RFC 3287
Remote Monitoring MIB Extensions for Differentiated Services
Pages: 120
Proposed Standard
Proposed Standard
Part 5 of 5 – Pages 108 to 120
5. Counter Aggregation Configuration Usage Examples
This section contains an example of the steps that may be followed by a management station to configure the objects in the dsmonCounterAggControlGroup. A note about these examples: - they do not define a standard - an agent is not obligated to support them - a management application is not constrained by them - the SET(object = value [, ...]) notation is only conceptual, and is not meant to represent an actual SNMP Set PDU.
5.1. Step 1: Unlock the Counter Aggregation Configuration
Before any write operations to the tabular objects in this group can be made, the counter aggregation configuration must be unlocked by setting the dsmonAggControlLocked scalar to false: SET(dsmonAggControlLocked.0 = false(2));5.2. Step 2: Check the Maximum number of Counter Aggregation Groups
Make sure the desired counter aggregation groups have a chance of being configured on the agent. maxGroups = GET(dsmonAggMaxAggGroups.0); For this example, maxGroups is greater or equal to 64.5.3. Step 3: Check if the counter aggregation profiles already exist
Make sure the desired counter aggregation profiles have not already been configured, or perhaps recreated after an agent restart. The following example is oversimplified, in that the entire counter aggregation configuration should actually be verified. profile1Descr = GET(dsmonAggControlDescr.1); profile1Owner = GET(dsmonAggControlOwner.1); profile1Status = GET(dsmonAggControlStatus.1); For this example, none of the counter aggregation profiles already exist.5.4. Step 4: Create the Counter Aggregation Control Entries
The management station should create one entry in the dsmonAggControlTable for each counter aggregation profile to be configured on the agent. Steps 4, 5, and 6 are repeated for each counter aggregation profile to be configured on the agent. There are 3 example counter aggregation profiles shown in each of these steps. Example 1: Each DSCP in its own counter aggregation group. SET(dsmonAggControlStatus.1 = createAndGo(4), dsmonAggControlOwner.1 = "Example App 1", dsmonAggControlDescr.1 = "1 DSCP Per Group");
Example 2: a collection of DIFFSERV PHBs.
SET(dsmonAggControlStatus.2 = createAndGo(4),
dsmonAggControlOwner.2 = "Example App 2",
dsmonAggControlDescr.2 = "June 2000 DIFFSERV PHBs");
Example 3: an aggregated collection of DIFFSERV PHBs.
SET(dsmonAggControlStatus.3 = createAndGo(4),
dsmonAggControlOwner.3 = "Example App 3",
dsmonAggControlDescr.3 = "Limited June 2000 PHBs");
5.5. Step 5: Create the Counter Aggregation Group Descriptions
Example 1: Each DSCP in its own counter aggregation group. One group
is created for each codepoint, for a total of 64 rows.
SET(dsmonAggGroupStatus.1.0 = createAndGo(4),
dsmonAggGroupDescr.1.0 = "DSCP 0");
SET(dsmonAggGroupStatus.1.1 = createAndGo(4),
dsmonAggGroupDescr.1.1 = "DSCP 1");
SET(dsmonAggGroupStatus.1.2 = createAndGo(4),
dsmonAggGroupDescr.1.2 = "DSCP 2");
SET(dsmonAggGroupStatus.1.3 = createAndGo(4),
dsmonAggGroupDescr.1.3 = "DSCP 3");
...
SET(dsmonAggGroupStatus.1.63 = createAndGo(4),
dsmonAggGroupDescr.1.63 = "DSCP 63");
Example 2: a collection of current DIFFSERV PHBs. One group is
created for each PHB to be monitored.
