs, and
   processes.  Sometimes various attributes of an entity will be
   described through tables in several standard and proprietary MIB
   Modules.  As long as the indexing is consistent between these tables,
   the entity can be modeled as one element.  For example, the ifTable
   and the dot3Stats table both contain attributes of interfaces and
   share the same index (ifIndex), therefore they can be modeled as one
   element type.

   The Element Type Registration table allows the manager to learn what
   element types are being managed by the system and to register new
   types, if necessary.  An element type is registered by providing the
   OID of an SNMP object (i.e., without the instance).  Each SNMP
   instance that exists under that object is a distinct element.  The
   index part of the discovered OID will be supplied to policy
   conditions and actions so that this code can inspect and configure
   the element.  The agent can determine the index portion of discovered
   OIDs based on the length of the pmElementTypeRegOIDPrefix for the
   portion of the MIB that is being retrieved.  For example, if the
   OIDPrefix is 'ifEntry', which has 9 subids, the index starts on the
   11th subid (skipping the subidentifier for the column; e.g.,
   ifSpeed).

   For each element that is discovered, the policy condition is called
   with the element's name as an argument to see whether the element is
   a member of the set the policy acts upon.

   Note that agents may automatically configure entries in this table
   for frequently used element types (interfaces, circuits, etc.).  In
   particular, it may configure elements for which discovery is
   optimized in one or both of the following ways:

   1. The agent may discover elements by scanning internal data
      structures as opposed to issuing local SNMP requests.  It is
      possible to recreate the exact semantics described in this table
      even if local SNMP requests are not issued.

   2. The agent may receive asynchronous notification of new elements
      (for example, "card inserted") and use that information to create
      elements instantly rather than through polling.  A similar feature
      might be available for the deletion of elements.

   Note that upon restart, the disposition of agent-installed entries is
   described by the pmPolicyStorageType object.




Waldbusser, et al.          Standards Track                    [Page 11]

RFC 4011              Policy Based Management MIB             March 2005


   A special element type "0.0" represents the "system element".  "0.0"
   represents the single instance of the system itself and provides an
   execution context for policies to operate on "the system" and on MIB
   objects modeled as scalars.  For example, "0.0" gives an execution
   context for policy-based selection of the operating system code
   version (likely modeled as a scalar MIB object).  The element type
   "0.0" always exists.  As a consequence, no actual discovery will take
   place and the pmElementTypeRegMaxLatency object will have no effect
   for the "0.0" element type.  However, if the "0.0" element type is
   not registered in the table, policies will not be executed on the
   "0.0" element.

   If the agent is discovering elements by polling, it should check for
   new elements no less frequently than pmElementTypeRegMaxLatency would
   dictate.  When an element is first discovered, all policyConditions
   are run immediately, and policyConditions that match will have the
   associated policyAction run immediately.  Subsequently, the
   policyCondition will be run regularly for the element, with no more
   than pmPolicyConditionMaxLatency milliseconds elapsing between each
   invocation.  Note that if an implementation has the ability to be
   alerted immediately when a particular type of element is created, it
   is urged to discover that type of element in this fashion rather than
   through polling, resulting in immediate configuration of the
   discovered element.

4.3.1.  Implementation Notes

   Note that although the external behavior of this registration process
   is defined in terms of the walking of MIB tables, implementation
   strategies may differ.  For example, commonly used element types
   (such as interface) may have purpose-built element discovery
   capability built-in and advertised to managers through an entry in
   the pmElementTypeRegTable.

   Before registering an element type, a manager is responsible for
   inspecting the table to see whether it is already registered (either
   by the agent or by another manager).  Note that entries that differ
   only in the last subid (which specifies which object is an entry) are
   effectively duplicates and should be treated as such by the manager.

   The system that implements the Policy-Based Management MIB may not
   have knowledge of the format of object identifiers in other MIB
   Modules.  Therefore it is inappropriate for it to check these OIDs
   for errors.  It is the responsibility of the management station to
   register well-formed object identifiers.  For example, if an extra
   sub-identifier is supplied when the ifTable is registered, no





Waldbusser, et al.          Standards Track                    [Page 12]

RFC 4011              Policy Based Management MIB             March 2005


   elements will be discovered.  Similarly, if a sub-identifier is
   missing, every element will be discovered numerous times (once per
   column) and none of the element addresses will be well formed.

4.4.  Element Filtering

   The first step in executing a policy is to see whether the policy is
   ready to run based on its schedule.  If the pmPolicySchedule object
   is equal to zero, there is no schedule defined, and the policy is
   always ready.  If the pmPolicySchedule object is non-zero, then the
   policy is ready only if the referenced schedule group contains at
   least one valid schedule entry that is active at the current time.

   If the policy is ready, the next step in executing a policy is to see
   which elements match the policy condition.  The policy condition is
   called once for each element and runs to completion.  The element's
   name is the only argument that is passed to the condition code for
   each invocation.  No state is remembered within the policy script
   from the previous invocation of 'this element' or from the previous
   invocation of the policy condition, except for state accessible
   through library functions.  Two notable examples of these are the
   scratchpad functions, which explicitly provide for storing state, and
   the SNMP functions, which can store state in local or remote MIB
   objects.  If any run-time exception occurs, the condition will
   terminate immediately for 'this element'.  If the condition returns
   non-zero, the corresponding policy action will be executed for 'this
   element'.

   If an element matches a condition and it had not matched that
   condition the last time it was checked (or if it is a newly
   discovered element), the associated policyAction will be executed
   immediately.  If the element had matched the condition at the last
   check, it will remain in the set of elements whose policyAction will
   be run within the policyActionMaxLatency.

4.4.1.  Implementation Notes

   Whether policy conditions are multi-tasked is an implementation-
   dependent matter.  Each condition/element combination is conceptually
   its own process and can be scheduled sequentially, or two or more
   could be run simultaneously.

4.5.  Policy Enforcement

   For each element that has returned non-zero from the policy
   condition, the corresponding policy action is called.  The element's
   name is the only argument that is passed to the policy action for
   each invocation.  Except for state accessible from library functions,



Waldbusser, et al.          Standards Track                    [Page 13]

RFC 4011              Policy Based Management MIB             March 2005


   no state is remembered from the policy condition evaluation, or from
   the previous condition/action invocation of 'this element' or from
   the previous invocation of the policy condition or action on any
   other element.  If any run-time exception occurs, the action will
   terminate immediately for 'this element'.

4.5.1.  Implementation Notes

   How policy actions are multi-tasked is an implementation-dependent
   matter.  Each condition/element combination is conceptually its own
   process and can be scheduled sequentially, or two or more could be
   run simultaneously.

5.  The PolicyScript Language

   Policy conditions and policy actions are expressed with the
   PolicyScript language.  The PolicyScript language is designed to be a
   small interpreted language that is simple to understand and
   implement; it is designed to be appropriate for writing small scripts
   that make up policy conditions and actions.

   PolicyScript is intended to be familiar to programmers that know one
   of several common languages, including Perl and C.  Nominally,
   policyScript is a subset of the C language; however, it was desirable
   to have access to C++'s operator overloading (solely to aid in
   documenting the language).  Therefore, PolicyScript is defined
   formally as a subset of the C++ language in which many of the
   operators are overloaded as part of the "var" class.  Note, however,
   that a PolicyScript program cannot further overload operators, as the
   syntax to specify overloading is not part of the PolicyScript syntax.
   A subset was used to provide for easy development of low-cost
   interpreters of PolicyScript and to take away language constructs
   that are peculiar to the C/C++ languages.  For example, it is
   expected that both C and Perl programmers will understand the
   constructs allowed in PolicyScript.

   Some examples of the C/C++ features that are not available are
   function definitions, pointer variables, structures, enums, typedefs,
   floating point and pre-processor functions (except for comments).

   This language is formally defined as a subset of ISO C++ [10] but
   only allows constructs that may be expressed in the Extended Backus-
   Naur Form (EBNF) documented here.  This is because although EBNF
   doesn't fully specify syntactical rules (it allows constructs that
   are invalid) and doesn't specify semantic rules, it can successfully
   be used to define the subset of the language that is required for





Waldbusser, et al.          Standards Track                    [Page 14]

RFC 4011              Policy Based Management MIB             March 2005


   conformance to this specification.  Unless explicitly described
   herein, the meaning of any construct expressed in the EBNF can be
   found by reference to the ISO C++ standard.

   The use of comments and newlines are allowed and encouraged in order
   to promote readability of PolicyScript code.  Comments begin with
   '/*' and end with '*/' or begin with '//' and go until the end of the
   line.

   One subset is not expressible in the EBNF syntax: all variables
   within an instance of a PolicyScript script are within the same
   scope.  In other words, variables defined in a block delimited with
   '{' and '}' are not in a separate scope from variables in the
   enclosing block.

   PolicyScript code must be expressed in the ASCII character set.

   In the EBNF used here, terminals are character set members (singly or
   in a sequence) that are enclosed between two single-quote characters
   or described as a phrase between '<' and '>' characters.
   Nonterminals are a sequence of letters and underscore characters.  A
   colon (:) following a nonterminal introduces its definition, a
   production.  In a production, a '|' character separates alternatives.
   The '(' and ')' symbols group the enclosed items.  The '[' and ']'
   symbols indicate that the enclosed items are optional.  A '?'  symbol
   following an item indicates that the item is optional.  A '*' symbol
   following an item indicates that the item is repeated zero, one, or
   more times.  A '+' symbol following an item indicates that the item
   is repeated one or more times.  The symbol '--' begins a comment that
   ends at the end of the line.

5.1.  Formal Definition

   The PolicyScript language follows the syntax and semantics of ISO C++
   [10], but is limited to that which can be expressed in the EBNF
   below.

   The following keywords are reserved words and cannot be used in any
   policy script.  This prevents someone from using a common keyword in
   another language as an identifier in a script, thereby confusing the
   meaning of the script.  The reserved words are:

      auto, case, char, const, default, do, double, enum, extern, float,
      goto, inline, int, long, register, short, signed, sizeof, static,
      struct, switch, typedef, union, unsigned, void, and volatile.






Waldbusser, et al.          Standards Track                    [Page 15]

RFC 4011              Policy Based Management MIB             March 2005


   Any syntax error, use of a reserved keyword, reference to an unknown
   identifier, improper number of function arguments, error in coercing
   an argument to the proper type, exceeding local limitations on string
   length, or exceeding local limitations on the total amount of storage
   used by local variables will cause an RTE.

   PolicyScript permits comments using the comment delimiters, '/*' to
   '*/', or the start of comment symbol '//'.

-- Lexical Grammar

   letter:       '_' | 'a' | 'b' | 'c' | 'd' | 'e' | 'f'
               | 'g' | 'h' | 'i' | 'j' | 'k' | 'l' | 'm'
               | 'n' | 'o' | 'p' | 'q' | 'r' | 's' | 't'
               | 'u' | 'v' | 'w' | 'x' | 'y' | 'z'
               | 'A' | 'B' | 'C' | 'D' | 'E' | 'F'
               | 'G' | 'H' | 'I' | 'J' | 'K' | 'L' | 'M'
               | 'N' | 'O' | 'P' | 'Q' | 'R' | 'S' | 'T'
               | 'U' | 'V' | 'W' | 'X' | 'Y' | 'Z'

   digit:        '0' | '1' | '2' | '3' | '4'
               | '5' | '6' | '7' | '8' | '9'

   non_zero:   '1' | '2' | '3' | '4' | '5' | '6' | '7' | '8' | '9'

   oct_digit:  '0' | '1' | '2' | '3' | '4' | '5' | '6' | '7'

   hex_digit:    digit | 'a' | 'b' | 'c' | 'd' | 'e' | 'f'
                       | 'A' | 'B' | 'C' | 'D' | 'E' | 'F'

   escape_seq:    '\''   |   '\"'   |   '\?'   |   '\\'
                | '\a'   |   '\b'   |   '\f'   |   '\n'
                | '\r'   |  '\t'    |   '\v'
                | '\' oct_digit+    | '\x' hex_digit+

   non_quote:  Any character in the ASCII character set
               except single quote ('), double quote ("),
               backslash ('\'), or newline.

   c_char:            non_quote | '"' | escape_seq

   string_literal:    '"' s_char* '"'

   s_char:            non_quote | ''' | escape_seq

   char_constant:     ''' c_char '''

   decimal_constant:  non_zero digit*



Waldbusser, et al.          Standards Track                    [Page 16]

RFC 4011              Policy Based Management MIB             March 2005


   octal_constant:    '0' oct_digit*

   hex_constant:      ( '0x' | '0X' ) hex_digit+

   integer_constant:  decimal_constant | octal_constant | hex_constant

   identifier:        letter ( letter | digit )*

-- Phrase Structure Grammar

   -- Expressions

   primary_expr:      identifier | integer_constant | char_constant
                    | string_literal  |  '(' expression ')'

   postfix_expr:      primary_expr
                    | identifier '(' argument_expression_list? ')'
                    | postfix_expr '++'
                    | postfix_expr '--'
                    | postfix_expr '[' expression ']'

   argument_expression_list:
                      assignment_expr
                    | argument_expression_list ',' assignment_expr

   unary_expr:        postfix_expr  |  unary_op unary_expr

   unary_op:          '+' | '-' | '~' | '!' | '++' | '--'

   binary_expr:  unary_expr | binary_expr binary_op unary_expr

   binary_op:       '||' | '&&' | '|'  | '^'  | '&'  | '!='
                  | '==' | '>=' | '<=' | '>'  | '<'  | '>>'
                  | '<<' |  '-' | '+'  | '%'  | '/'  |  '*'

   assignment_expr:      binary_expr
                       | unary_expr assignment_op assignment_expr

   assignment_op:     '=' | '*='  | '/=' | '%=' | '+=' | '-='
                  | '<<=' | '>>=' | '&=' | '^=' | '|='

   expression:    assignment_expr | expression ',' assignment_expr

   -- Declarations

   declaration:       'var' declarator_list ';'





Waldbusser, et al.          Standards Track                    [Page 17]

RFC 4011              Policy Based Management MIB             March 2005


   declarator_list:   init_declarator
                    | declarator_list ',' init_declarator

   init_declarator:   identifier [ '=' assignment_expr ]

   -- Statements

   statement:   declaration
              | compound_statement
              | expression_statement
              | selection_statement
              | iteration_statement
              | jump_statement

   compound_statement:    '{' statement* '}'

   expression_statement:  expression? ';'

   selection_statement:
           'if' '(' expression ')' statement
         | 'if' '(' expression ')' statement 'else' statement

   iteration_statement:
           'while' '(' expression ')' statement
         | 'for' '(' expression? ';' expression? ';' expression? ')'
               statement

   jump_statement:    'continue' ';'
                    | 'break' ';'
                    | 'return' expression? ';'

   -- Root production

   PolicyScript:     statement*

5.2.  Variables

   To promote shorter scripts and ease in writing them, PolicyScript
   provides a loosely typed data class, "var", that can store both
   integer and string values.  The native C++ types (char, int, etc.)
   are thus unnecessary and have not been carried into the subset that
   comprises this language.  The semantics of the "var" type are modeled
   after those of ECMAScript[17].

      For example:

         var number = 0, name = "IETF";




Waldbusser, et al.          Standards Track                    [Page 18]

RFC 4011              Policy Based Management MIB             March 2005


   This language will be executed in an environment where the following
   typedef is declared.  (Note that this typedef will not be visible in
   the policyCondition or policyAction code.)

      typedef ... var;

   Although this declaration is expressed here as a typedef, the
   'typedef' keyword itself is not available to be used in PolicyScript
   code.

5.2.1.  The Var Class

   A value is an entity that takes on one of two types: string or
   integer.

   The String type is the set of all finite ordered sequences of zero or
   more 8-bit unsigned integer values ("elements").  The string type can
   store textual data as well as binary data sequences.  Each element is
   considered to occupy a position within the sequence.  These positions
   are indexed with nonnegative integers.  The first element (if any) is
   at position 0, the next element (if any) at position 1, and so on.
   The length of a string is the number of elements (i.e., 8-bit values)
   within it.  The empty string has length zero and therefore contains
   no elements.

   The integer type is the set of all integer values in the range
   -9223372036854775808 (-2^63) to 18446744073709551615 (2^64-1).  If an
   integer operation would cause a (positive) overflow, then the result
   is returned modulo 2^64.  If an integer operation would cause a
   (negative) underflow, then the result is undefined.  Integer division
   rounds toward zero.

   Prior to initialization, a var object has type String and a length of
   zero.

   The policy script runtime system performs automatic type conversion
   as needed.  To clarify the semantics of certain constructs it is
   useful to define a set of conversion operators: ToInteger(),
   ToString(), ToBoolean(), and Type().  These operators are not a part
   of the language; they are defined here to aid the specification of
   the semantics of the language.  The conversion operators are
   polymorphic; that is, they can accept a value of any standard type.









Waldbusser, et al.          Standards Track                    [Page 19]

RFC 4011              Policy Based Management MIB             March 2005


   ToInteger

   The operator ToInteger converts its argument to a value of type
   Integer according to the following table:

         Integer            The result equals the input argument
                            (no conversion).
         String             See grammar and note below.
         integer_constant   The result equals the input argument
                            (no conversion).
         string_literal     See grammar and note below.
         char_constant      See grammar and note below.

   ToInteger Applied to Strings

   ToInteger applied to the String Type string_literal and to
   char_constants applies the following grammar to the input.  If the
   grammar cannot interpret the string as an expansion of
   numeric_string, then an RTE is generated.  Note that a numeric_string
   that is empty or contains only white space is converted to 0.

 -- EBNF for numeric_string

   numeric_string : white_space* numeric? white_space*

   white_space :      <TAB> |  <SP> |  <NBSP> |  <FF> |  <VT>
                    | <CR>  |  <LF> |  <LS>   |  <PS> |  <USP>

   numeric :        signed_decimal |  hex_constant | octal_constant |
                    enum_decimal

   signed_decimal:  [ '-' | '+' ] decimal_constant

   enum_decimal:    [ letter | digit | '-' ]* '(' decimal_constant ')'

   -- decimal_constant, hex_constant, and octal_constant are defined
   -- in the PolicyScript EBNF described earlier.

   Note that when the enum_decimal form is converted, the sequence of
   characters before the parenthesis and the pair of parenthesis
   themselves are completely ignored, and the decimal_constant inside
   the parenthesis is converted.  Thus, "frame-relay(32)" translates to
   the integer 32.

   Although this will make the script more readable than using the
   constant "32", the burden is on the code writer to be accurate, as
   "ethernet-csmacd(32)" and "frame-relay(999)" will also be accepted.




Waldbusser, et al.          Standards Track                    [Page 20]

RFC 4011              Policy Based Management MIB             March 2005


   ToString

   The operator ToString converts its argument to a value of type String
   according to the following table:

      Integer           Return the string containing the decimal
                        representation of the input argument in
                        the form of signed_decimal, except that
                        no leading '+' will be used.
      String            Return the input argument (no conversion)
      integer_constant  Return the string containing the decimal
                        representation of the input argument in the
                        form of signed_decimal except that no
                        leading '+' will be used.
      string_literal    Return the input argument (no conversion)
      char_constant     Return the string of length one containing
                        the value of the input argument.

   ToBoolean

   The operator ToBoolean converts its argument to a value of type
   Integer according to the following table:

      Integer            The result is 0 if the argument is 0.
                         Otherwise the result is 1.
      String             The results is 0 if the argument is the
                         empty string.  Otherwise the result is 1.
      integer_constant   The result is 0 if the argument is 0.
                         Otherwise the result is 1.
      string_literal     The result is 0 if the argument is the
                         empty string.  Otherwise the result is 1.
      char_constant      The result is 1.

   Operators

   The rules below specify the type conversion rules for the various
   operators.

      A++:   A = ToInteger(A); A++;
      A--:   A = ToInteger(A); A--;
      ++A:   A = ToInteger(A); ++A;
      --A:   A = ToInteger(A); --A;
      +A:    ToInteger(A);
      -A:     -1 * ToInteger(A);
      ~A:    ToInteger(A);
      !A:    !ToBoolean(A);
      A * B, A - B, A & B, A ^ B , A | B, A << B, A >> B:
             ToInteger(A) <operator> ToInteger(B)



Waldbusser, et al.          Standards Track                    [Page 21]

RFC 4011              Policy Based Management MIB             March 2005


      A / B, A % B:
             if (ToInteger(B) == 0)
               RTE, terminate;
             else
               ToInteger(A) <operator> ToInteger(B)
      A + B:
             if (Type(A) == String || Type(B) == String)
               ToString(A) concatenated with ToString(B)
             else
               A + B
      Compound Assignment (<operator>=):
              Simply follow rules above.  Note that type of LHS (Left
              Hand Side) may be changed as a result.

      A < B, A > B, A <= B, A >= B, A == B, A != B:
             if (Type(A) == String && Type(B) == String)
                 lexically compare strings with strcmp() logic
             else
                 ToInteger(A) <operator> ToInteger(B)
       A && B:
              if (ToBoolean(A))
                  ToBoolean(B);
              else
                  false;
       A || B:
              if (ToBoolean(A))
                  true;

              else
                  ToBoolean(B);

       if(A):
              if (ToBoolean(A))
       while(A):
              while(ToBoolean(A))
       for(...; A; ...):
             for(...; ToBoolean(A); ...)

       A[B] as a RHS (Right Hand Side) value:
             if (Type(A) != String
                  || ToInteger(B) >= strlen(A))
                RTE, terminate;
             A[ ToInteger(B) ]
             The contents are returned as a string of length one

        A[B] = C as a LHS value:
             if (Type(A) != String
                  || ToInteger(B) >= strlen(A))



Waldbusser, et al.          Standards Track                    [Page 22]

RFC 4011              Policy Based Management MIB             March 2005


                RTE, terminate;
             if (strlen(ToString(C)) == 0)
                RTE, terminate
             A[ ToInteger(B) ] = First octet of ToString(C)

             Note that this is only applicable in a simple assignment.

   For example, in the expression

      "getVar("ifSpeed.1") < 128000"

   getVar always returns a string and '128000' is implicitly an integer.
   The rules for '<' dictate that if either argument is an integer then
   a 'numeric less than' is performed on ToInteger(A) and ToInteger(B).

   If "getVar("ifSpeed.1")" returns "64000", the expression can be
   translated to:

        ToInteger("64000") < ToInteger(128000); or,
        64000 < 128000; or,
        True

5.3.  PolicyScript QuickStart Guide

   PolicyScript is designed so that programmers fluent in other
   languages can quickly begin to write scripts.

