Network Working Group T. Dietz, Ed. Internet-Draft NEC Europte Ltd. Expires: April 26, 2007 A. Kobayashi NTT PF Lab. B. Claise Cisco Systems October 23, 2006 Definitions of Managed Objects for IP Flow Information Export <draft-dietz-ipfix-mib-01.txt> Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 26, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document defines managed objects for IP Flow Information Export (IPFIX). These objects provide information for monitoring IPFIX Exporters and IPFIX Collectors including some minor configuration information. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 1] Internet-Draft IPFIX MIB October 2006 Table of Contents 1. Open Issues/TODOs . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. IPFIX Documents Overview . . . . . . . . . . . . . . . . . . . 4 4. The Internet-Standard Management Framework . . . . . . . . . . 4 5. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 6. Structure of the IPFIX MIB . . . . . . . . . . . . . . . . . . 8 6.1. IPFIX Exporter MIB module . . . . . . . . . . . . . . . . 9 6.1.1. The Reporting Group . . . . . . . . . . . . . . . . . 9 6.1.2. The Instance Group . . . . . . . . . . . . . . . . . . 10 6.1.3. The Statistics Group . . . . . . . . . . . . . . . . . 11 6.1.4. Textual Convention . . . . . . . . . . . . . . . . . . 11 6.2. IPFIX Collector MIB module . . . . . . . . . . . . . . . . 11 6.2.1. The Exporter Group . . . . . . . . . . . . . . . . . . 11 6.2.2. The Received Template Group . . . . . . . . . . . . . 11 6.2.3. The Template Statistics Group . . . . . . . . . . . . 11 7. MIB Definitions . . . . . . . . . . . . . . . . . . . . . . . 12 7.1. Exporter Definition . . . . . . . . . . . . . . . . . . . 12 7.2. Collector Definition . . . . . . . . . . . . . . . . . . . 25 8. Security Considerations . . . . . . . . . . . . . . . . . . . 38 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 38 10. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . 38 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 38 11.1. Normative References . . . . . . . . . . . . . . . . . . . 38 11.2. Informative References . . . . . . . . . . . . . . . . . . 39 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 Intellectual Property and Copyright Statements . . . . . . . . . . 42 Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 2] Internet-Draft IPFIX MIB October 2006 1. Open Issues/TODOs o Agree on the fact that only the main configuration objects are writeable by this MIB. o Method Table Figure -- The figure must be adjusted to not show any particular OID since we don't define the methods right here. Also substitute OID by name! o Need to achieve a common layout and naming on the different MIB parts. o Need to decide how to structure the MIB (which one is the basic one, which one imports the root from the basic one). o Elaborate security considerations, particularly concerning SET operations. o Check the definitions once IPFIX-PROTO is a RFC. o Capitalize all terms defined in the terminology o How to integrate multiple templates for one metering process. o Check usage of process id in instance table. o Check if we need the new definition of session at the exporter and rework the whole description of that tables. o How to integrate the following table into the exporter MIB: ipfixTemplateManagementTable *ipfixObdomainId *ipfixTemplateId ipfixTemplateScopeCount <- It is used option template. ipfixMaximumLength <- This value means max size of variable field. The table should be linked to the current objects somehow. o Include the following tables for IPFIX (* indicated index) ipfixFlowCreatParameterTable *ipfixMeteringProcessId ipfixActiveTimeOut ipfixInactiveTimeOut ipfixStoreFlowEntryNumber ipfixCurrentFlowEntryNumber ipfixFlowKeyTable *ipfixMeteringProcessId *ipfixFlowKeyIndex ipfixFlowKeyFieldId 2. Introduction This document defines MIB modules for monitoring IP Flow Information Export (IPFIX) Devices including Exporters and Collectors. The full configuration of the IPFIX Metering Process is out of the scope this MIB. However, some configuration of the Exporting Process is Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 3] Internet-Draft IPFIX MIB October 2006 integrated into this document. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 3. IPFIX Documents Overview The IPFIX protocol provides network administrators with access to IP flow information. The architecture for the export of measured IP flow information out of an IPFIX exporting process to a collecting process is defined in [I-D.ietf-ipfix-architecture], per the requirements defined in [RFC3917]. The protocol document [I-D.ietf- ipfix-protocol] specifies how IPFIX data record and templates are carried via a congestion-aware transport protocol from IPFIX exporting processes to IPFIX collecting process. IPFIX has a formal description of IPFIX information elements, their name, type and additional semantic information, as specified in [I-D.ietf-ipfix- info]. Finally [I-D.ietf-ipfix-as] describes what type of applications can use the IPFIX protocol and how they can use the information provided. It furthermore shows how the IPFIX framework relates to other architectures and frameworks. It is assumed that flow metering, export and collection is performed according to the IPFIX architecture defined in [I-D.ietf-ipfix- architecture]. Configuration of the export and collection of flow information templates and records is modeled according to [I-D.ietf- ipfix-protocol]. Packet selection and filtering methods that may be optionally used by the IPFIX metering processare not considered in this MIB module. They are defined in the Packet Sampling (PSAMP) working group by the [I-D.ietf-psamp-framework], [I-D.ietf-psamp- sample-tech] documents. Nevertheless the entry point for those methods [I-D.ietf-psamp-mib] is given within this MIB module since PSAMP export protocol [I-D.ietf-psamp-protocol] is based on the IPFIX protocol. 4. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 4] Internet-Draft IPFIX MIB October 2006 Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 5. Terminology The definitions of the basic terms like IP Traffic Flow, Exporting Process, Collecting Process, Observation Points, etc. are semantically identical with those found in the IPFIX protocol document [I-D.ietf-ipfix-protocol]. Some of the terms have been expanded for more clarity when defining the protocol. Additional terms required for the protocol has also been defined. Definitions in this document and in [I-D.ietf-ipfix-architecture] are equivalent, except that definitions which are only relevant to the IPFIX protocol only appear here. Observation Point An Observation Point is a location in the network where IP packets can be observed. Examples include: a line to which a probe is attached, a shared medium, such as an Ethernet-based LAN, a single port of a router, or a set of interfaces (physical or logical) of a router. Note that every Observation Point is associated with an Observation Domain (defined below), and that one Observation Point may be a superset of several other Observation Points. For example one Observation Point can be an entire line card. That would be the superset of the individual Observation Points at the line card's interfaces. Observation Domain An Observation Domain is the largest set of Observation Points for which Flow information can be aggregated by a Metering Process. For example, a router line card may be an Observation Domain if it is composed of several interfaces, each of which is an Observation Point. In the IPFIX Message it generates, the Observation Domain includes its Observation Domain ID, which is unique per Exporting Process. That way, the Collecting Process can identify the specific Observation Domain from the Exporter that sends the IPFIX Messages. Every Observation Point is associated with an Observation Domain. It is RECOMMENDED that Observation Domain IDs are also unique per IPFIX Device. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 5] Internet-Draft IPFIX MIB October 2006 IP Traffic Flow or Flow There are several definitions of the term 'flow' being used by the Internet community. Within the context of IPFIX we use the following definition: A Flow is defined as a set of IP packets passing an Observation Point in the network during a certain time interval. All packets belonging to a particular Flow have a set of common properties. Each property is defined as the result of applying a function to the values of: 1. one or more packet header field (e.g. destination IP address), transport header field (e.g. destination port number), or application header field (e.g. RTP header fields [RFC1889]) 2. one or more characteristics of the packet itself (e.g. number of MPLS labels, etc...) 3. one or more of fields derived from packet treatment (e.g. next hop IP address, the output interface, etc...) A packet is defined to belong to a Flow if it completely satisfies all the defined properties of the Flow. This definition covers the range from a Flow containing all packets observed at a network interface to a Flow consisting of just a single packet between two applications. It includes packets selected by a sampling mechanism. Flow Record A Flow Record contains information about a specific Flow that was observed at an Observation Point. A Flow Record contains measured properties of the Flow (e.g. the total number of bytes for all the Flow's packets) and usually characteristic properties of the Flow (e.g. source IP address). Metering Process The Metering Process generates Flow Records. Inputs to the process are packet headers and characteristics observed at an Observation Point, and packet treatment at the Observation Point (for example the selected output interface). The Metering Process consists of a set of functions that includes packet header capturing, timestamping, sampling, classifying, and maintaining Flow Records. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 6] Internet-Draft IPFIX MIB October 2006 The maintenance of Flow Records may include creating new records, updating existing ones, computing Flow statistics, deriving further Flow properties, detecting Flow expiration, passing Flow Records to the Exporting Process, and deleting Flow Records. Exporting Process The Exporting Process sends Flow Records to one or more Collecting Processes. The Flow Records are generated by one or more Metering Processes. Exporter A device which hosts one or more Exporting Processes is termed an Exporter. IPFIX Device An IPFIX Device hosts at least one Exporting Process. It may host further Exporting processes and arbitrary numbers of Observation Points and Metering Process. Collecting Process A Collecting Process receives Flow Records from one or more Exporting Processes. The Collecting Process might process or store received Flow Records, but such actions are out of scope for this document. Collector A device which hosts one or more Collecting Processes is termed a Collector. Template Template is an ordered sequence of <type, length> pairs, used to completely specify the structure and semantics of a particular set of information that needs to be communicated from an IPFIX Device to a Collector. Each Template is uniquely identifiable by means of a Template ID. Template Record Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 7] Internet-Draft IPFIX MIB October 2006 A Template Record defines the structure and interpretation of fields in a Data Record. Data Record A Data Record is a record that contains values of the parameters corresponding to a Template Record. Options Template Record An Options Template Record is a Template Record that defines the structure and interpretation of fields in a Data Record, including defining how to scope the applicability of the Data Record. Information Element An Information Element is a protocol and encoding independent description of an attribute which may appear in an IPFIX Record. The IPFIX information model [I-D.ietf-ipfix-info] defines the base set of Information Elements for IPFIX. The type associated with an Information Element indicates constraints on what it may contain and also determines the valid encoding mechanisms for use in IPFIX. Method A sampling or filtering function used by a Metering Process. Methods can be combined by passing the results from one function as the input to the next function. Instance An Instance groups the different parts together. It references the Methods used by the Metering Process, the Templates used to export the resulting Records of the Metering Process and the Collectors to which those Records are exported. 6. Structure of the IPFIX MIB The IPFIX MIB is divided into three more or less independent modules: The IPFIX Exporter MIB module used to be applied by IPFIX Exporters, the IPFIX Collector MIB module to be applied by IPFIX Collectors and the PSAMP MIB module that extends the IPFIX Exporter MIB module by managed objects concerning packet filtering and sampling. While the first two MIB modules are defined in this document, the PSAMP MIB module is defined in [I-D.ietf-psamp-mib]. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 8] Internet-Draft IPFIX MIB October 2006 o The IPFIX Exporter MIB module contains objects related to exporting flow information with the IPFIX protocol to one or more IPFIX Collectors. It contains detailed information on each Collector to which information is exported and on each Template that is used for this purpose by the IPFIX protocol. It also contains some basic structures for describing the chain of sampling or filtering Methods that optionally can be applied to the flow Metering Process. Finally this MIB module provides statistics on the Metering Process(es) and Exporting Process(es). o The IPFIX Collector MIB contains objects related to collecting flow information sent by IPFIX Exporters. It contains detailed information on each Exporters from which information has been received and on the Templates received from the Exporters. In addition, statistics information is provided. o The PSAMP MIB module part contains objects related to packet filtering and sampling before they are used for creating flow records. Sampling and filtering functions can be optionally applied by a Metering Process. The PSAMP MIB module contains objects providing statistics for sampling and filtering functions. The following subsections describe all object groups in the IPFIX Exproter MIB module and the IPFIX Collector MIB module. 