Remote Network Monitoring Management Information Base Version 2
Network Working Group S. Waldbusser
Request for Comments: 4502 May 2006
Obsoletes: 2021
Updates: 3273
Category: Standards Track
Remote Network Monitoring
Management Information Base
Version 2
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in TCP/IP-based
internets. In particular, it defines objects for managing remote
network monitoring devices.
This document obsoletes RFC 2021, updates RFC 3273, and contains a
new version of the RMON2-MIB module.
Table of Contents
1. The Internet-Standard Management Framework ......................2
2. Overview ........................................................2
2.1. Remote Network Management Goals ............................3
2.2. Structure of MIB ...........................................4
3. Control of Remote Network Monitoring Devices ....................6
3.1. Resource Sharing among Multiple Management Stations ........7
3.2. Row Addition among Multiple Management Stations ............8
4. Conventions .....................................................9
5. RMON 2 Conventions .............................................10
5.1. Usage of the Term Application Level .......................10
5.2. Protocol Directory and Limited Extensibility ..............10
5.3. Errors in Packets .........................................11
6. Definitions ....................................................11
7. Security Considerations .......................................130
8. Appendix - TimeFilter Implementation Notes ....................132
9. Changes since RFC 2021 ........................................138
10. Acknowledgements .............................................140
11. References ...................................................140
11.1. Normative References ....................................140
11.2. Informative References ..................................140
1. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
2. Overview
The RMON2 MIB defines objects that provide RMON analysis up to the
application layer.
Remote network monitoring devices, often called monitors or probes,
are instruments that exist for the purpose of managing a network.
Often, these remote probes are stand-alone devices and devote
significant internal resources for the sole purpose of managing a
network. An organization may employ many of these devices, one per
network segment, to manage its internet. In addition, these devices
may be used for a network management service provider to access a
client network, which is often geographically remote.
The objects defined in this document are intended to serve as an
interface between an RMON agent and an RMON management application
and are not intended for direct manipulation by humans. While some
users may tolerate the direct display of some of these objects, few
will tolerate the complexity of manually manipulating objects to
accomplish row creation. The management application should handle
these functions.
2.1. Remote Network Management Goals
o Offline Operation
There are times when a management station will not be in constant
contact with its remote monitoring devices. This sometimes occurs
by design, in an attempt to lower communications costs (especially
when communicating over a WAN or dialup link), or by accident, as
network failures affect the communications between the management
station and the probe.
For this reason, this MIB allows a probe to be configured to
perform diagnostics and to collect statistics continuously, even
when communication with the management station may not be possible
or efficient. The probe may then attempt to notify the management
station when an exceptional condition occurs. Thus, even in
circumstances where communication between the management station
and probe is not continuous, fault, performance, and configuration
information may be continuously accumulated and communicated to
the management station conveniently and efficiently.
o Proactive Monitoring
Given the resources available on the monitor, it is potentially
helpful for it to run diagnostics continuously and to log network
performance. The monitor is always available at the onset of any
failure. It can notify the management station of the failure and
can store historical statistical information about the failure.
This historical information can be played back by the management
station in an attempt to perform further diagnosis of the cause of
the problem.
o Problem Detection and Reporting
The monitor can be configured to recognize conditions, most
notably error conditions, and to check for them continuously.
When one of these conditions occurs, the event may be logged, and
management stations may be notified in a number of ways.
o Value Added Data
Because a remote monitoring device represents a network resource
dedicated exclusively to network management functions, and because
it is located directly on the monitored portion of the network,
the remote network monitoring device has the opportunity to add
significant value to the data it collects. For instance, by
highlighting those hosts on the network that generate the most
traffic or errors, the probe can give the management station
precisely the information it needs to solve a class of problems.
o Multiple Managers
An organization may have multiple management stations for
different units of the organization, for different functions
(e.g., engineering and operations), and in order to provide
disaster recovery. Because environments with multiple management
stations are common, the remote network monitoring device has to
deal with more than one management station, potentially using its
resources concurrently.
2.2. Structure of MIB
The objects are arranged into the following groups:
- protocol directory
- protocol distribution
- address mapping
- network layer host
- network layer matrix
- application layer host
- application layer matrix
- user history
- probe configuration
These groups are the basic units of conformance. If a remote
monitoring device implements a group, then it must implement all
objects in that group. For example, a managed agent that implements
the network layer matrix group must implement the nlMatrixSDTable and
the nlMatrixDSTable.
Implementations of this MIB must also implement the IF-MIB [RFC2863].
These groups are defined to provide a means of assigning object
identifiers, and to provide a method for managed agents to know which
objects they must implement.
This document also contains AUGMENTing tables to extend some tables
defined in the RMON MIB [RFC2819]. These extensions include the
following:
1) Adding the DroppedFrames and LastCreateTime conventions to each
table defined in the RMON MIB.
2) Augmenting the RMON filter table with a mechanism that allows
filtering based on an offset from the beginning of a particular
protocol, even if the protocol headers are of variable length.
3) Augmenting the RMON filter and capture status bits with
additional bits for WAN media and generic media. These bits
are defined here as follows:
Bit Definition
6 For WAN media, this bit is set for packets
coming from one direction and cleared for
packets coming from the other direction.
It is an implementation-specific matter
as to which bit is assigned to which
direction, but it must be consistent for
all packets received by the agent. If
the agent knows which end of the link is
"local" and which end is "network", the bit
should be set for packets from the "local"
side and should be cleared for packets from
the "network" side.
7 For any media, this bit is set for any packet
with a physical layer error. This bit may be
set in addition to other media-specific bits
that denote the same condition.
8 For any media, this bit is set for any packet
that is too short for the media. This bit may
be set in addition to other media-specific
bits that denote the same condition.
9 For any media, this bit is set for any packet
that is too long for the media. This bit may
be set in addition to other media-specific bits
that denote the same condition.
These enhancements are implemented by RMON-2 probes that also
implement RMON and do not add any requirements to probes that are
compliant to just RMON.
3. Control of Remote Network Monitoring Devices
Due to the complex nature of the available functions in these
devices, the functions often need user configuration. In many cases,
the function requires that parameters be set up for a data collection
operation. The operation can proceed only after these parameters are
fully set up.
Many functional groups in this MIB have one or more tables in which
to set up control parameters, and one or more data tables in which to
place the results of the operation. The control tables are typically
read/write in nature, while the data tables are typically read-only.
Because the parameters in the control table often describe resulting
data in the data table, many of the parameters can be modified only
when the control entry is not active. Thus, the method for modifying
these parameters is to deactivate the entry, perform the SNMP Set
operations to modify the entry, and then reactivate the entry.
Deleting the control entry causes the deletion of any associated data
entries, which also gives a convenient method for reclaiming the
resources used by the associated data.
Some objects in this MIB provide a mechanism to execute an action on
the remote monitoring device. These objects may execute an action as
a result of a change in the state of the object. For those objects
in this MIB, a request to set an object to the same value as it
currently holds would thus cause no action to occur.
To facilitate control by multiple managers, resources have to be
shared among the managers. These resources are typically the memory
and computation resources that a function requires.
3.1. Resource Sharing among Multiple Management Stations
When multiple management stations wish to use functions that compete
for a finite amount of resources on a device, a method to facilitate
this sharing of resources is required. Potential conflicts include
the following:
o Two management stations wish to use resources simultaneously
that together would exceed the capability of the device.
o A management station uses a significant amount of resources for
a long period of time.
o A management station uses resources and then crashes,
forgetting to free the resources so that others may use them.