   One way to become familiar with a language is to see it in action.
   The following nonsensical script exercises most of the PolicyScript
   constructs (though it skips some usage options and many arithmetic
   operators).

      var x, index = 7, str = "Hello World", oid = "ifSpeed.";

      x = 0;
      while(x < 10){
          if (str < "Goodbye") /* string comparison */
              continue;
          else
              break;
          x++;
      }
      if (oidlen(oid) == 10)
          oid += "." + index; // append index to oid
      for(x = 0; x < 7; x++){
            str += "a";





Waldbusser, et al.          Standards Track                    [Page 23]

RFC 4011              Policy Based Management MIB             March 2005


            var y = 12;
            index = ((x * 7) + y) % 3;
            if (str[6] == 'W')
                return index;
      }
      return;

   The following examples are more practical:

   For a condition:
      // Return 1 if this is an interface and it is tagged
      // with the role "gold"
      return (inSubtree(elementName(), "ifEntry")
          && roleMatch("gold"))

   A condition/action pair:
   First, register the Host Resources MIB hrSWRunEntry as a new element
   in the pmElementTypeRegTable.  This will cause the policy to run for
   every process on the system.  The token '$*' will be replaced by the
   script interpreter with a process index (see Section 7 for a
   definition of the '$*' token).

   The condition:
      // if it's a process and it's an application and it's
      // consumed more than 5 minutes of CPU time
      return (inSubtree(elementName(), "hrSWRunEntry")
              && getVar("hrSWRunType.$*") == 4  // app, not OS or driver
              && getVar("hrSWRunPerfCPU.$*") > 30000) // 300 seconds

   The action:
      // Kill it
      setVar("hrSWRunStatus.$*", 4, Integer); // invalid(4) kills it

   A more substantial action to start an RMON2 host table on interfaces
   that match the condition:

      var pdu, index;

      pdu = newPDU();
      writeVar(pdu, 0, "hlHostControlDataSource.*",
               "ifIndex." + ev(0), Oid);
      writeVar(pdu, 1, "hlHostControlNlMaxDesiredEntries.*", 1000,
               Integer);
      writeVar(pdu, 2, "hlHostControlAlMaxDesiredEntries.*", 1000,
               Integer);
      writeVar(pdu, 3, "hlHostControlOwner.*", "policy", String);





Waldbusser, et al.          Standards Track                    [Page 24]

RFC 4011              Policy Based Management MIB             March 2005


      writeVar(pdu, 4, "hlHostControlStatus.*", "active(1)", Integer);
      if (createRow(pdu, 5, 4, 20, 65535, index) == 0
          || index == -1)
          return;

   Because PolicyScript is a least common denominator, it contains
   nothing that would astonish programmers familiar with C, C++, Perl,
   Tcl, JavaScript, or Python.  Although a new programmer may attempt to
   use language constructs that aren't available in PolicyScript, s/he
   should be able to understand any existing PolicyScript and will
   likely know how to use anything that is valid in PolicyScript.  The
   lists below quickly enumerate the changes of note for programmers
   coming from some particular languages.  These lists won't describe
   the unavailable constructs, but it is easy to see from the definition
   above what is available.

5.3.1.  Quickstart for C Programmers

   - Character constants (i.e., 'c') are treated as one-character
     strings, not as integers.  So operations such as ('M' - 'A') or (x
     + 'A') will not perform as expected.
   - Functions can change the value of arguments even though they are
     not pointers (or called like '&arg').
   - All variables are in the same scope.

5.3.2.  Quickstart for Perl Programmers

   - Comments are '/* comment */' and '// till end of line', not '#'.
   - No need to put a '


 in front of variables.
   - Strings are compared with ==, <=, <, etc. (details in Sec. 6.2.1).
   - Strings are concatenated with '+' (details in Sec. 6.2.1).
   - No variable substitution in "" strings.  '' strings are 1 char
     only.
   - Variables must be declared before use (but no type is necessary).
   - All variables are in the same scope.

5.3.3.  Quickstart for TCL Programmers

   - Comments are '/* comment */' and '// till end of line', not '#'.
   - No need to put a '


 in front of variables.
   - Function calls are func-name(arg1, arg2, ...).
   - Square braces [] don't interpret their contents.
   - Double quotes "" surround a string, but no substitutions are
     performed ("" is like { } in TCL ).
   - Statements are terminated by a semicolon (;).
   - Instead of "Set a b", use "b = a;".
   - Strings are concatenated with '+' (details in Sec. 6.2.1).
   - All variables are in the same scope.



Waldbusser, et al.          Standards Track                    [Page 25]

RFC 4011              Policy Based Management MIB             March 2005


5.3.4.  Quickstart for Python Programmers

   - Comments are '/* comment */' and '// till end of line', not '#'.
   - Single quotes can be used only for single-character strings ('a').
   - Indentation doesn't matter.  Braces { } define blocks.
   - Variables must be declared before use (but no type is necessary).
   - The expressions for if and while are always surrounded by
     parenthesis, as in "if (x < 5)".
   - 'for' syntax is "for(expression; expression; expression)" (see
     EBNF).
   - All variables are in the same scope.

5.3.5.  Quickstart for JavaScript/ECMAScript/JScript Programmers

   - Variables must be declared before use.
   - Functions can change the value of arguments.
   - All variables are in the same scope.

5.4.  PolicyScript Script Return Values

   A PolicyScript script execution is normally ended by the execution of
   a return statement, or by having the flow of execution reach the end
   of the final statement in the script.  A normal script execution
   always returns a Boolean value.  If no explicit value is specified in
   the return statement, or if the flow of control proceeds through the
   end of the script, the return value is implicitly zero.  If an
   expression is provided with the return statement, the expression is
   evaluated, and the result of the expression is implicitly converted
   with the ToBoolean operator before being returned to the script
   execution environment.

   The return value of a policyCondition script is used to determine
   whether the associated policyAction script is executed.  If the
   returned value is zero, the associated policyAction script is not
   executed.  If the returned value is one, the associated policyAction
   script will be executed.

   The return value of a policyAction script is ignored.

   An RTE or invocation of the fail() function will cause the return
   value of the script to be set to zero.  Note however, that execution
   of the defer() or fail() functions may set the defer attribute so
   that the lower precedence script may be executed.  This is
   independent of the return value of the policy script execution.







Waldbusser, et al.          Standards Track                    [Page 26]

RFC 4011              Policy Based Management MIB             March 2005


6.  Index Information for 'this element'

   PolicyScript code needs a convenient way to get the components of the
   index for 'this element' so that they can perform SNMP operations on
   it or on related elements.

   Two mechanisms are provided.

   1. For all OID input parameters to all SNMP Library Functions (but
      not OID utility functions), the token "$n" ('


 followed by an
      integer between 0 and 128) can be used in place of any decimal
      sub-identifier.  This token is expanded by the agent at execution
      time to contain the nth subid of the index for the current
      element.  For example, if the element is interface 7, and the
      objectIdentifier is "1.3.6.1.2.1.2.2.1.3.$0", it will be expanded
      to "1.3.6.1.2.1.2.2.1.3.7".  The special token "$*" is expanded to
      contain all of the subidentifiers of the index of the current
      element, separated by '.' characters.

      It is an RTE if a token is specified that is beyond the length of
      the index for the current element.

      Note that the "$n" convention is only active within strings.

   2. The ec() and ev() functions allow access to the components of the
      index for 'this element'.  ec() takes no argument and returns the
      number of index components that exist.  ev() takes an integer
      argument specifying which component of the index (numbered
      starting at 0) and returns an integer containing the value of the
      n'th subidentifier.  Refer to the Library functions section for
      the complete definition of ec() and ev().

         For example, if 'this element' is frCircuitDLCI.5.57
                                           (ifIndex = 5, DLCI = 57)
               then ec()  returns 2
                    ev(0) returns 5
                    ev(1) returns 57

      This is helpful when one wishes to address a related element.
      Extending the previous example, to find the port speed of the
      port, the circuit (above) runs over:

         portSpeed = getVar("ifSpeed." + ev(0));

      A script may check the type of 'this element' by calling the
      elementName() function.  Although it is possible to write a script
      that will work with different types of elements, many scripts will




Waldbusser, et al.          Standards Track                    [Page 27]

RFC 4011              Policy Based Management MIB             March 2005


      assume a particular element type and will work incorrectly if used
      on different element types.

7.  Library Functions

   Library functions are built-in functions available primarily to
   provide access to information on the local system or to manipulate
   this information more efficiently.  A group of functions is organized
   into a library, the unit of conformance for function implementation.
   In order to claim conformance to a library, an implementation must
   implement all functions in a library to the specifications of the
   library.

   In order for a management station or a condition or action to
   understand whether a certain library of functions is implemented,
   each library will have a name that it registers in the role table as
   a characteristic of the system element ("0.0") in the default SNMP
   context.  Thus, conformance to a library can be tested with the
   roleMatch library function (in the base library) with the call
   roleMatch ("libraryName", "0.0").

   Note that in the descriptions of these functions below, the function
   prototype describes the type of argument expected.  Even though
   variables are not declared with a particular type, their contents
   must be appropriate for each function argument.  If the type is
   variable, the keyword 'var' will be used.  If only a string is
   appropriate, the keyword 'string' will be used.  If only an integer
   is appropriate, the keyword 'integer' will be used.  If the argument
   is declared as 'string' or 'integer' and a value of a different type
   is passed, the argument will be coerced with ToInteger() or
   ToString().  Any failure of this coercion will cause an RTE (in
   particular for ToInteger(), which will fail if its string-valued
   argument is not a well-formed integer).

   In the function prototype, if the '&' character precedes the
   identifier for an argument, that argument may be modified by the
   function (e.g., "integer &result, ...)").  Arguments without the '&'
   character cannot be modified by the function.  In a script,
   modifiable arguments don't have to be preceded by a '&'.  It is an
   RTE if a constant is passed to a modifiable function argument
   (regardless of whether the function actually writes to the argument).

   In the function prototype, the '[' and ']' characters surround
   arguments that are optional.  In PolicyScript code, the optional
   argument may only be included if all optional arguments to the left
   of it are included.  The function may place restrictions on when an
   optional argument must, or must not, be included.




Waldbusser, et al.          Standards Track                    [Page 28]

RFC 4011              Policy Based Management MIB             March 2005


   In the function prototype, if a type is listed before the name of the
   function, the function returns a value of that type.  If no type is
   listed, the function returns no value.

8.  Base Function Library

   A standard base library of functions is available to all systems that
   implement this specification.  This library is registered with the
   name "pmBaseFunctionLibrary".  Although the specification of this
   library is modularized into 4 separate sections, conformance to the
   library requires implementation of all functions in all sections.

   The sections are:

      - SNMP library functions
      - Policy library functions
      - Utility functions
      - Library Functions

8.1.  SNMP Library Functions

   Two sets of SNMP Library functions are available with different
   situations in mind:

   - Convenience SNMP Functions

     In an effort to keep simple things simple, these functions are easy
     to use and code that is easy to understand.  These functions will
     suffice for the majority of situations, where a single variable is
     referenced and the desired error recovery is simply (and
     immediately) to give up (and move to the next policy-element
     combination).  In more complex cases, the General SNMP Functions
     can be used at the cost of several times the code complexity.

     The convenience SNMP functions are getVar, exists, setVar,
     setRowStatus, createRow, counterRate, and searchColumn.

   - General SNMP Functions

     The General SNMP functions allow nearly any legal SNMP Message to
     be generated, including those with multiple varbinds, getNext
     operations, notifications, and messages with explicit addressing or
     security specifications.

     The general SNMP functions are writeVar, readVar, snmpSend,
     readError, and writeBulkParameters.





Waldbusser, et al.          Standards Track                    [Page 29]

RFC 4011              Policy Based Management MIB             March 2005


8.1.1.  SNMP Operations on Non-Local Systems

   From time to time, a script may have to perform an operation on a
   different SNMP system than that on which 'this element' resides.
   Scripts may also have to specify the use of alternate security
   parameters.  In order to do this, the following optional arguments
   are provided for the SNMP library functions:

   snmp-function(...[, integer mPModel,
                       string tDomain, string tAddress,
                       integer secModel, string secName,
                       integer secLevel, string contextEngineID
   ])

   For example:

       getVar("sysDescr.0", "", SNMPv3, "transportDomainUdpIpv4",
              "192.168.1.1:161", USM, "joe", NoAuthNoPriv);

   The use of these arguments is denoted in function definitions by the
   keyword 'NonLocalArgs'.  The definitions of these arguments are as
   follows:

      'mPModel' is the integer value of the SnmpMessageProcessingModel
      to use for this operation.

      'tDomain' is a string containing an ASCII dotted-decimal object
      identifier representing the transport domain to use for this
      operation.

      'tAddress' is a string containing the transport address formatted
      according to the 'tDomain' argument.  The ASCII formats for
      various values of 'tDomain' are defined by the DISPLAY-HINT for a
      TEXTUAL-CONVENTION that represents an address of that type.  The
      DISPLAY-HINTs used are:

         tDomain                    Source of DISPLAY-HINT [5] [11]
         -------                    ----------------------
         transportDomainUdpIpv4     TransportAddressIPv4
         transportDomainUdpIpv6     TransportAddressIPv6
         transportDomainUdpDns      TransportAddressDns
         snmpCLNSDomain             snmpOSIAddress
         snmpCONSDomain             snmpOSIAddress
         snmpDDPDomain              snmpNBPAddress
         snmpIPXDomain              snmpIPXAddress
         rfc1157Domain              snmpUDPAddress
         Other                      Use DISPLAY-HINT "1x:"




Waldbusser, et al.          Standards Track                    [Page 30]

RFC 4011              Policy Based Management MIB             March 2005


      'secModel' is the integer value of the SnmpSecurityModel to use
      for this operation.

      'secName' is a string value representing the SnmpSecurityName to
      use for this operation.

      'secLevel' is the integer value of the SnmpSecurityLevel to use
      for this operation.

      An SNMP operation will be sent to the target system by using
      security parameters retrieved from a local configuration datastore
      based on 'secModel', 'secName', and 'secLevel'.  It is the
      responsibility of the agent to ensure that sensitive information
      in the local configuration datastore is used on behalf of the
      correct principals, as identified by the security credentials of
      the last entity to modify the pmPolicyAdminStatus for a policy.

      To illustrate how this must be configured, consider an example in
      which 'joe' installs a policy on 'PMAgent' that will periodically
      configure objects on 'TargetAgent' with the credentials of
      'Operator'.  The following conditions must be true for this policy
      to execute with the proper privileges:

      - 'Operator's security credentials for TargetAgent must be
        installed in PMAgent's local configuration datastore (e.g.,
        usmUserTable [6]) indexed by TargetAgent's engineID and
        'Operator'.
      - VACM [9] must be configured on PMAgent so that 'joe' has access
        to the above entry in the appropriate MIB for the local
        configuration datastore (e.g., usmUserTable).
      - 'joe' must be the last user to modify the pmPolicyAdminStatus
        object for the policy.

      See the Security Considerations section for more information.

      For convenience, constants for 'mPModel', 'secModel', and
      'secLevel' are defined in the "Constants" section below.

      'contextEngineID' is a string representing the contextEngineID of
      the SNMP entity targeted by this operation.  It is encoded as a
      pair of hex digits (upper- and lowercase are valid) for each octet
      of the contextEngineID.  If 'tDomain' and 'tAddress' are provided
      but 'contextEngineID' is not, then the operation will be directed
      to the SNMP entity reachable at 'tDomain' and 'tAddress'.

      In order for PolicyScript code to use any of these arguments, all
      optional arguments to the left must be included.  'mPModel',
      'tDomain', 'tAddress', 'secModel', 'secName', and 'secLevel' must



Waldbusser, et al.          Standards Track                    [Page 31]

RFC 4011              Policy Based Management MIB             March 2005


      be used as a group; if one is specified, they must all be.
      'contextEngineID' may only be specified if all others are
      specified.

      Note that a function that uses NonLocalArgs must provide a
      parameter for the contextName that will be required when the
      NonLocalArgs are present.  Many functions will have the following
      logic:

      ContextName NonLocalArgs
      Supplied    Supplied

      No          No            Addressed to default context on
                                local system.
      Yes         No            Addressed to named context on
                                local system.
      Yes         Yes           Addressed to named context on
                                potentially remote system.
      No          Yes           Not allowed.

8.1.2.  Form of SNMP Values

   Many of the library functions have input or output parameters that
   may be one of the many SMI data types.  The actual type is not
   encoded in the value but is specified elsewhere, possibly by nature
   of the situation in which it is used.  The exact usage for input and
   output is as follows:

   Any Integer value
      (INTEGER, Integer32, Counter32, Counter64, Gauge32, Unsigned32,
      TimeTicks, Counter64):

      On input:
         An Integer or a String that can be successfully coerced to an
         Integer with the ToInteger() operator.  It is an RTE if a
         string is passed that cannot be converted by ToInteger() into
         an integer.

         A string of the form

           enum_decimal: [ letter | digit | '-' ]* '(' decimal_constant
         ')'

         will also be accepted.  In this case the sequence of characters
         before the parentheses and the parentheses themselves are
         completely ignored, and the decimal_constant inside the
         parentheses is converted.  Thus, "frame-relay(32)" translates
         to the integer 32.



Waldbusser, et al.          Standards Track                    [Page 32]

RFC 4011              Policy Based Management MIB             March 2005


      On output:
         An Integer containing the returned value.

   Octet String
      On input:
         Either a String or an Integer.  If an Integer, it will be
         coerced to a String with the ToString() function.  This string
         will be used as an unencoded representation of the octet string
         value.

      On output:
         A String containing the unencoded value of the octet string.

   Object Identifier
      On input and on output:
         A String containing a decimal ASCII encoded object identifier
         of the following form:

            oid:       subid [ '.' subid ]* [ '.' ]
            subid:     '0' | decimal_constant

      It is an RTE if an Object Identifier argument is not in the form
      above.  Note that a trailing '.' is acceptable and will simply be
      ignored.  (Note, however, that a trailing dot could cause a
      strncmp() comparison of two otherwise-identical OIDs to fail;
      instead, use oidncmp().)

      Note that ASCII descriptors (e.g., "ifIndex") are never used in
      these encodings "over the wire".  They are never returned from
      library functions; nor are they ever accepted by them.  NMS user
      interfaces are encouraged to allow humans to view object
      identifiers with ASCII descriptors, but they must translate those
      descriptors to dotted-decimal format before sending them in MIB
      objects to policy agents.

   Null
      On input:
         The input is ignored.

      On output:
         A zero length string.










Waldbusser, et al.          Standards Track                    [Page 33]

RFC 4011              Policy Based Management MIB             March 2005


8.1.3.  Convenience SNMP Functions

8.1.3.1.  getVar()

   The getVar() function is used to retrieve the value of an SNMP MIB
   object instance.

      string getVar(string oid [, string contextName, NonLocalArgs])

         'oid' is a string containing an ASCII dotted-decimal
         representation of an object identifier (e.g.,
         "1.3.6.1.2.1.1.1.0").

         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.

         The optional 'NonLocalArgs' provide addressing and security
         information to perform an SNMP operation on a system different
         from that of 'this element'.

         It is an RTE if the queried object identifier value does not
         exist.

         This function returns a string containing the returned value,
         encoded according to the returned type.  Note that no actual
         SNMP PDU has to be generated and parsed when the policy MIB
         agent resides on the same system as the managed elements.

         It is recommended that NMS user interfaces display and allow
         input of MIB object names by their descriptor values, followed
         by the index in dotted-decimal form (e.g., "ifType.7").

8.1.3.2.  exists()

   The exists() function is used to verify the existence of an SNMP MIB
   object instance.

      integer exists(string oid [, string contextName, NonLocalArgs])

         'oid' is a string containing an ASCII dotted-decimal
         representation of an object identifier (e.g.,
         "1.3.6.1.2.1.1.1.0").







Waldbusser, et al.          Standards Track                    [Page 34]

RFC 4011              Policy Based Management MIB             March 2005


         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.

         The optional 'NonLocalArgs' provide addressing and security
         information to perform an SNMP operation on a system different
         from that of 'this element'.

         This function returns the value 1 if the SNMP instance exists
         and 0 if it doesn't exist.  Note that no actual SNMP PDU has to
         be generated and parsed when the policy MIB agent resides on
         the same system as the managed elements.

         It is recommended that NMS user interfaces display and allow
         input of MIB object names by their descriptor values, followed
         by the index in dotted-decimal form (e.g., "ifType.7").

8.1.3.3.  setVar()

   The setVar() function is used to set a MIB object instance to a
   certain value.  The setVar() function is only valid in policyActions.

      setVar(string oid, var value, integer type
             [, string contextName, NonLocalArgs] )

         'oid' is a string containing an ASCII dotted-decimal
         representation of an object identifier (e.g.,
         "1.3.6.1.2.1.1.1.0").

         'value' is a string encoded in the format appropriate to the
         'type' parameter.  The agent will set the variable specified by
         'oid' to the value specified by 'value'.

         'type' will be the type of the 'value' parameter and will be
         set to one of the values for DataType Constants.

         The optional 'contextName' argument contains the SNMP context
         on which to operate.   If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero length string, the default context is used.

         The optional 'NonLocalArgs' provide addressing and security
         information to perform an SNMP operation on a system different
         from that of 'this element'.  Note that no actual SNMP PDU has
         to be generated and parsed when the policy MIB agent resides on
         the same system as the managed elements.




Waldbusser, et al.          Standards Track                    [Page 35]

RFC 4011              Policy Based Management MIB             March 2005


         It is an RTE if the set encounters any error.

         It is recommended that NMS user interfaces display and allow
         input of MIB object names by their descriptor values, followed
         by the index in dotted-decimal form (e.g., "ifType.7").

8.1.3.4.  searchColumn()

      integer searchColumn(string columnoid, string &oid,
                           string pattern, integer mode
                           [, string contextName, NonLocalArgs])

         searchColumn performs an SNMP walk on a portion of the MIB
         searching for objects with values equal to the 'pattern'
         parameter.

         'columnoid' constrains the search to those variables that share
         the same OID prefix (i.e., those that are beneath it in the OID
         tree).

         A getnext request will be sent requesting the object identifier
         'oid'.  If 'oid' is an empty string, the value of 'columnoid'
         will be sent.

         The value returned in each response packet will be transformed
         to a string representation of the value of the returned
         variable.  The string representation of the value will be
         formed by putting the value in the form dictated by the "Form
         of SNMP Values" rules, and then by performing the ToString()
         function on this value, forming 'SearchString'.

         The 'mode' value controls what type of match to perform on this
         'SearchString' value.  There are 6 possibilities for mode:

           Mode               Search Action
           ExactMatch         Case sensitive exact match of 'pattern'
                              and 'SearchString'.
           ExactCaseMatch     Case insensitive exact match of 'pattern'
                              and 'SearchString'.
           SubstringMatch     Case sensitive substring match, finding
                              'pattern' in 'SearchString'.
           SubstringCaseMatch Case insensitive substring match, finding
                              'pattern' in 'SearchString'.
           RegexpMatch        Case sensitive regular expression match,
                              searching 'SearchString' for the regular
                              expression given in 'pattern'.





Waldbusser, et al.          Standards Track                    [Page 36]

RFC 4011              Policy Based Management MIB             March 2005


           RegexpCaseMatch    Case insensitive regular expression match,
                              searching 'SearchString' for the regular
                              expression given in 'pattern'.

         Constants for the values of 'mode' are defined in the
         'Constants' section below.

         searchColumn uses the POSIX extended regular expressions
         defined in POSIX 1003.2.