SET(dsmonAggGroupStatus.2.0 = createAndGo(4),
dsmonAggGroupDescr.2.0 = "CS0");
SET(dsmonAggGroupStatus.2.1 = createAndGo(4),
dsmonAggGroupDescr.2.1 = "CS1");
SET(dsmonAggGroupStatus.2.2 = createAndGo(4),
dsmonAggGroupDescr.2.2 = "CS2");
SET(dsmonAggGroupStatus.2.3 = createAndGo(4),
dsmonAggGroupDescr.2.3 = "CS3");
SET(dsmonAggGroupStatus.2.4 = createAndGo(4),
dsmonAggGroupDescr.2.4 = "CS4");
SET(dsmonAggGroupStatus.2.5 = createAndGo(4),
dsmonAggGroupDescr.2.5 = "CS5");
SET(dsmonAggGroupStatus.2.6 = createAndGo(4),
dsmonAggGroupDescr.2.6 = "CS6");
SET(dsmonAggGroupStatus.2.7 = createAndGo(4),
dsmonAggGroupDescr.2.7 = "CS7");
SET(dsmonAggGroupStatus.2.8 = createAndGo(4),
dsmonAggGroupDescr.2.8 = "EF");
SET(dsmonAggGroupStatus.2.9 = createAndGo(4),
dsmonAggGroupDescr.2.9 = "AF11");
SET(dsmonAggGroupStatus.2.10 = createAndGo(4),
dsmonAggGroupDescr.2.10 = "AF12");
SET(dsmonAggGroupStatus.2.11 = createAndGo(4),
dsmonAggGroupDescr.2.11 = "AF13");
SET(dsmonAggGroupStatus.2.12 = createAndGo(4),
dsmonAggGroupDescr.2.12 = "AF21");
SET(dsmonAggGroupStatus.2.13 = createAndGo(4),
dsmonAggGroupDescr.2.13 = "AF22");
SET(dsmonAggGroupStatus.2.14 = createAndGo(4),
dsmonAggGroupDescr.2.14 = "AF23");
SET(dsmonAggGroupStatus.2.15 = createAndGo(4),
dsmonAggGroupDescr.2.15 = "AF31");
SET(dsmonAggGroupStatus.2.16 = createAndGo(4),
dsmonAggGroupDescr.2.16 = "AF32");
SET(dsmonAggGroupStatus.2.17 = createAndGo(4),
dsmonAggGroupDescr.2.17 = "AF33");
SET(dsmonAggGroupStatus.2.18 = createAndGo(4),
dsmonAggGroupDescr.2.18 = "AF41");
SET(dsmonAggGroupStatus.2.19 = createAndGo(4),
dsmonAggGroupDescr.2.19 = "AF42");
SET(dsmonAggGroupStatus.2.20 = createAndGo(4),
dsmonAggGroupDescr.2.20 = "AF43");
SET(dsmonAggGroupStatus.2.21 = createAndGo(4),
dsmonAggGroupDescr.2.21 = "Nonzero Default");
Example 3: an aggregated representation of current DIFFSERV PHBs.
One group is created for each counter aggregation to be monitored (8
rows in this example).
SET(dsmonAggGroupStatus.3.0 = createAndGo(4),
dsmonAggGroupDescr.3.0 = "Zero CS");
SET(dsmonAggGroupStatus.3.1 = createAndGo(4),
dsmonAggGroupDescr.3.1 = "Nonzero CS");
SET(dsmonAggGroupStatus.3.2 = createAndGo(4),
dsmonAggGroupDescr.3.2 = "EF");
SET(dsmonAggGroupStatus.3.3 = createAndGo(4),
dsmonAggGroupDescr.3.3 = "AF1");
SET(dsmonAggGroupStatus.3.4 = createAndGo(4),
dsmonAggGroupDescr.3.4 = "AF2");
SET(dsmonAggGroupStatus.3.5 = createAndGo(4),
dsmonAggGroupDescr.3.5 = "AF3");
SET(dsmonAggGroupStatus.3.6 = createAndGo(4),
dsmonAggGroupDescr.3.6 = "AF4");
SET(dsmonAggGroupStatus.3.7 = createAndGo(4),
dsmonAggGroupDescr.3.7 = "Nonzero Default");
5.6. Step 6: Create the Counter Aggregation Profile Mappings
After the dsmonAggControlEntries are activated, the associated read-
write dsmonAggProfileEntries will be created. The management station
must create 64 entries in the dsmonAggProfileTable for each counter
aggregation profile configured in the dsmonAggControlTable.
Example 1: Each DSCP in its own counter aggregation group
SET(dsmonAggGroupIndex.1.0 = 0,
dsmonAggGroupIndex.1.1 = 1,
dsmonAggGroupIndex.1.2 = 2,
dsmonAggGroupIndex.1.3 = 3,
...
dsmonAggGroupIndex.1.63 = 63);
Example 2: a collection of current DIFFSERV PHBs.