6.1. IPFIX Exporter MIB module 6.1.1. The Reporting Group The reporting group of managed objects provides information on Collectors to which flow information is exported. The group contains two tables, the ipfixCollectorTable and the ipfixCollectorGroupTable. Each entry in the ipfixCollectorTable specifies a collector by its IP address, used transport protocol and port number. Also it contains the number of reports sent to this collector. The default transport protocol is SCTP. The ipfixCollectorGroupTable groups one or more collectors to a set of collectors where flow information is sent to. Thus reporting to more than one collector at the same time is possible. The ipfixCollectorGroupTable contains only indexes but nevertheless it is usefull since it is referenced in the ipfixInstanceTable. This table groups single collectors referenced by the second index (ipfixCollectorIndex) to a group of collectors that can be subsequently be referenced by the first index (ipfixCollectorGroupIndex). Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 9] Internet-Draft IPFIX MIB October 2006 6.1.2. The Instance Group The instance group of managed objects provides information about active Instances at the IPFIX exporter. It also allows to create new instances and to terminate them. Furthermore in the instance group every part from observation point to reporting is put together. The group contains three tables, the ipfixInstanceTable, the ipfixMethodChainTable and the ipfixTemplateTable. Each entry of the ipfixInstanceTable describes an instance. The observation point is given as a pointer to another object in ipfixInstanceObservationPoint. This other object could be an entry in the mib-II interface table or any other interface point where you can observe packets. The start and stop time is stored in that table and shows the time when the metering method should run. The ipfixInstanceTemplateId gives the template id used to link the data gathered in the metering process to an export format described in the information model of the IPFIX architecture. The collectors where the data packets should be sent are specified by their index in the ipfixCollectorGroupTable. In addition the process id of the metering process and the process id of the exporting process used for this instance is saved in the instance table. Last but not least statistical values about the packets observed at the observation point, packets dropped during the metering process and the reports sent to the collectors are maintained. The ipfixMethodChainTable describes the concatenation of methods for a given instance. If concatenation of methods is not supported on the IPFIX device the table will hold exactly one entry per instance. The methods used for the metering process of an instance can be retrieved through the index given in the ipfixInstanceTable. The index of the instance table is also the first index in the ipfixMethodChainTable. So each method entry with the same (first) index as the instance is used to produce the data record for the instance. The second index is the running index for the method. The method itself is represented by a pointer (OID) to a parameter set. The methods are applied in the order given by this second index ipfixMethodChainIndex. Assume the following table: 1.2.4.1.2.5.1 = 1 (second index) 1.2.4.1.2.5.2 = 2 (second index) 1.2.4.1.3.5.1 = 1.3.6.1.2.1.999.3.a.b.c.d.e (pointer to a parameter set in the IPFIX PAMP extension MIB) 1.2.4.1.3.5.2 = 1.3.6.1.2.1.999.3.a.b.c.f.g (pointer to another parameter set in the IPFIX PAMP extension MIB) 1.2.4.1.4.5.1 = xxx (status of the row) 1.2.4.1.4.5.2 = xxx (status of the row) Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 10] Internet-Draft IPFIX MIB October 2006 This would mean that the method and parameter set specified by 1.3.6.1.2.1.999.3.a.b.c.d.e is applied prior to the method and parameter set specified by 1.3.6.1.2.1.999.3.a.b.c.f.g for the instance with index 5. In addition every entry in the method chain table contains two statistical values: the packets observed at the entry point of the method and the packets dropped by the method. The ipfixTemplateTable lists all data templates that are used by the IPFIX exporter. It has two indices. The first one is the template id and the second one is just a running index for the field ids listed in the table. So the ipfixTemplateEntry.4.x will list all field ids used for template id 4 in the order given by x. 6.1.3. The Statistics Group The objects of contained in the statistics conformance group are spread all over the MIB. They are gathered in their own conformace group to better to easily distinguish them from the vital objects. 6.1.4. Textual Convention The IPFIX Exporter MIB defines a textual convention, the PsampMethodAvailability. It is used as SYNTAX of all those objects that may or may not be available in a specific implementation of the MIB. This especially holds true for the sampling and filtering methods specified by [I-D.ietf-psamp-mib]. 6.2. IPFIX Collector MIB module 6.2.1. The Exporter Group The objects defined in the exporter group are used in the collector MIB to define the exporters from which the collector receives data. 6.2.2. The Received Template Group The received template group identifies all the templates the collector has received from the exporter. It additionally links the template to an exporter. 6.2.3. The Template Statistics Group The template statistics group gathers all the objects that contain statistical information about the templates a collector has received. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 11] Internet-Draft IPFIX MIB October 2006 7. MIB Definitions This section contains the definitions of the IPFIX-EXPORTER-MIB and the IPFIX-COLLECTOR-MIB modules. Exporter-realted and Collector- realted objects are defined in two separate MIB modules, because commonly, a device will implement only one of them. Then either the IPFIX-EXPORTER-MIB modules or the IPFIX-COLLECTOR-MIB module needs to be implemented. 