         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.

         The optional 'NonLocalArgs' provide addressing and security
         information to perform SNMP operations on a system different
         from that of 'this element'.

         If a match is found, 'oid' is set to the OID of the matched
         value, and 1 is returned.  If the search traverses beyond
         columnoid or returns an error without finding a match, zero is
         returned, and 'oid' isn't modified.

         To find the first match, the caller should set 'oid' to the
         empty string.  To find additional matches, subsequent calls to
         searchColumn should have 'oid' set to the OID of the last
         match, an operation that searchColumn performs automatically.

         For example:
             To find an ethernet interface
             oid = "";
             searchColumn("ifType", oid, "6", 0);

         This sends a getnext request for ifType and continues to walk
         the tree until a value matching 6 is found or a variable
         returns that is not in the 'ifType' subtree.

         To find the next ethernet interface, assuming that interface 3
         was discovered to be the first:

             oid = "ifType.3";
             searchColumn("ifType", oid, "6", 0);








Waldbusser, et al.          Standards Track                    [Page 37]

RFC 4011              Policy Based Management MIB             March 2005


         In a loop to determine all the ethernet interfaces, this looks
         as follows:

             oid = "";
             while(searchColumn("ifType", oid, "6", 0)){
               /* Do something with oid */
             }

         Note that in the preceding examples, "ifType" is used as a
         notational convenience, and the actual code downloaded to the
         policy MIB agent must use the string "1.3.6.1.2.1.2.2.1.3" as
         there may be no MIB compiler (or MIB file) available on the
         policy MIB agent.

         Note that if the value of 'columnoid' is too short and thus
         references too much of the object identifier tree (e.g.,
         "1.3.6"), 'columnoid' could end up searching a huge number of
         variables (if the value was "1.3.6", it would search ALL
         variables on the agent).  It is the responsibility of the
         caller to make sure that 'columnoid' is set appropriately.

8.1.3.5.  setRowStatus()

      integer setRowStatus(string oid, integer maxTries
                           [, integer freeOnException , integer seed
                            , string contextName, NonLocalArgs])

         setRowStatus is used to automate the process of finding an
         unused row in a read-create table that uses RowStatus whose
         index contains an arbitrary integer component for uniqueness.

         'oid' is a string containing an ASCII dotted-decimal
         representation of an object identifier, with one of the subids
         replaced with a '*' character (e.g.,
         "1.3.6.1.3.1.99.1.2.1.9.*").  'oid' must reference an
         'instance' of the RowStatus object, and the '*' must replace
         any integer index item that may be set to some random value.

         setRowStatus will come up with a number for the selected index
         item and will attempt to create the instance with the
         createAndWait state.  If the attempt fails, it will retry with
         a different random index value.  It will attempt this no more
         than 'maxTries' times.

         If the optional 'freeOnException' argument is present and equal
         to 1, the agent will free this row by setting RowStatus to
         'destroy' if, later in the same script invocation, this script




Waldbusser, et al.          Standards Track                    [Page 38]

RFC 4011              Policy Based Management MIB             March 2005


         dies with a run-time exception or by a call to fail().  Note
         that this does not apply to exceptions experienced in
         subsequent invocations of the script.

         If the optional 'seed' argument is present, the initial index
         will be set to 'seed'.  Otherwise it will be random.  'seed'
         may not be present if the 'freeOnException' argument is not
         present.

         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.

         The optional 'NonLocalArgs' provide addressing and security
         information to perform an SNMP operation on a system different
         from that of 'this element'.

         setRowStatus returns the successful integer value for the
         index.  If it is unsuccessful after 'maxTries', or if zero or
         more than one '*' is in OID, -1 will be returned.

         The createRow function (below) can also be used when adding
         rows to tables.  Although createRow has more functionality,
         setRowStatus may be preferable in certain situations (for
         example, to have the opportunity to inspect default values
         created by the agent).

8.1.3.6.  createRow()

      integer createRow(integer reqPDU, integer reqNumVarbinds,
                        integer statusColumn, integer maxTries,
                        integer indexRange,
                        integer &respPDU, integer &respNumVarbinds,
                        integer &index
                        [, integer freeOnException, string contextName,
                        NonLocalArgs])

         createRow is used to automate the process of creating a row in
         a read-create table whose index contains an arbitrary integer
         component for uniqueness.  In particular, it encapsulates the
         algorithm behind either the createAndWait or createAndGo
         mechanism and the algorithm for finding an unused row in the
         table.  createRow is not useful for creating rows in tables
         whose indexes don't contain an arbitrary integer component.

         createRow will perform the operation by sending 'reqPDU' and
         returning the results in 'respPDU'.  Both 'reqPDU' and



Waldbusser, et al.          Standards Track                    [Page 39]

RFC 4011              Policy Based Management MIB             March 2005


         'respPDU' must previously have been allocated with newPDU.
         'reqPDU' and 'respPDU' may both contain the same PDU handle, in
         which case the 'reqPDU' is sent and then replaced with the
         contents of the received PDU.

         'reqNumVarbinds' is an integer greater than zero that specifies
         which varbinds in the PDU will be used in this operation.  The
         first 'reqNumVarbinds' in the PDU are used.  Each such varbind
         must be of a special form in which the object name must have
         one of its subids replaced with a '*' character (e.g.,
         "1.3.6.1.3.1.99.1.2.1.9.*").  The subid selected to be replaced
         will be an integer index item that may be set to some random
         value.  The same subid should be selected in each varbind in
         the PDU.

         'respNumVarbinds' will be modified to contain the number of
         varbinds received in the last response PDU.

         'statusColumn' identifies which varbind in 'pdu' should be
         treated as the RowStatus column, where 0 identifies the 1st
         varbind.

         createRow will come up with a random integer index value and
         will substitute that value in place of the '*' subid in each
         varbind.  It will then set the value of the RowStatus column to
         select the 'createAndGo' mechanism and execute the set.  If the
         attempt fails due to the unavailability of the 'createAndGo'
         mechanism, it will retry with the 'createAndWait' mechanism
         selected.  If the attempt fails because the chosen index value
         is already in use, the operation will be retried with a
         different random index value.  It will continue to retry
         different index values until it succeeds, until it has made
         'maxTries' attempts, or until it encounters an error.  The
         value of 'maxTries' should be chosen to be high enough to
         minimize the chance that as the table fills up an attempt to
         create a new entry will 'collide' too often and fail.

         All random index values must be between 1 and 'indexRange',
         inclusive.  This is so that values are not attempted for an
         index that fall outside of that index's restricted range (e.g.,
         1..65535).

         If the optional 'freeOnException' argument is present and equal
         to 1, the agent will free this row by setting RowStatus to
         'destroy' if, later in the same script invocation, this script
         dies with a run-time exception or by a call to fail().  Note
         that this does not apply to exceptions experienced in
         subsequent invocations of the script.



Waldbusser, et al.          Standards Track                    [Page 40]

RFC 4011              Policy Based Management MIB             March 2005


         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.

         The optional 'NonLocalArgs' provide addressing and security
         information to perform an SNMP operation on a system different
         from that of 'this element'.

         Note that no actual SNMP PDU has to be generated and parsed
         when the policy MIB agent resides on the same system as the
         managed elements.  If no PDU is generated, the agent must
         correctly simulate the behavior of the SNMP Response PDU,
         particularly in case of an error.

         This function returns zero unless an error occurs, in which
         case it returns the proper SNMP Error Constant.  If an error
         occurred, respPDU will contain the last response PDU as
         received from the agent unless no response PDU was received, in
         which case respNumVarbinds will be 0.  In any event, readError
         may be called on the PDU to determine error information for the
         transaction.

         The 'index' parameter returns the chosen index.  If successful,
         'index' will be set to the successful integer index.  If no
         SNMP error occurs but the operation does not succeed due to the
         following reasons, 'index' will be set to -1:

            1) Unsuccessful after 'maxTries'.
            2) An object name had no '*' in it.
            3) An object name had more than one '*' in it.

         For example, createRow() might be used as follows:

         var index, pdu = newPDU(), nVars = 0;

         writeVar(pdu, nVars++, "hlHostControlDataSource.*",
                  "ifIndex." + ev(0), Oid);
         writeVar(pdu, nVars++, "hlHostControlNlMaxDesiredEntries.*",
                  1000, Integer);
         writeVar(pdu, nVars++, "hlHostControlAlMaxDesiredEntries.*",
                  1000, Integer);
         writeVar(pdu, nVars++, "hlHostControlOwner.*", "policy",
                  String);
         writeVar(pdu, nVars++, "hlHostControlStatus.*", "active(1)",
                  Integer);
         if (createRow(pdu, nVars, 4, 20, 65535,
                       pdu, nVars, index) != 0



Waldbusser, et al.          Standards Track                    [Page 41]

RFC 4011              Policy Based Management MIB             March 2005


             || index == -1)
             return;
         // index now contains index of new row

8.1.3.7.  counterRate()

   When a policy wishes to make a decision based on the rate of a
   counter, it faces a couple of problems:

   1. It may have to run every X minutes but have to make decisions on
      rates calculated over at least Y minutes, where Y > X.  This would
      require the complexity of managing a queue of old counter values.

   2. The policy script has no control over exactly when it will run.

   The counterRate() function is designed to surmount these problems
   easily.

      integer counterRate(string oid, integer minInterval
                          [, integer 64bit,
                          string discOid, integer discMethod,
                          string contextName, NonLocalArgs])

         'counterRate' retrieves the variable specified by oid once per
         invocation.  It keeps track of timestamped values retrieved on
         previous invocations by this execution context so that it can
         calculate a rate over a period longer than that since the last
         invocation.

         'oid' is the object identifier of the counter value that will
         be retrieved.  The most recent previously saved value of the
         same object identifier that is at least 'minInterval' seconds
         old will be subtracted from the newly retrieved value, yielding
         a delta.  If 'minInterval' is zero, this delta will be
         returned.  Otherwise, this delta will be divided by the number
         of seconds elapsed between the two retrievals, and the
         integer-valued result will be returned (rounding down when
         necessary).

         If there was no previously saved retrieval older than
         'minInterval' seconds, then -1 will be returned.  It is an RTE
         if the query returns noSuchName, noSuchInstance, or
         noSuchObject or an object that is not of type Counter32 or
         Counter64.







Waldbusser, et al.          Standards Track                    [Page 42]

RFC 4011              Policy Based Management MIB             March 2005


         The delta calculation will allow for 32-bit counter semantics
         if it encounters rollover between the two retrievals, unless
         the optional argument '64bit' is present and equal to 1, in
         which case it will allow for 64-bit counter semantics.

         'discOid' and 'discMethod' may only be present together.
         'discOid' contains an object identifier of a discontinuity
         indicator value that will be retrieved simultaneously with each
         counter value:

            1. If 'discMethod' is equal to 1 and the discontinuity
               indicator is less than the last one retrieved, then a
               discontinuity is indicated.
            2. If 'discMethod' is equal to 2 and the discontinuity
               indicated is different from the last one retrieved, then
               a discontinuity is indicated.

         If this value indicates a discontinuity, this counter value
         (and its timestamp) will be stored, but all previously stored
         counter values will be invalidated and -1 will be returned.

         The implementation will have to store a number of timestamped
         counter values.  The implementation must keep all values that
         are newer than minInterval seconds, plus the newest value that
         is older than minInterval seconds.  Other than this one value
         that is older than minInterval seconds, the implementation
         should discard any older values.

         For example:
           Policy that executes every 60 seconds:
               rate = counterRate("ifInOctets.$*", 300);
               if (rate > 1000000)
                   ...

         Another example, with a discontinuity indicator:

           Policy that executes every 60 seconds:
               rate = counterRate("ifInOctets.$*", 300, 0,
                                  "sysUpTime.0", 1);
               if (rate > 1000000)
                   ...

         Another example, with zero minInterval:
           Policy that executes every 60 seconds:
               delta = counterRate("ifInErrors.$*", 0);
               if (delta > 100)
                   ...




Waldbusser, et al.          Standards Track                    [Page 43]

RFC 4011              Policy Based Management MIB             March 2005


         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.

8.1.4.  General SNMP Functions

   It is desirable that a general SNMP interface have the ability to
   perform SNMP operations on multiple variables at once and that it
   allow multiple varbind lists to exist at once.  The newPdu, readVar,
   and writeVar functions exist to provide these facilities in a
   language without pointers, arrays, and memory allocators.

   newPDU is called to allocate a PDU and return an integer handle to
   it.  As PDUs are automatically freed when the script exits and can be
   reused during execution, there is no freePDU().

   readVar and writeVar access a variable length varbind list for a PDU.
   The PDU handle and the index of the variable within that PDU are
   specified in every readVar and writeVar operation.  Once a PDU has
   been fully specified by one or more calls to writeVar, it is passed
   to snmpSend (by referencing the PDU handle) and the number of
   varbinds to be included in the operation.  When a response is
   returned, the contents of the response are returned in another PDU
   and may be read by one or more calls to readVar.  Error information
   may be read from the PDU with the readError function.  Because
   GetBulk PDUs send additional information in the SNMP header, the
   writeBulkParameters function is provided to configure these
   parameters.

   Varbinds in this data store are created automatically whenever they
   are written by any writeVar or snmpSend operation.

   For example:
     var pdu = newPDU();
     var nVars = 0, oid, type, value;

     writeVar(pdu, nVars++, "sysDescr.0", "", Null);
     writeVar(pdu, nVars++, "sysOID.0", "", Null);
     writeVar(pdu, nVars++, "ifNumber.0", "", Null);
     if (snmpSend(pdu, nVars, Get, pdu, nVars))
         return;
     readVar(pdu, 0, oid, value, type);
     readVar(pdu, 1, oid, value, type);
     readVar(pdu, 2, oid, value, type);
     ...





Waldbusser, et al.          Standards Track                    [Page 44]

RFC 4011              Policy Based Management MIB             March 2005


   or,
     var pdu = newPDU();
     var nVars = 0, oid1, oid2;

     writeVar(pdu, nVars++, "ifIndex", "", Null);
     writeVar(pdu, nVars++, "ifType", "", Null);
     while(!done){
       if (snmpSend(pdu, nVars, Getnext, pdu, nVars))
           continue;
       readVar(pdu, 0, oid1, value, type);
       readVar(pdu, 1, oid2, value, type);
       /* leave OIDs alone, now PDU #0 is set up for next step
          in table walk. */
       if (oidncmp(oid1, "ifIndex", oidlen("ifIndex")))
         done = 0;
       ...
     }

   Note that in the preceding examples, descriptors such as ifType and
   sysDescr are used in object identifiers solely as a notational
   convenience.  The actual code downloaded to the policy MIB agent must
   use a dotted decimal notation only, as there may be no MIB compiler
   (or MIB file) available on the policy MIB agent.

   To conform to this specification, implementations must allow each
   policy script invocation to allocate at least 5 PDUs with at least 64
   varbinds per list.  It is suggested that implementations limit the
   total number of PDUs per invocation to protect other script
   invocations from a malfunctioning script (e.g., a script that calls
   newPDU() in a loop).

8.1.4.1.  newPDU()

      integer newPDU()

         newPDU will allocate a new PDU and return a handle to the PDU.
         If no PDU could be allocated, -1 will be returned.  The PDU's
         initial values of nonRepeaters and maxRepetitions will be zero.

8.1.4.2.  writeVar()

      writeVar(integer pdu, integer varBindIndex,
               string oid, var value, integer type)

         writeVar will store 'oid', 'value', and 'type' in the specified
         varbind.

         'pdu' is the handle to a PDU allocated by newPDU().



Waldbusser, et al.          Standards Track                    [Page 45]

RFC 4011              Policy Based Management MIB             March 2005


         'varBindIndex' is a non-negative integer that identifies the
         varbind within the specified PDU modified by this call.  The
         first varbind is number 0.

         'oid' is a string containing an ASCII dotted-decimal
         representation of an object identifier (e.g.,
         "1.3.6.1.2.1.1.1.0").

         'value' is the value to be stored, of a type appropriate to the
         'type' parameter.

         'type' will be the type of the value parameter and will be set
         to one of the values for DataType Constants.

         It is an RTE if any of the parameters don't conform to the
         rules above.

8.1.4.3.  readVar()

      readVar(integer pdu, integer varBindIndex, string &oid,
              var &value, integer &type)

         readVar will retrieve the oid, the value, and its type from the
         specified varbind.

         'pdu' is the handle to a PDU allocated by newPDU().

         'varBindIndex' is a non-negative integer that identifies the
         varbind within the specified PDU read by this call.  The first
         varbind is number 0.

         The object identifier value of the referenced varbind will be
         copied into the 'oid' parameter, formatted in an ASCII dotted-
         decimal representation (e.g., "1.3.6.1.2.1.1.1.0").

         'value' is the value retrieved, of a type appropriate to the
         'type' parameter.

         'type' is the type of the value parameter and will be set to
         one of the values for DataType Constants.

         It is an RTE if 'pdu' doesn't reference a valid PDU or
         'varBindIndex' doesn't reference a valid varbind.








Waldbusser, et al.          Standards Track                    [Page 46]

RFC 4011              Policy Based Management MIB             March 2005


8.1.4.4.  snmpSend()

      integer snmpSend(integer reqPDU, integer reqNumVarbinds,
                       integer opcode,
                       integer &respPDU, integer &respNumVarbinds,
                       [, string contextName , NonLocalArgs] )

         snmpSend will perform an SNMP operation by sending 'reqPDU' and
         returning the results in 'respPDU'.  Both 'reqPDU' and
         'respPDU' must previously have been allocated with newPDU.
         'reqPDU' and 'respPDU' may both contain the same PDU handle, in
         which case the 'reqPDU' is sent and then replaced with the
         contents of the received PDU.  If the opcode specifies a Trap
         or V2trap, 'respPDU' will not be modified.

         'reqNumVarbinds' is an integer greater than zero that specifies
         which varbinds in the PDU will be used in this operation.  The
         first 'reqNumVarbinds' in the PDU are used.  'respNumVarbinds'
         will be modified to contain the number of varbinds received in
         the response PDU, which, in the case of GetBulk or an error,
         may be substantially different from reqNumVarbinds.

         'opcode' is the type of SNMP operation to perform and must be
         one of the values for SNMP Operation Constants listed in the
         'Constants' section below.

         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.

         Note that no actual SNMP PDU has to be generated and parsed
         when the policy MIB agent resides on the same system as the
         managed elements.  If no PDU is generated, the agent must
         correctly simulate the behavior of the SNMP Response PDU,
         particularly in case of an error.

         This function returns zero unless an error occurs, in which
         case it returns the proper SNMP Error Constant.  If an error
         occurred, respPDU will contain the response PDU as received
         from the agent, unless no response PDU was received, in which
         case respNumVarbinds will be 0.  In any event, readError may be
         called on the PDU to determine error information for the
         transaction.

         If an SNMP Version 1 trap is requested (the opcode is Trap(4)),
         then SNMP Version 2 trap parameters are supplied and converted
         according to the rules of RFC 3584 [8], section 3.2.  The first



Waldbusser, et al.          Standards Track                    [Page 47]

RFC 4011              Policy Based Management MIB             March 2005


         variable binding must be sysUpTime.0, and the second must be
         snmpTrapOID.0, as per RFC 3416 [7], section 4.2.6.  Subsequent
         variable bindings are copied to the SNMP Version 1 trap PDU in
         the usual fashion.

8.1.4.5.  readError()

      readError(integer pdu, integer numVarbinds, integer &errorStatus,
                integer &errorIndex, integer &hasException)

         Returns the error information in a PDU.

         'errorStatus' contains the error-status field from the response
         PDU or a local error constant if the error was generated
         locally.  If no error was experienced or no PDU was ever copied
         into this PDU, this value will be 0.

         'errorIndex' contains the error-index field from the response
         PDU.  If no PDU was ever copied into this PDU, this value will
         be 0.

         'hasException' will be 1 if any of the first 'numVarbinds'
         varbinds in the PDU contain an exception (Nosuchobject,
         Nosuchinstance, Endofmibview); otherwise it will be 0.

         It is an RTE if 'pdu' does not reference a valid PDU or if
         'numVarbinds' references varbinds that aren't valid.

8.1.4.6.  writeBulkParameters()

      writeBulkParameters(integer pdu, integer nonRepeaters,
                          integer maxRepetitions)

         Modifies the parameters in a PDU in any subsequent GetBulk
         operation sent by the PDU.  'nonRepeaters' will be copied into
         the PDU's non-repeaters field, and 'maxRepetitions' into the
         max-repetitions field.

         This function may be called before or after writeVar is called
         to add varbinds to the PDU, but it must be called before the
         PDU is sent; otherwise, it will have no effect.  A new PDU is
         initialized with nonRepeaters set to zero and maxRepetitions
         set to zero.  If a Bulk PDU is sent before writeBulkParameters
         is called, these default values will be used.  If
         writeBulkParameters is called to modify a PDU, it is acceptable
         if this PDU is later sent as a type other than bulk.  The
         writeBulkParameters call will only affect subsequent sends of
         Bulk PDUs.  If a PDU is used to receive the contents of a



Waldbusser, et al.          Standards Track                    [Page 48]

RFC 4011              Policy Based Management MIB             March 2005


         response, the values of nonRepeaters and maxRepetitions are
         never modified.

8.1.5.  Constants for SNMP Library Functions

   The following constants are defined for use with all SNMP Library
   Functions.  Policy code will be executed in an environment where the
   following constants are declared.  (Note that the constant
   declarations below will not be visible in the policyCondition or
   policyAction code.)  These constants are reserved words and cannot be
   used for any variable or function name.

   Although these declarations are expressed here as C 'const's, the
   'const' construct itself is not available to be used in policy code.