The OwnerString mechanism is provided for each management station-
initiated function in this MIB to avoid these conflicts and to help
resolve them when they occur. Each function has a label identifying
the initiator (owner) of the function. This label is set by the
initiator to provide for the following possibilities:
o A management station may recognize resources it owns and no
longer needs.
o A network operator can find the management station that owns
the resource and negotiate for it to be freed.
o A network operator may decide unilaterally to free resources
another network operator has reserved.
o Upon initialization, a management station may recognize
resources it had reserved in the past. With this information,
it may free the resources if it no longer needs them.
Management stations and probes should support any format of the owner
string dictated by the local policy of the organization. It is
suggested that this name contain one or more of the following: IP
address, management station name, network manager's name, location,
or phone number. This information will help users share the
resources more effectively.
There is often default functionality that the device or the
administrator of the probe (often the network administrator) wishes
to set up. The resources associated with this functionality are then
owned by the device itself or by the network administrator, and they
are intended to be long-lived. In this case, the device or the
administrator will set the relevant owner object to a string starting
with 'monitor'. Indiscriminate modification of the monitor-owned
configuration by network management stations is discouraged. In
fact, a network management station should only modify these objects
under the direction of the administrator of the probe.
Resources on a probe are scarce and are typically allocated when
control rows are created by an application. Since many applications
may be using a probe simultaneously, indiscriminate allocation of
resources to particular applications is very likely to cause resource
shortages in the probe.
When a network management station wishes to utilize a function in a
monitor, it is encouraged first to scan the control table of that
function to find an instance with similar parameters to share. This
is especially true for those instances owned by the monitor, which
can be assumed to change infrequently. If a management station
decides to share an instance owned by another management station, it
should understand that the management station that owns the instance
may indiscriminately modify or delete it.
Note that a management application should have the most trust in a
monitor-owned row, because it should be changed very infrequently. A
row owned by the management application is less long-lived because a
network administrator is more likely to reassign resources from a row
that is in use by one user than those from a monitor-owned row that
is potentially in use by many users. A row owned by another
application would be even less long-lived because the other
application may delete or modify that row completely at its
discretion.
3.2. Row Addition among Multiple Management Stations
The addition of new rows is achieved using the RowStatus Textual
Convention [RFC2579]. In this MIB, rows are often added to a table
in order to configure a function. This configuration usually
involves parameters that control the operation of the function. The
agent must check these parameters to make sure they are appropriate
given the restrictions defined in this MIB, as well as any
implementation-specific restrictions, such as lack of resources. The
agent implementor may be confused as to when to check these
parameters and when to signal to the management station that the
parameters are invalid. There are two opportunities:
o When the management station sets each parameter object.
o When the management station sets the row status object to
active.
If the latter option is chosen, it would be unclear to the management
station which of the several parameters was invalid and caused the
badValue error to be emitted. Thus, wherever possible, the
implementor should choose the former option, as it will provide more
information to the management station.
A problem can arise when multiple management stations attempt to set
configuration information simultaneously using SNMP. When this
involves the addition of a new conceptual row in the same control
table, the managers may collide, attempting to create the same entry.
To guard against these collisions, each such control entry contains a
status object with special semantics that help arbitrate among the
managers. If an attempt is made with the row addition mechanism to
create such a status object and that object already exists, an error
is returned. When more than one manager simultaneously attempts to
create the same conceptual row, only the first will succeed. The
others will receive an error.
In the RMON MIB [RFC2819], the EntryStatus textual convention was
introduced to provide this mutual exclusion function. Since then,
this function was added to the SNMP framework as the RowStatus
textual convention. The RowStatus textual convention is used for the
definition of all new tables.
When a manager wishes to create a new control entry, it needs to
choose an index for that row. It may choose this index in a variety
of ways, hopefully minimizing the chances that the index is in use by
another manager. If the index is in use, the mechanism mentioned
previously will guard against collisions. Examples of schemes to
choose index values include random selection or scanning the control
table while looking for the first unused index. Because index values
may be any valid value in the range and are chosen by the manager,
the agent must allow a row to be created with any unused index value
if it has the resources to create a new row.
Some tables in this MIB reference other tables within this MIB. When
creating or deleting entries in these tables, it is generally
allowable for dangling references to exist. There is no defined
order for creating or deleting entries in these tables.
4. Conventions
The following conventions are used throughout the RMON MIB and its
companion documents.
Good Packets
Good packets are error-free packets that have a valid frame
length. For example, on Ethernet, good packets are error-free
packets that are between 64 octets and 1518 octets long. They
follow the form defined in IEEE 802.3 section 3.2.all.
Bad Packets
Bad packets are packets that have proper framing and are therefore
recognized as packets, but that contain errors within the packet
or have an invalid length. For example, on Ethernet, bad packets
have a valid preamble and SFD but have a bad CRC, or they are
either shorter than 64 octets or longer than 1518 octets.
5. RMON 2 Conventions
The following practices and conventions are introduced in the RMON 2
MIB.
5.1. Usage of the Term "Application Level"
There are many cases in this MIB where the term "Application Level"
is used to describe a class of protocols or a capability. This does
not typically mean a protocol that is an OSI Layer 7 protocol.
Rather, it is used to identify a class of protocols that is not
limited to MAC-layer and network-layer protocols, but can also
include transport, session, presentation, and application-layer
protocols.
5.2. Protocol Directory and Limited Extensibility
Every RMON 2 implementation will have the capability to parse certain
types of packets and identify their protocol type at multiple levels.
The protocol directory presents an inventory of protocol types the
probe is capable of monitoring and allows the addition, deletion, and
configuration of protocol types in this list.
One concept deserves special attention: the "limited extensibility"
of the protocol directory table. Using the RMON 2 model, protocols
are detected by static software that has been written at
implementation time. Therefore, as a matter of configuration, an
implementation cannot suddenly learn how to parse new packet types.
However, an implementation may be written such that the software
knows where the demultiplexing field is for a particular protocol,
and it can be written in such a way that the decoding of the next
layer up is table driven. This works when the code has been written
to accommodate it and can be extended no more than one level higher.
This extensibility is called "limited extensibility" to highlight
these limitations. However, this can be a very useful tool.
For example, suppose that an implementation has C code that
understands how to decode IP packets on any of several ethernet
encapsulations, and also knows how to interpret the IP protocol field
to recognize UDP packets and how to decode the UDP port number
fields. That implementation may be table driven so that among the
many different UDP port numbers possible, it is configured to
recognize 161 as SNMP, port 53 as DNS, and port 69 as TFTP. The
limited extensibility of the protocol directory table would allow an
SNMP operation to create an entry that would create an additional
table mapping for UDP that would recognize UDP port 123 as NTP and
begin counting such packets.
This limited extensibility is an option that an implementation can
choose to allow or disallow for any protocol that has child
protocols.
5.3. Errors in Packets
Packets with link-level errors are not counted anywhere in this MIB
because most variables in this MIB require the decoding of the
contents of the packet, which is meaningless if there is a link-level
error.
Packets in which protocol errors are detected are counted for all
protocols below the layer in which the error was encountered. The
implication of this is that packets in which errors are detected at
the network-layer are not counted anywhere in this MIB, while packets
with errors detected at the transport layer may have network-layer
statistics counted.