7.1. Exporter Definition IPFIX-EXPORTER-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, mib-2 FROM SNMPv2-SMI -- RFC2578 TEXTUAL-CONVENTION, DateAndTime, DisplayString, RowStatus, TruthValue FROM SNMPv2-TC -- RFC2579 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- RFC2580 InterfaceIndexOrZero FROM IF-MIB -- RFC2863 InetAddressType, InetAddress, InetAutonomousSystemNumber FROM INET-ADDRESS-MIB; -- RFC3291 ipfixMIB MODULE-IDENTITY LAST-UPDATED "200610231200Z" -- 23 October 2006 ORGANIZATION "IETF IP Flow Information Export" CONTACT-INFO "WG charter: http://www.ietf.org/html.charters/ipfix-charter.html Mailing Lists: General Discussion: ipfix@net.doit.wisc.edu To Subscribe: majordomo@net.doit.wisc.edu In Body: subscribe ipfix Archive: http://ipfix.doit.wisc.edu/archive/ Editor: Thomas Dietz NEC Europe Ltd. Network Laboratories Kurfuersten-Anlage 36 69115 Heidelberg Germany Phone: +49 6221 4342-128 Email: dietz@netlab.nec.de" DESCRIPTION Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 12] Internet-Draft IPFIX MIB October 2006 "The IPFIX MIB defines managed objects for IP flow information export. These objects provide information about managed nodes supporting IP flow information export, including flow information export capabilities, configuration and statistics. They also allow to configure IP flow information export concerning the IP interface at which flow information is gathered, the flow selections methods used, and the collector to which flow information is exported. Copyright (C) The Internet Society (2006). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." -- Editor note: check if configuration is really desired -- RFC Ed.: replace yyyy with actual RFC number & remove this notice -- Revision history REVISION "200610231200Z" -- 23 October 2006 DESCRIPTION "Initial version, published as RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this notice ::= { mib-2 999 } -- 999 to be assigned by IANA. -- Textual Conventions PsampMethodAvailability ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Used to report the availability of a selection method: available(1) - the method is supported and can be used notAvailable(2) - the method is not available" SYNTAX INTEGER { available(1), notAvailable(2) } -- Top level structure of the MIB ipfixExporter OBJECT IDENTIFIER ::= { ipfixMIB 1 } ipfixCollector OBJECT IDENTIFIER ::= { ipfixMIB 2 } ipfixPsampExtension OBJECT IDENTIFIER ::= { ipfixMIB 3 } ipfixConformance OBJECT IDENTIFIER ::= { ipfixMIB 4 } ipfixExporterObjects OBJECT IDENTIFIER ::= { ipfixExporter 1 } Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 13] Internet-Draft IPFIX MIB October 2006 --================================================================== -- Reporting Group --================================================================== ipfixReporting OBJECT IDENTIFIER ::= { ipfixExporterObjects 1 } -- Collector Table +++++++++++++++++++++++++++++++++++++++++++++++++ ipfixCollectorTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixCollectorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists collectors to which reports are exported." ::= { ipfixReporting 1 } ipfixCollectorEntry OBJECT-TYPE SYNTAX IpfixCollectorEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixCollectorTable." INDEX { ipfixCollectorIndex } ::= { ipfixCollectorTable 1 } IpfixCollectorEntry ::= SEQUENCE { ipfixCollectorIndex Integer32, ipfixCollectorDstIpAddressType InetAddressType, ipfixCollectorDstIpAddress InetAddress, ipfixCollectorDstProtocol Integer32, ipfixCollectorDstPort Integer32, ipfixCollectorReportsSent Integer32 } ipfixCollectorIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The locally arbitrary, but unique identifier of a collector. The value is expected to remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixCollectorEntry 1 } ipfixCollectorDstIpAddressType OBJECT-TYPE SYNTAX InetAddressType Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 14] Internet-Draft IPFIX MIB October 2006 MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address type of the collector." ::= { ipfixCollectorEntry 2 } ipfixCollectorDstIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address of the collector." ::= { ipfixCollectorEntry 3 } ipfixCollectorDstProtocol OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The transport protocol used for exporting sampled packets to the collector. The recommended protocols are TCP (6), UDP (17) and SCTP (132). The default is SCTP." DEFVAL { 132 } ::= { ipfixCollectorEntry 4 } ipfixCollectorDstPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The port number of the collector." ::= { ipfixCollectorEntry 5 } ipfixCollectorReportsSent OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of reports sent to the collector." ::= { ipfixCollectorEntry 6 } -- Collector Group Table +++++++++++++++++++++++++++++++++++++++++++ ipfixCollectorGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixCollectorGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 15] Internet-Draft IPFIX MIB October 2006 "This table lists groups of collectors to which flow records packets are exported. If flow records are exported to only one collector the group consists of exactly one collector." ::= { ipfixReporting 2 } ipfixCollectorGroupEntry OBJECT-TYPE SYNTAX IpfixCollectorGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixCollectorGroupTable." INDEX { ipfixCollectorGroupIndex, ipfixCollectorIndex } ::= { ipfixCollectorGroupTable 1 } IpfixCollectorGroupEntry ::= SEQUENCE { ipfixCollectorGroupIndex Integer32 } ipfixCollectorGroupIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The locally arbitrary, but unique identifier of a collector group. The value is expected to remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixCollectorGroupEntry 1 } -- (Data) Template Table +++++++++++++++++++++++++++++++++++++++++++ ipfixTemplateTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists templates used by the exporter." ::= { ipfixReporting 3 } ipfixTemplateEntry OBJECT-TYPE SYNTAX IpfixTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 16] Internet-Draft IPFIX MIB October 2006 "Defines an entry in the ipfixTemplateTable." INDEX { ipfixObservationDomainId, ipfixTemplateId, ipfixTemplateIndex } ::= { ipfixTemplateTable 1 } IpfixTemplateEntry ::= SEQUENCE { ipfixTemplateId Integer32, ipfixTemplateIndex Integer32, ipfixTemplateFieldId Integer32, ipfixTemplateFieldLength Integer32 } ipfixTemplateId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique identifier for the template." REFERENCE "draft-ietf-ipfix-sample-tech-04.txt, Section 5.1" -- Editor Note: get reference right! ::= { ipfixTemplateEntry 1 } ipfixTemplateIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The locally arbitrary, but unique identifier of a field Id in the template identified by ipfixTemplateId. The value is expected to remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixTemplateEntry 2 } ipfixTemplateFieldId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The Field Id at position ipfixTemplateIndex in the template ipfixTemplateId. This implicitly gives the data type and state values that are exported." REFERENCE "draft-ietf-ipfix-sample-tech-04.txt, IPFIX/PSAMP INFO MODEL" -- Editor Note: get reference right! ::= { ipfixTemplateEntry 3 } Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 