   // Datatype Constants

   // From RFC 2578 [2]
   const integer Integer       = 2;
   const integer Integer32     = 2;
   const integer String        = 4;
   const integer Bits          = 4;
   const integer Null          = 5;
   const integer Oid           = 6;
   const integer IpAddress     = 64;
   const integer Counter32     = 65;
   const integer Gauge32       = 66;
   const integer Unsigned32    = 66;
   const integer TimeTicks     = 67;
   const integer Opaque        = 68;
   const integer Counter64     = 70;

   // SNMP Exceptions from RFC 3416 [7]
   const integer NoSuchObject         = 128;
   const integer NoSuchInstance       = 129;
   const integer EndOfMibView         = 130;

   // SNMP Error Constants from RFC 3416 [7]
   const integer NoError              = 0;
   const integer TooBig               = 1;
   const integer NoSuchName           = 2;
   const integer BadValue             = 3;
   const integer ReadOnly             = 4;
   const integer GenErr               = 5;
   const integer NoAccess             = 6;
   const integer WrongType            = 7;
   const integer WrongLength          = 8;
   const integer WrongEncoding        = 9;



Waldbusser, et al.          Standards Track                    [Page 49]

RFC 4011              Policy Based Management MIB             March 2005


   const integer WrongValue           = 10;
   const integer NoCreation           = 11;
   const integer InconsistentValue    = 12;
   const integer ResourceUnavailable  = 13;
   const integer CommitFailed         = 14;
   const integer UndoFailed           = 15;
   const integer AuthorizationError   = 16;
   const integer NotWritable          = 17;
   const integer InconsistentName     = 18;

   // "Local" Errors
   // These are also possible choices for errorStatus returns
   // For example: unknown PDU, maxVarbinds is bigger than number
   // written with writeVar, unknown opcode, etc.
   const integer BadParameter         = 1000;

   // Request would have created a PDU larger than local limitations
   const integer TooLong              = 1001;

   // A response to the request was received but errors were encountered
   // when parsing it.
   const integer ParseError           = 1002;

   // Local system has complained of an authentication failure
   const integer AuthFailure          = 1003;

   // No valid response was received in a timely fashion
   const integer TimedOut             = 1004;

   // General local failure including lack of resources
   const integer GeneralFailure       = 1005;

   // SNMP Operation Constants from RFC 3416 [7]
   const integer Get                  = 0;
   const integer Getnext              = 1;
   const integer Set                  = 3;
   const integer Trap                 = 4;
   const integer Getbulk              = 5;
   const integer Inform               = 6;
   const integer V2trap               = 7;

   // Constants from RFC 3411 [1] for SnmpMessageProcessingModel
   const integer SNMPv1              = 0;
   const integer SNMPv2c             = 1;
   const integer SNMPv3              = 3;






Waldbusser, et al.          Standards Track                    [Page 50]

RFC 4011              Policy Based Management MIB             March 2005


   // Constants from RFC 3411 [1] for SnmpSecurityModel
   const integer SNMPv1              = 1;
   const integer SNMPv2c             = 2;
   const integer USM                 = 3;

   // SnmpSecurityLevel Constants from RFC 3411 [1]
   const integer NoAuthNoPriv        = 1;
   const integer AuthNoPriv          = 2;
   const integer AuthPriv            = 3;

   // Constants for use with searchColumn
   const integer ExactMatch          = 0;
   const integer ExactCaseMatch      = 1;
   const integer SubstringMatch      = 2;
   const integer SubstringCaseMatch  = 3;
   const integer RegexpMatch         = 4;
   const integer RegexpCaseMatch     = 5;

8.2.  Policy Library Functions

   Policy Library Functions provide access to information specifically
   related to the execution of policies.

8.2.1.  elementName()

   The elementName() function is used to determine what the current
   element is and can be used to provide information about the type of
   element and how it is indexed.

      string elementName()

         elementName returns a string containing an ASCII dotted-decimal
         representation of an object identifier (e.g.,
         1.3.6.1.2.1.1.1.0).  This object identifier identifies an
         instance of a MIB object that is an attribute of 'this
         element'.

8.2.2.  elementAddress()

      elementAddress(&tDomain, &tAddress)

         elementAddress finds a domain/address pair that can be used to
         access 'this element' and returns the values in 'tDomain' and
         'tAddress'.







Waldbusser, et al.          Standards Track                    [Page 51]

RFC 4011              Policy Based Management MIB             March 2005


8.2.3.  elementContext()

      string elementContext()

         elementContext() returns a string containing the SNMP
         contextName of 'this element'.

8.2.4.  ec()

   The ec() (element count) and ev() (element value) functions provide
   convenient access to the components of the index for 'this element'.
   Typical uses will be in creating the index to other, related
   elements.

      integer ec()

         ec() returns an integer count of the number of index
         subidentifiers that exist in the index for 'this element'.

8.2.5.  ev()

      integer ev(integer n)

         ev() returns the value of the nth subidentifier in the index
         for 'this element'.  The first subidentifier is indexed at 0.
         It is an RTE if n specifies a subidentifier beyond the last
         subidentifier.

8.2.6.  roleMatch()

   The roleMatch() function is used to check whether an element has been
   assigned a particular role.

      integer roleMatch(string roleString [, string element,
                        string contextName, string contextEngineID])

         'roleString' is a string.  The optional argument 'element'
         contains the OID name of an element, defaulting to the current
         element if 'element' is not supplied.  If roleString exactly
         matches (content and length) any role assigned to the specified
         element, the function returns 1.  If no roles match, the
         function returns 0.

         The optional 'contextName' argument contains the SNMP context
         on which to operate.  If 'contextName' is not present, the
         contextName of 'this element' will be used.  If 'contextName'
         is the zero-length string, the default context is used.




Waldbusser, et al.          Standards Track                    [Page 52]

RFC 4011              Policy Based Management MIB             March 2005


         'contextEngineID' contains the contextEngineID of the remote
         system on which 'element' resides.  It is encoded as a pair of
         hex digits (upper- and lowercase are valid) for each octet of
         the contextEngineID.  If 'contextEngineID' is not present, the
         contextEngineID of 'this element' will be used.
         'contextEngineID' may only be present if the 'element' and
         'context' arguments are present.

8.2.7.  Scratchpad Functions

   Every maxLatency time period, every policy runs once for each
   element.  When the setScratchpad function executes, it stores a value
   named by a string that can be retrieved with getScratchpad() even
   after this policy execution code exits.  This allows sharing of data
   between a condition and an action, two conditions executing on
   different elements, or even different policies altogether.

   The value of 'scope' controls which policy/element combinations can
   retrieve this 'varName'/'value' pair.  The following are options for
   'scope':

      Global
         The 'varName'/'value' combination will be available in the
         condition or action of any policy while it is executing on any
         element.  Note that any information placed here will be visible
         to all other scripts on this system regardless of their
         authority.  Sensitive information should not be placed in
         global scratchpad variables.

      Policy
         The 'varName'/'value' combination will be available in any
         future execution of the condition or action of the current
         policy (regardless of what element the policy is executing on).
         If a policy is ever deleted, or if its condition or action code
         is modified, all values in its 'Policy' scope will be deleted.

      PolicyElement
         The 'varName'/'value' combination will be available in future
         executions of the condition or action of the current policy,
         but only when the policy is executing on the current element.
         If a policy is ever deleted, or if its condition or action code
         is modified, all values in its 'PolicyElement' scope will be
         deleted.  The agent may also periodically delete values in a
         'PolicyElement' scope if the corresponding element does not
         exist (in other words, if an element disappears for a period
         and reappears, values in its 'PolicyElement' scope may or may
         not be deleted).




Waldbusser, et al.          Standards Track                    [Page 53]

RFC 4011              Policy Based Management MIB             March 2005


   setScratchpad's 'storageType' argument allows the script to control
   the lifetime of a variable stored in the scratchpad.  If the
   storageType is equal to the constant 'volatile', then this variable
   must be deleted on a reboot.  If it is equal to 'nonVolatile', then
   this variable should be stored in non-volatile storage, where it will
   be available after a reboot.  If the 'storageType' argument is not
   present, the variable will be volatile and will be erased on reboot.

   If the optional 'freeOnException' argument is present and equal to 1,
   the agent will free this variable if, later in the same script
   invocation, this script dies with a run-time exception or by a call
   to fail().  (Note that this does not apply to exceptions experienced
   in subsequent invocations of the script.)

   Note that there may be implementation-specific limits on the number
   of scratchpad variables that can be allocated.  The limit of unique
   scratchpad variables may be different for each scope or storageType.
   It is suggested that implementations limit the total number of
   scratchpad variables per script to protect other scripts from a
   malfunctioning script.  In addition, compliant implementations must
   support at least 50 Global variables, 5 Policy variables per policy,
   and 5 PolicyElement variables per policy-element pair.

   Scratchpad Usage Examples

   Policy  Element    Action
   A       ifIndex.1  setScratchpad(Global, "foo", "55")
   A       ifIndex.1  getScratchpad(Global, "foo", val) --> 55
   A       ifIndex.2  getScratchpad(Global, "foo", val) --> 55
   B       ifIndex.2  getScratchpad(Global, "foo", val) --> 55
   B       ifIndex.2  setScratchpad(Global, "foo", "16")
   A       ifIndex.1  getScratchpad(Global, "foo", val) --> 16

   Policy  Element    Action
   A       ifIndex.1  setScratchpad(Policy, "bar", "75")
   A       ifIndex.1  getScratchpad(Policy, "bar", val) --> 75
   A       ifIndex.2  getScratchpad(Policy, "bar", val) --> 75
   B       ifIndex.1  getScratchpad(Policy, "bar", val) not found
   B       ifIndex.1  setScratchpad(Policy, "bar", "20")
   A       ifIndex.2  getScratchpad(Policy, "bar", val) --> 75
   B       ifIndex.2  getScratchpad(Policy, "bar", val) --> 20

   Policy  Element    Action
   A       ifIndex.1  setScratchpad(PolicyElement, "baz", "43")
   A       ifIndex.1  getScratchpad(PolicyElement, "baz", val) --> 43
   A       ifIndex.2  getScratchpad(PolicyElement, "baz", val) not found
   B       ifIndex.1  getScratchpad(PolicyElement, "baz", val) not found
   A       ifIndex.2  setScratchpad(PolicyElement, "baz", "54")



Waldbusser, et al.          Standards Track                    [Page 54]

RFC 4011              Policy Based Management MIB             March 2005


   B       ifIndex.1  setScratchpad(PolicyElement, "baz", "65")
   A       ifIndex.1  getScratchpad(PolicyElement, "baz", val) --> 43
   A       ifIndex.2  getScratchpad(PolicyElement, "baz", val) --> 54
   B       ifIndex.1  getScratchpad(PolicyElement, "baz", val) --> 65

   Policy  Element    Action
   A       ifIndex.1  setScratchpad(PolicyElement, "foo", "11")
   A       ifIndex.1  setScratchpad(Global,        "foo", "22")
   A       ifIndex.1  getScratchpad(PolicyElement, "foo", val) --> 11
   A       ifIndex.1  getScratchpad(Global,        "foo", val) --> 22

   Constants

   The following constants are defined for use with the scratchpad
   functions.  Policy code will be executed in an environment where the
   following constants are declared.  (Note that these constant
   declarations will not be visible in the policyCondition or
   policyAction MIB objects.)

   Although these declarations are expressed here as C 'const's, the
   'const' construct itself is not available to be used inside of policy
   code.

   // Scratchpad Constants

   // Values of scope
   const integer Global           = 0;
   const integer Policy           = 1;
   const integer PolicyElement    = 2;

   // Values of storageType
   const integer Volatile         = 0;
   const integer NonVolatile      = 1;

8.2.8.  setScratchpad()

      setScratchpad(integer scope, string varName [, string value,
                    integer storageType, integer freeOnException ])

         The setScratchpad function stores a value that can be retrieved
         even after this policy execution code exits.

         The value of 'scope' controls which policy/element combinations
         can retrieve this 'varName'/'value' pair.  The options for
         'scope' are Global, Policy, and PolicyElement.






Waldbusser, et al.          Standards Track                    [Page 55]

RFC 4011              Policy Based Management MIB             March 2005


         'varName' is a string used to identify the value.  Subsequent
         retrievals of the same 'varName' in the proper scope will
         return the value stored.  Note that the namespace for 'varName'
         is distinct for each scope.  'varName' is case sensitive.

         'value' is a string containing the value to be stored.
         ToString(value) is called on 'value' to convert it to a string
         before storage.

         If the 'value' argument is missing, the 'varName' in scope
         'scope' will be deleted if it exists.

         If the optional 'storageType' argument is present and is equal
         to the constant 'Volatile', then this variable must be deleted
         on a reboot.  If it is equal to 'NonVolatile', then this
         variable should be stored in non-volatile storage, where it
         will be available after a reboot.  If the 'storageType'
         argument is not present, the variable will be volatile and will
         be erased on reboot.  'storageType' may not be present if the
         'value' argument is not present.  If the variable already
         existed, its previous storageType is updated according to the
         current 'storageType' argument.

         If the optional 'freeOnException' argument is present and equal
         to 1, the agent will free this variable if, later in the same
         script invocation, this script dies with a run-time exception
         or by a call to fail().  (Note that this does not apply to
         exceptions experienced in subsequent invocations of the
         script.)

8.2.9.  getScratchpad()

      integer getScratchpad(integer scope, string varName,
                            string &value)

         The getScratchpad function allows the retrieval of values that
         were stored previously in this execution context or in other
         execution contexts.  The value of 'scope' controls which
         execution contexts can pass a value to this execution context.
         The options for 'scope' are Global, Policy, and PolicyElement.

         'varName' is a string used to identify the value.  Subsequent
         retrievals of the same 'varName' in the proper scope will
         return the value stored.  Note that the namespace for varName
         is distinct for each scope.  As a result, getScratchpad cannot
         force access to a variable in an inaccessible scope; it can
         only retrieve variables by referencing the proper scope in
         which they were set.  'varName' is case sensitive.



Waldbusser, et al.          Standards Track                    [Page 56]

RFC 4011              Policy Based Management MIB             March 2005


         On successful return, 'value' will be set to the value that was
         previously stored; otherwise, 'value' will not be modified.

         This function returns 1 if a value was previously stored and 0
         otherwise.

8.2.10.  signalError()

   The signalError() function is used by the script to indicate to a
   management station that it is experiencing abnormal behavior.
   signalError() turns on the conditionUserSignal(3) or
   actionUserSignal(5) bit in the associated pmTrackingPEInfo object
   (subsequent calls to signalError() have no additional effect).  This
   bit is initially cleared at the beginning of each execution.  If,
   upon a subsequent execution, the script finishes without calling
   signalError, the bit will be cleared.

      signalError()

         The signalException function takes no arguments and returns no
         value.

8.2.11.  defer()

   Precedence groups enforce the rule that for each element, of the
   ready policies that match the condition, only the one with the
   highest precedence value will be active.  Unfortunately, once the
   winning policy has been selected and the action begins running,
   situations can occur in which the policy script determines that it
   cannot complete its task.  In many such cases, it is desirable that
   the next runner-up ready policy be executed.  In the previous
   example, it would be desirable that at least bronze behavior be
   configured if gold is appropriate but gold isn't possible.

   When a policy defers, it exits, and the ready, condition-matching
   policy with the next-highest precedence is immediately run.  Because
   this might also defer, the execution environment must remember where
   it is in the precedence chain so that it can continue going down the
   chain until an action completes without deferring, or until no
   policies are left in the precedence group.  Once a policy finishes
   successfully, the next iteration will begin at the top of the
   precedence chain.

   There are two ways to defer.  A script can exit by calling fail() and
   specify that it should defer immediately.  Alternately, a script can
   instruct the execution environment to defer automatically in the
   event of a run-time exception.




Waldbusser, et al.          Standards Track                    [Page 57]

RFC 4011              Policy Based Management MIB             March 2005


      defer(integer deferOnRTE)

         The defer function changes the run-time exception behavior of a
         script.  By default, a script will not defer when it encounters
         an RTE.  If defer(1) is called, the exit behavior is changed so
         that the script will defer when it is terminated due to an RTE.
         If defer(0) is called, the script is reset to its default
         behavior and will not defer.

         Note that calling defer doesn't cause the script to exit.
         Defer only changes the default behavior if an RTE occurs later
         in this invocation.

8.2.12.  fail()

      fail(integer defer, integer free [, string message] )

         The fail function causes the script to optionally perform
         certain functions and then exit.

         If 'defer' is 1, this script will defer to the next lower
         precedence ready policy in the same precedence group whose
         condition matches.  If 'defer' isn't 1, it will not defer.
         Note that if a condition defers, it is functionally equivalent
         to the condition returning false.

         If 'free' is 1, certain registered resources will be freed.
         If, earlier in this script invocation, any rows were created by
         createRow with the 'freeOnException' option, the execution
         environment will set the RowStatus of each row to 'destroy' to
         delete the row.  Further, if earlier in this script invocation
         any scratchpad variables were created or modified with the
         'freeOnException' option, they will be deleted.

         If the optional 'message' argument is present, it will be
         logged to the debugging table if pmPolicyDebugging is turned on
         for this policy.

         This function does not return.  Instead, the script will
         terminate.

8.2.13.  getParameters()

   From time to time, policy scripts may be parameterized so that they
   are supplied with one or more parameters (e.g., site-specific
   constants).  These parameters may be installed in the
   pmPolicyParameters object and are accessible to the script via the
   getParameters() function.  If it is necessary for multiple parameters



Waldbusser, et al.          Standards Track                    [Page 58]

RFC 4011              Policy Based Management MIB             March 2005


   to be passed to the script, the script can choose whatever
   encoding/delimiting mechanism is most appropriate so that the
   multiple parameters can be stored in the associated instance of
   pmPolicyParameters.

      string getParameters()

         The getParameters function takes no arguments.  It returns a
         string containing the value of the pmPolicyParameters object
         for the running policy.

   For example, if a policy is to apply to "slow speed interfaces" and
   the cutoff point for slow speed should be parameterized, the policy
   filter should be:

      getVar("ifSpeed.$*") == getParameters()

   In this example, one can store the string "128000" in the policy's
   pmPolicyParameters object to cause this policy to act on all 128 Kbps
   interfaces.

8.3.  Utility Library Functions

   Utility Library Functions are provided to enable more efficient
   policy scripts.

8.3.1.  regexp()

      integer regexp(string pattern, string str,
                     integer case [, string &match])

         regexp searches 'str' for matches to the regular expression
         given in `pattern`.  regexp uses the POSIX extended regular
         expressions defined in POSIX 1003.2.

         If `case` is 0, the search will be case insensitive; otherwise,
         it will be case sensitive.

         If a match is found, 1 is returned, otherwise 0 is returned.

         If the optional argument 'match' is provided and a match is
         found, 'match' will be replaced with the text of the first
         substring of 'str' that matches 'pattern'.  If no match is
         found, it will be unchanged.







Waldbusser, et al.          Standards Track                    [Page 59]

RFC 4011              Policy Based Management MIB             March 2005


8.3.2.  regexpReplace()

      string regexpReplace(string pattern, string replacement,
                            string str, integer case)

         regexpReplace searches 'str' for matches to the regular
         expression given in 'pattern', replacing each occurrence of
         matched text with 'replacement'.  regexpReplace uses the POSIX
         extended regular expressions defined in POSIX 1003.2.

         If `case` is 0, the search will be case insensitive; otherwise,
         it will be case sensitive.

         The modified string is returned (it would be the same as the
         original string if no matches were found).

8.3.3.  oidlen()

      integer oidlen(string oid)

         oidlen returns the number of subidentifiers in 'oid'.  'oid' is
         a string containing an ASCII dotted-decimal representation of
         an object identifier (e.g., "1.3.6.1.2.1.1.1.0").

8.3.4.  oidncmp()

      integer oidncmp(string oid1, string oid2, integer n)

         Arguments 'oid1' and 'oid2' are strings containing ASCII
         dotted-decimal representations of object identifiers (e.g.,
         "1.3.6.1.2.1.1.1.0").

         oidcmp compares not more than n subidentifiers of 'oid1' and
         'oid2' and returns -1 if 'oid1' is less than 'oid2', 0 if they
         are equal, and 1 if 'oid1' is greater than 'oid2'.

8.3.5.  inSubtree()

      integer inSubtree(string oid, string prefix)

         Arguments 'oid' and 'prefix' are strings containing ASCII
         dotted-decimal representations of object identifiers (e.g.,
         "1.3.6.1.2.1.1.1.0").

         inSubtree returns 1 if every subidentifier in 'prefix' equals
         the corresponding subidentifier in 'oid', otherwise it returns
         0.  The is equivalent to oidncmp(oid1, prefix, oidlen(prefix))




Waldbusser, et al.          Standards Track                    [Page 60]

RFC 4011              Policy Based Management MIB             March 2005


         is provided because this is an idiom and because it avoids
         evaluating 'prefix' twice if it is an expression.

8.3.6.  subid()

      integer subid(string oid, integer n)

         subid returns the value of the nth (starting at zero)
         subidentifier of 'oid'.  'oid' is a string containing an ASCII
         dotted-decimal representation of an object identifier (e.g.,
         "1.3.6.1.2.1.1.1.0").

         If n specifies a subidentifier beyond the length of 'oid', a
         value of -1 is returned.

8.3.7.  subidWrite()

      integer subidWrite(string oid, integer n, integer subid)

         subidWrite sets the value of the nth (starting at zero)
         subidentifier of 'oid' to 'subid'.  'oid' is a string
         containing an ASCII dotted-decimal representation of an object
         identifier (e.g., "1.3.6.1.2.1.1.1.0").

         If n specifies a subidentifier beyond the length of 'oid', a
         value of -1 is returned.  Note that appending subidentifiers
         can be accomplished with the string concatenation '+' operator.
         If no error occurs, zero is returned.

8.3.8.  oidSplice()

      string oidSplice(string oid1, integer offset, integer len, string
         oid2)

         oidSplice returns an OID formed by replacing 'len'
         subidentifiers in 'oid1' with all of the subidentifiers from
         'oid2', starting at 'offset' in 'oid1' (the first subidentifier
         is at offset 0).  The OID length will be extended, if
         necessary, if 'offset' + 'len' extends beyond the end of
         'oid1'.  If 'offset' is larger than the length of oid1, then an
         RTE will occur.

         The resulting OID is returned.

         For example:
             oidSplice("1.3.6.1.2.1", 5, 1, "7")     => "1.3.6.1.2.7"
             oidSplice("1.3.6.1.2.1", 4, 2, "7.7")   => "1.3.6.1.7.7"
             oidSplice("1.3.6.1.2.1", 4, 3, "7.7.7") => "1.3.6.1.7.7.7"



Waldbusser, et al.          Standards Track                    [Page 61]

RFC 4011              Policy Based Management MIB             March 2005


8.3.9.  parseIndex()

   ParseIndex is provided to make it easy to pull index values from OIDs
   into variables.

      var parseIndex(string oid, integer &index, integer type,
                     integer len)

         parseIndex pulls values from the instance identification
         portion of 'oid', encoded as per Section 7.7, "Mapping of the
         INDEX Clause", of the SMIv2 [2].

         'oid' is the OID to be parsed.

         'index' describes which subid to begin parsing at.  'index'
         will be modified to indicate the subid after the last one
         parsed (even if this points past the last subid).  The first
         subid is index 0.  If any error occurs, 'index' will be set to
         -1 on return.  If the input index is less than 0 or refers past
         the end of the OID, 'index' will be set to -1 on return and the
         function will return 0.

         If 'type' is Integer, 'len' will not be consulted.  The return
         value is the integer value of the next subid.

         If 'type' is String and 'len' is greater than zero, 'len'
         subids will be parsed.  For each subid parsed, the chr() value
         of the subid will be appended to the returned string.  If any
         subid is greater than 255, 'index' will be set to -1 on return,
         and an empty string will be returned.  If there are fewer than
         'len' subids left in 'oid', 'index' will be set to -1 on
         return, but a string will be returned containing a character
         for each subid that was left.

         If 'type' is String and 'len' is zero, the next subid will be
         parsed to find N, the length of the string.  Then, that many
         subids will be parsed.  For each subid parsed, the chr() value
         of the subid will be appended to the returned string.  If any
         subid is greater than 255, 'index' will be set to -1 on return,
         and an empty string will be returned.  If there are fewer than
         N subids left in 'oid', 'index' will be set to -1 on return,
         but a string will be returned containing a character for each
         subid that was left.

