[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-snmpconf-diffpolicy-04.txt (fwd)



Hi,

Forgot to cc the WG.

Cheers,

dlp



Greetings,

Please find attached draft-ietf-snmpconf-diffpolicy-04.txt,
The DiffServ Policy MIB.  This is a product of the SNMPCONF
Working Group.

       Title     : The DiffServ Policy MIB
       Author(s) : H. Hazewinkel, D. Partain
       Filename  : draft-ietf-snmpconf-diffpolicy-04.txt
       Pages     : 24
       Date      : March 2001

The MIB Module described in this document provides a
conceptual layer between high-level "network-wide" policy
definitions that affect configuration of the differentiated
services (DiffServ) subsystem and the instance-specific
information that would include such details as the parameters
for all the queues associated with each interface in a system.
This essentially provides an interface for configuring
DiffServ at a conceptually higher layer than that of the
DiffServ Architecture MIB [DSARCHMIB].

With kind regards,

--
David Partain                  David.Partain@ericsson.com
Ericsson Radio Systems AB      Tel:    +46 13 28 41 44
Research and Innovation        Fax:    +46 13 28 75 67
P.O. Box 1248                  http://linlab.ericsson.se/~epkpart
SE-581 12  Linköping, Sweden





Internet Draft             DiffServ Policy MIB                March 2001


Internet Engineering Task Force                            H. Hazewinkel
INTERNET-DRAFT                                                  Covalent
Expires September 2001                                        D. Partain
                                                                Ericsson
                                                              March 2001

                        The DiffServ Policy MIB
                 draft-ietf-snmpconf-diffpolicy-03.txt
                        Document Revision:  1.7
                               March 2001





Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.


1.  Abstract


   The MIB Module described in this document provides a conceptual layer





SNMPCONF WG              Expires September 2001                 [Page 1]

Internet Draft             DiffServ Policy MIB                March 2001






   between high-level "network-wide" policy definitions that affect
   configuration of the differentiated services (DiffServ) subsystem and
   the instance-specific information that would include such details as
   the parameters for all the queues associated with each interface in a
   system.  This essentially provides an interface for configuring
   DiffServ at a conceptually higher layer than that of the DiffServ
   Architecture MIB [DIFFSERVMIB].

   This version of this memo is aligned with the DIFF-SERV-MIB
   [DIFFSERVMIB] found in draft-ietf-diffserv-mib-08.txt.  This MIB
   module will be aligned with that work as updates are made.


2.  The SNMP Management Framework


   The SNMP Management Framework presently consists of five major
   components:

     o   An overall architecture, described in RFC 2571 [1].

     o   Mechanisms for describing and naming objects and events
         for the purpose of management. The first version of this
         Structure of Management Information (SMI) is called SMIv1
         and described in RFC 1155 [2], RFC 1212 [3] and RFC 1215
         [4]. The second version, called SMIv2, is described in
         RFC 2578 [5], RFC 2579 [6] and RFC 2580 [7].

     o   Message protocols for transferring management
         information. The first version of the SNMP message
         protocol is called SNMPv1 and described in RFC 1157
         [8]. A second version of the SNMP message protocol,
         which is not an Internet standards track protocol, is
         called SNMPv2c and described in RFC 1901 [9] and RFC
         1906 [10].  The third version of the message protocol is
         called SNMPv3 and described in RFC 1906 [10], RFC 2572
         [11] and RFC 2574 [12].

     o   Protocol operations for accessing management
         information. The first set of protocol operations and
         associated PDU formats is described in RFC 1157 [8]. A
         second set of protocol operations and associated PDU
         formats is described in RFC 1905 [13].

     o   A set of fundamental applications described in RFC 2573 [14]





SNMPCONF WG              Expires September 2001                 [Page 2]

Internet Draft             DiffServ Policy MIB                March 2001






         and the view-based access control mechanism described
         in RFC 2575 [15].

   A more detailed introduction to the current SNMP Management Framework
   can be found in RFC 2570 [16].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB. Objects in the MIB are
   defined using the mechanisms defined in the SMI.

   This memo specifies a MIB module that is compliant to the SMIv2. A
   MIB conforming to the SMIv1 can be produced through the appropriate
   translations. The resulting translated MIB must be semantically
   equivalent, except where objects or events are omitted because no
   translation is possible (use of Counter64). Some machine-readable
   information in SMIv2 will be converted into textual descriptions in
   SMIv1 during the translation process. However, this loss of machine
   readable information is not considered to change the semantics of the
   MIB.


3.  Introduction


   This memo defines a MIB module which can be used to convey
   information about desired network-wide DiffServ-based policy
   behavior.  This module is designed to integrate with the Policy-based
   Management MIB module [POLICYMIB] as well as the DiffServ
   Architecture MIB module [DIFFSERVMIB] Together, these three documents
   represent an instance of an integrated architecture for both device-
   specific and network-wide policy management which is fully integrated
   with the Internet Standard Management Framework.