6. Definitions
RMON2-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32,
Gauge32, IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI
TEXTUAL-CONVENTION, RowStatus, DisplayString, TimeStamp
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
ifIndex FROM IF-MIB
OwnerString, statistics, history, hosts,
matrix, filter, etherStatsEntry, historyControlEntry,
hostControlEntry, matrixControlEntry, filterEntry,
channelEntry FROM RMON-MIB
tokenRing, tokenRingMLStatsEntry, tokenRingPStatsEntry,
ringStationControlEntry, sourceRoutingStatsEntry
FROM TOKEN-RING-RMON-MIB;
-- Remote Network Monitoring MIB
rmon MODULE-IDENTITY
LAST-UPDATED "200605020000Z" -- May 2, 2006
ORGANIZATION "IETF RMON MIB Working Group"
CONTACT-INFO
"Author:
Steve Waldbusser
Phone: +1-650-948-6500
Fax : +1-650-745-0671
Email: waldbusser@nextbeacon.com
Working Group Chair:
Andy Bierman
E-mail: ietf@andybierman.com
Working Group Mailing List: <rmonmib@ietf.org>
To subscribe send email to: <rmonmib-request@ietf.org> "
"The MIB module for managing remote monitoring
device implementations. This MIB module
extends the architecture introduced in the original
RMON MIB as specified in RFC 2819.
Copyright (C) The Internet Society (2006). This version of
this MIB module is part of RFC 4502; see the RFC itself for
full legal notices."
REVISION "200605020000Z" -- May 2, 2006
"This version updates the proposed-standard version of the
RMON2 MIB (published as RFC 2021) by adding 2 new
enumerations to the nlMatrixTopNControlRateBase object and
4 new enumerations to the alMatrixTopNControlRateBase object.
These new enumerations support the creation of high-capacity
topN reports in the High Capacity RMON MIB [RFC3273].
Additionally, the following objects have been deprecated, as
they have not had enough independent implementations to
demonstrate interoperability to meet the requirements of a
Draft Standard:
probeDownloadFile
probeDownloadTFTPServer
probeDownloadAction
probeDownloadStatus
serialMode
serialProtocol
serialTimeout
serialModemInitString
serialModemHangUpString
serialModemConnectResp
serialModemNoConnectResp
serialDialoutTimeout
serialStatus
serialConnectDestIpAddress
serialConnectType
serialConnectDialString
serialConnectSwitchConnectSeq
serialConnectSwitchDisconnectSeq
serialConnectSwitchResetSeq
serialConnectOwner
serialConnectStatus
netConfigIPAddress
netConfigSubnetMask
netConfigStatus
netDefaultGateway
tokenRingMLStats2DroppedFrames
tokenRingMLStats2CreateTime
tokenRingPStats2DroppedFrames
tokenRingPStats2CreateTime
ringStationControl2DroppedFrames
ringStationControl2CreateTime
sourceRoutingStats2DroppedFrames
sourceRoutingStats2CreateTime
trapDestIndex
trapDestCommunity
trapDestProtocol
trapDestAddress
trapDestOwner
trapDestStatus
In addition, two corrections were made. The LastCreateTime
Textual Convention had been defined with a base type of
another textual convention, which isn't allowed in SMIv2. The
definition has been modified to use TimeTicks as the base
type.
Further, the SerialConfigEntry SEQUENCE definition included
sub-typing information that is not allowed in SMIv2. This
information has been deleted. Ranges were added to a number of
objects and textual-conventions to constrain their maximum
(and sometimes minimum) sizes. The addition of these ranges
documents existing practice for these objects. These objects
are:
ControlString
protocolDirID
protocolDirParameters
addressMapNetworkAddress
nlHostAddress
nlMatrixSDSourceAddress
nlMatrixSDDestAddress
nlMatrixDSSourceAddress
nlMatrixDSDestAddress
nlMatrixTopNSourceAddress
nlMatrixTopNDestAddress
alHostEntry
alMatrixSDEntry
alMatrixDSEntry
alMatrixTopNSourceAddress
alMatrixTopNDestAddress
Finally, the TimeFilter TC has been updated to encourage agent
implementations that allow a MIB walk to behave well even when
performed by an application that is not aware of the special
TimeFilter semantics."
REVISION "200207080000Z" -- 08 July, 2002
"Added new enumerations to support the High-Capacity RMON
MIB as defined in RFC 3273. Also fixed some typos and
added clarifications."
REVISION "199605270000Z" -- 27 May, 1996
"Original version. Published as RFC 2021."
::= { mib-2 16 }
-- { rmon 1 } through { rmon 10 } are defined in RMON and
-- the Token Ring RMON MIB [RFC1513]
protocolDir OBJECT IDENTIFIER ::= { rmon 11 }
protocolDist OBJECT IDENTIFIER ::= { rmon 12 }
addressMap OBJECT IDENTIFIER ::= { rmon 13 }
nlHost OBJECT IDENTIFIER ::= { rmon 14 }
nlMatrix OBJECT IDENTIFIER ::= { rmon 15 }
alHost OBJECT IDENTIFIER ::= { rmon 16 }
alMatrix OBJECT IDENTIFIER ::= { rmon 17 }
usrHistory OBJECT IDENTIFIER ::= { rmon 18 }
probeConfig OBJECT IDENTIFIER ::= { rmon 19 }
rmonConformance OBJECT IDENTIFIER ::= { rmon 20 }
-- Textual Conventions
ZeroBasedCounter32 ::= TEXTUAL-CONVENTION
STATUS current
"This TC describes an object that counts events with the
following semantics: objects of this type will be set to
zero(0) on creation and will thereafter count appropriate
events, wrapping back to zero(0) when the value 2^32 is
reached.
Provided that an application discovers the new object within
the minimum time to wrap, it can use the initial value as a
delta since it last polled the table of which this object is
part. It is important for a management station to be aware of
this minimum time and the actual time between polls, and to
discard data if the actual time is too long or there is no
defined minimum time.
Typically, this TC is used in tables where the INDEX space is
constantly changing and/or the TimeFilter mechanism is in use."
SYNTAX Gauge32
LastCreateTime ::= TEXTUAL-CONVENTION
STATUS current
"This TC describes an object that stores the value of the
sysUpTime object at the last time its entry was created.
This can be used for polling applications to determine that an
entry has been deleted and re-created between polls, causing
an otherwise undetectable discontinuity in the data.
If sysUpTime is reset to zero as a result of a re-
initialization of the network management (sub)system, then
the values of all LastCreateTime objects are also reset.
However, after approximately 497 days without a re-
initialization, the sysUpTime object will reach 2^^32-1 and
then increment to zero; in this case, existing values
of TimeStamp objects do not change. This can lead to
ambiguities in the value of TimeStamp objects."
SYNTAX TimeTicks
TimeFilter ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"To be used for the index to a table. Allows an application
to download only those rows changed since a particular time.
Note that this is not a history mechanism. Only current values
of underlying objects are returned; saved instance values
associated with particular values of sysUpTime are not.
An entry is considered changed if the value of any object in the
entry changes, if the row is created, or if any object in the
entry is created or deleted. Note that deleted entries cannot
be detected or downloaded.