SET(dsmonAggGroupIndex.2.0 = 0, -- CS0
dsmonAggGroupIndex.2.1 = 21, -- Nonzero Default
dsmonAggGroupIndex.2.2 = 21,
dsmonAggGroupIndex.2.3 = 21,
dsmonAggGroupIndex.2.4 = 21,
dsmonAggGroupIndex.2.5 = 21,
dsmonAggGroupIndex.2.6 = 21,
dsmonAggGroupIndex.2.7 = 21,
dsmonAggGroupIndex.2.8 = 1, -- CS1
dsmonAggGroupIndex.2.9 = 21,
dsmonAggGroupIndex.2.10 = 9, -- AF11
dsmonAggGroupIndex.2.11 = 21,
dsmonAggGroupIndex.2.12 = 10, -- AF12
dsmonAggGroupIndex.2.13 = 21,
dsmonAggGroupIndex.2.14 = 11, -- AF13
dsmonAggGroupIndex.2.15 = 21,
dsmonAggGroupIndex.2.16 = 2, -- CS2
dsmonAggGroupIndex.2.17 = 21,
dsmonAggGroupIndex.2.18 = 12, -- AF21
dsmonAggGroupIndex.2.19 = 21,
dsmonAggGroupIndex.2.20 = 13, -- AF22
dsmonAggGroupIndex.2.21 = 21,
dsmonAggGroupIndex.2.22 = 14, -- AF23
dsmonAggGroupIndex.2.23 = 21,
dsmonAggGroupIndex.2.24 = 3, -- CS3
dsmonAggGroupIndex.2.25 = 21,
dsmonAggGroupIndex.2.26 = 15, -- AF31
dsmonAggGroupIndex.2.27 = 21,
dsmonAggGroupIndex.2.28 = 16, -- AF32
dsmonAggGroupIndex.2.29 = 8, -- EF
dsmonAggGroupIndex.2.30 = 17, -- AF33
dsmonAggGroupIndex.2.31 = 21,
dsmonAggGroupIndex.2.32 = 4, -- CS4
dsmonAggGroupIndex.2.33 = 21,
dsmonAggGroupIndex.2.34 = 18, -- AF41
dsmonAggGroupIndex.2.35 = 21,
dsmonAggGroupIndex.2.36 = 19, -- AF42
dsmonAggGroupIndex.2.37 = 21,
dsmonAggGroupIndex.2.38 = 20, -- AF43
dsmonAggGroupIndex.2.39 = 21,
dsmonAggGroupIndex.2.40 = 5, -- CS5
dsmonAggGroupIndex.2.41 = 21,
dsmonAggGroupIndex.2.42 = 21,
dsmonAggGroupIndex.2.43 = 21,
dsmonAggGroupIndex.2.44 = 21,
dsmonAggGroupIndex.2.45 = 21,
dsmonAggGroupIndex.2.46 = 21,
dsmonAggGroupIndex.2.47 = 21,
dsmonAggGroupIndex.2.48 = 6, -- CS6
dsmonAggGroupIndex.2.49 = 21,
dsmonAggGroupIndex.2.50 = 21,
dsmonAggGroupIndex.2.51 = 21,
dsmonAggGroupIndex.2.52 = 21,
dsmonAggGroupIndex.2.53 = 21,
dsmonAggGroupIndex.2.54 = 21,
dsmonAggGroupIndex.2.55 = 21,
dsmonAggGroupIndex.2.56 = 7, -- CS7
dsmonAggGroupIndex.2.57 = 21,
dsmonAggGroupIndex.2.58 = 21,
dsmonAggGroupIndex.2.59 = 21,
dsmonAggGroupIndex.2.60 = 21,
dsmonAggGroupIndex.2.61 = 21,
dsmonAggGroupIndex.2.62 = 21,
dsmonAggGroupIndex.2.63 = 21);
Example 3: an aggregated collection of current DIFFSERV PHBs.