   This is the first of what is expected to be a wide number of other
   network-wide policy modules to be developed in the future in a wide
   range of areas.

   Within the DiffServ architecture a MIB module is already defined
   [DIFFSERVMIB] that operates on a device level.  The MIB module in
   this memo (the DIFFSERV-POLICY-MIB) creates a coherent policy
   configuration management view (domain-specific) as an umbrella over
   this mechanism-specific MIB.  That is, the DIFFSERV-POLICY-MIB
   provides a conceptual API for configuration of DiffServ parameters in
   a device at a higher level than the DiffServ Architecture MIB
   [DIFFSERVMIB].





SNMPCONF WG              Expires September 2001                 [Page 3]

Internet Draft             DiffServ Policy MIB                March 2001






4.  Definitions


   Terminology used in discussing policy-based configuration management
   has been the source of much discussion and confusion.  [SNMPBCP]
   provides a discussion of the terms used in discussing this topic.



5.  Relationship to other MIBs


   In this section we describe the relationship of this MIB module to
   other MIB modules.  The overall architecture used for policy
   configuration management is described in [POLICYMIB].


5.1.  The Policy-based Management MIB module


   [POLICYMIB] defines a MIB module that enables policy-based
   configuration management of infrastructure using the Internet
   Standard Management Framework.  The document includes a table for
   configuring policies to be implemented, tables for storing the roles
   of elements on a particular device, a table for representing the
   capabilities of a device with respect to policy management, a table
   for referencing elements affected by a policy, as well as other
   infrastructure.

   See [POLICYMIB] for a full description of the policy-based
   configuration framework it provides.


5.2.  The DiffServ MIB module


   The DiffServ Architecture MIB module [DIFFSERVMIB] provides a common
   set of managed objects useful for configuring DiffServ parameters on
   a particular device.  This is what is referred to as instance-level
   configuration. It is the alteration of the instance-level information
   in that MIB module which MAY be done via the objects provided by the
   DiffServ Policy MIB module defined in this memo.

   It is recognized that vendors may include additional managed objects
   in their devices (via vendor-specific MIB modules) for configuring





SNMPCONF WG              Expires September 2001                 [Page 4]

Internet Draft             DiffServ Policy MIB                March 2001






   DiffServ parameters. If a vendor chooses to use the objects defined
   in this memo for configuration, the vendor should provide additional
   managed objects in a similar approach as defined for the DiffServ
   Architecture MIB module.

   Since the managed objects of the DiffServ Architecture MIB are not
   directly associated with an instance (interface and interface
   direction), the same managed objects can be used for traffic
   treatment configuration templates in a DiffServ capable device.
   Therefore, the tables as defined in the DiffServ Architecture MIB can
   directly be used for configuration purposes.  Those tables are:
      diffServDataPathTable
      diffServClfrTable
      diffServClfrElementTable
      diffServSixTupleClfrTable
      diffServMeterTable
      diffServTBParamTable
      diffServActionTable
      diffServDscpMarkActTable
      diffServCountActTable
      diffServAlgDropTable
      diffServRandomDropTable
      diffServQTable
      diffServSchedulerTable
      diffServRateControlTable

   Readers familiar with the DiffServ Architecture MIB will notice that
   these are all templates except the diffServDataPathTable, which
   instantiates a DiffServ traffic treatment configuration on an
   interface and its interface direction.

   The approach taken in this document is to avoid duplication of
   managed objects and, therefore, the implementation of the DIFF-
   POLICY-MIB module should use of the tables defined in the DiffServ
   Architecture MIB.


5.3.  The DiffServ Policy MIB module design

   The DiffServ Policy MIB module of the SNMP-based configuration
   management framework is positioned between the Policy-based
   Management MIB module and the instance-specific MIB module (the
   DiffServ Architecture MIB module) as described above.

   The Differentiated Services Policy MIB (DIFFSERV-POLICY-MIB) module





SNMPCONF WG              Expires September 2001                 [Page 5]

Internet Draft             DiffServ Policy MIB                March 2001






   found in this memo is designed to have configuration templates for
   the Differentiated Services MIB (DIFFSERV-MIB) module. These
   templates represent a specific configuration of traffic treatment in
   a datapath of a Differentiated Services capable device. As soon as a
   configuration is made active via the POLICY-MANAGEMENT-MIB, the
   configuration defined within this MIB module will be instantiated on
   the instance-specific MIB (the DIFFSERV-MIB).

   Note that this is a conceptual process. That is, the configuration
   may not actually go through an API available in the subsystem which
   implements the DIFFSERV-MIB module.  However, configuration via the
   DIFFSERV-POLICY-MIB module will alter the same instrumentation as the
   DIFF-SERV-MIB module whether it does it via the DIFFSERV-MIB module
   or not.