A time-filtered conceptual table is created by inserting a
single object of SYNTAX TimeFilter as the first INDEX component
in a copy of an existing basic conceptual table (i.e., any
SEQUENCE without a TimeFilter INDEX component). Thus, for
each conceptual entry 'I' in the basic table, there exists N
conceptual entries in the time-filtered version, indexed N.I,
where 'N' is equal to the value of sysUpTime.
When an application retrieves conceptual instances from a
time-filtered table, and an INDEX value is provided for the
TimeFilter INDEX component 'N', the agent will only consider
returning basic conceptual entries (e.g., 'fooColumn.N.I') if
any column within the basic conceptual entry has changed since
sysUpTime 'N'. If not, the basic conceptual entry will
be ignored for the particular retrieval operation.
When sysUpTime is equal to zero, this table shall be empty.
One conceptual entry exists for each past value of sysUpTime,
except that the whole table is purged should sysUpTime wrap.
As an entry in a time-filtered table is updated (i.e., one of
the columns in the basic conceptual table is changed), new
conceptual entries are also created in the time-filtered version
(which still shares the now updated object values with all other
instances). The number of unique time-filtered instances that
are created is determined by the value of sysUpTime at which the
basic entry was last updated. One unique instance will exist
for each value of sysUpTime at the last update time for the row.
However, a new TimeFilter index instance is created for each new
sysUpTime value. The TimeFilter index values not associated
with entry updates are called duplicate time-filtered instances.
After some deployment experience, it has been determined that
a time-filtered table is more efficient if the agent
stops a MIB walk operation by skipping over rows with a
TimeFilter index value higher than the value in the received
GetNext/GetBulk request. That is, instead of incrementing a
TimeFilter index value, the agent will continue to the next
object or table. As a consequence, GetNext or GetBulk
operations will provide only one pass through a time-filtered
table.
It is suggested that an agent implement a time-filtered table
in this manner to improve performance and avoid a MIB walk
getting stuck in time-filtered tables. It is, however, still
acceptable for an agent to implement a time-filtered table in
the traditional manner (i.e., every conceptual time-filtered
instance is returned in GetNext and GetBulk PDU responses), and
management applications must be able to deal with such
traditional implementations.
See the appendix for further discussion of this textual
convention.
The following example is provided to demonstrate TimeFilter
behavior:
Consider the following basic conceptual table, basicFooTable.
(Note that the basic version of a time-filtered table may not
actually be defined.)
basicFooTable:
basicFooTable ...
INDEX { fooIndex }
BasicFooEntry {
fooIndex Integer32,
fooCounts Counter32
}
For this example, the basicFooTable contains two static
conceptual entries (fooIndex equals '1' and '2'), created at
time zero. It also contains one dynamic conceptual entry
(fooIndex equals '3'), which is created at time '3' and deleted
at time '7'.
The time-filtered version of the basicFooTable could be defined
as follows:
FooTable:
fooTable ...
INDEX { fooTimeMark, fooIndex }
FooEntry {
fooTimeMark TimeFilter,
fooIndex Integer32,
fooCounts Counter32
}
Note that entries exist in the time-filtered conceptual table
only if they actually exist in the underlying (basic) table.
For this example, the fooTable will have three underlying
basic entries (fooIndex == 1, 2, and 3), with the following
activity (for sysUpTime equal 0 to 9):
- fooEntry.N.1 is created at time '0' and most recently
updated at time '6' to the value '5'.
- fooEntry.N.2 is created at time '0' and most recently
updated at time '8' to the value '9'.
- fooEntry.N.3 is created at time '3', updated at time '5'
to the value '17', and deleted at time '7'.
The following tables show the values that would be returned for
MIB walk operations with various TimeFilter values, done at
different times. An application issues a retrieval request at
time 'T', with a TimeFilter value, 'N' (typically set to a lower
value, such as the value of sysUpTime at the last polling cycle).
The following values would be returned in a MIB walk of
fooCounts.N if T equals '0' and N equals '0':
fooCounts.N.I Value
==========================
fooCounts.0.1 0
fooCounts.0.2 0
Note that nothing is returned for fooCounts.0.3, since that
entry does not exist at sysUpTime equals '0'.
The following values would be returned in a full (traditional) MIB
walk of fooCounts.N if T equals '3' and N equals '0':
fooCounts.N.I Value
=======================
fooCounts.0.1 0
fooCounts.0.2 0
fooCounts.0.3 0
fooCounts.1.3 0
fooCounts.2.3 0
fooCounts.3.3 0
Note that there are no instances for T equals 1 or 2 for the
first two values of N, as these entries did not change
since they were created at time '0'.
Note that the current value for 'fooCounts.N.3' is returned
here, even for values of N less than '3' (when the entry was
created). The agent only considers the current existence of an
entry in the TimeFilter algorithm, not the time when the entry
was created.
Note that the instances 'fooCounts.0.3', 'fooCounts.1.3',
and 'fooCounts.2.3' are duplicates and can be suppressed by the
agent in a MIB walk.
The following values would be returned in a full (traditional)
MIB walk of fooCounts.N if T equals '6' and N equals '3':
fooCounts.N.I Value
=======================
fooCounts.3.1 5
fooCounts.3.3 17
fooCounts.4.1 5
fooCounts.4.3 17
fooCounts.5.1 5
fooCounts.5.3 17
fooCounts.6.1 5
Note that no instances for entry 'fooCounts.N.2' are returned,
since it has not changed since time '3'.
Note that all instances except 'fooCounts.5.3' and
'fooCounts.6.1' are duplicates and can be suppressed by the
agent in a MIB walk.
The following values would be returned in a full (traditional)
MIB walk of fooCounts.N if T equals '9' and N equals '6':
fooCounts.N.I Value
=======================
fooCounts.6.1 5
fooCounts.6.2 9
fooCounts.7.2 9
fooCounts.8.2 9
Note that no instances for entry 'fooCounts.N.3' are returned,
since it was deleted at time '7'.
Note that instances 'fooCounts.6.2' and 'fooCounts.7.2'
are duplicates and can be suppressed by the agent in a MIB
walk."
SYNTAX TimeTicks
DataSource ::= TEXTUAL-CONVENTION
STATUS current
"Identifies the source of the data that the associated
function is configured to analyze. This source can be any
interface on this device.
In order to identify a particular interface, this
object shall identify the instance of the ifIndex
object, defined in [RFC2863], for the desired interface.
For example, if an entry were to receive data from
interface #1, this object would be set to ifIndex.1."
SYNTAX OBJECT IDENTIFIER
--
-- Protocol Directory Group
--
-- Lists the inventory of protocols the probe has the capability of
-- monitoring and allows the addition, deletion, and configuration of
-- entries in this list.
protocolDirLastChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
"The value of sysUpTime at the time the protocol directory
was last modified, either through insertions or deletions,
or through modifications of the
protocolDirAddressMapConfig, protocolDirHostConfig, or
protocolDirMatrixConfig."
::= { protocolDir 1 }
protocolDirTable OBJECT-TYPE
SYNTAX SEQUENCE OF ProtocolDirEntry
MAX-ACCESS not-accessible
"This table lists the protocols that this agent has the
capability to decode and count. There is one entry in this
table for each such protocol. These protocols represent
different network-layer, transport-layer, and higher-layer
protocols. The agent should boot up with this table
preconfigured with those protocols that it knows about and
wishes to monitor. Implementations are strongly encouraged to
support protocols higher than the network layer (at least for
the protocol distribution group), even for implementations
that don't support the application-layer groups."