17] Internet-Draft IPFIX MIB October 2006 ipfixTemplateFieldLength OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The Length of the Field. Used to indicate if reduced encoding or variable length field is used." ::= { ipfixTemplateEntry 4 } --================================================================== -- Instance Group --================================================================== ipfixInstances OBJECT IDENTIFIER ::= { ipfixExporterObjects 2 } ipfixObservationDomainTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixObservationDomainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the Observation Domains used at the managed node." ::= { ipfixInstances 1 } ipfixObservationDomainEntry OBJECT-TYPE SYNTAX IpfixObservationDomainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixObservationDomainTable." INDEX { ipfixObservationDomainId } ::= { ipfixObservationDomainTable 1 } IpfixObservationDomainEntry ::= SEQUENCE { ipfixObservationDomainId Integer32, ipfixInstanceObservationPoint OBJECT IDENTIFIER, ipfixInstanceStartTime DateAndTime, ipfixInstanceStopTime DateAndTime } ipfixObservationDomainId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The locally arbitrary, but unique identifier of an Observation Domain. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 18] Internet-Draft IPFIX MIB October 2006 The value is expected to remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixObservationDomainEntry 1 } ipfixInstanceObservationPoint OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-create STATUS current DESCRIPTION "The point where the packet is observed. If it is e.g, an interface it points to the mib-II object of the interface." ::= { ipfixObservationDomainEntry 2 } ipfixInstanceStartTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-create STATUS current DESCRIPTION "The date and time when exporting for this parameter set should start." ::= { ipfixObservationDomainEntry 3 } ipfixInstanceStopTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-create STATUS current DESCRIPTION "The date and time when exporting for this parameter set should stop." ::= { ipfixObservationDomainEntry 4 } ipfixInstanceTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixInstanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists active instances of packet sampling at the managed node." ::= { ipfixInstances 2 } ipfixInstanceEntry OBJECT-TYPE SYNTAX IpfixInstanceEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixInstanceTable." INDEX { ipfixInstanceIndex, ipfixObservationDomainId } Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 19] Internet-Draft IPFIX MIB October 2006 ::= { ipfixInstanceTable 1 } IpfixInstanceEntry ::= SEQUENCE { ipfixInstanceIndex Integer32, ipfixInstanceTemplateId Integer32, ipfixInstanceCollectorGroupIndex Integer32, ipfixInstancePacketsObserved Integer32, ipfixInstancePacketsDropped Integer32, ipfixInstanceProcessId Integer32, ipfixInstanceReportingProcessId Integer32, ipfixInstanceReportsSent Integer32 } ipfixInstanceIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The locally arbitrary, but unique identifier of an instance. The value is expected to remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixInstanceEntry 1 } ipfixInstanceTemplateId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "The Id of a template in the template table. This implies the knowledge about the method chain from the method chain table. Furthermore it links the instance, method chain (selector) and template together. The identified template is applied to the stream of filtered/sampled packets observed after applying the method chain at the observation point." ::= { ipfixInstanceEntry 2 } ipfixInstanceCollectorGroupIndex OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-create STATUS current DESCRIPTION "The index of the collector group to which packet reports are sent." Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 20] Internet-Draft IPFIX MIB October 2006 ::= { ipfixInstanceEntry 3 } ipfixInstancePacketsObserved OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets observed at the observation point." ::= { ipfixInstanceEntry 4 } ipfixInstancePacketsDropped OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets dropped while filtering/sampling packets." ::= { ipfixInstanceEntry 5 } ipfixInstanceProcessId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The process id of the metering process used by this instance." ::= { ipfixInstanceEntry 6 } ipfixInstanceReportingProcessId OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The process id of the reporting process used by this instance." ::= { ipfixInstanceEntry 7 } ipfixInstanceReportsSent OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of reports on sampled packets sent to the collector." ::= { ipfixInstanceEntry 8 } -- Method Chain Table ++++++++++++++++++++++++++++++++++++++++++++++ Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 21] Internet-Draft IPFIX MIB October 2006 ipfixMethodChainTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixMethodChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains method chains lists and connects them to the instances where they are applied to different observation points. The filtered/sampled packets are then exported." ::= { ipfixInstances 4 } ipfixMethodChainEntry OBJECT-TYPE SYNTAX IpfixMethodChainEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixMethodChainTable." INDEX { ipfixInstanceIndex, ipfixMethodChainIndex } ::= { ipfixMethodChainTable 1 } IpfixMethodChainEntry ::= SEQUENCE { ipfixMethodChainIndex Integer32, ipfixMethodChainMethod OBJECT IDENTIFIER, ipfixMethodChainPacketsObserved Integer32, ipfixMethodChainPacketsDropped Integer32 } ipfixMethodChainIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The locally arbitrary, but unique identifier of a template. The value is expected to remain constant at least from one re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixMethodChainEntry 2 } ipfixMethodChainMethod OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-create STATUS current DESCRIPTION "The method used for the template at a certain position in the method chain." ::= { ipfixMethodChainEntry 3 } Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 22] Internet-Draft IPFIX MIB October 2006 ipfixMethodChainPacketsObserved OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets observed at the method entry point." ::= { ipfixMethodChainEntry 4 } ipfixMethodChainPacketsDropped OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets dropped while selecting packets." ::= { ipfixMethodChainEntry 5 } --================================================================== -- Conformance information --================================================================== ipfixCompliances OBJECT IDENTIFIER ::= { ipfixConformance 1 } ipfixGroups OBJECT IDENTIFIER ::= { ipfixConformance 2 } --================================================================== -- Compliance