   The Differentiated Services Policy MIB module only needs to define a
   starting point of a traffic treatment configuration template. This
   table is similar to the diffServDataPathTable [DIFFSERV-MIB].
   However, its has a semantic difference in that the
   diffServDataPathTable is associated with an instance (interface and
   interface direction) where the diffPolicyDPCTable is not instance-
   specific.

   Unlike most MIB modules, changes on the managed objects in this MIB
   module do not cause a change in the device.  This MIB module is used
   to set up per-hop-behavior configurations. As soon as configurations
   are made active via the POLICY-MANAGEMENT-MIB, the configurations
   defined within this MIB module will be instantiated on the instance
   specific MIB, the DIFF-SERV-MIB.

   The table in the MIB module is:
    - The diffPolicyDPCTable provides managed objects for
      registering traffic treatment configurations used in
      differentiated services. The sole purpose of this table
      is to provide the starting point for a traffic treatment
      configuration template.  The traffic treatment is performed
      by datapath elements [DIFFSERVMIB]


6.  Template cloning

   The concept of the DIFF-POLICY-MIB is based on having traffic
   treatment configuration templates. The templates provide a set of
   configuration values that provide a certain behavior, such as EF
   traffic treatment in the datapath. The template can be considered as





SNMPCONF WG              Expires September 2001                 [Page 6]

Internet Draft             DiffServ Policy MIB                March 2001






   a linked list from a starting point and each element is connected to
   the next element via a, so-called,

   The moment a template is activated on an interface and its interface
   direction (instantiated), the template needs to be copied/cloned, so
   that the template remains as a template.  If the template does not
   stay as a template after an instantiation, the management station has
   to setup a new equivalent template, and the object amplification of
   configuration with SNMP is gone.

   A literal copy/clone of the template would not be possible, since the
   same indexes inside the element tables cannot be used again. The
   instantiation process must therefore generate a new index for each
   element. As a result of this, the 'NEXT' pointers also need to be
   updated. Otherwise, those will point to the template.

   What should a system containing DiffServ capabilities and DiffServ
   Policy capabilities do conceptually at the moment a template is
   activated on an interface?   The following order or approach is not a
   pre-defined implementation, but a conceptual explanation of what
   should be done.

     1) Get index of the template to be activated
     2) Get RowPointer (current) from
               diffPolicyDPCConfiguration.index of
               diffPolicyDPCTable
     3) Check if RowPointer (current) exists
     4) Copy/Clone the entry pointed to by RowPointer
           a) Get a new index for the entry
           b) Configure the new entry with the values
              of the entry to be cloned
           c) Update the NEXT pointer with a new RowPointer
              that pointed to the previous entry that was copied
              part of this template
     5) Store RowPointer of cloned entry as previous
     6) Get the RowPointer of the next element in in the template
        as current
     7) If current RowPointer does not equal zeroDotZero goto 4


6.1.  Example

   This section provides an example for the concept provided in the
   previous section (7). This example will show a Diffserv-capable
   incoming (ingress) interface that only counts the amount of the





SNMPCONF WG              Expires September 2001                 [Page 7]

Internet Draft             DiffServ Policy MIB                March 2001






   traffic stream. Then, with the policy-based configuration concept as
   defined in this document and in [POLICYMIB], a traffic marking
   configuration will be applied.  The example will walk the reader
   through all of the steps involved in this process.

   1) The initial situation

   The initial configuration is the existing configuration of
   an ingress interface.

           +------------------------------------+
           |   ingress datapath                 |
           |   +----------------------------+   |
           |   |                            |   |
       --->|-->|       action: count        |-->|----->
           |   |                            |   |  routing
           |   +----------------------------+   |  core
           +------------------------------------+

   This figure depicts a simple traffic treatment datapath
   for an ingress interface. The datapath only consists of a
   count action.

   Within the DIFFSERV-MIB this would be instantiated as follows
   in the appropriate tables.  Note that RowPointer objects
   must point to the first accessible columnar object in the
   conceptual row.  Thus, while perhaps more instructive to
   use the index value for the RowPointer object's value (e.g.,
   diffServCountActId.1) in the example, it would nonetheless
   be incorrect, and the first accessible columnar object has
   been used as should be done (e.g., diffServCountActOctets.1).

   diffServDataPathTable
   +--------------------+-----------------------------+
   | index              | diffServDataPathStart       |
   +--------------------+-----------------------------+
   | ifIndex.ingress    | diffServActionNext.1        |
   +--------------------+-----------------------------+












SNMPCONF WG              Expires September 2001                 [Page 8]

Internet Draft             DiffServ Policy MIB                March 2001






   diffServActionTable
   +----------+------------+-------------------------+--------------------+
   | diffServ | diffServ   |                         |                    |
   | ActionId | ActionNext |diffServActionSpecific   | diffServActionType |
   +----------+------------+-------------------------+--------------------+
   | 1        | 0.0        |diffServCountActOctets.1 | specific           |
   +----------+------------+-------------------------+--------------------+

   diffServCountActTable
   +-------------------+---------------------+-----------------------+
   | diffServCountIdId | diffServCountOctets | ......                |
   +-------------------+---------------------+-----------------------+
   | 1                 | 123456789           | ......                |
   +-------------------+---------------------+-----------------------+

   2) The policy configuration template

   The following provides a defined policy configuration in
   which traffic is classified by a specific IP filter. That
   results in two classifers (1 for the IP filter and the match
   all). Both streams are then metered, marked and counted. An
   example of usage could be an incoming interface at the edge
   of an ISP that provides EF traffic treatment to a specific
   customer and others just AF traffic treatment.