::= { protocolDir 2 }
protocolDirEntry OBJECT-TYPE
SYNTAX ProtocolDirEntry
MAX-ACCESS not-accessible
"A conceptual row in the protocolDirTable.
An example of the indexing of this entry is
protocolDirLocalIndex.8.0.0.0.1.0.0.8.0.2.0.0, which is the
encoding of a length of 8, followed by 8 subids encoding the
protocolDirID of 1.2048, followed by a length of 2 and the
2 subids encoding zero-valued parameters.
Note that some combinations of index values may result in an
index that exceeds 128 sub-identifiers in length, which exceeds
the maximum for the SNMP protocol. Implementations should take
care to avoid such combinations."
INDEX { protocolDirID, protocolDirParameters }
::= { protocolDirTable 1 }
ProtocolDirEntry ::= SEQUENCE {
protocolDirID OCTET STRING,
protocolDirParameters OCTET STRING,
protocolDirLocalIndex Integer32,
protocolDirDescr DisplayString,
protocolDirType BITS,
protocolDirAddressMapConfig INTEGER,
protocolDirHostConfig INTEGER,
protocolDirMatrixConfig INTEGER,
protocolDirOwner OwnerString,
protocolDirStatus RowStatus
}
protocolDirID OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (4..128))
MAX-ACCESS not-accessible
"A unique identifier for a particular protocol. Standard
identifiers will be defined in such a manner that they
can often be used as specifications for new protocols - i.e.,
a tree-structured assignment mechanism that matches the
protocol encapsulation 'tree' and that has algorithmic
assignment mechanisms for certain subtrees. See RFC 2074 for
more details.
Despite the algorithmic mechanism, the probe will only place
entries in here for those protocols it chooses to collect. In
other words, it need not populate this table with all
possible ethernet protocol types, nor need it create them on
the fly when it sees them. Whether it does these
things is a matter of product definition (cost/benefit,
usability) and is up to the designer of the product.
If an entry is written to this table with a protocolDirID that
the agent doesn't understand, either directly or
algorithmically, the SET request will be rejected with an
inconsistentName or badValue (for SNMPv1) error."
::= { protocolDirEntry 1 }
protocolDirParameters OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..32))
MAX-ACCESS not-accessible
"A set of parameters for the associated protocolDirID.
See the associated RMON2 Protocol Identifiers document
for a description of the possible parameters. There
will be one octet in this string for each sub-identifier in
the protocolDirID, and the parameters will appear here in the
same order as the associated sub-identifiers appear in the
protocolDirID.
Every node in the protocolDirID tree has a different, optional
set of parameters defined (that is, the definition of
parameters for a node is optional). The proper parameter
value for each node is included in this string. Note that the
inclusion of a parameter value in this string for each node is
not optional. What is optional is that a node may have no
parameters defined, in which case the parameter field for that
node will be zero."
::= { protocolDirEntry 2 }
protocolDirLocalIndex OBJECT-TYPE
SYNTAX Integer32 (1..2147483647)
MAX-ACCESS read-only
"The locally arbitrary but unique identifier associated
with this protocolDir entry.
The value for each supported protocol must remain constant at
least from one re-initialization of the entity's network
management system to the next re-initialization, except that
if a protocol is deleted and re-created, it must be re-created
with a new value that has not been used since the last
re-initialization.
The specific value is meaningful only within a given SNMP
entity. A protocolDirLocalIndex must not be re-used until the
next agent restart in the event that the protocol directory
entry is deleted."
::= { protocolDirEntry 3 }
protocolDirDescr OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..64))
MAX-ACCESS read-create
"A textual description of the protocol encapsulation.
A probe may choose to describe only a subset of the
entire encapsulation (e.g., only the highest layer).
This object is intended for human consumption only.
This object may not be modified if the associated
protocolDirStatus object is equal to active(1)."
::= { protocolDirEntry 4 }
protocolDirType OBJECT-TYPE
SYNTAX BITS {
extensible(0),
addressRecognitionCapable(1)
}
MAX-ACCESS read-only
"This object describes 2 attributes of this protocol
directory entry.
The presence or absence of the 'extensible' bit describes
whether this protocol directory entry can be extended
by the user by creating protocol directory entries that are
children of this protocol.
An example of an entry that will often allow extensibility is
'ip.udp'. The probe may automatically populate some children
of this node, such as 'ip.udp.snmp' and 'ip.udp.dns'.
A probe administrator or user may also populate additional
children via remote SNMP requests that create entries in this
table. When a child node is added for a protocol for which the
probe has no built-in support extending a parent node (for
which the probe does have built-in support),
that child node is not extendable. This is termed 'limited
extensibility'.
When a child node is added through this extensibility
mechanism, the values of protocolDirLocalIndex and
protocolDirType shall be assigned by the agent.
The other objects in the entry will be assigned by the
manager who is creating the new entry.
This object also describes whether this agent can
recognize addresses for this protocol, should it be a
network-level protocol. That is, while a probe may be able
to recognize packets of a particular network-layer protocol
and count them, it takes additional logic to be able to
recognize the addresses in this protocol and to populate
network-layer or application-layer tables with the addresses
in this protocol. If this bit is set, the agent will
recognize network-layer addresses for this protocol and
populate the network- and application-layer host and matrix
tables with these protocols.
Note that when an entry is created, the agent will supply
values for the bits that match the capabilities of the agent
with respect to this protocol. Note that since row creations
usually exercise the limited extensibility feature, these
bits will usually be set to zero."
::= { protocolDirEntry 5 }
protocolDirAddressMapConfig OBJECT-TYPE
SYNTAX INTEGER {
notSupported(1),
supportedOff(2),
supportedOn(3)
}
MAX-ACCESS read-create
"This object describes and configures the probe's support for
address mapping for this protocol. When the probe creates
entries in this table for all protocols that it understands,
it will set the entry to notSupported(1) if it doesn't have
the capability to perform address mapping for the protocol or
if this protocol is not a network-layer protocol. When
an entry is created in this table by a management operation as
part of the limited extensibility feature, the probe must set
this value to notSupported(1), because limited extensibility
of the protocolDirTable does not extend to interpreting
addresses of the extended protocols.
If the value of this object is notSupported(1), the probe
will not perform address mapping for this protocol and
shall not allow this object to be changed to any other value.
If the value of this object is supportedOn(3), the probe
supports address mapping for this protocol and is configured
to perform address mapping for this protocol for all
addressMappingControlEntries and all interfaces.
If the value of this object is supportedOff(2), the probe
supports address mapping for this protocol but is configured
to not perform address mapping for this protocol for any
addressMappingControlEntries and all interfaces.
Whenever this value changes from supportedOn(3) to
supportedOff(2), the probe shall delete all related entries in
the addressMappingTable."
::= { protocolDirEntry 6 }
protocolDirHostConfig OBJECT-TYPE
SYNTAX INTEGER {
notSupported(1),
supportedOff(2),
supportedOn(3)
}
MAX-ACCESS read-create
"This object describes and configures the probe's support for
the network-layer and application-layer host tables for this
protocol. When the probe creates entries in this table for
all protocols that it understands, it will set the entry to
notSupported(1) if it doesn't have the capability to track the
nlHostTable for this protocol or if the alHostTable is
implemented but doesn't have the capability to track this
protocol. Note that if the alHostTable is implemented, the
probe may only support a protocol if it is supported in both
the nlHostTable and the alHostTable.
