RFC 4323
Data Over Cable System Interface Specification Quality of Service Management Information Base (DOCSIS-QoS MIB)
docsIetfQosServiceClassActiveTimeout OBJECT-TYPE
SYNTAX Integer32 (0..65535)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Template for docsIetfQosParamSetActiveTimeout."
DEFVAL { 0 }
::= { docsIetfQosServiceClassEntry 16 }
docsIetfQosServiceClassAdmittedTimeout OBJECT-TYPE
SYNTAX Integer32 (0..65535)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Template for docsIetfQosParamSetAdmittedTimeout."
DEFVAL { 200 }
::= { docsIetfQosServiceClassEntry 17 }
docsIetfQosServiceClassSchedulingType OBJECT-TYPE
SYNTAX DocsIetfQosSchedulingType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Template for docsIetfQosParamSetSchedulingType."
DEFVAL { bestEffort }
::= { docsIetfQosServiceClassEntry 18 }
docsIetfQosServiceClassRequestPolicy OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(4))
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Template for docsIetfQosParamSetRequestPolicyOct."
DEFVAL { '00000000'H } -- no bits are set
::= { docsIetfQosServiceClassEntry 19 }
docsIetfQosServiceClassTosAndMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1))
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Template for docsIetfQosParamSetTosAndMask.
The IP TOS octet as originally defined in RFC 791
has been superseded by the 6-bit Differentiated
Services Field (DSField, RFC 3260) and the 2-bit
Explicit Congestion Notification Field (ECN field,
RFC 3168). Network operators SHOULD avoid
specifying values of
docsIetfQosServiceClassTosAndMask and
docsIetfQosServiceClassTosOrMask that would result
in the modification of the ECN bits.
In particular, operators should not use values of
docsIetfQosServiceClassTosAndMask that have either
of the least-significant two bits set to 0.
Similarly,operators should not use values of
docsIetfQosServiceClassTosOrMask that have either
of the least-significant two bits set to 1."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.2.6.10;
RFC 3168, The Addition of Explicit Congestion
Notification (ECN) to IP;
RFC 3260, New Terminology and Clarifications for
Diffserv."
::= { docsIetfQosServiceClassEntry 20 }
docsIetfQosServiceClassTosOrMask OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(1))
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Template for docsIetfQosParamSetTosOrMask.
The IP TOS octet as originally defined in RFC 791
has been superseded by the 6-bit Differentiated
Services Field (DSField, RFC 3260) and the 2-bit
Explicit Congestion Notification Field (ECN field,
RFC 3168). Network operators SHOULD avoid
specifying values of
docsIetfQosServiceClassTosAndMask and
docsIetfQosServiceClassTosOrMask that would result
in the modification of the ECN bits.
In particular, operators should not use values of
docsIetfQosServiceClassTosAndMask that have either
of the least-significant two bits set to 0.
Similarly, operators should not use values of
docsIetfQosServiceClassTosOrMask that have either
of the least-significant two bits set to 1."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.2.6.10;
RFC 3168, The Addition of Explicit Congestion
Notification (ECN) to IP;
RFC 3260, New Terminology and Clarifications for
Diffserv."
::= { docsIetfQosServiceClassEntry 21 }
docsIetfQosServiceClassDirection OBJECT-TYPE
SYNTAX DocsIetfQosRfMacIfDirection
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Specifies whether the service class template
applies to upstream or downstream service flows."
DEFVAL { upstream }
::= { docsIetfQosServiceClassEntry 22 }
docsIetfQosServiceClassStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object defines whether this row is kept in
volatile storage and lost upon reboot or whether
it is backed up by non-volatile or permanent
storage. 'permanent' entries need not allow
writable access to any object."
DEFVAL { nonVolatile }
::= { docsIetfQosServiceClassEntry 23 }
docsIetfQosServiceClassDSCPOverwrite OBJECT-TYPE
SYNTAX DscpOrAny
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object allows the overwrite of the DSCP
field per RFC 3260.