   +------------------------------------------------------------+
   |   ingress datapath                                         |
   |   +------------+   +-------+   +---------+   +---------+   |
   |   |            |   |       |   | action: |   | action: |   |
-->|-->| classifier |-->| meter |-->| mark EF |-->| count   |-->|----->
   |   | match <IP> |   |       |   |         |   |         |   |
   |   +------------+   +-------+   +---------+   +---------+   |
   |         |                 \                                |
   |         |                  \      +---------+              |
   |         |                   \     | action: |              |routing
   |         |                    * -->| dropper |              |core
   |         |                   /     |         |              |
   |         |                  /      +---------+              |
   |         V                 /                                |
   |   +------------+   +-------+   +---------+   +---------+   |
   |   |            |   |       |   | action: |   | action: |   |
   |   | classifier |-->| meter |-->| mark AF |-->| count   |-->|----->
   |   | match all  |   |       |   |         |   |         |   |
   |   +------------+   +-------+   +---------+   +---------+   |
   +------------------------------------------------------------+





SNMPCONF WG              Expires September 2001                 [Page 9]

Internet Draft             DiffServ Policy MIB                March 2001






   This figure depicts a policy configuration for ingress
   traffic treatment in a diffserv capable device. The
   configuration is represented as follows in DIFFPOLICY-MIB
   module and the DIFFSERV-MIB module.  NOTE: the original
   (existing) traffic treatment of 1) is also in the tables.

   diffPolicyDPCTable (in the MIB module in this memo)
   +-------+---------------------------------+--------------------------+
   | index | diffPolicyDPCConfiguration      | diffPolicyDPCDescription |
   +-------+---------------------------------+--------------------------+
   | 1     | diffServClfrElementPrecedence.1 | EF traffic treatment     |
   +-------+---------------------------------+--------------------------+

   diffServClfrTable
   +--------------------+
   | diffServClfrId     |
   +--------------------+
   | 1                  |
   +--------------------+

   diffServClfrElementTable
   +----------------+------------------------+--------------------------+
   |diffServ        |diffServ                | diffServ                 |
   | ClfrElementId  | ClfrElementClfrId      | ClfrElementNext          |
   +----------------+------------------------+--------------------------+
   | 1              | 1 (diffServClfrId = 1) |diffServMeterSucceedNext.1|
   | 2              | 1 (diffServClfrId = 1) |diffServMeterSucceedNext.2|
   +----------------+------------------------+--------------------------+

   diffServMeterTable
   +-----------+--------------------------+----------------------+------+
   | diffServ  |                          |                      | .... |
   | MeterId   | diffServMeterSucceedNext |diffServMeterFailNext | .... |
   +-----------+--------------------------+----------------------+------+
   | 1         | diffServActionNext.2     | diffServActionNext.4 |      |
   | 2         | diffServActionNext.3     | diffServActionNext.4 |      |
   +-----------+--------------------------+----------------------+------+













SNMPCONF WG              Expires September 2001                [Page 10]

Internet Draft             DiffServ Policy MIB                March 2001






   diffServActionTable
   +---------+--------------------+--------------------------+--------------+
   | diffServ|diffServ            | diffServ                 | diffServ     |
   | ActionId|ActionNext          | ActionSpecific           | ActionType   |
   +---------+--------------------+--------------------------+--------------+
   | 1       |0.0                 |diffServCountActOctets.1  | specific     |
   | 2       |diffServActionNext.4|diffServDscpMarkActDscp.AF| specific     |
   | 3       |diffServActionNext.4|diffServDscpMarkActDscp.EF| specific     |
   | 4       |0.0                 |0.0                       | absoluteDrop |
   | 5       |0.0                 |diffServCountActOctets.2  | specific     |
   | 6       |0.0                 |diffServCountActOctets.3  | specific     |
   +---------+--------------------+--------------------------+--------------+

   diffServCountActTable
   +--------------------+-----------------------+
   | diffServCountActId | ......                |
   +--------------------+-----------------------+
   | 1                  | ......                |
   | 2                  | ......                |
   | 3                  | ......                |
   +--------------------+-----------------------+

   diffServDscpMarkActTable
   +-------------------------+
   | diffServDscpMarkActDscp |
   +-------------------------+
   | DSCP(AF)                |
   +-------------------------+
   | DSCP(EF)                |
   +-------------------------+

   3) Applying the template

   Now we have the original ingress interface configuration
   and the policy configuration we want to apply to the actual
   interface.