If the associated protocolDirType object has the
addressRecognitionCapable bit set, then this is a network-
layer protocol for which the probe recognizes addresses, and
thus the probe will populate the nlHostTable and alHostTable
with addresses it discovers for this protocol.
If the value of this object is notSupported(1), the probe
will not track the nlHostTable or alHostTable for this
protocol and shall not allow this object to be changed to any
other value. If the value of this object is supportedOn(3),
the probe supports tracking of the nlHostTable and alHostTable
for this protocol and is configured to track both tables
for this protocol for all control entries and all interfaces.
If the value of this object is supportedOff(2), the probe
supports tracking of the nlHostTable and alHostTable for this
protocol but is configured to not track these tables
for any control entries or interfaces.
Whenever this value changes from supportedOn(3) to
supportedOff(2), the probe shall delete all related entries in
the nlHostTable and alHostTable.
Note that since each alHostEntry references 2 protocol
directory entries, one for the network address and one for the
type of the highest protocol recognized, an entry will
only be created in that table if this value is supportedOn(3)
for both protocols."
::= { protocolDirEntry 7 }
protocolDirMatrixConfig OBJECT-TYPE
SYNTAX INTEGER {
notSupported(1),
supportedOff(2),
supportedOn(3)
}
MAX-ACCESS read-create
"This object describes and configures the probe's support for
the network-layer and application-layer matrix tables for this
protocol. When the probe creates entries in this table for
all protocols that it understands, it will set the entry to
notSupported(1) if it doesn't have the capability to track the
nlMatrixTables for this protocol or if the alMatrixTables are
implemented but don't have the capability to track this
protocol. Note that if the alMatrix tables are implemented,
the probe may only support a protocol if it is supported in
both of the nlMatrixTables and both of the
alMatrixTables.
If the associated protocolDirType object has the
addressRecognitionCapable bit set, then this is a network-
layer protocol for which the probe recognizes addresses, and
thus the probe will populate both of the nlMatrixTables and
both of the alMatrixTables with addresses it discovers for
this protocol.
If the value of this object is notSupported(1), the probe
will not track either of the nlMatrixTables or the
alMatrixTables for this protocol and shall not allow this
object to be changed to any other value. If the value of this
object is supportedOn(3), the probe supports tracking of both
of the nlMatrixTables and (if implemented) both of the
alMatrixTables for this protocol and is configured to track
these tables for this protocol for all control entries and all
interfaces. If the value of this object is supportedOff(2),
the probe supports tracking of both of the nlMatrixTables and
(if implemented) both of the alMatrixTables for this protocol
but is configured to not track these tables for this
protocol for any control entries or interfaces.
Whenever this value changes from supportedOn(3) to
supportedOff(2), the probe shall delete all related entries in
the nlMatrixTables and the alMatrixTables.
Note that since each alMatrixEntry references 2 protocol
directory entries, one for the network address and one for the
type of the highest protocol recognized, an entry will
only be created in that table if this value is supportedOn(3)
for both protocols."
::= { protocolDirEntry 8 }
protocolDirOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { protocolDirEntry 9 }
protocolDirStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
"The status of this protocol directory entry.
An entry may not exist in the active state unless all
objects in the entry have an appropriate value.
If this object is not equal to active(1), all associated
entries in the nlHostTable, nlMatrixSDTable, nlMatrixDSTable,
alHostTable, alMatrixSDTable, and alMatrixDSTable shall be
deleted."
::= { protocolDirEntry 10 }
--
-- Protocol Distribution Group (protocolDist)
--
-- Collects the relative amounts of octets and packets for the
-- different protocols detected on a network segment.
-- protocolDistControlTable,
-- protocolDistStatsTable
protocolDistControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF ProtocolDistControlEntry
MAX-ACCESS not-accessible
"Controls the setup of protocol type distribution statistics
tables.
Implementations are encouraged to add an entry per monitored
interface upon initialization so that a default collection
of protocol statistics is available.
Rationale:
This table controls collection of very basic statistics
for any or all of the protocols detected on a given interface.
An NMS can use this table to quickly determine bandwidth
allocation utilized by different protocols.
A media-specific statistics collection could also
be configured (e.g., etherStats, trPStats) to easily obtain
total frame, octet, and droppedEvents for the same
interface."
::= { protocolDist 1 }
protocolDistControlEntry OBJECT-TYPE
SYNTAX ProtocolDistControlEntry
MAX-ACCESS not-accessible
"A conceptual row in the protocolDistControlTable.
An example of the indexing of this entry is
protocolDistControlDroppedFrames.7"
INDEX { protocolDistControlIndex }
::= { protocolDistControlTable 1 }
ProtocolDistControlEntry ::= SEQUENCE {
protocolDistControlIndex Integer32,
protocolDistControlDataSource DataSource,
protocolDistControlDroppedFrames Counter32,
protocolDistControlCreateTime LastCreateTime,
protocolDistControlOwner OwnerString,
protocolDistControlStatus RowStatus
}
protocolDistControlIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
"A unique index for this protocolDistControlEntry."
::= { protocolDistControlEntry 1 }
protocolDistControlDataSource OBJECT-TYPE
SYNTAX DataSource
MAX-ACCESS read-create
"The source of data for the this protocol distribution.
The statistics in this group reflect all packets
on the local network segment attached to the
identified interface.
This object may not be modified if the associated
protocolDistControlStatus object is equal to active(1)."
::= { protocolDistControlEntry 2 }
protocolDistControlDroppedFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The total number of frames that were received by the probe
and therefore not accounted for in the *StatsDropEvents, but
that the probe chose not to count for this entry for
whatever reason. Most often, this event occurs when the probe
is out of some resources and decides to shed load from this
collection.
This count does not include packets that were not counted
because they had MAC-layer errors.
Note that, unlike the dropEvents counter, this number is the
exact number of frames dropped."
::= { protocolDistControlEntry 3 }
protocolDistControlCreateTime OBJECT-TYPE
SYNTAX LastCreateTime
MAX-ACCESS read-only
STATUS current
"The value of sysUpTime when this control entry was last
activated. This can be used by the management station to
ensure that the table has not been deleted and recreated
between polls."
::= { protocolDistControlEntry 4 }
protocolDistControlOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { protocolDistControlEntry 5 }
protocolDistControlStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
"The status of this row.
An entry may not exist in the active state unless all
objects in the entry have an appropriate value.
If this object is not equal to active(1), all associated
entries in the protocolDistStatsTable shall be deleted."
::= { protocolDistControlEntry 6 }
-- per interface protocol distribution statistics table
protocolDistStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF ProtocolDistStatsEntry
MAX-ACCESS not-accessible
"An entry is made in this table for every protocol in the
protocolDirTable that has been seen in at least one packet.
Counters are updated in this table for every protocol type
that is encountered when parsing a packet, but no counters are
updated for packets with MAC-layer errors.
Note that if a protocolDirEntry is deleted, all associated
entries in this table are removed."
::= { protocolDist 2 }
protocolDistStatsEntry OBJECT-TYPE
SYNTAX ProtocolDistStatsEntry
MAX-ACCESS not-accessible
"A conceptual row in the protocolDistStatsTable.
The index is composed of the protocolDistControlIndex of the
associated protocolDistControlEntry, followed by the
protocolDirLocalIndex of the associated protocol that this
entry represents. In other words, the index identifies the
protocol distribution an entry is a part of and the
particular protocol that it represents.