If this object is -1, then the corresponding entry's
docsIetfQosServiceClassTosAndMask value MUST be
'FF'H and docsIetfQosServiceClassTosOrMask MUST be
'00'H. Otherwise, this object is in the range of
0..63, and the corresponding entry's
docsIetfQosServiceClassTosAndMask value MUST be
'03'H and the docsIetfQosServiceClassTosOrMask MUST
be this object's value shifted left by two bit
positions."
REFERENCE "RFC 3168, The Addition of Explicit Congestion
Notification (ECN) to IP;
RFC 3260, New Terminology and Clarifications for
Diffserv."
DEFVAL { -1 }
::= { docsIetfQosServiceClassEntry 24 }
--
-- Service Class PolicyTable
--
docsIetfQosServiceClassPolicyTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsIetfQosServiceClassPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "This table describes the set of DOCSIS-QOS
Service Class Policies.
This table is an adjunct to the
docsDevFilterPolicy table. Entries in the
docsDevFilterPolicy table can point to
specific rows in this table.
This table permits mapping a packet to a service
class name of an active service flow so long as
a classifier does not exist at a higher
priority."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix E.2.1"
::= { docsIetfQosMIBObjects 9 }
docsIetfQosServiceClassPolicyEntry OBJECT-TYPE
SYNTAX DocsIetfQosServiceClassPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A service class name policy entry."
INDEX {
docsIetfQosServiceClassPolicyIndex
}
::= { docsIetfQosServiceClassPolicyTable 1 }
DocsIetfQosServiceClassPolicyEntry ::= SEQUENCE {
docsIetfQosServiceClassPolicyIndex Unsigned32,
docsIetfQosServiceClassPolicyName SnmpAdminString,
docsIetfQosServiceClassPolicyRulePriority Integer32,
docsIetfQosServiceClassPolicyStatus RowStatus,
docsIetfQosServiceClassPolicyStorageType StorageType
}
docsIetfQosServiceClassPolicyIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..2147483647)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "Index value to identify an entry in
this table uniquely."
::= { docsIetfQosServiceClassPolicyEntry 1 }
docsIetfQosServiceClassPolicyName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Service Class Name to identify the name of the
service class flow to which the packet should be
directed."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix E.2.1"
::= { docsIetfQosServiceClassPolicyEntry 2 }
docsIetfQosServiceClassPolicyRulePriority OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Service Class Policy rule priority for the
entry."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.1.3.5"
::= { docsIetfQosServiceClassPolicyEntry 3 }
docsIetfQosServiceClassPolicyStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION "Used to create or delete rows in this table.
This object should not be deleted if it is
referenced by an entry in docsDevFilterPolicy.
The reference should be deleted first.
There is no restriction on the ability
to change values in this row while the row is
active. Inactive rows need not be timed out."
::= { docsIetfQosServiceClassPolicyEntry 4 }
docsIetfQosServiceClassPolicyStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION "This object defines whether this row is kept in
volatile storage and lost upon reboot or whether
it is backed up by non-volatile or permanent
storage. 'permanent' entries need not allow
writable access to any object."
DEFVAL { nonVolatile }
::= { docsIetfQosServiceClassPolicyEntry 5 }
--
-- Payload Header Suppression(PHS) Table
--
docsIetfQosPHSTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsIetfQosPHSEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "This table describes the set of payload header
suppression entries."
::= { docsIetfQosMIBObjects 10 }
docsIetfQosPHSEntry OBJECT-TYPE
SYNTAX DocsIetfQosPHSEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "A payload header suppression entry.
The ifIndex is an ifType of docsCableMaclayer(127).
The index docsIetfQosServiceFlowId selects one
service flow from the cable MAC layer interface.
The docsIetfQosPktClassId index matches an
index of the docsIetfQosPktClassTable."