   The example policy must provide to all interfaces used
   by system administrators the required diffserv traffic
   treatment. The traffic treatment required is described in 2).

   Therefore, we have the following example policy which
   is configured via the POLICY-BASED-MANAGEMENT-MIB module
   (see [POLICYMIB]):






SNMPCONF WG              Expires September 2001                [Page 11]

Internet Draft             DiffServ Policy MIB                March 2001






   IF
      roleMatch("Administrator")
   THEN
      setvar("diffServDataPathStart" + $1 + ".2",
              "diffServActionNext.1",
              Oid)
   For our purposes, we only apply this on the outbound
   direction (hence the 2 in the setvar) on the interface.

   For more information on policies and their syntax refer
   to [POLICYMIB].

   The following tables of this section provide the cloned
   entries in the tables of the DIFFSERV-MIB module.  NOTE:
   the original (existing) traffic treatment of 1) and 2)
   are also in the tables.

   diffPolicyDPCTable
   +-------+------------------------------------+--------------------------+
   | index | diffPolicyDPCConfiguration         | diffPolicyDPCDescription |
   +-------+------------------------------------+--------------------------+
   | 1     | diffServClfrElementPrecedence.1    | EF traffic treatment     |
   +-------+------------------------------------+--------------------------+

   diffServDataPathTable
   +--------------------+-----------------------------+
   | index              | diffServDataPathStart       |
   +--------------------+-----------------------------+
   | ifIndex.ingress    | diffServActionNext.2        |
   +--------------------+-----------------------------+

   diffServClfrTable
   +--------------------+
   | diffServClfrId     |
   +--------------------+
   | 1                  |
   | 2                  |
   +--------------------+












SNMPCONF WG              Expires September 2001                [Page 12]

Internet Draft             DiffServ Policy MIB                March 2001






   diffServClfrElementTable
   +----------------+-----------------------+----------------------------+
   | diffServ       | diffServ              | diffServ                   |
   | ClfrElementId  | ClfrElementClfrId     | ClfrElementNext            |
   +----------------+-----------------------+----------------------------+
   | 1              | 1 (diffServClfrId = 1)| diffServMeterSucceedNext.1 |
   | 2              | 1 (diffServClfrId = 1)| diffServMeterSucceedNext.2 |
   | 3              | 2 (diffServClfrId = 2)| diffServMeterSucceedNext.3 |
   | 4              | 2 (diffServClfrId = 2)| diffServMeterSucceedNext.4 |
   +----------------+-----------------------+----------------------------+

   diffServMeterTable
   +-------------+-----------------------+-----------------------+------+
   | diffServ    | diffServ              | diffServ              | .... |
   | MeterId     | MeterSucceedNext      | MeterFailNext         |      |
   +-------------+-----------------------+-----------------------+------+
   | 1           | diffServActionNext.2  | diffServActionNext.4  |      |
   | 2           | diffServActionNext.3  | diffServActionNext.4  |      |
   | 3           | diffServActionNext.7  | diffServActionNext.9  |      |
   | 4           | diffServActionNext.8  | diffServActionNext.9  |      |
   +-------------+-----------------------+-----------------------+------+

   diffServActionTable
   +---------+--------------------+--------------------------+-------------+
   | diffServ|diffServ            |diffServ                  | diffServ    |
   | ActionId|ActionNext          |ActionSpecific            | ActionType  |
   +---------+--------------------+--------------------------+-------------+
   | 1       |0.0                 |diffServCountActOctets.1  | specific    |
   | 2       |diffServActionNext.4|diffServDscpMarkActDscp.AF| specific    |
   | 3       |diffServActionNext.4|diffServDscpMarkActDscp.EF| specific    |
   | 4       |0.0                 |0.0                       | absoluteDrop|
   | 5       |0.0                 |diffServCountActOctets.2  | specific    |
   | 6       |0.0                 |diffServCountActOctets.3  | specific    |
   | 7       |diffServActionNext.9|diffServDscpMarkActDscp.AF| specific    |
   | 8       |diffServActionNext.9|diffServDscpMarkActDscp.EF| specific    |
   | 9       |0.0                 |0.0                       | absoluteDrop|
   | 10      |0.0                 |diffServCountActOctets.4  | specific    |
   | 11      |0.0                 |diffServCountActOctets.5  | specific    |
   +---------+--------------------+---------------------+------------------+











SNMPCONF WG              Expires September 2001                [Page 13]

Internet Draft             DiffServ Policy MIB                March 2001






   diffServCountActTable
   +--------------------+-----------------------+
   | diffServCountActId | ......                |
   +--------------------+-----------------------+
   | 1                  | ......                |
   | 2                  | ......                |
   | 3                  | ......                |
   | 4                  | ......                |
   | 5                  | ......                |
   +--------------------+-----------------------+

   diffServDscpMarkActTable
   +-------------------------+
   | diffServDscpMarkActDscp |
   +-------------------------+
   | DSCP(AF)                |
   +-------------------------+
   | DSCP(EF)                |
   +-------------------------+


   As one can see in the example, the main elements from which a
   datapath are constructed are duplicated/copied/cloned. That process
   is needed in order to preserve the policy configuration for reuse at
   a later time.