         If 'type' is String and 'len' is -1, subids will be parsed
         until the end of 'oid'.  For each subid parsed, the chr() value
         of the subid will be appended to the returned string.  If any




Waldbusser, et al.          Standards Track                    [Page 62]

RFC 4011              Policy Based Management MIB             March 2005


         subid is greater than 255, 'index' will be set to -1 on return,
         and an empty string will be returned.

         If 'type' is Oid and 'len' is greater than zero, 'len' subids
         will be parsed.  For each subid parsed, the decimal-encoded
         value of the subid will be appended to the returned string,
         with a '.' character appended between each output subid, but
         not after the last subid.  If there are fewer than 'len' subids
         left in 'oid', 'index' will be set to -1 on return, but a
         string will be returned containing an encoding for each subid
         that was left.

         If 'type' is Oid and 'len' is zero, the next subid will be
         parsed to find N, the number of subids to parse.  For each
         subid parsed, the decimal-encoded value of the subid will be
         appended to the returned string, with a '.' character appended
         between each output subid but not after the last subid.  If
         there are fewer than N subids left in 'oid', 'index' will be
         set to -1 on return, but a string will be returned containing
         an encoding for each subid that was left.

         If 'type' is Oid and 'len' is -1, subids will be parsed until
         the end of 'oid'.  For each subid parsed, the decimal-encoded
         value of the subid will be appended to the returned string,
         with a '.' character appended between each output subid, but
         not after the last subid.

   For example, to decode the index component of an instance of the
   ipForward table:

      oid = "ipForwardIfIndex.0.0.0.0.13.0.192.168.1.1";
      index = 11;
      dest   =  parseIndex(oid, index, String, 4);
      proto  =  parseIndex(oid, index, Integer, 0);
      policy =  parseIndex(oid, index, Integer, 0);
      nextHop = parseIndex(oid, index, String, 4);
      // proto and policy now contain integer values
      // dest and nextHop now contain 4 byte IP addresses.  Use
      // stringToDotted to get them to dotted decimal notation:
      // e.g.: stringToDotted(nextHop) => "192.168.1.1"

8.3.10.  stringToDotted()

   stringToDotted() is provided to encode strings suitable for the index
   portion of an OID or to convert the binary encoding of an IP address
   to a dotted-decimal encoding.





Waldbusser, et al.          Standards Track                    [Page 63]

RFC 4011              Policy Based Management MIB             March 2005


      string stringToDotted(string value)

         If 'value' is the zero-length string, the zero-length string is
         returned.

         The decimal encoding of the first byte of 'value' is appended
         to the output string.  Then, for each additional byte in
         'value', a '.' is appended to the output string, followed by
         the decimal encoding of the additional byte.

8.3.11.  integer()

      integer integer(var input)

         integer converts 'input' into an integer by using the rules
         specified for ToInteger(), returning the integer-typed results.

8.3.12.  string()

      string string(var input)

         string converts 'input' into a string by using the rules
         specified for ToString(), returning the string-typed results.

8.3.13.  type()

      string type(var variable)

         type returns the type of its argument as either the string
         'String' or the string 'Integer'.

8.3.14.  chr()

      string chr(integer char)

         Returns a one-character string containing the character
         specified by the ASCII code contained in 'char'.

8.3.15.  ord()

      integer ord(string str)

         Returns the ASCII value of the first character of 'str'.  This
         function complements chr().







Waldbusser, et al.          Standards Track                    [Page 64]

RFC 4011              Policy Based Management MIB             March 2005


8.3.16.  substr()

      string substr(string &str, integer offset
                    [, integer len, string replacement])

         Extracts a substring out of 'str' and returns it.  The first
         octet is at offset 0.  If the offset is negative, the returned
         string starts that far from the end of 'str'.  If 'len' is
         positive, the returned string contains up to 'len' octets, up
         to the end of the string.  If 'len' is omitted, the returned
         string includes everything to the end of 'str'.  If 'len' is
         negative, abs(len) octets are left off the end of the string.

         If a substring is specified that is partly outside the string,
         the part within the string is returned.  If the substring is
         totally outside the string, a zero-length string is produced.

         If the optional 'replacement' argument is included, 'str' is
         modified.  'offset' and 'len' act as above to select a range of
         octets in 'str'.  These octets are replaced with octets from
         'replacement'.  If the replacement string is shorter or longer
         than the number of octets selected, 'str' will shrink or grow,
         respectively.  If 'replacement' is included, the 'len' argument
         must also be included.

         Note that to replace everything from offset to the end of the
         string, substr() should be called as follows:

            substr(str, offset, strlen(str) - offset, replacement)

8.4.  General Functions

   The following POSIX standard library functions are provided:

       strncmp()
       strncasecmp()
       strlen()
       random()
       sprintf()
       sscanf()

9.  International String Library

   This library is optional for systems that wish to have support for
   collating (sorting) and verifying equality of international strings
   in a manner that will be least surprising to humans.  International





Waldbusser, et al.          Standards Track                    [Page 65]

RFC 4011              Policy Based Management MIB             March 2005


   strings are encoded in the UTF-8 transformation format described in
   [14].  This library is registered with the name
   "pmInternationalStringLibrary".

   When verifying equality of international strings in the Unicode
   character set, it is recommended to normalize the strings with the
   stringprep() function before checking for equality.

   When attempting to sort international strings in the Unicode
   character set, normalization should also be performed, but note that
   the result is highly context dependent and hard to implement
   correctly.  Just ordering by Unicode Codepoint Value is in many cases
   not what the end user expects.  See Unicode technical note 9 for more
   information about sorting.

9.1.  stringprep()

      integer stringprep(string utf8Input, string &utf8Output)

         Performs the Stringprep [13] transformation for appropriate
         comparison of internationalized strings.  The transformation is
         performed on 'utf8Input'; if the transformation finishes
         without error, the resulting string is written to utf8Output.
         The stringprep profile used is specified below in Section 9.
         If it is successful, the function returns 1.

         If the stringprep transformation encounters an error, 0 is
         returned, and the utf8Output parameter remains unchanged.

         For example, to compare UTF8 strings 'one' and 'two':

         if (stringprep(one, a) && stringprep(two, b)){
             if (a == b){
                // strings are identical
             } else {
                // strings are different
             }
         } else {
             // strings couldn't be transformed for comparison
         }

         See Stringprep [13] for more information.

9.1.1.  Stringprep Profile

   The Stringprep specification [13] describes a framework for preparing
   Unicode text strings in order to increase the likelihood that string
   input and string comparison work in ways that make sense for typical



Waldbusser, et al.          Standards Track                    [Page 66]

RFC 4011              Policy Based Management MIB             March 2005


   users throughout the world.  Specifications that specify stringprep
   (as this one does) are required to fully specify stringprep's
   processing options by documenting a stringprep profile.

   This profile defines the following, as required by Stringprep:

   - The intended applicability of the profile: internationalized
     network management information.

   - The character repertoire that is the input and output to
     stringprep: Unicode 3.2, as defined in Stringprep [13], Appendix
     A.1.

   - The mapping tables used: Table B.1 from Stringprep [13].

   - Any additional mapping tables specific to the profile: None.

   - The Unicode normalization used: Form KC, as described in Stringprep
     [13].

   - The characters that are prohibited as output: As specified in the
     following tables from Stringprep [13]:

       Table C.2
       Table C.3
       Table C.4
       Table C.5
       Table C.6
       Table C.7
       Table C.8
       Table C.9

   - Bidirectional character handling: not performed.

   - Any additional characters that are prohibited as output:  None.

9.2.  utf8Strlen()

      integer utf8Strlen(string str)

         Returns the number of UTF-8 characters in 'str', which may be
         less than the number of octets in 'str' if one or more
         characters are multi-byte characters.








Waldbusser, et al.          Standards Track                    [Page 67]

RFC 4011              Policy Based Management MIB             March 2005


9.3.  utf8Chr()

      string utf8Chr(integer utf8)

         Returns a one-character string containing the character
         specified by the UTF-8 code contained in 'utf8'.  Although it
         contains only 1 UTF-8 character, the resulting string may be
         more than 1 octet in length.

9.4.  utf8Ord()

      integer utf8Ord(string str)

         Returns the UTF-8 code-point value of the first character of
         'str'.  Note that the first UTF-8 character in 'str' may be
         more than 1 octet in length.  This function complements chr().

9.5.  utf8Substr()

      string utf8Substr(string &str, integer offset
                    [, integer len, string replacement])

         Extracts a substring out of 'str' and returns it, keeping track
         of UTF-8 character boundaries and using them, instead of
         octets, as the basis for offset and length calculations.  The
         first character is at offset 0.  If offset is negative, the
         returned string starts that far from the end of 'str'.  If
         'len' is positive, the returned string contains up to 'len'
         characters, up to the end of the string.  If 'len' is omitted,
         the returned string includes everything to the end of 'str'.
         If 'len' is negative, abs(len) characters are left off the end
         of the string.

         If you specify a substring that is partly outside the string,
         the part within the string is returned.  If the substring is
         totally outside the string, a zero-length string is produced.

         If the optional 'replacement' argument is included, 'str' is
         modified.  'offset' and 'len' act as above to select a range of
         characters in 'str'.  These characters are replaced with
         characters from 'replacement'.  If the replacement string is
         shorter or longer than the number of characters selected, 'str'
         will shrink or grow, respectively.  If 'replacement' is
         included, the 'len' argument must also be included.







Waldbusser, et al.          Standards Track                    [Page 68]

RFC 4011              Policy Based Management MIB             March 2005


         Note that to replace everything from offset to the end of the
         string, substr() should be called as follows:

            substr(str, offset, strlen(str) - offset, replacement)

10.  Schedule Table

   This table is an adapted form of the policyTimePeriodCondition class
   defined in the Policy Core Information Model, RFC 3060 [18].  Some of
   the objects describing a schedule are expressed in formats defined in
   the iCalendar specification [15].

   The policy schedule table allows control over when a valid policy
   will be ready, based on the date and time.

   A policy's pmPolicySchedule variable refers to a group of one or more
   schedules in the schedule table.  At any given time, if any of these
   schedules are active, the policy will be ready (assuming that it is
   enabled and thus valid), and its conditions and actions will be
   executed, as appropriate.  At times when none of these schedules are
   active, the policy will not be ready and will have no effect.  A
   policy will always be ready if its pmPolicySchedule variable is 0.
   If a policy has a non-zero pmPolicySchedule that doesn't refer to a
   group that includes an active schedule, then the policy will not be
   ready, even if this is due to a misconfiguration of the
   pmPolicySchedule object or the pmSchedTable.

   A policy that is controlled by a schedule group immediately executes
   its policy condition (and conditionally the policyAction) when the
   schedule group becomes active, periodically re-executing these
   scripts as appropriate until the schedule group becomes inactive
   (i.e., all schedules are inactive).

   An individual schedule item is active at those times that match all
   the variables that define the schedule:  pmSchedTimePeriod,
   pmSchedMonth, pmSchedDay, pmSchedWeekDay, and pmSchedTimeOfDay.  It
   is possible to specify multiple values for each schedule item.  This
   provides a mechanism for defining complex schedules.  For example, a
   schedule that is active the entire workday each weekday could be
   defined.

   Months, days, and weekdays are specified by using the objects
   pmSchedMonth, pmSchedDay, and pmSchedWeekDay of type BITS.  Setting
   multiple bits in these objects causes an OR operation.  For example,
   setting the bits monday(1) and friday(5) in pmSchedWeekDay restricts
   the schedule to Mondays and Fridays.





Waldbusser, et al.          Standards Track                    [Page 69]

RFC 4011              Policy Based Management MIB             March 2005


   The matched times for pmSchedTimePeriod, pmSchedMonth, pmSchedDay
   pmSchedWeekDay, and pmSchedTimeOfDay are ANDed together to determine
   the time periods when the schedule will be active; in other words,
   the schedule is only active for those times when ALL of these
   schedule attributes match.  For example, a schedule with an overall
   validity range of January 1, 2000, through December 31, 2000; a month
   mask that selects March and April; a day-of-the-week mask that
   selects Fridays; and a time-of-day range of 0800 through 1600 would
   represent the following time periods:

      Friday, March  5, 2000, from 0800 through 1600
      Friday, March 12, 2000, from 0800 through 1600
      Friday, March 19, 2000, from 0800 through 1600
      Friday, March 26, 2000, from 0800 through 1600
      Friday, April  2, 2000, from 0800 through 1600
      Friday, April  9, 2000, from 0800 through 1600
      Friday, April 16, 2000, from 0800 through 1600
      Friday, April 23, 2000, from 0800 through 1600
      Friday, April 30, 2000, from 0800 through 1600

   Wildcarding of schedule attributes of type BITS is achieved by
   setting all bits to one.

   It is possible to define schedules that will never cause a policy to
   be activated.  For example, one can define a schedule that should be
   active on February 31st.

11.  Definitions

POLICY-BASED-MANAGEMENT-MIB DEFINITIONS ::= BEGIN
IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
    Counter32, Gauge32, Unsigned32,
    mib-2                                       FROM SNMPv2-SMI
    RowStatus, RowPointer, TEXTUAL-CONVENTION,
    DateAndTime, StorageType                    FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP,
    NOTIFICATION-GROUP                          FROM SNMPv2-CONF
    SnmpAdminString                             FROM SNMP-FRAMEWORK-MIB;

--  Policy-Based Management MIB

pmMib MODULE-IDENTITY
    LAST-UPDATED "200502070000Z"  -- February 7, 2005
    ORGANIZATION "IETF SNMP Configuration Working Group"
    CONTACT-INFO
        "




Waldbusser, et al.          Standards Track                    [Page 70]

RFC 4011              Policy Based Management MIB             March 2005


        Steve Waldbusser
        Phone: +1-650-948-6500
        Fax:   +1-650-745-0671
        Email: waldbusser@nextbeacon.com

        Jon Saperia (WG Co-chair)
        JDS Consulting, Inc.
        84 Kettell Plain Road.
        Stow MA 01775
        USA
        Phone: +1-978-461-0249
        Fax:   +1-617-249-0874
        Email: saperia@jdscons.com

        Thippanna Hongal
        Riverstone Networks, Inc.
        5200 Great America Parkway
        Santa Clara, CA, 95054
        USA

        Phone: +1-408-878-6562
        Fax:   +1-408-878-6501
        Email: hongal@riverstonenet.com

        David Partain (WG Co-chair)
        Postal: Ericsson AB
                P.O. Box 1248
                SE-581 12 Linkoping
                Sweden
        Tel: +46 13 28 41 44
        E-mail: David.Partain@ericsson.com

        Any questions or comments about this document can also be
        directed to the working group at snmpconf@snmp.com."
    DESCRIPTION
        "The MIB module for policy-based configuration of SNMP
        infrastructures.

        Copyright (C) The Internet Society (2005).  This version of
        this MIB module is part of RFC 4011; see the RFC itself for
        full legal notices."

    REVISION "200502070000Z"    -- February 7, 2005
    DESCRIPTION
        "The original version of this MIB, published as RFC4011."
    ::= { mib-2 124 }





Waldbusser, et al.          Standards Track                    [Page 71]

RFC 4011              Policy Based Management MIB             March 2005


PmUTF8String ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "An octet string containing information typically in
        human-readable form.

        To facilitate internationalization, this
        information is represented by using the ISO/IEC
        IS 10646-1 character set, encoded as an octet
        string using the UTF-8 transformation format
        described in RFC 3629.

        As additional code points are added by
        amendments to the 10646 standard from time
        to time, implementations must be prepared to
        encounter any code point from 0x00000000 to
        0x10FFFF.  Byte sequences that do not
        correspond to the valid UTF-8 encoding of a
        code point or that are outside this range are
        prohibited.

        The use of control codes should be avoided.

        When it is necessary to represent a newline,
        the control code sequence CR LF should be used.

        For code points not directly supported by user
        interface hardware or software, an alternative
        means of entry and display, such as hexadecimal,
        may be provided.

        For information encoded in 7-bit US-ASCII,
        the UTF-8 encoding is identical to the
        US-ASCII encoding.

        UTF-8 may require multiple bytes to represent a
        single character/code point; thus, the length
        of this object in octets may be different from
        the number of characters encoded.  Similarly,
        size constraints refer to the number of encoded
        octets, not the number of characters represented
        by an encoding.

        Note that when this TC is used for an object
        used or envisioned to be used as an index, then
        a SIZE restriction MUST be specified so that the
        number of sub-identifiers for any object instance
        does not exceed the limit of 128, as defined by



Waldbusser, et al.          Standards Track                    [Page 72]

RFC 4011              Policy Based Management MIB             March 2005


        RFC 3416.

        Note that the size of PmUTF8String object is
        measured in octets, not characters."
       SYNTAX       OCTET STRING (SIZE (0..65535))

-- The policy table

pmPolicyTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The policy table.  A policy is a pairing of a
        policyCondition and a policyAction that is used to apply the
        action to a selected set of elements."
    ::= { pmMib 1 }

pmPolicyEntry OBJECT-TYPE
    SYNTAX      PmPolicyEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry in the policy table representing one policy."
    INDEX { pmPolicyAdminGroup, pmPolicyIndex }
    ::= { pmPolicyTable 1 }

PmPolicyEntry ::= SEQUENCE {
    pmPolicyAdminGroup            PmUTF8String,
    pmPolicyIndex                 Unsigned32,
    pmPolicyPrecedenceGroup       PmUTF8String,
    pmPolicyPrecedence            Unsigned32,
    pmPolicySchedule              Unsigned32,
    pmPolicyElementTypeFilter     PmUTF8String,
    pmPolicyConditionScriptIndex  Unsigned32,
    pmPolicyActionScriptIndex     Unsigned32,
    pmPolicyParameters            OCTET STRING,
    pmPolicyConditionMaxLatency   Unsigned32,
    pmPolicyActionMaxLatency      Unsigned32,
    pmPolicyMaxIterations         Unsigned32,
    pmPolicyDescription           PmUTF8String,
    pmPolicyMatches               Gauge32,
    pmPolicyAbnormalTerminations  Gauge32,
    pmPolicyExecutionErrors       Counter32,
    pmPolicyDebugging             INTEGER,
    pmPolicyAdminStatus           INTEGER,
    pmPolicyStorageType           StorageType,
    pmPolicyRowStatus             RowStatus



Waldbusser, et al.          Standards Track                    [Page 73]

RFC 4011              Policy Based Management MIB             March 2005


}

pmPolicyAdminGroup OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE(0..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An administratively assigned string that can be used to group
        policies for convenience, for readability, or to simplify
        configuration of access control.

        The value of this string does not affect policy processing in
        any way.  If grouping is not desired or necessary, this object
        may be set to a zero-length string."
    ::= { pmPolicyEntry 1 }

pmPolicyIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A unique index for this policy entry, unique among all
         policies regardless of administrative group."
    ::= { pmPolicyEntry 2 }

pmPolicyPrecedenceGroup OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (0..32))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "An administratively assigned string that is used to group
        policies.  For each element, only one policy in the same
        precedence group may be active on that element.  If multiple
        policies would be active on an element (because their
        conditions return non-zero), the execution environment will
        only allow the policy with the highest value of
        pmPolicyPrecedence to be active.

        All values of this object must have been successfully
        transformed by Stringprep RFC 3454.  Management stations
        must perform this translation and must only set this object to
        string values that have been transformed."
    ::= { pmPolicyEntry 3 }

pmPolicyPrecedence OBJECT-TYPE
    SYNTAX      Unsigned32 (0..65535)
    MAX-ACCESS  read-create
    STATUS      current



Waldbusser, et al.          Standards Track                    [Page 74]

RFC 4011              Policy Based Management MIB             March 2005


    DESCRIPTION
        "If, while checking to see which policy conditions match an
        element, 2 or more ready policies in the same precedence group
        match the same element, the pmPolicyPrecedence object provides
        the rule to arbitrate which single policy will be active on
        'this element'.  Of policies in the same precedence group, only
        the ready and matching policy with the highest precedence
        value (e.g., 2 is higher than 1) will have its policy action
        periodically executed on 'this element'.

        When a policy is active on an element but the condition ceases
        to match the element, its action (if currently running) will
        be allowed to finish and then the condition-matching ready
        policy with the next-highest precedence will immediately
        become active (and have its action run immediately).  If the
        condition of a higher-precedence ready policy suddenly begins
        matching an element, the previously-active policy's action (if
        currently running) will be allowed to finish and then the
        higher precedence policy will immediately become active.  Its
        action will run immediately, and any lower-precedence matching
        policy will not be active anymore.

        In the case where multiple ready policies share the highest
        value, it is an implementation-dependent matter as to which
        single policy action will be chosen.

        Note that if it is necessary to take certain actions after a
        policy is no longer active on an element, these actions should
        be included in a lower-precedence policy that is in the same
        precedence group."
    ::= { pmPolicyEntry 4 }

pmPolicySchedule OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "This policy will be ready if any of the associated schedule
         entries are active.

         If the value of this object is 0, this policy is always
         ready.

         If the value of this object is non-zero but doesn't
         refer to a schedule group that includes an active schedule,
         then the policy will not be ready, even if this is due to a
         misconfiguration of this object or the pmSchedTable."
    ::= { pmPolicyEntry 5 }



Waldbusser, et al.          Standards Track                    [Page 75]

RFC 4011              Policy Based Management MIB             March 2005


pmPolicyElementTypeFilter OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (0..128))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object specifies the element types for which this policy
        can be executed.

        The format of this object will be a sequence of
        pmElementTypeRegOIDPrefix values, encoded in the following
        BNF form:

        elementTypeFilter:   oid [ ';' oid ]*
                      oid:   subid [ '.' subid ]*
                    subid:   '0' | decimal_constant

        For example, to register for the policy to be run on all
        interface elements, the 'ifEntry' element type will be
        registered as '1.3.6.1.2.1.2.2.1'.

        If a value is included that does not represent a registered
        pmElementTypeRegOIDPrefix, then that value will be ignored."
    ::= { pmPolicyEntry 6 }

pmPolicyConditionScriptIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "A pointer to the row or rows in the pmPolicyCodeTable that
         contain the condition code for this policy.  When a policy
         entry is created, a pmPolicyCodeIndex value unused by this
         policy's adminGroup will be assigned to this object.

         A policy condition is one or more PolicyScript statements
         that result(s) in a boolean value that represents whether
         an element is a member of a set of elements upon which an
         action is to be performed.  If a policy is ready and the
         condition returns true for an element of a proper element
         type, and if no higher-precedence policy should be active,
         then the policy is active on that element.

         Condition evaluation stops immediately when any run-time
         exception is detected, and the policyAction is not executed.

         The policyCondition is evaluated for various elements.  Any
         element for which the policyCondition returns any nonzero value
         will match the condition and will have the associated



Waldbusser, et al.          Standards Track                    [Page 76]

RFC 4011              Policy Based Management MIB             March 2005


         policyAction executed on that element unless a
         higher-precedence policy in the same precedence group also
         matches 'this element'.