statements --================================================================== ipfixCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "An implementation that complies to this module must implement the objects defined in the mandatory groups ipfixGroupMetering and ipfixGroupReporting. The implementation of all other objects depends on the implementation of the corresponding functionality in the equipment." MODULE -- this module MANDATORY-GROUPS { ipfixGroupMetering, ipfixGroupReporting } GROUP ipfixGroupStatistics DESCRIPTION "These objects must be implemented if statistics are implemented on the equipment." ::= { ipfixCompliances 1 } --================================================================== Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 23] Internet-Draft IPFIX MIB October 2006 -- MIB groupings --================================================================== ipfixGroupMetering OBJECT-GROUP OBJECTS { ipfixTemplateFieldId, ipfixTemplateFieldLength, ipfixMethodChainMethod, ipfixInstanceObservationPoint, ipfixInstanceStartTime, ipfixInstanceStopTime, ipfixInstanceTemplateId, ipfixInstanceCollectorGroupIndex, ipfixInstanceProcessId, ipfixInstanceReportingProcessId } STATUS current DESCRIPTION "All objects that are basic for the metering process. It contains a basic metering function (ipfixSelectAll), The template definitions needed for the export of data, the method chain that fixes the metering functions applied to the observation point and several parameters concering the export process and the collectors." ::= { ipfixGroups 1 } ipfixGroupReporting OBJECT-GROUP OBJECTS { ipfixCollectorDstIpAddressType, ipfixCollectorDstIpAddress, ipfixCollectorDstProtocol, ipfixCollectorDstPort } STATUS current DESCRIPTION "These objects define the collectors i.e., the destinations of the exporting process." ::= { ipfixGroups 2 } ipfixGroupStatistics OBJECT-GROUP OBJECTS { ipfixCollectorReportsSent, ipfixMethodChainPacketsObserved, ipfixMethodChainPacketsDropped, Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 24] Internet-Draft IPFIX MIB October 2006 ipfixInstancePacketsObserved, ipfixInstanceReportsSent, ipfixInstancePacketsDropped } STATUS current DESCRIPTION "These objects contain statistical values gathered at different points in the metering process." ::= { ipfixGroups 3 } END 7.2. Collector Definition IPFIX-COLLECTOR-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, Gauge32, mib-2 FROM SNMPv2-SMI -- RFC2578 TEXTUAL-CONVENTION, RowStatus, DateAndTime FROM SNMPv2-TC -- RFC2579 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- RFC2580 InetAddressType, InetAddress FROM INET-ADDRESS-MIB; -- RFC3291 ipfixMIB MODULE-IDENTITY LAST-UPDATED "200610201600Z" -- 20 October 2006 ORGANIZATION "IETF IPFIX Working Group" CONTACT-INFO "WG charter: http://www.ietf.org/html.charters/ipfix-charter.html Mailing Lists: General Discussion: ipfix@ietf.org To Subscribe: majordomo@net.doit.wisc.edu In Body: subscribe ipfix Archive: http://ipfix.doit.wisc.edu/archive/ Editor: Atsushi Kobayashi NTT Information Sharing Platform Laboratories 3-9-11 Midori-cho Musashino-shi 180-8585 Japan Phone: +81-422-59-3978 Email: akoba@nttv6.net" Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 25] Internet-Draft IPFIX MIB October 2006 DESCRIPTION "The IPFIX collector MIB defines managed objects that are maintained by the collecting process in traffic collector or IPFIX concentrator. These objects provide informations that are exporter's profile data and received templates. Exporter's profile has that exporter's ip address and port number. In addition, these object has statistics data per session or per templates. Copyright (C) The Internet Society (2005). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." -- replace yyyy with actual RFC number & remove this noti -- Revision history REVISION "200610201600Z" -- 20 October 2006 DESCRIPTION "Initial version, published as RFC yyyy." -- replace yyyy with actual RFC number & remove this notice ::= { mib-2 999 } -- 999 to be assigned by IANA. -- Top level structure of the MIB ipfixExporter OBJECT IDENTIFIER ::= { ipfixMIB 1 } ipfixCollector OBJECT IDENTIFIER ::= { ipfixMIB 2 } ipfixPsampExtension OBJECT IDENTIFIER ::= { ipfixMIB 3 } ipfixConformance OBJECT IDENTIFIER ::= { ipfixMIB 4 } ipfixCollectorObjects OBJECT IDENTIFIER ::= { ipfixCollector 1 } ipfixCollectorConformance OBJECT IDENTIFIER ::= { ipfixCollector 2 } -------------------------------------------------------------------- -- objects of receiving function -------------------------------------------------------------------- ipfixReceiving OBJECT IDENTIFIER ::= { ipfixCollectorObjects 1 } -------------------------------------------------------------------- -- 1: Exporter Table -------------------------------------------------------------------- ipfixExporterTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixExporterEntry MAX-ACCESS not-accessible Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 26] Internet-Draft IPFIX MIB October 2006 STATUS current DESCRIPTION "This table lists Exporters that received by collecting process. This process manages them." ::= { ipfixReceiving 1 } ipfixExporterEntry OBJECT-TYPE SYNTAX IpfixExporterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixExporterTable" INDEX { ipfixExporterIndex } ::= { ipfixExporterTable 1 } IpfixExporterEntry ::= SEQUENCE { ipfixExporterIndex Integer32, ipfixExporterIpAddressType InetAddressType, ipfixExporterIpAddress InetAddress, ipfixLifeTimeTemplate Integer32 } ipfixExporterIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Locally arbitrary, but unique identifier of an entry in ipfixExporterTable. The value is expected to remain constant from a re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixExporterEntry 1 } ipfixExporterIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address type of the exporter. The value for IPv4 is ipv4(1). The value for IPv6 is ipv6(2)." ::= { ipfixExporterEntry 2 } ipfixExporterIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 27] Internet-Draft IPFIX MIB October 2006 DESCRIPTION "The IP address of the Exporter." ::= { ipfixExporterEntry 3 } ipfixLifeTimeTemplate OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "This is the time interval in seconds for the Life Time configured for the template with this session. It is only used to manage the received templates, if this protocol is UDP. The collecting process discards the template, if the templates is not refreshed within this life time." ::= { ipfixExporterEntry 4 } -------------------------------------------------------------------- -- 2: Session Table -------------------------------------------------------------------- ipfixSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists sessions between exporting process and collecting process. This table has now, or has at some time in the past, established session." ::= { ipfixReceiving 2 } ipfixSessionEntry OBJECT-TYPE SYNTAX IpfixSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixSessionTable" INDEX { ipfixExporterIndex, ipfixSessionId } ::= { ipfixSessionTable 1 } IpfixSessionEntry ::= SEQUENCE { ipfixSessionId Integer32, ipfixSessionStatus INTEGER, ipfixSessionProtocol Integer32, Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 28] Internet-Draft IPFIX MIB October 2006 ipfixSessionDstPort Integer32, ipfixSessionSrcPort Integer32 } ipfixSessionId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Locally arbitrary, but unique identifier of an entry in ipfixSessionTable. The value is expected to remain constant from a re-initialization of the entity's network management system to the next re-initialization." ::= { ipfixSessionEntry 1 } ipfixSessionStatus OBJECT-TYPE SYNTAX INTEGER { unknown(0), up(1), down(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of this session." ::= { ipfixSessionEntry 2 } ipfixSessionProtocol OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport protocol is used for receiving sampled packets from the Exporter. The recommended protocols are TCP (6), UDP (17) and SCTP (132). The default is SCTP." ::= { ipfixSessionEntry 3 } ipfixSessionDstPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport protocol port number of exporter which enables exporting process." ::= { ipfixSessionEntry 4 } Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 29] Internet-Draft IPFIX MIB October 2006 ipfixSessionSrcPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The transport protocol port number of self device which enables collecting Process." ::= { ipfixSessionEntry 5 } -------------------------------------------------------------------- -- 2: Session Statistics Table -------------------------------------------------------------------- ipfixSessionStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists sessions statistics between exporting process and collecting process. The collecting process manages them." ::= { ipfixReceiving 3 } ipfixSessionStatsEntry OBJECT-TYPE SYNTAX IpfixSessionStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixSessionStatsTable" INDEX { ipfixExporterIndex, ipfixSessionId } ::= { ipfixSessionStatsTable 1 } IpfixSessionStatsEntry ::= SEQUENCE { ipfixSessionPackets Counter32, ipfixSessionBytes Counter32, ipfixSessionMessages Counter32, ipfixSessionDiscardMessages Counter32, ipfixSessionElapsedTime Gauge32 } ipfixSessionPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of packets received from the Exporter Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 30] Internet-Draft IPFIX MIB October 2006 through this session." ::= { ipfixSessionStatsEntry 3 } ipfixSessionBytes OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of bytes received from the exporter through this session." ::= { ipfixSessionStatsEntry 4 } ipfixSessionMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPFIX messages received from the exporter through this session." ::= { ipfixSessionStatsEntry 5 } ipfixSessionDiscardMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This indicates the number of received IPFIX Message that might be malformed or cant not be encoded." ::= { ipfixSessionStatsEntry 6 } ipfixSessionElapsedTime OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "This timer indicates how long this session has been connected. This elapsed time of the session of IPFIX presents in second." ::= { ipfixSessionStatsEntry 9 } -------------------------------------------------------------------- -- 4: Observation domain statistics table -------------------------------------------------------------------- ipfixObdomainStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixObdomainStatsEntry MAX-ACCESS not-accessible Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 31] Internet-Draft IPFIX MIB October 2006 STATUS current DESCRIPTION "This table lists statistics objects that have data per observation domain." ::= { ipfixReceiving 4 } ipfixObdomainStatsEntry OBJECT-TYPE SYNTAX IpfixObdomainStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixObdomainStatsTable." INDEX { ipfixExporterIndex, ipfixSessionId, ipfixObdomainId } ::= { ipfixObdomainStatsTable 1 } IpfixObdomainStatsEntry ::= SEQUENCE { ipfixObdomainId Integer32, ipfixObdomainMessages Counter32, ipfixObdomainFlows Counter32, ipfixObdomainTemplates Counter32, ipfixObdomainLatestSeqNumber Integer32, ipfixObdomainDisorderdSeqNumbers Counter32 } ipfixObdomainId OBJECT-TYPE SYNTAX Integer32(1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "It uses the observation domain id in the received IPFIX message header." ::= { ipfixObdomainStatsEntry 1 } ipfixObdomainMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPFIX messages received from the Exporter." ::= { ipfixObdomainStatsEntry 3 } ipfixObdomainFlows OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 32] Internet-Draft IPFIX MIB October 2006 STATUS current DESCRIPTION "The number of flow records received from the Exporter." ::= { ipfixObdomainStatsEntry 4 } ipfixObdomainTemplates OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of templates received from the Exporter." ::= { ipfixObdomainStatsEntry 5 } ipfixObdomainLatestSeqNumber OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The latest sequence number. The collecting process overwrites to this object when it receives IPFIX message." ::= { ipfixObdomainStatsEntry 6 } ipfixObdomainDisorderdSeqNumbers OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This counter indicates inconformable numbers of sequence number. The collecting process check consistency between received sequence number and received data flows. This counter is added up this inclement, if it recognize there are some flows that have not been received." ::= { ipfixObdomainStatsEntry 7 } -------------------------------------------------------------------- -- 5: Template Record Table -------------------------------------------------------------------- ipfixTemplateTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists templates that are received by the collecting process. This process manages them." ::= { ipfixReceiving 5 } Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 33] Internet-Draft IPFIX MIB October 2006 ipfixTemplateEntry OBJECT-TYPE SYNTAX IpfixTemplateEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixTemplateTable" INDEX { ipfixExporterIndex, ipfixSessionId, ipfixTemplateId, ipfixTemplateIndex } ::= { ipfixTemplateTable 1 } IpfixTemplateEntry ::= SEQUENCE { ipfixTemplateId Integer32, ipfixTemplateIndex Integer32, ipfixTemplateFieldId Integer32, ipfixTemplateFieldLength Integer32 } ipfixTemplateId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This number indicates the template id in the IPFIX message." ::= { ipfixTemplateEntry 1 } ipfixTemplateIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ipfixTemplateIndex specifies the order in which the information element ids are used in the template record." ::= { ipfixTemplateEntry 2 } ipfixTemplateFieldId OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "This indicates the Information Element Id at position ipfixTemplateIndex in the template ipfixTemplateId. This implicitly gives the data type and state values that Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 34] Internet-Draft IPFIX MIB October 2006 are received." ::= { ipfixTemplateEntry 3 } ipfixTemplateFieldLength OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "This indicates the length of each Information Element Ids. Especially, in variable length type it is specified as 65535." ::= { ipfixTemplateEntry 4 } -------------------------------------------------------------------- -- 6: Template Statistics Table -------------------------------------------------------------------- ipfixTemplateStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF IpfixTemplateStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists statistics objects that have data per template." ::= { ipfixReceiving 6 } ipfixTemplateStatsEntry OBJECT-TYPE SYNTAX IpfixTemplateStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Defines an entry in the ipfixTemplateStatsTable" INDEX { ipfixExporterIndex, ipfixSessionId, ipfixTemplateId } ::= { ipfixTemplateStatsTable 1 } IpfixTemplateStatsEntry ::= SEQUENCE { ipfixTempFlows Counter32, ipfixTempReceivedTime DateAndTime } ipfixTempFlows OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 35] Internet-Draft IPFIX MIB October 2006 STATUS current DESCRIPTION "The number of flow records per template received from Exporter." ::= { ipfixTemplateStatsEntry 2 } ipfixTempReceivedTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "Time that the collecting process received this template. The collecting process overwrites to this object when it receives same template." ::= { ipfixTemplateStatsEntry 3 } --================================================================== -- Conformance information --================================================================== ipfixCompliances OBJECT IDENTIFIER ::= { ipfixConformance 1 } ipfixGroups OBJECT IDENTIFIER ::= { ipfixConformance 2 } --================================================================== -- Compliance statements --================================================================== ipfixCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "An implementation that complies to this module must implement the objects defined in the mandatory groups collectGroupExporters, collectGroupTemplates. The imeplementation of all other objects depends on the imeplementation of the corresponding functionality in the equipment." MODULE -- this module MANDATORY-GROUPS { ipfixGroupExporters, ipfixGroupTemplates } GROUP ipfixGroupStatistics DESCRIPTION "These objects must be implementes if the statistics function is implemented in the equipment." ::= { ipfixCompliances 1 } --================================================================== Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 36] Internet-Draft IPFIX MIB October 2006 -- MIB groupings --================================================================== ipfixGroupExporters OBJECT-GROUP OBJECTS { ipfixExporterIpAddressType, ipfixExporterIpAddress, ipfixLifeTimeTemplate, ipfixSessionProtocol, ipfixSessionDstPort, ipfixSessionSrcPort, ipfixSessionStatus } STATUS current DESCRIPTION "All objects that are basic for the management function of exporters." ::= { ipfixGroups 1 } ipfixGroupTemplates OBJECT-GROUP OBJECTS { ipfixTemplateFieldId, ipfixTemplateFieldLength } STATUS current DESCRIPTION "All objects that are basic for the management function of templates." ::= { ipfixGroups 2 } ipfixGroupStatistics OBJECT-GROUP OBJECTS { ipfixSessionPackets, ipfixSessionBytes, ipfixSessionMessages, ipfixSessionDiscardMessages, ipfixSessionElapsedTime, ipfixObdomainMessages, ipfixObdomainFlows, ipfixObdomainTemplates, ipfixObdomainLatestSeqNumber, ipfixObdomainDisorderdSeqNumbers, ipfixTempFlows, ipfixTempReceivedTime } Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 37] Internet-Draft IPFIX MIB October 2006 STATUS current DESCRIPTION "All objects that are basic for the statistics function." ::= { ipfixGroups 3 } END 8. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. 9. IANA Considerations This document requires an OID assignment to be made by IANA: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- ipfixMIB { mib-2 xxxxx } 10. Acknowledgment This document is a product of the IPFIX working group. 11. References 11.1. Normative References [RFC3917] Quittek, J., Zseby, T., Claise, B., and S. Zander, "Requirements for IP Flow Information Export (IPFIX)", RFC 3917, October 2004. [I-D.ietf-ipfix-architecture] Sadasivan, G., "Architecture for IP Flow Information Export", draft-ietf-ipfix-architecture-12 (work in progress), September 2006. [I-D.ietf-ipfix-as] Zseby, T., "IPFIX Applicability", draft-ietf-ipfix-as-10 Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 38] Internet-Draft IPFIX MIB October 2006 (work in progress), August 2006. [I-D.ietf-ipfix-protocol] Claise, B., "Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information", draft-ietf-ipfix-protocol-23 (work in progress), October 2006. [I-D.ietf-ipfix-info] Quittek, J., "Information Model for IP Flow Information Export", draft-ietf-ipfix-info-13 (work in progress), September 2006. [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. 11.2. Informative References [I-D.ietf-psamp-framework] Duffield, N., "A Framework for Packet Selection and Reporting", draft-ietf-psamp-framework-10 (work in progress), January 2005. [I-D.ietf-psamp-sample-tech] Zseby, T., "Sampling and Filtering Techniques for IP Packet Selection", draft-ietf-psamp-sample-tech-07 (work in progress), July 2005. [I-D.ietf-psamp-mib] Dietz, T. and B. Claise, "Definitions of Managed Objects for Packet Sampling", draft-ietf-psamp-mib-06 (work in progress), June 2006. [I-D.ietf-psamp-protocol] Claise, B., "Packet Sampling (PSAMP) Protocol Specifications", draft-ietf-psamp-protocol-06 (work in progress), June 2006. [RFC1889] Schulzrinne, H., Casner, S., Frederick, R., and V. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 39] Internet-Draft IPFIX MIB October 2006 Jacobson, "RTP: A Transport Protocol for Real-Time Applications", RFC 1889, January 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 40] Internet-Draft IPFIX MIB October 2006 Authors' Addresses Thomas Dietz (editor) NEC Europte Ltd. Network Laboratories Kurfuersten-Anlage 36 Heidelberg 69115 DE Phone: +49 6221 4342-128 Email: dietz@netlab.nec.de Atsushi Kobayashi NTT Information Sharing Platform Laboratories 3-9-11 Midori-cho Musashino-shi, Tokyo 180-8585 JA Phone: +81-422-59-3978 Email: akoba@nttv6.net Benoit Claise Cisco Systems De Kleetlaan 6a b1 Degem 1831 BE Phone: +32 2 704 5622 Email: bclaise@cisco.com Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 41] Internet-Draft IPFIX MIB October 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Dietz, et al. draft-dietz-ipfix-mib-01.txt [Page 42]