   It is up to the SNMP agent to keep track of which network interfaces
   are under policy control and which policy rules. This avoids
   duplication of policy enforcement.  How the agent does this is an
   implementation issue.

   One can see that the old datapath configurations stay in the MIB
   module tables. It is up to the SNMP agent implementation to decide
   whether to delete stale entries or keep them.  Garbage collection of
   stale entries is an implementation issue.



7.  Managed objects definitions (MIB module)


   DIFFSERV-POLICY-MIB DEFINITIONS ::= BEGIN

   -- This version of the MIB is aligned with the DiffServ WG's MIB
   -- found in draft-ietf-diffserv-mib-06.txt.  This MIB module will





SNMPCONF WG              Expires September 2001                [Page 14]

Internet Draft             DiffServ Policy MIB                March 2001






   -- remain aligned with that work as updates are made.

   -- Note that much of the content of the MIBs in previous versions
   -- of this document have been removed since they were used for
   -- creating "templates" that were not bound to interface
   -- instances.  That functionality now exists in the DIFF-SERV-MIB
   -- itself.

       IMPORTS

       Integer32, OBJECT-TYPE, MODULE-IDENTITY, zeroDotZero, mib-2
          FROM SNMPv2-SMI

       RowStatus, RowPointer, TestAndIncr, DateAndTime
          FROM SNMPv2-TC

       MODULE-COMPLIANCE, OBJECT-GROUP
          FROM SNMPv2-CONF

       SnmpAdminString
          FROM SNMP-FRAMEWORK-MIB;

   diffPolicyMib MODULE-IDENTITY
       LAST-UPDATED "200011130500Z" -- November 12, 2000, 20:00 San Francisco
       ORGANIZATION "SNMPCONF WG"
       CONTACT-INFO
          "SNMPCONF Working Group
           http://www.ietf.org/html.charters/snmpconf-charter.html
          Editors:

          Harrie Hazewinkel
          Postal: Covalent Technologies
                  706 Mission Street (2nd floor)
                  San Francisco, CA - 94133
                  United States
          Tel: +1 415 536 5221
          E-mail: harrie@covalent.net

          David Partain
          Postal: Ericsson Radio Systems
                  P.O. Box 1248
                  SE-581 12 Linkoping
                  Sweden
          Tel: +46 13 28 41 44
          E-mail: David.Partain@ericsson.com"





SNMPCONF WG              Expires September 2001                [Page 15]

Internet Draft             DiffServ Policy MIB                March 2001






       DESCRIPTION
               "This MIB module contains differentiated services
               specific managed objects to perform policy-based
               configuration management. This MIB allows policies
               to use 'templates' to be used to instantiate
               diffserv datapath configurations to be assigned
               (associated with an interface and direction)
               when a policy is created and activated."
       ::= { mib-2 22222222 }  -- Needs to be assigned by IANA

   diffPolicyMIBObjects     OBJECT IDENTIFIER ::= { diffPolicyMib 1 }
   diffPolicyMIBConformance OBJECT IDENTIFIER ::= { diffPolicyMib 2 }

   --
   -- The DiffServ Policy Configuration objects
   --

   diffPolicyDPCUnique OBJECT-TYPE
       SYNTAX       TestAndIncr
       MAX-ACCESS   read-write
       STATUS       current
       DESCRIPTION
          "The diffPolicyDPCUnique object yields a unique new
          value for diffPolicyDPCId when read and subsequently
          set. This value must be tested for uniqueness."
       ::= { diffPolicyMIBObjects 1 }

   diffPolicyDPCTable OBJECT-TYPE
       SYNTAX       SEQUENCE OF DiffPolicyDPCEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "A table which defines the various per-hop-behaviors
          for which the system has default 'templates'."
       ::= { diffPolicyMIBObjects 2 }

   diffPolicyDPCEntry OBJECT-TYPE
       SYNTAX       DiffPolicyDPCEntry
       MAX-ACCESS   not-accessible
       STATUS       current
       DESCRIPTION
          "An entry defining a per-hop-behavior.  Each entry in
          this table combines the various parameters (entries)
          into a specific per-hop-behavior.  Entries in this
          table might be defined by a vendor (pre-configured)





SNMPCONF WG              Expires September 2001                [Page 16]

Internet Draft             DiffServ Policy MIB                March 2001






          or defined by a management application."
       INDEX { diffPolicyDPCId }
       ::= { diffPolicyDPCTable 1 }