INDEX {
ifIndex,
docsIetfQosServiceFlowId,
docsIetfQosPktClassId
}
::= { docsIetfQosPHSTable 1 }
DocsIetfQosPHSEntry ::= SEQUENCE {
docsIetfQosPHSField OCTET STRING,
docsIetfQosPHSMask OCTET STRING,
docsIetfQosPHSSize Integer32,
docsIetfQosPHSVerify TruthValue,
docsIetfQosPHSIndex Integer32
}
docsIetfQosPHSField OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..255))
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Payload header suppression field defines the
bytes of the header that must be
suppressed/restored by the sending/receiving
device.
The number of octets in this object should be
the same as the value of docsIetfQosPHSSize."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.2.10.1"
::= { docsIetfQosPHSEntry 1 }
docsIetfQosPHSMask OBJECT-TYPE
SYNTAX OCTET STRING(SIZE(0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Payload header suppression mask defines the
bit mask that is used in combination with the
docsIetfQosPHSField. It defines which bytes in
the header must be suppressed/restored by the
sending or receiving device.
Each bit of this bit mask corresponds to a byte
in the docsIetfQosPHSField, with the least
significant bit corresponding to the first byte
of the docsIetfQosPHSField.
Each bit of the bit mask specifies whether
the corresponding byte should be suppressed
in the packet. A bit value of '1' indicates that
the byte should be suppressed by the sending
device and restored by the receiving device.
A bit value of '0' indicates that
the byte should not be suppressed by the sending
device or restored by the receiving device.
If the bit mask does not contain a bit for each
byte in the docsIetfQosPHSField, then the bit mask
is extended with bit values of '1' to be the
necessary length."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.2.10.3"
::= { docsIetfQosPHSEntry 2 }
docsIetfQosPHSSize OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Payload header suppression size specifies the
number of bytes in the header to be suppressed
and restored.
The value of this object must match the number
of bytes in the docsIetfQosPHSField."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.2.10.4"
::= { docsIetfQosPHSEntry 3 }
docsIetfQosPHSVerify OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Payload header suppression verification value. If
'true', the sender must verify docsIetfQosPHSField
is the same as what is contained in the packet
to be suppressed."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.2.10.5"
::= { docsIetfQosPHSEntry 4 }
docsIetfQosPHSIndex OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Payload header suppression index uniquely
references the PHS rule for a given service flow."
REFERENCE "SP-RFIv2.0-I06-040804, Appendix C.2.2.10.2"
::= { docsIetfQosPHSEntry 5 }
--
-- docsIetfQosCmtsMacToSrvFlowTable (CMTS Only)
--
docsIetfQosCmtsMacToSrvFlowTable OBJECT-TYPE
SYNTAX SEQUENCE OF DocsIetfQosCmtsMacToSrvFlowEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "This table provides for referencing the service
flows associated with a particular cable modem.
This allows indexing into other docsIetfQos
tables that are indexed by docsIetfQosServiceFlowId
and ifIndex."
::= { docsIetfQosMIBObjects 11 }
docsIetfQosCmtsMacToSrvFlowEntry OBJECT-TYPE
SYNTAX DocsIetfQosCmtsMacToSrvFlowEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An entry is created by CMTS for each service flow
connected to this CMTS."
INDEX {
docsIetfQosCmtsCmMac,
docsIetfQosCmtsServiceFlowId
}
::= { docsIetfQosCmtsMacToSrvFlowTable 1 }
DocsIetfQosCmtsMacToSrvFlowEntry ::= SEQUENCE {
docsIetfQosCmtsCmMac MacAddress,
docsIetfQosCmtsServiceFlowId Unsigned32,
docsIetfQosCmtsIfIndex InterfaceIndex
}
docsIetfQosCmtsCmMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "The MAC address for the referenced CM."
::= { docsIetfQosCmtsMacToSrvFlowEntry 1 }
docsIetfQosCmtsServiceFlowId OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION "An index assigned to a service flow by CMTS."