         If the condition object is empty (contains no code) or
         otherwise does not return a value, the element will not be
         matched.

         When this condition is executed, if SNMP requests are made to
         the local system and secModel/secName/secLevel aren't
         specified, access to objects is under the security
         credentials of the requester who most recently modified the
         associated pmPolicyAdminStatus object.  If SNMP requests are
         made in which secModel/secName/secLevel are specified, then
         the specified credentials are retrieved from the local
         configuration datastore only if VACM is configured to
         allow access to the requester who most recently modified the
         associated pmPolicyAdminStatus object.  See the Security
         Considerations section for more information."
    ::= { pmPolicyEntry 7 }

pmPolicyActionScriptIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "A pointer to the row or rows in the pmPolicyCodeTable that
         contain the action code for this policy.  When a policy entry
         is created, a pmPolicyCodeIndex value unused by this policy's
         adminGroup will be assigned to this object.

         A PolicyAction is an operation performed on a
         set of elements for which the policy is active.

         Action evaluation stops immediately when any run-time
         exception is detected.

         When this condition is executed, if SNMP requests are made to
         the local system and secModel/secName/secLevel aren't
         specified, access to objects is under the security
         credentials of the requester who most recently modified the
         associated pmPolicyAdminStatus object.  If SNMP requests are
         made in which secModel/secName/secLevel are specified, then
         the specified credentials are retrieved from the local
         configuration datastore only if VACM is configured to
         allow access to the requester who most recently modified the
         associated pmPolicyAdminStatus object.  See the Security
         Considerations section for more information."



Waldbusser, et al.          Standards Track                    [Page 77]

RFC 4011              Policy Based Management MIB             March 2005


    ::= { pmPolicyEntry 8 }

pmPolicyParameters OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0..65535))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "From time to time, policy scripts may seek one or more
        parameters (e.g., site-specific constants).  These parameters
        may be installed with the script in this object and are
        accessible to the script via the getParameters() function.  If
        it is necessary for multiple parameters to be passed to the
        script, the script can choose whatever encoding/delimiting
        mechanism is most appropriate."
    ::= { pmPolicyEntry 9 }

pmPolicyConditionMaxLatency OBJECT-TYPE
    SYNTAX      Unsigned32 (0..2147483647)
    UNITS       "milliseconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Every element under the control of this agent is
        re-checked periodically to see whether it is under control
        of this policy by re-running the condition for this policy.
        This object lets the manager control the maximum amount of
        time that may pass before an element is re-checked.

        In other words, in any given interval of this duration, all
        elements must be re-checked.  Note that how the policy agent
        schedules the checking of various elements within this
        interval is an implementation-dependent matter.
        Implementations may wish to re-run a condition more
        quickly if they note a change to the role strings for an
        element."
    ::= { pmPolicyEntry 10 }

pmPolicyActionMaxLatency OBJECT-TYPE
    SYNTAX      Unsigned32 (0..2147483647)
    UNITS       "milliseconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Every element that matches this policy's condition and is
        therefore under control of this policy will have this policy's
        action executed periodically to ensure that the element
        remains in the state dictated by the policy.
        This object lets the manager control the maximum amount of



Waldbusser, et al.          Standards Track                    [Page 78]

RFC 4011              Policy Based Management MIB             March 2005


        time that may pass before an element has the action run on
        it.

        In other words, in any given interval of this duration, all
        elements under control of this policy must have the action run
        on them.  Note that how the policy agent schedules the policy
        action on various elements within this interval is an
        implementation-dependent matter."
    ::= { pmPolicyEntry 11 }

pmPolicyMaxIterations OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "If a condition or action script iterates in loops too many
        times in one invocation, the execution environment may
        consider it in an infinite loop or otherwise not acting
        as intended and may be terminated by the execution
        environment.  The execution environment will count the
        cumulative number of times all 'for' or 'while' loops iterated
        and will apply a threshold to determine when to terminate the
        script.  What threshold the execution environment uses is an
        implementation-dependent manner, but the value of
        this object SHOULD be the basis for choosing the threshold for
        each script.  The value of this object represents a
        policy-specific threshold and can be tuned for policies of
        varying workloads.  If this value is zero, no
        threshold will be enforced except for any
        implementation-dependent maximum.  Regardless of this value,
        the agent is allowed to terminate any script invocation that
        exceeds a local CPU or memory limitation.

        Note that the condition and action invocations are tracked
        separately."
    ::= { pmPolicyEntry 12 }

pmPolicyDescription OBJECT-TYPE
    SYNTAX      PmUTF8String
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "A description of this rule and its significance, typically
         provided by a human."
    ::= { pmPolicyEntry 13 }

pmPolicyMatches OBJECT-TYPE
    SYNTAX      Gauge32



Waldbusser, et al.          Standards Track                    [Page 79]

RFC 4011              Policy Based Management MIB             March 2005


    UNITS       "elements"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "The number of elements that, in their most recent execution
         of the associated condition, were matched by the condition."
    ::= { pmPolicyEntry 14 }

pmPolicyAbnormalTerminations OBJECT-TYPE
    SYNTAX      Gauge32
    UNITS       "elements"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "The number of elements that, in their most recent execution
         of the associated condition or action, have experienced a
         run-time exception and terminated abnormally.  Note that if a
         policy was experiencing a run-time exception while processing
         a particular element but runs normally on a subsequent
         invocation, this number can decline."
    ::= { pmPolicyEntry 15 }

pmPolicyExecutionErrors OBJECT-TYPE
    SYNTAX      Counter32
    UNITS       "errors"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "The total number of times that execution of this policy's
         condition or action has been terminated due to run-time
         exceptions."
    ::= { pmPolicyEntry 16 }

pmPolicyDebugging OBJECT-TYPE
    SYNTAX      INTEGER {
                    off(1),
                    on(2)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "The status of debugging for this policy.  If this is turned
         on(2), log entries will be created in the pmDebuggingTable
         for each run-time exception that is experienced by this
         policy."
    DEFVAL { off }
    ::= { pmPolicyEntry 17 }




Waldbusser, et al.          Standards Track                    [Page 80]

RFC 4011              Policy Based Management MIB             March 2005


pmPolicyAdminStatus OBJECT-TYPE
    SYNTAX      INTEGER {
                    disabled(1),
                    enabled(2),
                    enabledAutoRemove(3)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "The administrative status of this policy.

         The policy will be valid only if the associated
         pmPolicyRowStatus is set to active(1) and this object is set
         to enabled(2) or enabledAutoRemove(3).

         If this object is set to enabledAutoRemove(3), the next time
         the associated schedule moves from the active state to the
         inactive state, this policy will immediately be deleted,
         including any associated entries in the pmPolicyCodeTable.

         The following related objects may not be changed unless this
         object is set to disabled(1):
             pmPolicyPrecedenceGroup, pmPolicyPrecedence,
             pmPolicySchedule, pmPolicyElementTypeFilter,
             pmPolicyConditionScriptIndex, pmPolicyActionScriptIndex,
             pmPolicyParameters, and any pmPolicyCodeTable row
             referenced by this policy.
         In order to change any of these parameters, the policy must
         be moved to the disabled(1) state, changed, and then
         re-enabled.

         When this policy moves to either enabled state from the
         disabled state, any cached values of policy condition must be
         erased, and any Policy or PolicyElement scratchpad values for
         this policy should be removed.  Policy execution will begin by
         testing the policy condition on all appropriate elements."
    ::= { pmPolicyEntry 18 }

pmPolicyStorageType OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines whether this policy and any associated
         entries in the pmPolicyCodeTable are kept in volatile storage
         and lost upon reboot or if this row is backed up by
         non-volatile or permanent storage.




Waldbusser, et al.          Standards Track                    [Page 81]

RFC 4011              Policy Based Management MIB             March 2005


         If the value of this object is 'permanent', the values for
         the associated pmPolicyAdminStatus object must remain
         writable."
    ::= { pmPolicyEntry 19 }

pmPolicyRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "The row status of this pmPolicyEntry.

         The status may not be set to active if any of the related
         entries in the pmPolicyCode table do not have a status of
         active or if any of the objects in this row are not set to
         valid values.  Only the following objects may be modified
         while in the active state:
             pmPolicyParameters
             pmPolicyConditionMaxLatency
             pmPolicyActionMaxLatency
             pmPolicyDebugging
             pmPolicyAdminStatus

         If this row is deleted, any associated entries in the
         pmPolicyCodeTable will be deleted as well."
    ::= { pmPolicyEntry 20 }

-- Policy Code Table

pmPolicyCodeTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmPolicyCodeEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The pmPolicyCodeTable stores the code for policy conditions and
        actions.

        An example of the relationships between the code table and the
        policy table follows:

        pmPolicyTable
            AdminGroup  Index   ConditionScriptIndex  ActionScriptIndex
        A   ''          1       1                     2
        B   'oper'      1       1                     2
        C   'oper'      2       3                     4

        pmPolicyCodeTable
        AdminGroup  ScriptIndex  Segment    Note



Waldbusser, et al.          Standards Track                    [Page 82]

RFC 4011              Policy Based Management MIB             March 2005


        ''          1            1          Filter for policy A
        ''          2            1          Action for policy A
        'oper'      1            1          Filter for policy B
        'oper'      2            1          Action 1/2 for policy B
        'oper'      2            2          Action 2/2 for policy B
        'oper'      3            1          Filter for policy C
        'oper'      4            1          Action for policy C

        In this example, there are 3 policies: 1 in the '' adminGroup,
        and 2 in the 'oper' adminGroup.  Policy A has been assigned
        script indexes 1 and 2 (these script indexes are assigned out of
        a separate pool per adminGroup), with 1 code segment each for
        the filter and the action.  Policy B has been assigned script
        indexes 1 and 2 (out of the pool for the 'oper' adminGroup).
        While the filter has 1 segment, the action is longer and is
        loaded into 2 segments.  Finally, Policy C has been assigned
        script indexes 3 and 4, with 1 code segment each for the filter
        and the action."
    ::= { pmMib 2 }

pmPolicyCodeEntry OBJECT-TYPE
    SYNTAX      PmPolicyCodeEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry in the policy code table representing one code
        segment.  Entries that share a common AdminGroup/ScriptIndex
        pair make up a single script.  Valid values of ScriptIndex are
        retrieved from pmPolicyConditionScriptIndex and
        pmPolicyActionScriptIndex after a pmPolicyEntry is
        created.  Segments of code can then be written to this table
        with the learned ScriptIndex values.

        The StorageType of this entry is determined by the value of
        the associated pmPolicyStorageType.

        The pmPolicyAdminGroup element of the index represents the
        administrative group of the policy of which this code entry is
        a part."
    INDEX { pmPolicyAdminGroup, pmPolicyCodeScriptIndex,
            pmPolicyCodeSegment }
    ::= { pmPolicyCodeTable 1 }

PmPolicyCodeEntry ::= SEQUENCE {
    pmPolicyCodeScriptIndex    Unsigned32,
    pmPolicyCodeSegment        Unsigned32,
    pmPolicyCodeText           PmUTF8String,
    pmPolicyCodeStatus         RowStatus



Waldbusser, et al.          Standards Track                    [Page 83]

RFC 4011              Policy Based Management MIB             March 2005


}

pmPolicyCodeScriptIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A unique index for each policy condition or action.  The code
         for each such condition or action may be composed of multiple
         entries in this table if the code cannot fit in one entry.
         Values of pmPolicyCodeScriptIndex may not be used unless
         they have previously been assigned in the
         pmPolicyConditionScriptIndex or pmPolicyActionScriptIndex
         objects."
    ::= { pmPolicyCodeEntry 1 }

pmPolicyCodeSegment OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A unique index for each segment of a policy condition or
         action.

         When a policy condition or action spans multiple entries in
         this table, the code of that policy starts from the
         lowest-numbered segment and continues with increasing segment
         values until it ends with the highest-numbered segment."
    ::= { pmPolicyCodeEntry 2 }

pmPolicyCodeText OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (1..1024))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "A segment of policy code (condition or action).  Lengthy
         Policy conditions or actions may be stored in multiple
         segments in this table that share the same value of
         pmPolicyCodeScriptIndex.  When multiple segments are used, it
         is recommended that each segment be as large as is practical.

         Entries in this table are associated with policies by values
         of the pmPolicyConditionScriptIndex and
         pmPolicyActionScriptIndex objects.  If the status of the
         related policy is active, then this object may not be
         modified."
    ::= { pmPolicyCodeEntry 3 }




Waldbusser, et al.          Standards Track                    [Page 84]

RFC 4011              Policy Based Management MIB             March 2005


pmPolicyCodeStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "The status of this code entry.

         Entries in this table are associated with policies by values
         of the pmPolicyConditionScriptIndex and
         pmPolicyActionScriptIndex objects.  If the status of the
         related policy is active, then this object can not be
         modified (i.e., deleted or set to notInService), nor may new
         entries be created.

         If the status of this object is active, no objects in this
         row may be modified."
    ::= { pmPolicyCodeEntry 4 }

-- Element Type Registration Table

pmElementTypeRegTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmElementTypeRegEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A registration table for element types managed by this
        system.

        The Element Type Registration table allows the manager to
        learn what element types are being managed by the system and
        to register new types, if necessary.  An element type is
        registered by providing the OID of an SNMP object (i.e.,
        without the instance).  Each SNMP instance that exists under
        that object is a distinct element.  The index of the element is
        the index part of the discovered OID.  This index will be
        supplied to policy conditions and actions so that this code
        can inspect and configure the element.

        For example, this table might contain the following entries.
        The first three are agent-installed, and the 4th was
        downloaded by a management station:

  OIDPrefix        MaxLatency  Description               StorageType
  ifEntry          100 mS      interfaces - builtin      readOnly
  0.0              100 mS      system element - builtin  readOnly
  frCircuitEntry   100 mS      FR Circuits - builtin     readOnly
  hrSWRunEntry     60 sec      Running Processes         volatile




Waldbusser, et al.          Standards Track                    [Page 85]

RFC 4011              Policy Based Management MIB             March 2005


        Note that agents may automatically configure elements in this
        table for frequently used element types (interfaces, circuits,
        etc.).  In particular, it may configure elements for whom
        discovery is optimized in one or both of the following ways:

        1. The agent may discover elements by scanning internal data
           structures as opposed to issuing local SNMP requests.  It is
           possible to recreate the exact semantics described in this
           table even if local SNMP requests are not issued.

        2. The agent may receive asynchronous notification of new
           elements (for example, 'card inserted') and use that
           information to instantly create elements rather than
           through polling.  A similar feature might be available for
           the deletion of elements.

        Note that the disposition of agent-installed entries is
        described by the pmPolicyStorageType object."
    ::= { pmMib 3 }

pmElementTypeRegEntry OBJECT-TYPE
    SYNTAX      PmElementTypeRegEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A registration of an element type.

        Note that some values of this table's index may result in an
        instance name that exceeds a length of 128 sub-identifiers,
        which exceeds the maximum for the SNMP protocol.
        Implementations should take care to avoid such values."
    INDEX       { pmElementTypeRegOIDPrefix }
    ::= { pmElementTypeRegTable 1 }

PmElementTypeRegEntry ::= SEQUENCE {
    pmElementTypeRegOIDPrefix     OBJECT IDENTIFIER,
    pmElementTypeRegMaxLatency    Unsigned32,
    pmElementTypeRegDescription   PmUTF8String,
    pmElementTypeRegStorageType   StorageType,
    pmElementTypeRegRowStatus     RowStatus
}

pmElementTypeRegOIDPrefix OBJECT-TYPE
    SYNTAX      OBJECT IDENTIFIER
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This OBJECT IDENTIFIER value identifies a table in which all



Waldbusser, et al.          Standards Track                    [Page 86]

RFC 4011              Policy Based Management MIB             March 2005


        elements of this type will be found.  Every row in the
        referenced table will be treated as an element for the
        period of time that it remains in the table.  The agent will
        then execute policy conditions and actions as appropriate on
        each of these elements.

        This object identifier value is specified down to the 'entry'
        component (e.g., ifEntry) of the identifier.

        The index of each discovered row will be passed to each
        invocation of the policy condition and policy action.

        The actual mechanism by which instances are discovered is
        implementation dependent.  Periodic walks of the table to
        discover the rows in the table is one such mechanism.  This
        mechanism has the advantage that it can be performed by an
        agent with no knowledge of the names, syntax, or semantics
        of the MIB objects in the table.  This mechanism also serves as
        the reference design.  Other implementation-dependent
        mechanisms may be implemented that are more efficient (perhaps
        because they are hard coded) or that don't require polling.
        These mechanisms must discover the same elements as would the
        table-walking reference design.

        This object can contain a OBJECT IDENTIFIER, '0.0'.
        '0.0' represents the single instance of the system
        itself and provides an execution context for policies to
        operate on the 'system element' and on MIB objects
        modeled as scalars.  For example, '0.0' gives an execution
        context for policy-based selection of the operating system
        code version (likely modeled as a scalar MIB object).  The
        element type '0.0' always exists; as a consequence, no actual
        discovery will take place, and the pmElementTypeRegMaxLatency
        object will have no effect for the '0.0' element
        type.  However, if the '0.0' element type is not registered in
        the table, policies will not be executed on the '0.0' element.

        When a policy is invoked on behalf of a '0.0' entry in this
        table, the element name will be '0.0', and there is no index
        of 'this element' (in other words, it has zero length).

        As this object is used in the index for the
        pmElementTypeRegTable, users of this table should be careful
        not to create entries that would result in instance names with
        more than 128 sub-identifiers."
    ::= { pmElementTypeRegEntry 2 }





Waldbusser, et al.          Standards Track                    [Page 87]

RFC 4011              Policy Based Management MIB             March 2005


pmElementTypeRegMaxLatency OBJECT-TYPE
    SYNTAX      Unsigned32
    UNITS       "milliseconds"
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The PM agent is responsible for discovering new elements of
        types that are registered.  This object lets the manager
        control the maximum amount of time that may pass between the
        time an element is created and when it is discovered.

        In other words, in any given interval of this duration, all
        new elements must be discovered.  Note that how the policy
        agent schedules the checking of various elements within this
        interval is an implementation-dependent matter."
    ::= { pmElementTypeRegEntry 3 }

pmElementTypeRegDescription OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "A descriptive label for this registered type."
    ::= { pmElementTypeRegEntry 4 }

pmElementTypeRegStorageType OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines whether this row is kept
         in volatile storage and lost upon reboot or
         backed up by non-volatile or permanent storage.

         If the value of this object is 'permanent', no values in the
         associated row have to be writable."
    ::= { pmElementTypeRegEntry 5 }

pmElementTypeRegRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The status of this registration entry.

        If the value of this object is active, no objects in this row
        may be modified."
    ::= { pmElementTypeRegEntry 6 }



Waldbusser, et al.          Standards Track                    [Page 88]

RFC 4011              Policy Based Management MIB             March 2005


-- Role Table

pmRoleTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmRoleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The pmRoleTable is a read-create table that organizes role
        strings sorted by element.  This table is used to create and
        modify role strings and their associations, as well as to allow
        a management station to learn about the existence of roles and
        their associations.

        It is the responsibility of the agent to keep track of any
        re-indexing of the underlying SNMP elements and to continue to
        associate role strings with the element with which they were
        initially configured.

        Policy MIB agents that have elements in multiple local SNMP
        contexts have to allow some roles to be assigned to elements
        in particular contexts.  This is particularly true when some
        elements have the same names in different contexts and the
        context is required to disambiguate them.  In those situations,
        a value for the pmRoleContextName may be provided.  When a
        pmRoleContextName value is not provided, the assignment is to
        the element in the default context.

        Policy MIB agents that discover elements on other systems and
        execute policies on their behalf need to have access to role
        information for these remote elements.  In such situations,
        role assignments for other systems can be stored in this table
        by providing values for the pmRoleContextEngineID parameters.

    For example:
    Example:
    element       role    context ctxEngineID   #comment
    ifindex.1     gold                          local, default context
    ifindex.2     gold                          local, default context
    repeaterid.1  foo     rptr1                 local, rptr1 context
    repeaterid.1  bar     rptr2                 local, rptr2 context
    ifindex.1     gold    ''      A             different system
    ifindex.1     gold    ''      B             different system

         The agent must store role string associations in non-volatile
         storage."
    ::= { pmMib 4 }





Waldbusser, et al.          Standards Track                    [Page 89]

RFC 4011              Policy Based Management MIB             March 2005


pmRoleEntry OBJECT-TYPE
    SYNTAX      PmRoleEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A role string entry associates a role string with an
         individual element.

         Note that some combinations of index values may result in an
         instance name that exceeds a length of 128 sub-identifiers,
         which exceeds the maximum for the SNMP
         protocol.  Implementations should take care to avoid such
         combinations."
    INDEX       { pmRoleElement, pmRoleContextName,
                  pmRoleContextEngineID, pmRoleString }
    ::= { pmRoleTable 1 }

PmRoleEntry ::= SEQUENCE {
    pmRoleElement          RowPointer,
    pmRoleContextName      SnmpAdminString,
    pmRoleContextEngineID  OCTET STRING,
    pmRoleString           PmUTF8String,
    pmRoleStatus           RowStatus
}

pmRoleElement OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The element with which this role string is associated.

         For example, if the element is interface 3, then this object
         will contain the OID for 'ifIndex.3'.

         If the agent assigns new indexes in the MIB table to
         represent the same underlying element (re-indexing), the
         agent will modify this value to contain the new index for the
         underlying element.

         As this object is used in the index for the pmRoleTable,
         users of this table should be careful not to create entries
         that would result in instance names with more than 128
         sub-identifiers."
    ::= { pmRoleEntry 1 }






Waldbusser, et al.          Standards Track                    [Page 90]

RFC 4011              Policy Based Management MIB             March 2005


pmRoleContextName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (0..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is not in the default SNMP context
        for the target system, this object is used to identify the
        context.  If the element is in the default context, this object
        is equal to the empty string."
    ::= { pmRoleEntry 2 }

pmRoleContextEngineID OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0 | 5..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is on a remote system, this object
        is used to identify the remote system.  This object contains
        the contextEngineID of the system for which this role string
        assignment is valid.  If the element is on the local system
        this object will be the empty string."
    ::= { pmRoleEntry 3 }

pmRoleString OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (0..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The role string that is associated with an element through
         this table.  All role strings must have been successfully
         transformed by Stringprep RFC 3454.  Management stations
         must perform this translation and must only set this object
         to string values that have been transformed.

         A role string is an administratively specified characteristic
         of a managed element (for example, an interface).  It is a
         selector for policy rules, that determines the applicability of
         the rule to a particular managed element."
    ::= { pmRoleEntry 4 }

pmRoleStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "The status of this role string.





Waldbusser, et al.          Standards Track                    [Page 91]

RFC 4011              Policy Based Management MIB             March 2005


         If the value of this object is active, no object in this row
         may be modified."
    ::= { pmRoleEntry 5 }

-- Capabilities table

pmCapabilitiesTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmCapabilitiesEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The pmCapabilitiesTable contains a description of
         the inherent capabilities of the system so that
         management stations can learn of an agent's capabilities and
         differentially install policies based on the capabilities.