   DiffPolicyDPCEntry ::= SEQUENCE {
       diffPolicyDPCId               Integer32,
       diffPolicyDPCDescr            SnmpAdminString,
       diffPolicyDPCOwner            SnmpAdminString,
       diffPolicyDPCLastChange       DateAndTime,
       diffPolicyDPCConfiguration    RowPointer,
       diffPolicyDPCStatus           RowStatus
   }

   diffPolicyDPCId OBJECT-TYPE
       SYNTAX         Integer32 (1..2147483647)
       MAX-ACCESS     not-accessible
       STATUS         current
       DESCRIPTION
          "A unique id for the per-hop-behavior policy."
       ::= { diffPolicyDPCEntry 1 }

   diffPolicyDPCDescr OBJECT-TYPE
       SYNTAX         SnmpAdminString
       MAX-ACCESS     read-create
       STATUS         current
       DESCRIPTION
          "A human-readable description to identify this defined
          per-hop-behavior.  Note that this is an SnmpAdminString,
          which permits UTF-8 strings."
       ::= { diffPolicyDPCEntry 2 }

   diffPolicyDPCOwner OBJECT-TYPE
       SYNTAX         SnmpAdminString
       MAX-ACCESS     read-create
       STATUS         current
       DESCRIPTION
          "The owner who created this entry."
       ::= { diffPolicyDPCEntry 3 }

   diffPolicyDPCLastChange OBJECT-TYPE
       SYNTAX         DateAndTime
       MAX-ACCESS     read-only
       STATUS         current
       DESCRIPTION
          "The date and time when this entry was last changed."





SNMPCONF WG              Expires September 2001                [Page 17]

Internet Draft             DiffServ Policy MIB                March 2001






       ::= { diffPolicyDPCEntry 4 }

   diffPolicyDPCConfiguration OBJECT-TYPE
       SYNTAX         RowPointer
       MAX-ACCESS     read-create
       STATUS         current
       DESCRIPTION
          "The pointer to a datapath configuration template as
          set up in the DIFFSERV-MIB.  This  RowPointer  should
          point to an instance of one of:
         diffServClfrElementEntry
            diffServClfrEntry
            diffServMeterEntry
            diffServActionEntry
            diffServAlgDropEntry
            diffServQEntry
          A value of zeroDotZero in this attribute indicates no
          further Diffserv treatment is performed on traffic of
          this datapath.

          If the row pointed to does not exist,  the  treatment
          is  as if this attribute contains a value of zero-
          DotZero."
       DEFVAL { zeroDotZero }
       ::= { diffPolicyDPCEntry 5 }

   diffPolicyDPCStatus OBJECT-TYPE
       SYNTAX         RowStatus
       MAX-ACCESS     read-create
       STATUS         current
       DESCRIPTION
          "RowStatus object used for creation and deletion of
          rows in this table."
       ::= { diffPolicyDPCEntry 11 }

   --
   -- MIB Compliance statements.
   --

   diffPolicyMIBCompliances OBJECT IDENTIFIER ::= { diffPolicyMIBConformance 1 }
   diffPolicyMIBGroups      OBJECT IDENTIFIER ::= { diffPolicyMIBConformance 2 }

   diffPolicyMIBFullCompliance MODULE-COMPLIANCE
       STATUS       current
       DESCRIPTION





SNMPCONF WG              Expires September 2001                [Page 18]

Internet Draft             DiffServ Policy MIB                March 2001






          "The full compliance for this MIB module."
       MODULE  -- This module
       MANDATORY-GROUPS {  diffPolicyMIBDPCGroup }
       ::= { diffPolicyMIBCompliances 1 }

   diffPolicyMIBDPCGroup OBJECT-GROUP
       OBJECTS {  diffPolicyDPCUnique,
                  diffPolicyDPCDescr,
                  diffPolicyDPCOwner,
                  diffPolicyDPCLastChange,
                  diffPolicyDPCConfiguration,
                  diffPolicyDPCStatus
       }
       STATUS current
       DESCRIPTION
          "The per-hop-behavior Group defines the MIB Objects that
          describe the configuration template for the per-hop-behavior."
       ::= { diffPolicyMIBGroups 1 }

   END






























SNMPCONF WG              Expires September 2001                [Page 19]

Internet Draft             DiffServ Policy MIB                March 2001






8.  Security Considerations


   Security information here


9.  Editors' Addresses


      Harrie Hazewinkel
      Covalent Technologies
      706 Mission Street (2nd floor)
      San Francisco, CA 94133
      United States
      Phone: +1 415 536 5221
      EMail: harrie@covalent.net

      David Partain
      Ericsson Radio Systems
      Research and Innovation
      P.O. Box 1248
      SE-581 12 Linkoping
      Sweden
      Phone:  +46 13 28 41 44
      EMail:  David.Partain@ericsson.com


10.  Full Copyright Statement


   Copyright (C) The Internet Society (2000).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.