SET(dsmonAggGroupIndex.3.0 = 0, -- Zero CS
dsmonAggGroupIndex.3.1 = 7, -- Nonzero Default
dsmonAggGroupIndex.3.2 = 7,
dsmonAggGroupIndex.3.3 = 7,
dsmonAggGroupIndex.3.4 = 7,
dsmonAggGroupIndex.3.5 = 7,
dsmonAggGroupIndex.3.6 = 7,
dsmonAggGroupIndex.3.7 = 7,
dsmonAggGroupIndex.3.8 = 1, -- Nonzero CS
dsmonAggGroupIndex.3.9 = 7,
dsmonAggGroupIndex.3.10 = 3, -- AF1
dsmonAggGroupIndex.3.11 = 7,
dsmonAggGroupIndex.3.12 = 3,
dsmonAggGroupIndex.3.13 = 7,
dsmonAggGroupIndex.3.14 = 3,
dsmonAggGroupIndex.3.15 = 7,
dsmonAggGroupIndex.3.16 = 1,
dsmonAggGroupIndex.3.17 = 7,
dsmonAggGroupIndex.3.18 = 4, -- AF2
dsmonAggGroupIndex.3.19 = 7,
dsmonAggGroupIndex.3.20 = 4,
dsmonAggGroupIndex.3.21 = 7,
dsmonAggGroupIndex.3.22 = 4,
dsmonAggGroupIndex.3.23 = 7,
dsmonAggGroupIndex.3.24 = 1,
dsmonAggGroupIndex.3.25 = 7,
dsmonAggGroupIndex.3.26 = 5, -- AF3
dsmonAggGroupIndex.3.27 = 7,
dsmonAggGroupIndex.3.28 = 5,
dsmonAggGroupIndex.3.29 = 2, -- EF
dsmonAggGroupIndex.3.30 = 5,
dsmonAggGroupIndex.3.31 = 7,
dsmonAggGroupIndex.3.32 = 1,
dsmonAggGroupIndex.3.33 = 7,
dsmonAggGroupIndex.3.34 = 6, -- AF4
dsmonAggGroupIndex.3.35 = 7,
dsmonAggGroupIndex.3.36 = 6,
dsmonAggGroupIndex.3.37 = 7,
dsmonAggGroupIndex.3.38 = 6,
dsmonAggGroupIndex.3.39 = 7,
dsmonAggGroupIndex.3.40 = 1,
dsmonAggGroupIndex.3.41 = 7,
dsmonAggGroupIndex.3.42 = 7,
dsmonAggGroupIndex.3.43 = 7,
dsmonAggGroupIndex.3.44 = 7,
dsmonAggGroupIndex.3.45 = 7,
dsmonAggGroupIndex.3.46 = 7,
dsmonAggGroupIndex.3.47 = 7,
dsmonAggGroupIndex.3.48 = 1,
dsmonAggGroupIndex.3.49 = 7,
dsmonAggGroupIndex.3.50 = 7,
dsmonAggGroupIndex.3.51 = 7,
dsmonAggGroupIndex.3.52 = 7,
dsmonAggGroupIndex.3.53 = 7,
dsmonAggGroupIndex.3.54 = 7,
dsmonAggGroupIndex.3.55 = 7,
dsmonAggGroupIndex.3.56 = 1,
dsmonAggGroupIndex.3.57 = 7,
dsmonAggGroupIndex.3.58 = 7,
dsmonAggGroupIndex.3.59 = 7,
dsmonAggGroupIndex.3.60 = 7,
dsmonAggGroupIndex.3.61 = 7,
dsmonAggGroupIndex.3.62 = 7,
dsmonAggGroupIndex.3.63 = 7);
5.7. Step 7: Lock the Counter Aggregation Configuration
Before any existing collections can be activated by the agent, the
counter aggregation configuration must be locked, by setting the
dsmonAggControlLocked scalar to 'true'.
SET(dsmonAggControlLocked.0 = true(1));
6. Intellectual Property
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP 11, RFC 2028.
Copies of claims of rights made available for publication and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.7. Acknowledgements
This memo is a product of the RMONMIB WG. It is based on an Internet Draft that was produced with a great deal of assistance from Keith McCloghrie and Bijendra Jain.8. References
[RFC1155] Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [RFC1157] Case, J., Fedor, M., Schoffstall, M. and C. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [RFC1215] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [RFC1901] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1905] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2021] Waldbusser, S., "Remote Network Monitoring Management Information Base Version 2 using SMIv2", RFC 2021, January 1997. [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2474] Nichols, K., Blake, S., Baker, F. and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, December 1998. [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z. and W. Weiss, "An Architecture for Differentiated Services", RFC 2475, December 1998. [RFC2570] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [RFC2571] Wijnen, B., Harrington, D. and R. Presuhn, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [RFC2572] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2573] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2574] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC2575] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2578] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D.and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2856] Bierman, A., McCloghrie, K., and R. Presuhn, "Textual Conventions for Additional High Capacity Data Types", RFC 2856, June 2000.
[RFC2895] Bierman, A., Bucci, C. and R. Iddon, "Remote Network Monitoring MIB Protocol Identifier Reference", RFC 2895, August 2000. [RFC3273] Waldbusser, S., "Remote Monitoring Management Information Base for High Capacity Networks", RFC 3273, May 2002.9. Security Considerations
In order to implement this MIB, a probe must capture all packets on the locally-attached network, including packets between third parties. These packets are analyzed to collect network addresses, protocol usage information, and conversation statistics. Data of this nature may be considered sensitive in some environments. In such environments the administrator may wish to restrict SNMP access to the probe. There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementors consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [RFC2574] and the View- based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
10. Author's Address
Andy Bierman Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA USA 95134 Phone: +1 408-527-3711 EMail: abierman@cisco.com
11. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.