An example of the indexing of this entry is
protocolDistStatsPkts.1.18"
INDEX { protocolDistControlIndex, protocolDirLocalIndex }
::= { protocolDistStatsTable 1 }
ProtocolDistStatsEntry ::= SEQUENCE {
protocolDistStatsPkts ZeroBasedCounter32,
protocolDistStatsOctets ZeroBasedCounter32
}
protocolDistStatsPkts OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of packets of this protocol type received
without errors. Note that this is the number of
link-layer packets, so if a single network-layer packet
is fragmented into several link-layer frames, this counter
is incremented several times."
::= { protocolDistStatsEntry 1 }
protocolDistStatsOctets OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of octets in packets of this protocol type
received since it was added to the protocolDistStatsTable
(excluding framing bits, but including FCS octets), except for
those octets in packets that contained errors.
Note that this doesn't count just those octets in the
particular protocol frames but includes the entire packet
that contained the protocol."
::= { protocolDistStatsEntry 2 }
--
-- Address Map Group (addressMap)
--
-- Lists MAC address to network address bindings discovered by the
-- probe and what interface they were last seen on.
-- addressMapControlTable
-- addressMapTable
addressMapInserts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an address mapping entry has been
inserted into the addressMapTable. If an entry is inserted,
then deleted, and then inserted, this counter will be
incremented by 2.
Note that the table size can be determined by subtracting
addressMapDeletes from addressMapInserts."
::= { addressMap 1 }
addressMapDeletes OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an address mapping entry has been
deleted from the addressMapTable (for any reason). If
an entry is deleted, then inserted, and then deleted, this
counter will be incremented by 2.
Note that the table size can be determined by subtracting
addressMapDeletes from addressMapInserts."
::= { addressMap 2 }
addressMapMaxDesiredEntries OBJECT-TYPE
SYNTAX Integer32 (-1..2147483647)
MAX-ACCESS read-write
addressMapTable. The probe will not create more than
this number of entries in the table but may choose to create
fewer entries in this table for any reason, including the lack
of resources.
If this object is set to a value less than the current number
of entries, enough entries are chosen in an
implementation-dependent manner and deleted so that the number
of entries in the table equals the value of this object.
If this value is set to -1, the probe may create any number
of entries in this table.
This object may be used to control how resources are allocated
on the probe for the various RMON functions."
::= { addressMap 3 }
addressMapControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF AddressMapControlEntry
MAX-ACCESS not-accessible
"A table to control the collection of mappings from network
layer address to physical address to interface.
Note that this is not like the typical RMON
controlTable and dataTable in which each entry creates
its own data table. Each entry in this table enables the
discovery of addresses on a new interface and the placement
of address mappings into the central addressMapTable.
Implementations are encouraged to add an entry per monitored
interface upon initialization so that a default collection
of address mappings is available."
::= { addressMap 4 }
addressMapControlEntry OBJECT-TYPE
SYNTAX AddressMapControlEntry
MAX-ACCESS not-accessible
"A conceptual row in the addressMapControlTable.
An example of the indexing of this entry is
addressMapControlDroppedFrames.1"
INDEX { addressMapControlIndex }
::= { addressMapControlTable 1 }
AddressMapControlEntry ::= SEQUENCE {
addressMapControlIndex Integer32,
addressMapControlDataSource DataSource,
addressMapControlDroppedFrames Counter32,
addressMapControlOwner OwnerString,
addressMapControlStatus RowStatus
}
addressMapControlIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
"A unique index for this entry in the addressMapControlTable."
::= { addressMapControlEntry 1 }
addressMapControlDataSource OBJECT-TYPE
SYNTAX DataSource
MAX-ACCESS read-create
"The source of data for this addressMapControlEntry."
::= { addressMapControlEntry 2 }
addressMapControlDroppedFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The total number of frames that were received by the probe
and therefore not accounted for in the *StatsDropEvents, but
that the probe chose not to count for this entry for
whatever reason. Most often, this event occurs when the probe
is out of some resources and decides to shed load from this
collection.
This count does not include packets that were not counted
because they had MAC-layer errors.
Note that, unlike the dropEvents counter, this number is the
exact number of frames dropped."
::= { addressMapControlEntry 3 }
addressMapControlOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { addressMapControlEntry 4 }
addressMapControlStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
"The status of this addressMap control entry.
An entry may not exist in the active state unless all
objects in the entry have an appropriate value.
If this object is not equal to active(1), all associated
entries in the addressMapTable shall be deleted."
::= { addressMapControlEntry 5 }
addressMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF AddressMapEntry
MAX-ACCESS not-accessible
"A table of mappings from network layer address to physical
address to interface.
The probe will add entries to this table based on the source
MAC and network addresses seen in packets without MAC-level
errors. The probe will populate this table for all protocols
in the protocol directory table whose value of
protocolDirAddressMapConfig is equal to supportedOn(3), and
will delete any entries whose protocolDirEntry is deleted or
has a protocolDirAddressMapConfig value of supportedOff(2)."
::= { addressMap 5 }
addressMapEntry OBJECT-TYPE
SYNTAX AddressMapEntry
MAX-ACCESS not-accessible
"A conceptual row in the addressMapTable.
The protocolDirLocalIndex in the index identifies the network
layer protocol of the addressMapNetworkAddress.
An example of the indexing of this entry is
addressMapSource.783495.18.4.128.2.6.6.11.1.3.6.1.2.1.2.2.1.1.1.
Note that some combinations of index values may result in an
index that exceeds 128 sub-identifiers in length, which exceeds
the maximum for the SNMP protocol. Implementations should take
care to avoid such combinations."
INDEX { addressMapTimeMark, protocolDirLocalIndex,
addressMapNetworkAddress, addressMapSource }
::= { addressMapTable 1 }
AddressMapEntry ::= SEQUENCE {
addressMapTimeMark TimeFilter,
addressMapNetworkAddress OCTET STRING,
addressMapSource OBJECT IDENTIFIER,
addressMapPhysicalAddress OCTET STRING,
addressMapLastChange TimeStamp
}
addressMapTimeMark OBJECT-TYPE
SYNTAX TimeFilter
MAX-ACCESS not-accessible
"A TimeFilter for this entry. See the TimeFilter textual
convention to see how this works."
::= { addressMapEntry 1 }
addressMapNetworkAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS not-accessible
"The network address for this relation.
This is represented as an octet string with
specific semantics and length as identified
by the protocolDirLocalIndex component of the
index.
For example, if the protocolDirLocalIndex indicates an
encapsulation of ip, this object is encoded as a length
octet of 4, followed by the 4 octets of the IP address,
in network byte order."
::= { addressMapEntry 2 }
addressMapSource OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS not-accessible
"The interface or port on which the associated network
address was most recently seen.
If this address mapping was discovered on an interface, this
object shall identify the instance of the ifIndex
object, defined in [RFC2863], for the desired interface.
For example, if an entry were to receive data from
interface #1, this object would be set to ifIndex.1.
If this address mapping was discovered on a port, this
object shall identify the instance of the rptrGroupPortIndex
object, defined in [RFC2108], for the desired port.
For example, if an entry were to receive data from
group #1, port #1, this object would be set to
rptrGroupPortIndex.1.1.