         Capabilities are expressed at the system level.  There can be
         variation in how capabilities are realized from one vendor or
         model to the next.  Management systems should consider these
         differences before selecting which policy to install in a
         system."
    ::= { pmMib 5 }

pmCapabilitiesEntry OBJECT-TYPE
    SYNTAX      PmCapabilitiesEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A capabilities entry holds an OID indicating support for a
         particular capability.  Capabilities may include hardware and
         software functions and the implementation of MIB
         Modules.  The semantics of the OID are defined in the
         description of pmCapabilitiesType.

         Entries appear in this table if any element in the system has
         a specific capability.  A capability should appear in this
         table only once, regardless of the number of elements in the
         system with that capability.  An entry is removed from this
         table when the last element in the system that has the
         capability is removed.  In some cases, capabilities are
         dynamic and exist only in software.  This table should have an
         entry for the capability even if there are no current
         instances.  Examples include systems with database or WEB
         services.  While the system has the ability to create new
         databases or WEB services, the entry should exist.  In these
         cases, the ability to create these services could come from
         other processes that are running in the system, even though
         there are no currently open databases or WEB servers running.



Waldbusser, et al.          Standards Track                    [Page 92]

RFC 4011              Policy Based Management MIB             March 2005


         Capabilities may include the implementation of MIB Modules
         but need not be limited to those that represent MIB Modules
         with one or more configurable objects.  It may also be
         valuable to include entries for capabilities that do not
         include configuration objects, as that information, in
         combination with other entries in this table, might be used
         by the management software to determine whether to
         install a policy.

         Vendor software may also add entries in this table to express
         capabilities from their private branch.

         Note that some values of this table's index may result in an
         instance name that exceeds a length of 128 sub-identifiers,
         which exceeds the maximum for the SNMP
         protocol.  Implementations should take care to avoid such
         values."
    INDEX       { pmCapabilitiesType }
    ::= { pmCapabilitiesTable 1 }

PmCapabilitiesEntry ::= SEQUENCE {
    pmCapabilitiesType               OBJECT IDENTIFIER
}

pmCapabilitiesType OBJECT-TYPE
    SYNTAX      OBJECT IDENTIFIER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "There are three types of OIDs that may be present in the
         pmCapabilitiesType object:

         1) The OID of a MODULE-COMPLIANCE macro that represents the
         highest level of compliance realized by the agent for that
         MIB Module.  For example, an agent that implements the OSPF
         MIB Module at the highest level of compliance would have the
         value of '1.3.6.1.2.1.14.15.2' in the pmCapabilitiesType
         object.  For software that realizes standard MIB
         Modules that do not have compliance statements, the base OID
         of the MIB Module should be used instead.  If the OSPF MIB
         Module had not been created with a compliance statement, then
         the correct value of the pmCapabilitiesType would be
         '1.3.6.1.2.1.14'.  In the cases where multiple compliance
         statements in a MIB Module are supported by the agent, and
         where one compliance statement does not by definition include
         the other, each of the compliance OIDs would have entries in
         this table.




Waldbusser, et al.          Standards Track                    [Page 93]

RFC 4011              Policy Based Management MIB             March 2005


         MIB Documents can contain more than one MIB Module.  In the
         case of OSPF, there is a second MIB Module
         that describes notifications for the OSPF Version 2 Protocol.
         If the agent also realizes these functions, an entry will
         also exist for those capabilities in this table.

         2) Vendors should install OIDs in this table that represent
         vendor-specific capabilities.  These capabilities can be
         expressed just as those described above for MIB Modules on
         the standards track.  In addition, vendors may install any
         OID they desire from their registered branch.  The OIDs may be
         at any level of granularity, from the root of their entire
         branch to an instance of a single OID.  There is no
         restriction on the number of registrations they may make,
         though care should be taken to avoid unnecessary entries.

         3) OIDs that represent one capability or a collection of
         capabilities that could be any collection of MIB Objects or
         hardware or software functions may be created in working
         groups and registered in a MIB Module.  Other entities (e.g.,
         vendors) may also make registrations.  Software will register
         these standard capability OIDs, as well as vendor specific
         OIDs.

         If the OID for a known capability is not present in the
         table, then it should be assumed that the capability is not
         implemented.

         As this object is used in the index for the
         pmCapabilitiesTable, users of this table should be careful
         not to create entries that would result in instance names
         with more than 128 sub-identifiers."
    ::= { pmCapabilitiesEntry 1 }

-- Capabilities override table

pmCapabilitiesOverrideTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmCapabilitiesOverrideEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The pmCapabilitiesOverrideTable allows management stations
         to override pmCapabilitiesTable entries that have been
         registered by the agent.  This facility can be used to avoid
         situations in which managers in the network send policies to
         a system that has advertised a capability in the
         pmCapabilitiesTable but that should not be installed on this
         particular system.  One example could be newly deployed



Waldbusser, et al.          Standards Track                    [Page 94]

RFC 4011              Policy Based Management MIB             March 2005


         equipment that is still in a trial state in a trial state or
         resources reserved for some other administrative reason.
         This table can also be used to override entries in the
         pmCapabilitiesTable through the use of the
         pmCapabilitiesOverrideState object.  Capabilities can also be
         declared available in this table that were not registered in
         the pmCapabilitiesTable.  A management application can make
         an entry in this table for any valid OID and declare the
         capability available by setting the
         pmCapabilitiesOverrideState for that row to valid(1)."
    ::= { pmMib 6 }

pmCapabilitiesOverrideEntry OBJECT-TYPE
    SYNTAX      PmCapabilitiesOverrideEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "An entry in this table indicates whether a particular
         capability is valid or invalid.

         Note that some values of this table's index may result in an
         instance name that exceeds a length of 128 sub-identifiers,
         which exceeds the maximum for the SNMP
         protocol.  Implementations should take care to avoid such
         values."
    INDEX       { pmCapabilitiesOverrideType }
    ::= { pmCapabilitiesOverrideTable 1 }

PmCapabilitiesOverrideEntry ::= SEQUENCE {
    pmCapabilitiesOverrideType               OBJECT IDENTIFIER,
    pmCapabilitiesOverrideState              INTEGER,
    pmCapabilitiesOverrideRowStatus          RowStatus
}

pmCapabilitiesOverrideType OBJECT-TYPE
    SYNTAX      OBJECT IDENTIFIER
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "This is the OID of the capability that is declared valid or
         invalid by the pmCapabilitiesOverrideState value for this
         row.  Any valid OID, as described in the pmCapabilitiesTable,
         is permitted in the pmCapabilitiesOverrideType object.  This
         means that capabilities can be expressed at any level, from a
         specific instance of an object to a table or entire module.
         There are no restrictions on whether these objects are from
         standards track MIB documents or in the private branch of the
         MIB.



Waldbusser, et al.          Standards Track                    [Page 95]

RFC 4011              Policy Based Management MIB             March 2005


         If an entry exists in this table for which there is a
         corresponding entry in the pmCapabilitiesTable, then this entry
         shall have precedence over the entry in the
         pmCapabilitiesTable.  All entries in this table must be
         preserved across reboots.

         As this object is used in the index for the
         pmCapabilitiesOverrideTable, users of this table should be
         careful not to create entries that would result in instance
         names with more than 128 sub-identifiers."
    ::= { pmCapabilitiesOverrideEntry 1 }

pmCapabilitiesOverrideState OBJECT-TYPE
    SYNTAX      INTEGER {
                    invalid(1),
                    valid(2)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "A pmCapabilitiesOverrideState of invalid indicates that
         management software should not send policies to this system
         for the capability identified in the
         pmCapabilitiesOverrideType for this row of the table.  This
         behavior is the same whether the capability represented by
         the pmCapabilitiesOverrideType exists only in this table
         (that is, it was installed by an external management
         application) or exists in this table as well as the
         pmCapabilitiesTable.  This would be the case when a manager
         wanted to disable a capability that the native management
         system found and registered in the pmCapabilitiesTable.

         An entry in this table that has a pmCapabilitiesOverrideState
         of valid should be treated as though it appeared in the
         pmCapabilitiesTable.  If the entry also exists in the
         pmCapabilitiesTable in the pmCapabilitiesType object, and if
         the value of this object is valid, then the system shall
         operate as though this entry did not exist and policy
         installations and executions will continue in a normal
         fashion."
    ::= { pmCapabilitiesOverrideEntry 2 }

pmCapabilitiesOverrideRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
         "The row status of this pmCapabilitiesOverrideEntry.



Waldbusser, et al.          Standards Track                    [Page 96]

RFC 4011              Policy Based Management MIB             March 2005


         If the value of this object is active, no object in this row
         may be modified."
    ::= { pmCapabilitiesOverrideEntry 3 }

-- The Schedule Group

pmSchedLocalTime OBJECT-TYPE
    SYNTAX      DateAndTime (SIZE (11))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The local time used by the scheduler.  Schedules that
         refer to calendar time will use the local time indicated
         by this object.  An implementation MUST return all 11 bytes
         of the DateAndTime textual-convention so that a manager
         may retrieve the offset from GMT time."
    ::= { pmMib 7 }

--
-- The schedule table that controls the scheduler.
--

pmSchedTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmSchedEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "This table defines schedules for policies."
    ::= { pmMib 8 }

pmSchedEntry OBJECT-TYPE
    SYNTAX      PmSchedEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "An entry describing a particular schedule.

        Unless noted otherwise, writable objects of this row can be
        modified independently of the current value of pmSchedRowStatus,
        pmSchedAdminStatus and pmSchedOperStatus.  In particular, it
        is legal to modify pmSchedWeekDay, pmSchedMonth, and
        pmSchedDay when pmSchedRowStatus is active."
    INDEX { pmSchedIndex }
    ::= { pmSchedTable 1 }







Waldbusser, et al.          Standards Track                    [Page 97]

RFC 4011              Policy Based Management MIB             March 2005


PmSchedEntry ::= SEQUENCE {
    pmSchedIndex          Unsigned32,
    pmSchedGroupIndex     Unsigned32,
    pmSchedDescr          PmUTF8String,
    pmSchedTimePeriod     PmUTF8String,
    pmSchedMonth          BITS,
    pmSchedDay            BITS,
    pmSchedWeekDay        BITS,
    pmSchedTimeOfDay      PmUTF8String,
    pmSchedLocalOrUtc     INTEGER,
    pmSchedStorageType    StorageType,
    pmSchedRowStatus      RowStatus
}

pmSchedIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The locally unique, administratively assigned index for this
        scheduling entry."
    ::= { pmSchedEntry 1 }

pmSchedGroupIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The locally unique, administratively assigned index for the
        schedule group this scheduling entry belongs to.

        To assign multiple schedule entries to the same group, the
        pmSchedGroupIndex of each entry in the group will be set to
        the same value.  This pmSchedGroupIndex value must be equal to
        the pmSchedIndex of one of the entries in the group.  If the
        entry whose pmSchedIndex equals the pmSchedGroupIndex
        for the group is deleted, the agent will assign a new
        pmSchedGroupIndex to all remaining members of the group.

        If an entry is not a member of a group, its pmSchedGroupIndex
        must be assigned to the value of its pmSchedIndex.

        Policies that are controlled by a group of schedule entries
        are active when any schedule in the group is active."
    ::= { pmSchedEntry 2 }






Waldbusser, et al.          Standards Track                    [Page 98]

RFC 4011              Policy Based Management MIB             March 2005


pmSchedDescr OBJECT-TYPE
    SYNTAX      PmUTF8String
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The human-readable description of the purpose of this
        scheduling entry."
    DEFVAL { ''H }
    ::= { pmSchedEntry 3 }

pmSchedTimePeriod OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (0..31))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The overall range of calendar dates and times over which this
        schedule is active.  It is stored in a slightly extended version
        of the format for a 'period-explicit' defined in RFC 2445.
        This format is expressed as a string representing the
        starting date and time, in which the character 'T' indicates
        the beginning of the time portion, followed by the solidus
        character, '/', followed by a similar string representing an
        end date and time.  The start of the period MUST be before the
        end of the period.  Date-Time values are expressed as
        substrings of the form 'yyyymmddThhmmss'.  For example:

            20000101T080000/20000131T130000

              January 1, 2000, 0800 through January 31, 2000, 1PM

        The 'Date with UTC time' format defined in RFC 2445 in which
        the Date-Time string ends with the character 'Z' is not
        allowed.

        This 'period-explicit' format is also extended to allow two
        special cases in which one of the Date-Time strings is
        replaced with a special string defined in RFC 2445:

        1. If the first Date-Time value is replaced with the string
           'THISANDPRIOR', then the value indicates that the schedule
           is active at any time prior to the Date-Time that appears
           after the '/'.

        2. If the second Date-Time is replaced with the string
           'THISANDFUTURE', then the value indicates that the schedule
           is active at any time after the Date-Time that appears
           before the '/'.




Waldbusser, et al.          Standards Track                    [Page 99]

RFC 4011              Policy Based Management MIB             March 2005


        Note that although RFC 2445 defines these two strings, they are
        not specified for use in the 'period-explicit' format.  The use
        of these strings represents an extension to the
        'period-explicit' format."
    ::= { pmSchedEntry 4 }

pmSchedMonth OBJECT-TYPE
    SYNTAX      BITS {
                    january(0),
                    february(1),
                    march(2),
                    april(3),
                    may(4),
                    june(5),
                    july(6),
                    august(7),
                    september(8),
                    october(9),
                    november(10),
                    december(11)
                }

    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Within the overall time period specified in the
        pmSchedTimePeriod object, the value of this object specifies
        the specific months within that time period when the schedule
        is active.  Setting all bits will cause the schedule to act
        independently of the month."
    DEFVAL { { january, february, march, april, may, june, july,
               august, september, october, november, december } }
    ::= { pmSchedEntry 5 }

pmSchedDay OBJECT-TYPE
    SYNTAX      BITS {
                    d1(0),   d2(1),   d3(2),   d4(3),   d5(4),
                    d6(5),   d7(6),   d8(7),   d9(8),   d10(9),
                    d11(10), d12(11), d13(12), d14(13), d15(14),
                    d16(15), d17(16), d18(17), d19(18), d20(19),
                    d21(20), d22(21), d23(22), d24(23), d25(24),
                    d26(25), d27(26), d28(27), d29(28), d30(29),
                    d31(30),
                    r1(31),  r2(32),  r3(33),  r4(34),  r5(35),
                    r6(36),  r7(37),  r8(38),  r9(39),  r10(40),
                    r11(41), r12(42), r13(43), r14(44), r15(45),
                    r16(46), r17(47), r18(48), r19(49), r20(50),
                    r21(51), r22(52), r23(53), r24(54), r25(55),



Waldbusser, et al.          Standards Track                   [Page 100]

RFC 4011              Policy Based Management MIB             March 2005


                    r26(56), r27(57), r28(58), r29(59), r30(60),
                    r31(61)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Within the overall time period specified in the
        pmSchedTimePeriod object, the value of this object specifies
        the specific days of the month within that time period when
        the schedule is active.

        There are two sets of bits one can use to define the day
        within a month:

        Enumerations starting with the letter 'd' indicate a
        day in a month relative to the first day of a month.
        The first day of the month can therefore be specified
        by setting the bit d1(0), and d31(30) means the last
        day of a month with 31 days.

        Enumerations starting with the letter 'r' indicate a
        day in a month in reverse order, relative to the last
        day of a month.  The last day in the month can therefore
        be specified by setting the bit r1(31), and r31(61) means
        the first day of a month with 31 days.

        Setting multiple bits will include several days in the set
        of possible days for this schedule.  Setting all bits starting
        with the letter 'd' or all bits starting with the letter 'r'
        will cause the schedule to act independently of the day of the
        month."
    DEFVAL { {  d1, d2, d3, d4, d5, d6, d7, d8, d9, d10,
                d11, d12, d13, d14, d15, d16, d17, d18, d19, d20,
                d21, d22, d23, d24, d25, d26, d27, d28, d29, d30,
                d31, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10,
                r11, r12, r13, r14, r15, r16, r17, r18, r19, r20,
                r21, r22, r23, r24, r25, r26, r27, r28, r29, r30,
                r31 } }
    ::= { pmSchedEntry 6 }

pmSchedWeekDay OBJECT-TYPE
    SYNTAX      BITS {
                    sunday(0),
                    monday(1),
                    tuesday(2),
                    wednesday(3),
                    thursday(4),
                    friday(5),



Waldbusser, et al.          Standards Track                   [Page 101]

RFC 4011              Policy Based Management MIB             March 2005


                    saturday(6)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "Within the overall time period specified in the
        pmSchedTimePeriod object, the value of this object specifies
        the specific days of the week within that time period when
        the schedule is active.  Setting all bits will cause the
        schedule to act independently of the day of the week."
    DEFVAL { { sunday, monday, tuesday, wednesday, thursday,
               friday, saturday } }
    ::= { pmSchedEntry 7 }

pmSchedTimeOfDay OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (0..15))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION

        "Within the overall time period specified in the
        pmSchedTimePeriod object, the value of this object specifies
        the range of times in a day when the schedule is active.

        This value is stored in a format based on the RFC 2445 format
        for 'time': The character 'T' followed by a 'time' string,
        followed by the solidus character, '/', followed by the
        character 'T', followed by a second time string.  The first time
        indicates the beginning of the range, and the second time
        indicates the end.  Thus, this value takes the following
        form:

            'Thhmmss/Thhmmss'.

        The second substring always identifies a later time than the
        first substring.  To allow for ranges that span midnight,
        however, the value of the second string may be smaller than
        the value of the first substring.  Thus, 'T080000/T210000'
        identifies the range from 0800 until 2100, whereas
        'T210000/T080000' identifies the range from 2100 until 0800 of
        the following day.

        When a range spans midnight, by definition it includes parts
        of two successive days.  When one of these days is also
        selected by either the MonthOfYearMask, DayOfMonthMask, and/or
        DayOfWeekMask, but the other day is not, then the policy is
        active only during the portion of the range that falls on the
        selected day.  For example, if the range extends from 2100



Waldbusser, et al.          Standards Track                   [Page 102]

RFC 4011              Policy Based Management MIB             March 2005


        until 0800, and the day of week mask selects Monday and
        Tuesday, then the policy is active during the following three
        intervals:

            From midnight Sunday until 0800 Monday
            From 2100 Monday until 0800 Tuesday
            From 2100 Tuesday until 23:59:59 Tuesday

         Setting this value to 'T000000/T235959' will cause the
         schedule to act independently of the time of day."
    DEFVAL { '543030303030302F54323335393539'H } -- T000000/T235959
    ::= { pmSchedEntry 8 }

pmSchedLocalOrUtc OBJECT-TYPE
    SYNTAX      INTEGER {
                    localTime(1),
                    utcTime(2)
                }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object indicates whether the times represented in the
        TimePeriod object and in the various Mask objects represent
        local times or UTC times."
    DEFVAL { utcTime }
    ::= { pmSchedEntry 9 }

pmSchedStorageType OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object defines whether this schedule entry is kept
         in volatile storage and lost upon reboot or
         backed up by non-volatile or permanent storage.

         Conceptual rows having the value 'permanent' must allow write
         access to the columnar objects pmSchedDescr, pmSchedWeekDay,
         pmSchedMonth, and pmSchedDay.

         If the value of this object is 'permanent', no values in the
         associated row have to be writable."
    DEFVAL { volatile }
    ::= { pmSchedEntry 10 }







Waldbusser, et al.          Standards Track                   [Page 103]

RFC 4011              Policy Based Management MIB             March 2005


pmSchedRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "The status of this schedule entry.

         If the value of this object is active, no object in this row
         may be modified."
    ::= { pmSchedEntry 11 }

-- Policy Tracking

-- The "policy to element" (PE) table and the "element to policy" (EP)
-- table track the status of execution contexts grouped by policy and
-- element respectively.

pmTrackingPETable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmTrackingPEEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The pmTrackingPETable describes what elements
         are active (under control of) a policy.  This table is indexed
         in order to optimize retrieval of the entire status for a
         given policy."
    ::= { pmMib 9 }

pmTrackingPEEntry OBJECT-TYPE
    SYNTAX      PmTrackingPEEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "An entry in the pmTrackingPETable.  The pmPolicyIndex in
         the index specifies the policy tracked by this entry.

         Note that some combinations of index values may result in an
         instance name that exceeds a length of 128 sub-identifiers,
         which exceeds the maximum for the SNMP
         protocol.  Implementations should take care to avoid such
         combinations."
    INDEX       { pmPolicyIndex, pmTrackingPEElement,
                  pmTrackingPEContextName, pmTrackingPEContextEngineID }
    ::= { pmTrackingPETable 1 }







Waldbusser, et al.          Standards Track                   [Page 104]

RFC 4011              Policy Based Management MIB             March 2005


PmTrackingPEEntry ::= SEQUENCE {
    pmTrackingPEElement          RowPointer,
    pmTrackingPEContextName      SnmpAdminString,
    pmTrackingPEContextEngineID  OCTET STRING,
    pmTrackingPEInfo             BITS
}

pmTrackingPEElement OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The element that is acted upon by the associated policy.

         As this object is used in the index for the
         pmTrackingPETable, users of this table should be careful not
         to create entries that would result in instance names with
         more than 128 sub-identifiers."
    ::= { pmTrackingPEEntry 1 }

pmTrackingPEContextName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (0..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is not in the default SNMP context
        for the target system, this object is used to identify the
        context.  If the element is in the default context, this object
        is equal to the empty string."
    ::= { pmTrackingPEEntry 2 }

pmTrackingPEContextEngineID OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0 | 5..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is on a remote system, this object
        is used to identify the remote system.  This object contains
        the contextEngineID of the system on which the associated
        element resides.  If the element is on the local system,
        this object will be the empty string."
    ::= { pmTrackingPEEntry 3 }

pmTrackingPEInfo OBJECT-TYPE
    SYNTAX      BITS {
                    actionSkippedDueToPrecedence(0),
                    conditionRunTimeException(1),
                    conditionUserSignal(2),



Waldbusser, et al.          Standards Track                   [Page 105]

RFC 4011              Policy Based Management MIB             March 2005


                    actionRunTimeException(3),
                    actionUserSignal(4)
                }
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "This object returns information about the previous policy
         script executions.

         If the actionSkippedDueToPrecedence(1) bit is set, the last
         execution of the associated policy condition returned non-zero,
         but the action is not active, because it was trumped by a
         matching policy condition in the same precedence group with a
         higher precedence value.

         If the conditionRunTimeException(2) bit is set, the last
         execution of the associated policy condition encountered a
         run-time exception and aborted.

         If the conditionUserSignal(3) bit is set, the last
         execution of the associated policy condition called the
         signalError() function.

         If the actionRunTimeException(4) bit is set, the last
         execution of the associated policy action encountered a
         run-time exception and aborted.

         If the actionUserSignal(5) bit is set, the last
         execution of the associated policy action called the
         signalError() function.