::= { docsIetfQosCmtsMacToSrvFlowEntry 2 }
docsIetfQosCmtsIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION "The ifIndex of ifType docsCableMacLayer(127)
on the CMTS that is connected to the Cable Modem."
::= { docsIetfQosCmtsMacToSrvFlowEntry 3 }
--
-- Conformance definitions
--
docsIetfQosConformance OBJECT IDENTIFIER
::= { docsIetfQosMIB 2 }
docsIetfQosGroups OBJECT IDENTIFIER
::= { docsIetfQosConformance 1 }
docsIetfQosCompliances OBJECT IDENTIFIER
::= { docsIetfQosConformance 2 }
docsIetfQosCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for MCNS Cable Modems and
Cable Modem Termination Systems that implement DOCSIS
Service Flows."
MODULE -- docsIetfQosMIB
MANDATORY-GROUPS { docsIetfQosBaseGroup }
GROUP docsIetfQosCmtsGroup
DESCRIPTION
"This group is mandatory for Cable Modem Termination
Systems (CMTS) and is not implemented for Cable Modems
(CM)."
GROUP docsIetfQosParamSetGroup
DESCRIPTION
"This group is mandatory for Cable Modem Termination
Systems (CMTS) and Cable Modems. Cable modems only
implement objects in this group as read-only."
GROUP docsIetfQosSrvClassPolicyGroup
DESCRIPTION
"This group is optional for Cable Modem Termination
Systems (CMTS) and Cable Modems. This group is relevant
if policy-based service flow classification
is implemented. See docsDevPolicyTable in
DOCS-CABLE-DEVICE-MIB for more details."
GROUP docsIetfQosServiceClassGroup
DESCRIPTION
"This group is mandatory for a Cable Modem Termination
System (CMTS) that implements expansion of Service Class
Names in a QOS Parameter Set. This group is
not implemented on the Cable Modems."
OBJECT docsIetfQosPktClassPkts
DESCRIPTION
"This object only needs to be implemented in entries
that are classifying packets and not policing packets."
OBJECT docsIetfQosPktClassInetAddressType
SYNTAX InetAddressType { ipv4(1) }
DESCRIPTION
"An implementation is only required to support IPv4
address."
OBJECT docsIetfQosPktClassInetSourceAddr
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
address."
OBJECT docsIetfQosPktClassInetSourceMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
address."
OBJECT docsIetfQosPktClassInetDestAddr
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
address."
OBJECT docsIetfQosPktClassInetDestMask
SYNTAX InetAddress (SIZE(4))
DESCRIPTION
"An implementation is only required to support IPv4
address."
OBJECT docsIetfQosServiceClassStorageType
SYNTAX StorageType { nonVolatile(3) }
DESCRIPTION
"An implementation is only required to support nonvolatile
storage."
OBJECT docsIetfQosServiceClassPolicyStorageType
SYNTAX StorageType { nonVolatile(3) }
DESCRIPTION
"An implementation is only required to support nonvolatile
storage."