SNMPCONF WG              Expires September 2001                [Page 20]

Internet Draft             DiffServ Policy MIB                March 2001






   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."


11.  References


   Others to be added as time goes by!

   [1]  Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for
        Describing SNMP Management Frameworks", RFC 2571, Cabletron
        Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April
        1999

   [2]  Rose, M., and K. McCloghrie, "Structure and Identification of
        Management Information for TCP/IP-based Internets", RFC 1155, STD
        16, Performance Systems International, Hughes LAN Systems, May 1990

   [3]  Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212,
        STD 16, Performance Systems International, Hughes LAN Systems,
        March 1991

   [4]  M. Rose, "A Convention for Defining Traps for use with the SNMP",
        RFC 1215, Performance Systems International, March 1991

   [5]  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
        and S. Waldbusser, "Structure of Management Information Version 2
        (SMIv2)", RFC 2578, STD 58, Cisco Systems, SNMPinfo, TU
        Braunschweig, SNMP Research, First Virtual Holdings, International
        Network Services, April 1999

   [6]  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
        and S. Waldbusser, "Textual Conventions for SMIv2", RFC 2579, STD
        58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First
        Virtual Holdings, International Network Services, April 1999

   [7]  McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
        and S. Waldbusser, "Conformance Statements for SMIv2", RFC 2580,





SNMPCONF WG              Expires September 2001                [Page 21]

Internet Draft             DiffServ Policy MIB                March 2001






        STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research,
        First Virtual Holdings, International Network Services, April 1999

   [8]  Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network
        Management Protocol", RFC 1157, STD 15, SNMP Research, Performance
        Systems International, Performance Systems International, MIT
        Laboratory for Computer Science, May 1990.

   [9]  Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
        "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research,
        Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
        International Network Services, January 1996.

   [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport
        Mappings for Version 2 of the Simple Network Management Protocol
        (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc.,
        Dover Beach Consulting, Inc., International Network Services,
        January 1996.

   [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message
        Processing and Dispatching for the Simple Network Management
        Protocol (SNMP)", RFC 2572, SNMP Research, Inc., Cabletron Systems,
        Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999

   [12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for
        version 3 of the Simple Network Management Protocol (SNMPv3)", RFC
        2574, IBM T. J. Watson Research, April 1999

   [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol
        Operations for Version 2 of the Simple Network Management Protocol
        (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc.,
        Dover Beach Consulting, Inc., International Network Services,
        January 1996.

   [14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC
        2573, SNMP Research, Inc., Secure Computing Corporation, Cisco
        Systems, April 1999

   [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access
        Control Model (VACM) for the Simple Network Management Protocol
        (SNMP)", RFC 2575, IBM T. J. Watson Research, BMC Software, Inc.,
        Cisco Systems, Inc., April 1999

   [16] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to
        Version 3 of the Internet-standard Network Management Framework",





SNMPCONF WG              Expires September 2001                [Page 22]

Internet Draft             DiffServ Policy MIB                March 2001






        RFC 2570, SNMP Research, Inc., TIS Labs at Network Associates,
        Inc., Ericsson, Cisco Systems, April 1999

   [PBCM] J. Saperia, "Policy-based Configuration Management", Work
        in Progress, June 2000.

   [DIFFSERVMIB] Baker, F., K. Chan, and A. Smith, Management
        Information Base for the Differentiated Services
        Architecture, Work in Progress, May 2000.

   [POLICYMIB] Waldbusser, S., J. Saperia, T. Hongal, Policy Based
        Management MIB, Work in Progress, May 2000.

   [SNMPBCP] MacFaden M., J. Saperia, CONFIGURING NETWORKS AND DEVICES
        WITH SNMP, Work in Progress, May 2000.

   [COPS-PR] Chan, K.H.., D. Durham, S. Gai, S. Herzog, K.  McCloghrie, F.
        Reichmeyer, J. Seligson, A. Smith, R.  Yavatkar, COPS Usage
        for Policy Provisioning, Work in Progress, March 2000.

   [IPSEC] To be added

   [BGP MIB] to be added if necessary.



























SNMPCONF WG              Expires September 2001                [Page 23]

Internet Draft             DiffServ Policy MIB                March 2001






Table of Contents



1 Abstract ........................................................    1
2 The SNMP Management Framework ...................................    2
3 Introduction ....................................................    3
4 Definitions .....................................................    4
5 Relationship to other MIBs ......................................    4
5.1 The Policy-based Management MIB module ........................    4
5.2 The DiffServ MIB module .......................................    4
5.3 The DiffServ Policy MIB module design .........................    5
6 Template cloning ................................................    6
6.1 Example .......................................................    7
7 Managed objects definitions (MIB module) ........................   14
8 Security Considerations .........................................   20
9 Editors' Addresses ..............................................   20
10 Full Copyright Statement .......................................   20
11 References .....................................................   21































SNMPCONF WG              Expires September 2001                [Page 24]