         Entries will only exist in this table of one or more bits are
         set.  In particular, if an entry does not exist for a
         particular policy/element combination, it can be assumed that
         the policy's condition did not match 'this element'."
    ::= { pmTrackingPEEntry 4 }

-- Element to Policy Table

pmTrackingEPTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmTrackingEPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The pmTrackingEPTable describes what policies
         are controlling an element.  This table is indexed in
         order to optimize retrieval of the status of all policies
         active for a given element."



Waldbusser, et al.          Standards Track                   [Page 106]

RFC 4011              Policy Based Management MIB             March 2005


    ::= { pmMib 10 }

pmTrackingEPEntry OBJECT-TYPE
    SYNTAX      PmTrackingEPEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "An entry in the pmTrackingEPTable.  Entries exist for all
         element/policy combinations for which the policy's condition
         matches and only if the schedule for the policy is active.

         The pmPolicyIndex in the index specifies the policy
         tracked by this entry.

         Note that some combinations of index values may result in an
         instance name that exceeds a length of 128 sub-identifiers,
         which exceeds the maximum for the SNMP protocol.
         Implementations should take care to avoid such combinations."
    INDEX       { pmTrackingEPElement, pmTrackingEPContextName,
                  pmTrackingEPContextEngineID, pmPolicyIndex }
    ::= { pmTrackingEPTable 1 }

PmTrackingEPEntry ::= SEQUENCE {
    pmTrackingEPElement          RowPointer,
    pmTrackingEPContextName      SnmpAdminString,
    pmTrackingEPContextEngineID  OCTET STRING,
    pmTrackingEPStatus           INTEGER
}

pmTrackingEPElement OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The element acted upon by the associated policy.

         As this object is used in the index for the
         pmTrackingEPTable, users of this table should be careful
         not to create entries that would result in instance names
         with more than 128 sub-identifiers."
    ::= { pmTrackingEPEntry 1 }

pmTrackingEPContextName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (0..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is not in the default SNMP context



Waldbusser, et al.          Standards Track                   [Page 107]

RFC 4011              Policy Based Management MIB             March 2005


        for the target system, this object is used to identify the
        context.  If the element is in the default context, this object
        is equal to the empty string."
    ::= { pmTrackingEPEntry 2 }

pmTrackingEPContextEngineID OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0 | 5..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is on a remote system, this object
        is used to identify the remote system.  This object contains
        the contextEngineID of the system on which the associated
        element resides.  If the element is on the local system,
        this object will be the empty string."
    ::= { pmTrackingEPEntry 3 }

pmTrackingEPStatus OBJECT-TYPE
    SYNTAX      INTEGER {
                    on(1),
                    forceOff(2)
                }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This entry will only exist if the calendar for the policy is
         active and if the associated policyCondition returned 1 for
         'this element'.

         A policy can be forcibly disabled on a particular element
         by setting this value to forceOff(2).  The agent should then
         act as though the policyCondition failed for 'this element'.
         The forceOff(2) state will persist (even across reboots) until
         this value is set to on(1) by a management request.  The
         forceOff(2) state may be set even if the entry does not
         previously exist so that future policy invocations can be
         avoided.

         Unless forcibly disabled, if this entry exists, its value
         will be on(1)."
    ::= { pmTrackingEPEntry 4 }

-- Policy Debugging Table

pmDebuggingTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF PmDebuggingEntry
    MAX-ACCESS  not-accessible
    STATUS      current



Waldbusser, et al.          Standards Track                   [Page 108]

RFC 4011              Policy Based Management MIB             March 2005


    DESCRIPTION
         "Policies that have debugging turned on will generate a log
         entry in the policy debugging table for every runtime
         exception that occurs in either the condition or action
         code.

         The pmDebuggingTable logs debugging messages when
         policies experience run-time exceptions in either the condition
         or action code and the associated pmPolicyDebugging object
         has been turned on.

         The maximum number of debugging entries that will be stored
         and the maximum length of time an entry will be kept are an
         implementation-dependent manner.  If entries must
         be discarded to make room for new entries, the oldest entries
         must be discarded first.

         If the system restarts, all debugging entries may be deleted."
    ::= { pmMib 11 }

pmDebuggingEntry OBJECT-TYPE
    SYNTAX      PmDebuggingEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "An entry in the pmDebuggingTable.  The pmPolicyIndex in the
         index specifies the policy that encountered the exception
         that led to this log entry.

         Note that some combinations of index values may result in an
         instance name that exceeds a length of 128 sub-identifiers,
         which exceeds the maximum for the SNMP protocol.
         Implementations should take care to avoid such combinations."
    INDEX       { pmPolicyIndex, pmDebuggingElement,
                  pmDebuggingContextName, pmDebuggingContextEngineID,
                  pmDebuggingLogIndex }
    ::= { pmDebuggingTable 1 }

PmDebuggingEntry ::= SEQUENCE {
    pmDebuggingElement          RowPointer,
    pmDebuggingContextName      SnmpAdminString,
    pmDebuggingContextEngineID  OCTET STRING,
    pmDebuggingLogIndex         Unsigned32,
    pmDebuggingMessage          PmUTF8String
}






Waldbusser, et al.          Standards Track                   [Page 109]

RFC 4011              Policy Based Management MIB             March 2005


pmDebuggingElement OBJECT-TYPE
    SYNTAX      RowPointer
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "The element the policy was executing on when it encountered
         the error that led to this log entry.

         For example, if the element is interface 3, then this object
         will contain the OID for 'ifIndex.3'.

         As this object is used in the index for the
         pmDebuggingTable, users of this table should be careful
         not to create entries that would result in instance names
         with more than 128 sub-identifiers."
    ::= { pmDebuggingEntry 1 }

pmDebuggingContextName OBJECT-TYPE
    SYNTAX      SnmpAdminString (SIZE (0..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is not in the default SNMP context
        for the target system, this object is used to identify the
        context.  If the element is in the default context, this object
        is equal to the empty string."
    ::= { pmDebuggingEntry 2 }

pmDebuggingContextEngineID OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (0 | 5..32))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "If the associated element is on a remote system, this object
        is used to identify the remote system.  This object contains
        the contextEngineID of the system on which the associated
        element resides.  If the element is on the local system,
        this object will be the empty string."
    ::= { pmDebuggingEntry 3 }

pmDebuggingLogIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
         "A unique index for this log entry among other log entries
         for this policy/element combination."
    ::= { pmDebuggingEntry 4 }



Waldbusser, et al.          Standards Track                   [Page 110]

RFC 4011              Policy Based Management MIB             March 2005


pmDebuggingMessage OBJECT-TYPE
    SYNTAX      PmUTF8String (SIZE (0..128))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "An error message generated by the policy execution
         environment.  It is recommended that this message include the
         time of day when the message was generated, if known."
    ::= { pmDebuggingEntry 5 }

-- Notifications

pmNotifications OBJECT IDENTIFIER ::= { pmMib 0 }

pmNewRoleNotification NOTIFICATION-TYPE
    OBJECTS     { pmRoleStatus }
    STATUS      current
    DESCRIPTION
        "The pmNewRoleNotification is sent when an agent is configured
        with its first instance of a previously unused role string
        (not every time a new element is given a particular role).

        An instance of the pmRoleStatus object is sent containing
        the new roleString in its index.  In the event that two or
        more elements are given the same role simultaneously, it is an
        implementation-dependent matter as to which pmRoleTable
        instance will be included in the notification."
    ::= { pmNotifications 1 }

pmNewCapabilityNotification NOTIFICATION-TYPE
    OBJECTS     { pmCapabilitiesType }
    STATUS      current
    DESCRIPTION
        "The pmNewCapabilityNotification is sent when an agent
        gains a new capability that did not previously exist in any
        element on the system (not every time an element gains a
        particular capability).

        An instance of the pmCapabilitiesType object is sent containing
        the identity of the new capability.  In the event that two or
        more elements gain the same capability simultaneously, it is an
        implementation-dependent matter as to which pmCapabilitiesType
        instance will be included in the notification."
    ::= { pmNotifications 2 }

pmAbnormalTermNotification NOTIFICATION-TYPE
    OBJECTS     { pmTrackingPEInfo }
    STATUS      current



Waldbusser, et al.          Standards Track                   [Page 111]

RFC 4011              Policy Based Management MIB             March 2005


    DESCRIPTION
        "The pmAbnormalTermNotification is sent when a policy's
        pmPolicyAbnormalTerminations gauge value changes from zero to
        any value greater than zero and no such notification has been
        sent for that policy in the last 5 minutes.

        The notification contains an instance of the pmTrackingPEInfo
        object where the pmPolicyIndex component of the index
        identifies the associated policy and the rest of the index
        identifies an element on which the policy failed."
    ::= { pmNotifications 3 }

-- Compliance Statements

    pmConformance   OBJECT IDENTIFIER ::= { pmMib 12 }
    pmCompliances   OBJECT IDENTIFIER ::= { pmConformance 1 }
    pmGroups        OBJECT IDENTIFIER ::= { pmConformance 2 }

pmCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
        "Describes the requirements for conformance to
        the Policy-Based Management MIB"
    MODULE  -- this module
        MANDATORY-GROUPS { pmPolicyManagementGroup, pmSchedGroup,
                           pmNotificationGroup }
    ::= { pmCompliances 1 }

pmPolicyManagementGroup OBJECT-GROUP
    OBJECTS { pmPolicyPrecedenceGroup, pmPolicyPrecedence,
              pmPolicySchedule, pmPolicyElementTypeFilter,
              pmPolicyConditionScriptIndex, pmPolicyActionScriptIndex,
              pmPolicyParameters,
              pmPolicyConditionMaxLatency, pmPolicyActionMaxLatency,
              pmPolicyMaxIterations,
              pmPolicyDescription, pmPolicyMatches,
              pmPolicyAbnormalTerminations,
              pmPolicyExecutionErrors, pmPolicyDebugging,
              pmPolicyStorageType, pmPolicyAdminStatus,
              pmPolicyRowStatus, pmPolicyCodeText, pmPolicyCodeStatus,
              pmElementTypeRegMaxLatency, pmElementTypeRegDescription,
              pmElementTypeRegStorageType, pmElementTypeRegRowStatus,
              pmRoleStatus,
              pmCapabilitiesType, pmCapabilitiesOverrideState,
              pmCapabilitiesOverrideRowStatus,
              pmTrackingPEInfo,
              pmTrackingEPStatus,
              pmDebuggingMessage }



Waldbusser, et al.          Standards Track                   [Page 112]

RFC 4011              Policy Based Management MIB             March 2005


    STATUS  current
    DESCRIPTION
        "Objects that allow for the creation and management of
        configuration policies."
    ::=  { pmGroups 1 }

pmSchedGroup OBJECT-GROUP
    OBJECTS { pmSchedLocalTime, pmSchedGroupIndex,
              pmSchedDescr, pmSchedTimePeriod,
              pmSchedMonth, pmSchedDay, pmSchedWeekDay,
              pmSchedTimeOfDay, pmSchedLocalOrUtc, pmSchedStorageType,
              pmSchedRowStatus
            }
    STATUS current
    DESCRIPTION
        "Objects that allow for the scheduling of policies."
    ::= { pmGroups 2 }

pmNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS { pmNewRoleNotification,
                    pmNewCapabilityNotification,
                    pmAbnormalTermNotification }
    STATUS        current
    DESCRIPTION
        "Notifications sent by an Policy MIB agent."
    ::= { pmGroups 3 }

pmBaseFunctionLibrary OBJECT IDENTIFIER ::= { pmGroups 4 }

END

12.  Relationship to Other MIB Modules

   When policy-based management is used specifically for (policy-based)
   configuration, the "Configuring Networks and Devices With SNMP" RFC
   3512 [19] document describes configuration management practices,
   terminology, and an example of a MIB Module that may be helpful to
   those developing and using this technology.

   The Policy MIB accesses system instrumentation for the purposes of
   policy evaluation, control, notification, monitoring, and error
   reporting.  This information is available to managers in the form of
   MIB objects.  Information about system configuration is modified by
   the Policy MIB through MIB objects defined in other MIB Modules.

   Details about the operational or configuration details of a system
   are retrieved by the manager via access to the specific MIB objects
   available in a network element.  As such, the Policy MIB can use any



Waldbusser, et al.          Standards Track                   [Page 113]

RFC 4011              Policy Based Management MIB             March 2005


   standard or vendor-defined object that exists on a managed system.
   In particular, the Policy MIB may access standard or vendor specific
   objects that are instance-specific such as BGP timeout parameters and
   specific interface counters.

13.  Security Considerations

   This MIB contains no objects for which read access would disclose
   sensitive information.

   There are a number of management objects defined in this MIB that
   have a MAX-ACCESS clause of read-write and/or read-create.  Such
   objects may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.

   With the exception of pmPolicyDescription, pmPolicyDebugging,
   pmElementTypeRegDescription, and pmSchedDescr, EVERY read-create and
   read-write object in this MIB should be considered sensitive because
   if an unauthorized user could manipulate these objects, s/he could
   cause the Policy MIB system to use the stored credentials of an
   authorized user to perform unauthorized and potentially harmful
   operations.

   There are no read-only objects in this MIB that contain sensitive
   information.

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementers consider the security features as
   provided by the SNMPv3 framework (see [16], section 8), including
   full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.





Waldbusser, et al.          Standards Track                   [Page 114]

RFC 4011              Policy Based Management MIB             March 2005


   An implementation must ensure that access control rules are applied
   when SNMP operations are performed in policy scripts.  To ensure
   this, an implementation must record and maintain the security
   credentials of the last entity to modify each policy's
   pmPolicyAdminStatus object.  The credentials to store are the
   securityModel, securityName, and securityLevel and will be used as
   input parameters for isAccessAllowed from the Architecture for
   Describing SNMP Management Frameworks [1].  This mechanism was first
   introduced in the DISMAN-SCHEDULE-MIB [12].

   SNMP requests made when secModel, secName, and secLevel are specified
   use credentials stored in the local configuration datastore.  Access
   to these credentials depends on the security credentials of the last
   entity to modify the policy's pmPolicyAdminStatus object.  To
   determine whether the credentials can be accessed, the
   isAccessAllowed abstract service interface defined in RFC 3411 [1] is
   called:

      statusInformation =          -- success or errorIndication
        isAccessAllowed(

        IN   securityModel         -- Security Model used
        IN   securityName          -- principal who wants to access
        IN   securityLevel         -- Level of Security used
        IN   viewType              -- write
        IN   contextName           -- context containing variableName
        IN   variableName          -- OID for an object in the proper
                                   -- LCD entry
             )

      The securityModel, securityName, and securityLevel parameters are
      set to the values that were recorded when the policy was modified.
      The viewType is set to write, and the contextName and variableName
      are set to select any read-create object in the appropriate LCD
      entry.

   Proper configuration of VACM requires that write access to an LCD
   entry not be given to entities that aren't authorized to use the
   credentials therein.

   Access control for SNMP requests made to the local system where
   secModel, secName, and secLevel aren't specified depends on the
   security credentials of the last entity to modify the policy's
   pmPolicyAdminStatus object.  To determine whether the operation
   should succeed, the isAccessAllowed abstract service interface
   defined in RFC 3411 [1] is called:





Waldbusser, et al.          Standards Track                   [Page 115]

RFC 4011              Policy Based Management MIB             March 2005


      statusInformation =          -- success or errorIndication
        isAccessAllowed(
        IN   securityModel         -- Security Model in use
        IN   securityName          -- principal who wants to access
        IN   securityLevel         -- Level of Security
        IN   viewType              -- read, write, or notify view
        IN   contextName           -- context as specified
        IN   variableName          -- OID for the managed object
             )

      The securityModel, securityName, and securityLevel parameters are
      set to the values that were recorded when the policy was modified.
      The viewType, contextName, and variableName parameters are set as
      appropriate for the requested SNMP operation.

   Unless all users who have write access to the pmPolicyTable and
   pmPolicyCodeTable have equivalent access to the managed system,
   policy scripts could be used by a user to gain the privileges of
   another user.  Therefore, when policy users have different access,
   access control should be applied so that a user's policies cannot be
   modified by another user.  To make this more convenient, a user can
   place all of his or her policies in the same pmPolicyAdminGroup so
   that a single access control view can apply to all of them.

   Some policies may be designed to ensure the security of a network.
   If these policies have not been installed pending the appearance of a
   role or capability, some delay will occur in their activation
   policies when the role or capability appears because a responsible
   manager must notice the change and install the policy.  This delay
   may expose the device or the network to unacceptable security
   vulnerabilities during this delay.  If the role or capability appears
   during a time of network stress or when the management station is
   unavailable, this delay could be extensive, further increasing the
   exposure.  It is recommended that management stations install any
   security-related policies that might ever be needed on a particular
   managed device, even if a nonexistent role or capability suggests
   that it is not needed at a given time.

   This MIB allows the delegation of access rights so that a user
   ("Joe") can instruct a Policy MIB agent to execute remote operations
   on his behalf that are authorized by keys stored by "Joe" into the
   usmUserTable.  Care needs to be taken to ensure that unauthorized
   users are unable to configure their policies to use Joe's keys.
   Although there are theoretically many ways to configure SNMP
   security, users are advised to follow the most straightforward way
   outlined below to minimize complexity and the resulting opportunity
   for errors.




Waldbusser, et al.          Standards Track                   [Page 116]

RFC 4011              Policy Based Management MIB             March 2005


      Assume that Joe has credentials that give him authority to manage
      agents A, B, and C, as well as the Policy MIB agent "P".  Joe will
      store credentials for Joe@A, Joe@B, and Joe@C in the usmUserTable
      of the Policy MIB agent.  Then the following VACM configuration
      will be used:

         VACM securityToGroupTable
         A single entry mapping user Joe@P to group JoesGroup

         VACM accessTable
         A single entry mapping group JoesGroup to write view JoesView

         VACM viewTreeFamilyTable
         ViewName        Subtree                             Type
         JoesView        points to Joe@A in usmUserTable     included
         JoesView        points to Joe@B in usmUserTable     included
         JoesView        points to Joe@C in usmUserTable     included

      In the preceding examples, the notation Joe@A represents the entry
      indexed by usmUserEngineID and usmUserName, where the SnmpEngineID
      is that of system A and the usmUserName is "Joe".

14.  IANA Considerations

   This is a profile of stringprep.  It has been registered by the IANA
   in the stringprep profile registry located at:

      http://www.iana.org/assignments/stringprep-profiles

      Name of this profile:
         Policy MIB Stringprep.

      RFC in which the profile is defined:
         This document.

         Indicator whether this is the newest version of the profile:

            This is the first version of Policy MIB Stringprep.













Waldbusser, et al.          Standards Track                   [Page 117]

RFC 4011              Policy Based Management MIB             March 2005


15.  Acknowledgements

   The authors gratefully acknowledge the significant contributions to
   this work made by Jeff Case, Patrik Falstrom, Joel Halpern, Pablo
   Halpern, Bob Moore, Steve Moulton, David Partain, and Walter Weiss.

   This MIB uses a security delegation mechanism that was first
   introduced in the DISMAN-SCHEDULE-MIB [12].  The Schedule table of
   this MIB borrows heavily from the PolicyTimePeriodCondition of the
   Policy Core Information Model (PCIM) [18] and from the DISMAN-
   SCHEDULE-MIB [12].

16.  References

16.1.  Normative References

   [1]  Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for
        Describing Simple Network Management Protocol (SNMP) Management
        Frameworks", STD 62, RFC 3411, December 2002.

   [2]  McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of
        Management Information Version 2 (SMIv2)", STD 58, RFC 2578,
        April 1999.

   [3]  McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual
        Conventions for SMIv2", STD 58, RFC 2579, April 1999.

   [4]  McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance
        Statements for SMIv2", STD 58, RFC 2580, April 1999.

   [5]  Presuhn, R., "Transport Mappings for the Simple Network
        Management Protocol (SNMP)", STD 62, RFC 3417, December 2002.

   [6]  Blumenthal, U. and B. Wijnen, "User-based Security Model (USM)
        for version 3 of the Simple Network Management Protocol
        (SNMPv3)", STD 62, RFC 3414, December 2002.

   [7]  Presuhn, R., "Version 2 of the Protocol Operations for the
        Simple Network Management Protocol (SNMP)", STD 62, RFC 3416,
        December 2002.

   [8]  Frye, R., Levi, D., Routhier, S., and B. Wijnen, "Coexistence
        between Version 1, Version 2, and Version 3 of the Internet-
        standard Network Management Framework", BCP 74, RFC 3584, August
        2003.






Waldbusser, et al.          Standards Track                   [Page 118]

RFC 4011              Policy Based Management MIB             March 2005


   [9]  Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access
        Control Model (VACM) for the Simple Network Management Protocol
        (SNMP)", STD 62, RFC 3415, December 2002.

   [10] International Standards Organization, "Information Technology -
        Programming Languages - C++", ISO/IEC 14882-1998

   [11] Daniele, M. and J. Schoenwaelder, "Textual Conventions for
        Transport Addresses", RFC 3419, December 2002.

   [12] Levi, D. and J. Schoenwaelder, "Definitions of Managed Objects
        for Scheduling Management Operations", RFC 3231, January 2002.

   [13] Hoffman, P. and M. Blanchet, "Preparation of Internationalized
        Strings ("stringprep")", RFC 3454, December 2002.

   [14] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD
        63, RFC 3629, November 2003.

   [15] Dawson, F. and D. Stenerson, "Internet Calendaring and
        Scheduling Core Object Specification (iCalendar)", RFC 2445,
        November 1998.

16.2.  Informative References

   [16] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction
        and Applicability Statements for Internet-Standard Management
        Framework", RFC 3410, December 2002.

   [17] ECMA, "ECMAScript Language Specification", ECMA-262, December
        1999

   [18] Moore, B., Ellesson, E., Strassner, J., and A. Westerinen,
        "Policy Core Information Model -- Version 1 Specification", RFC
        3060, February 2001.

   [19] MacFaden, M., Partain, D., Saperia, J., and W. Tackabury,
        "Configuring Networks and Devices with Simple Network Management
        Protocol (SNMP)", RFC 3512, April 2003.












Waldbusser, et al.          Standards Track                   [Page 119]

RFC 4011              Policy Based Management MIB             March 2005


Author's Addresses

   Steve Waldbusser

   Phone: +1-650-948-6500
   Fax:   +1-650-745-0671
   EMail: waldbusser@nextbeacon.com


   Jon Saperia (WG Co-chair)
   JDS Consulting, Inc.
   84 Kettell Plain Road.
   Stow MA 01775
   USA

   Phone: +1-978-461--0249
   Fax:   +1-617-249-0874
   EMail: saperia@jdscons.com


   Thippanna Hongal
   Riverstone Networks, Inc.
   5200 Great America Parkway
   Santa Clara, CA, 95054
   USA

   Phone: +1-408-878-6562
   Fax:   +1-408-878-6501
   EMail: hongal@riverstonenet.com






















Waldbusser, et al.          Standards Track                   [Page 120]

RFC 4011              Policy Based Management MIB             March 2005


Full Copyright Statement

   Copyright (C) The Internet Society (2005).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.







Waldbusser, et al.          Standards Track                   [Page 121]