::= { docsIetfQosCompliances 1 }
docsIetfQosBaseGroup OBJECT-GROUP
OBJECTS {
docsIetfQosPktClassDirection,
docsIetfQosPktClassPriority,
docsIetfQosPktClassIpTosLow,
docsIetfQosPktClassIpTosHigh,
docsIetfQosPktClassIpTosMask,
docsIetfQosPktClassIpProtocol,
docsIetfQosPktClassSourcePortStart,
docsIetfQosPktClassSourcePortEnd,
docsIetfQosPktClassDestPortStart,
docsIetfQosPktClassDestPortEnd,
docsIetfQosPktClassDestMacAddr,
docsIetfQosPktClassDestMacMask,
docsIetfQosPktClassSourceMacAddr,
docsIetfQosPktClassEnetProtocolType,
docsIetfQosPktClassEnetProtocol,
docsIetfQosPktClassUserPriLow,
docsIetfQosPktClassUserPriHigh,
docsIetfQosPktClassVlanId,
docsIetfQosPktClassStateActive,
docsIetfQosPktClassPkts,
docsIetfQosPktClassBitMap,
docsIetfQosPktClassInetAddressType,
docsIetfQosPktClassInetSourceAddr,
docsIetfQosPktClassInetSourceMask,
docsIetfQosPktClassInetDestAddr,
docsIetfQosPktClassInetDestMask,
docsIetfQosServiceFlowSID,
docsIetfQosServiceFlowDirection,
docsIetfQosServiceFlowPrimary,
docsIetfQosServiceFlowPkts,
docsIetfQosServiceFlowOctets,
docsIetfQosServiceFlowTimeCreated,
docsIetfQosServiceFlowTimeActive,
docsIetfQosServiceFlowPHSUnknowns,
docsIetfQosServiceFlowPolicedDropPkts,
docsIetfQosServiceFlowPolicedDelayPkts,
docsIetfQosDSAReqs,
docsIetfQosDSARsps,
docsIetfQosDSAAcks,
docsIetfQosDSCReqs,
docsIetfQosDSCRsps,
docsIetfQosDSCAcks,
docsIetfQosDSDReqs,
docsIetfQosDSDRsps,
docsIetfQosDynamicAdds,
docsIetfQosDynamicAddFails,
docsIetfQosDynamicChanges,
docsIetfQosDynamicChangeFails,
docsIetfQosDynamicDeletes,
docsIetfQosDynamicDeleteFails,
docsIetfQosDCCReqs,
docsIetfQosDCCRsps,
docsIetfQosDCCAcks,
docsIetfQosDCCs,
docsIetfQosDCCFails,
docsIetfQosPHSField,
docsIetfQosPHSMask,
docsIetfQosPHSSize,
docsIetfQosPHSVerify,
docsIetfQosPHSIndex
}
STATUS current
DESCRIPTION
"Group of objects implemented in both Cable Modems and
Cable Modem Termination Systems."
::= { docsIetfQosGroups 1 }
docsIetfQosParamSetGroup OBJECT-GROUP
OBJECTS {
docsIetfQosParamSetServiceClassName,
docsIetfQosParamSetPriority,
docsIetfQosParamSetMaxTrafficRate,
docsIetfQosParamSetMaxTrafficBurst,
docsIetfQosParamSetMinReservedRate,
docsIetfQosParamSetMinReservedPkt,
docsIetfQosParamSetActiveTimeout,
docsIetfQosParamSetAdmittedTimeout,
docsIetfQosParamSetMaxConcatBurst,
docsIetfQosParamSetSchedulingType,
docsIetfQosParamSetNomPollInterval,
docsIetfQosParamSetTolPollJitter,
docsIetfQosParamSetUnsolicitGrantSize,
docsIetfQosParamSetNomGrantInterval,
docsIetfQosParamSetTolGrantJitter,
docsIetfQosParamSetGrantsPerInterval,
docsIetfQosParamSetTosAndMask,
docsIetfQosParamSetTosOrMask,
docsIetfQosParamSetMaxLatency,
docsIetfQosParamSetRequestPolicyOct,
docsIetfQosParamSetBitMap
}
STATUS current
DESCRIPTION
"Group of objects implemented in both Cable Modems and
Cable Modem Termination Systems for QOS Parameter Sets."
::= { docsIetfQosGroups 2 }
docsIetfQosCmtsGroup OBJECT-GROUP
OBJECTS {
docsIetfQosUpstreamFragments,
docsIetfQosUpstreamFragDiscards,
docsIetfQosUpstreamConcatBursts,
docsIetfQosServiceFlowLogIfIndex,
docsIetfQosServiceFlowLogSFID,
docsIetfQosServiceFlowLogCmMac,
docsIetfQosServiceFlowLogPkts,
docsIetfQosServiceFlowLogOctets,
docsIetfQosServiceFlowLogTimeDeleted,
docsIetfQosServiceFlowLogTimeCreated,
docsIetfQosServiceFlowLogTimeActive,
docsIetfQosServiceFlowLogDirection,
docsIetfQosServiceFlowLogPrimary,
docsIetfQosServiceFlowLogServiceClassName,
docsIetfQosServiceFlowLogPolicedDropPkts,
docsIetfQosServiceFlowLogPolicedDelayPkts,
docsIetfQosServiceFlowLogControl,
docsIetfQosCmtsIfIndex -- docsIetfQosCmtsMacToSrvFlowTable required
}
STATUS current
DESCRIPTION
"Group of objects implemented only in the CMTS."
::= { docsIetfQosGroups 3 }
docsIetfQosSrvClassPolicyGroup OBJECT-GROUP
OBJECTS {
docsIetfQosServiceClassPolicyName,
docsIetfQosServiceClassPolicyRulePriority,
docsIetfQosServiceClassPolicyStatus,
docsIetfQosServiceClassPolicyStorageType
}
STATUS current
DESCRIPTION
"Group of objects implemented in both Cable Modems and
Cable Modem Termination Systems when supporting policy-based
service flows."
::= { docsIetfQosGroups 4 }
docsIetfQosServiceClassGroup OBJECT-GROUP
OBJECTS {
docsIetfQosServiceClassStatus,
docsIetfQosServiceClassPriority,
docsIetfQosServiceClassMaxTrafficRate,
docsIetfQosServiceClassMaxTrafficBurst,
docsIetfQosServiceClassMinReservedRate,
docsIetfQosServiceClassMinReservedPkt,
docsIetfQosServiceClassMaxConcatBurst,
docsIetfQosServiceClassNomPollInterval,
docsIetfQosServiceClassTolPollJitter,
docsIetfQosServiceClassUnsolicitGrantSize,
docsIetfQosServiceClassNomGrantInterval,
docsIetfQosServiceClassTolGrantJitter,
docsIetfQosServiceClassGrantsPerInterval,
docsIetfQosServiceClassMaxLatency,
docsIetfQosServiceClassActiveTimeout,
docsIetfQosServiceClassAdmittedTimeout,
docsIetfQosServiceClassSchedulingType,
docsIetfQosServiceClassRequestPolicy,
docsIetfQosServiceClassTosAndMask,
docsIetfQosServiceClassTosOrMask,
docsIetfQosServiceClassDirection,
docsIetfQosServiceClassStorageType,
docsIetfQosServiceClassDSCPOverwrite
}
STATUS current
DESCRIPTION
"Group of objects implemented only in Cable Modem
Termination Systems when supporting expansion of Service
Class Names in a QOS Parameter Set"
::= { docsIetfQosGroups 5 }
END
6. Security Considerations
This MIB module relates to an agent that will provide metropolitan
public Internet access. As such, improper manipulation of the
objects represented by this MIB module may result in denial of
service to a large number of end-users [6]. Manipulation of the
docsIetfQosServiceClassTable and docsIetfQosServiceClassPolicyTable
may allow an end-user to increase his or her service levels, or
affect other end-users in either a positive or negative manner. In
addition, manipulation of docsIetfQosServiceFlowLogControl could
allow an attacker to remove logs of packet and byte counts forwarded
on a Service Flow. If such logs were used for billing, the attacker
would obtain free service.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their
sensitivity/vulnerability:
o The docsIetfQosServiceClassTable provides a template of QOS
parameters such as maximum rate limits for a named service
class. Changing these parameters would allow an attacker to
obtain an unauthorized class of service.
o The docsIetfQosServiceClassPolicyTable applies CMTS vendor
proprietary policies for packet forwarding, including
dropping, scheduling, notification, or other policies.
Changing this table could allow an attacker to deny service to
all subscribers of the CMTS or could grant the attacker
unauthorized forwarding policies.
o The docsIetfQosServiceFlowLogControl object controls the
deletion of entries in the docsIetfQosServiceFlowLogTable,
which acts as a historical "detail record" of DOCSIS Service
Flow packets and bytes transmitted. Such records may be used
for billing purposes, so the unauthorized deletion of the
records can result in free service.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET access to these objects and possibly to even encrypt
the values of these objects when sending them over the network via
SNMP. These are the tables and objects and their
sensitivity/vulnerability:
o Unauthorized SNMP GET access of the docsIetfQosPktClassTable
or docsIetfQosPHSTable can allow an attacker to learn IP
addresses permitted to have enhanced quality of service, for
possible spoofing. This table typically contains the IP
addresses involved in voice-over-IP sessions, for example.
o Unauthorized SNMP GET access of the docsIetfQosParamSetTable
allows an attacker to learn the names of Service Classes that
are permitted to have enhanced QoS service, and the values of
that enhanced service. That name can be referenced in an
unauthorized DOCSIS cable modem configuration file to obtain
enhanced service.
o Unauthorized SNMP GET access of the
docsIetfQosServiceFlowTable can tell an attacker when Service
Flows are active, e.g., when a voice-over-IP call is in
progress.
Unauthorized SNMP GET access of the
docsIetfQosServiceFlowLogTable can expose private information
about network usage.
o Unauthorized SNMP GET access of the
docsIetfQosServiceFlowStatsTable,
docsIetfQosUpstreamStatsTable,
docsIetfQosDynamicServiceStatsTable,
docsIetfQosServiceFlowLogTable, and
docsIetfQosCmtsMacToSrvFlowTable can tell an attacker the
volume of traffic to and from any Service Flow in the system,
resulting in loss of privacy of the amount and direction of
data transfer.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module. It is RECOMMENDED that implementers consider the
security features as provided by the SNMPv3 framework (see [15],
section 8), including full support for the SNMPv3 cryptographic
mechanisms (for authentication and privacy). Further, deployment of
SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is
RECOMMENDED to deploy SNMPv3 and to enable cryptographic security.
It is then a customer/operator responsibility to ensure that the SNMP
entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.7. IANA Considerations
The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER Value -------------- ----------------------- docsIetfQosMIB { mib-2 127 }8. Acknowledgements
The authors gratefully acknowledge the comments and suggestions of the IP over Cable Data Network (IPCDN) Working Group (especially the co-chairs Richard Woundy and Jean-Francois Mule) as well as the contributions of the Operation and Management Area Director, Bert Wijnen.9. Normative References
[1] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [2] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [3] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [4] "Data-Over-Cable Service Interface Specifications: Radio Frequency Interface Specification SP-RFIv2.0-I06-040804", DOCSIS, August 2004, http://www.cablelabs.com/specifications/archives/. [5] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [6] St. Johns, M., "Cable Device Management Information Base for DOCSIS compliant Cable Modems and Cable Modem Termination Systems", RFC 2669, August 1999.
[7] St. Johns, M., "Radio Frequency (RF) Interface Management Information Base for MCNS/DOCSIS compliant RF interfaces", RFC 2670, August 1999. [8] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [9] Grossman, D., "New Terminology and Clarifications for Diffserv", RFC 3260, April 2002. [10] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, September 2001. [11] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [12] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [13] Baker, F., Chan, K., and A. Smith, "Management Information Base for the Differentiated Services Architecture", RFC 3289, May 2002. [14] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.10. Informative References
[15] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.
Authors' Addresses
Michael Patrick Motorola Broadband Communications Sector 111 Locke Drive Marlborough, MA 01752 Phone: (508) 786-7563 EMail: michael.patrick@motorola.com William Murwin Motorola Broadband Communications Sector 111 Locke Drive Marlborough, MA 01752 Phone: (508) 786-7594 EMail: w.murwin@motorola.com
Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).