Note that while the dataSource associated with this entry
may only point to index objects, this object may at times
point to repeater port objects. This situation occurs when
the dataSource points to an interface that is a locally
attached repeater and the agent has additional information
about the source port of traffic seen on that repeater."
::= { addressMapEntry 3 }
addressMapPhysicalAddress OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
"The last source physical address on which the associated
network address was seen. If the protocol of the associated
network address was encapsulated inside of a network-level or
higher protocol, this will be the address of the next-lower
protocol with the addressRecognitionCapable bit enabled and
will be formatted as specified for that protocol."
::= { addressMapEntry 4 }
addressMapLastChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
"The value of sysUpTime at the time this entry was last
created or the values of the physical address changed.
This can be used to help detect duplicate address problems, in
which case this object will be updated frequently."
::= { addressMapEntry 5 }
--
-- Network Layer Host Group
--
-- Counts the amount of traffic sent from and to each network address
-- discovered by the probe.
-- Note that while the hlHostControlTable also has objects that
-- control an optional alHostTable, implementation of the alHostTable is
-- not required to fully implement this group.
hlHostControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF HlHostControlEntry
MAX-ACCESS not-accessible
"A list of higher-layer (i.e., non-MAC) host table control
entries.
These entries will enable the collection of the network- and
application-level host tables indexed by network addresses.
Both the network- and application-level host tables are
controlled by this table so that they will both be created
and deleted at the same time, further increasing the ease with
which they can be implemented as a single datastore. (Note that
if an implementation stores application-layer host records in
memory, it can derive network-layer host records from them.)
Entries in the nlHostTable will be created on behalf of each
entry in this table. Additionally, if this probe implements
the alHostTable, entries in the alHostTable will be created on
behalf of each entry in this table.
Implementations are encouraged to add an entry per monitored
interface upon initialization so that a default collection
of host statistics is available."
::= { nlHost 1 }
hlHostControlEntry OBJECT-TYPE
SYNTAX HlHostControlEntry
MAX-ACCESS not-accessible
"A conceptual row in the hlHostControlTable.
An example of the indexing of this entry is
hlHostControlNlDroppedFrames.1"
INDEX { hlHostControlIndex }
::= { hlHostControlTable 1 }
HlHostControlEntry ::= SEQUENCE {
hlHostControlIndex Integer32,
hlHostControlDataSource DataSource,
hlHostControlNlDroppedFrames Counter32,
hlHostControlNlInserts Counter32,
hlHostControlNlDeletes Counter32,
hlHostControlNlMaxDesiredEntries Integer32,
hlHostControlAlDroppedFrames Counter32,
hlHostControlAlInserts Counter32,
hlHostControlAlDeletes Counter32,
hlHostControlAlMaxDesiredEntries Integer32,
hlHostControlOwner OwnerString,
hlHostControlStatus RowStatus
}
hlHostControlIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
"An index that uniquely identifies an entry in the
hlHostControlTable. Each such entry defines
a function that discovers hosts on a particular
interface and places statistics about them in the
nlHostTable, and optionally in the alHostTable, on
behalf of this hlHostControlEntry."
::= { hlHostControlEntry 1 }
hlHostControlDataSource OBJECT-TYPE
SYNTAX DataSource
MAX-ACCESS read-create
"The source of data for the associated host tables.
The statistics in this group reflect all packets
on the local network segment attached to the
identified interface.
This object may not be modified if the associated
hlHostControlStatus object is equal to active(1)."
::= { hlHostControlEntry 2 }
hlHostControlNlDroppedFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The total number of frames that were received by the probe
and therefore not accounted for in the *StatsDropEvents, but
that the probe chose not to count for the associated
nlHost entries for whatever reason. Most often, this event
occurs when the probe is out of some resources and decides to
shed load from this collection.
This count does not include packets that were not counted
because they had MAC-layer errors.
Note that if the nlHostTable is inactive because no protocols
are enabled in the protocol directory, this value should be 0.
Note that, unlike the dropEvents counter, this number is the
exact number of frames dropped."
::= { hlHostControlEntry 3 }
hlHostControlNlInserts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an nlHost entry has been
inserted into the nlHost table. If an entry is inserted, then
deleted, and then inserted, this counter will be incremented
by 2.
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the table size can be determined by subtracting
hlHostControlNlDeletes from hlHostControlNlInserts."
::= { hlHostControlEntry 4 }
hlHostControlNlDeletes OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an nlHost entry has been
deleted from the nlHost table (for any reason). If an entry
is deleted, then inserted, and then deleted, this counter will
be incremented by 2.
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the table size can be determined by subtracting
hlHostControlNlDeletes from hlHostControlNlInserts."
::= { hlHostControlEntry 5 }
hlHostControlNlMaxDesiredEntries OBJECT-TYPE
SYNTAX Integer32 (-1..2147483647)
MAX-ACCESS read-create
nlHostTable on behalf of this control entry. The probe will
not create more than this number of associated entries in the
table but may choose to create fewer entries in this table
for any reason, including the lack of resources.
If this object is set to a value less than the current number
of entries, enough entries are chosen in an
implementation-dependent manner and deleted so that the number
of entries in the table equals the value of this object.
If this value is set to -1, the probe may create any number
of entries in this table. If the associated
hlHostControlStatus object is equal to 'active', this
object may not be modified.
This object may be used to control how resources are allocated
on the probe for the various RMON functions."
::= { hlHostControlEntry 6 }
hlHostControlAlDroppedFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The total number of frames that were received by the probe
and therefore not accounted for in the *StatsDropEvents, but
that the probe chose not to count for the associated
alHost entries for whatever reason. Most often, this event
occurs when the probe is out of some resources and decides to
shed load from this collection.
This count does not include packets that were not counted
because they had MAC-layer errors.
Note that if the alHostTable is not implemented or is inactive
because no protocols are enabled in the protocol directory,
this value should be 0.
Note that, unlike the dropEvents counter, this number is the
exact number of frames dropped."
::= { hlHostControlEntry 7 }
hlHostControlAlInserts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an alHost entry has been
inserted into the alHost table. If an entry is inserted, then
deleted, and then inserted, this counter will be incremented
by 2.
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the table size can be determined by subtracting
hlHostControlAlDeletes from hlHostControlAlInserts."
::= { hlHostControlEntry 8 }
hlHostControlAlDeletes OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an alHost entry has been
deleted from the alHost table (for any reason). If an entry
is deleted, then inserted, and then deleted, this counter will
be incremented by 2.
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the table size can be determined by subtracting
hlHostControlAlDeletes from hlHostControlAlInserts."
::= { hlHostControlEntry 9 }
hlHostControlAlMaxDesiredEntries OBJECT-TYPE
SYNTAX Integer32 (-1..2147483647)
MAX-ACCESS read-create
"The maximum number of entries that are desired in the alHost
table on behalf of this control entry. The probe will not
create more than this number of associated entries in the
table but may choose to create fewer entries in this table
for any reason, including the lack of resources.
If this object is set to a value less than the current number
of entries, enough entries are chosen in an
implementation-dependent manner and deleted so that the number
of entries in the table equals the value of this object.
If this value is set to -1, the probe may create any number
of entries in this table. If the associated
hlHostControlStatus object is equal to 'active', this
object may not be modified.
This object may be used to control how resources are allocated
on the probe for the various RMON functions."
::= { hlHostControlEntry 10 }
hlHostControlOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { hlHostControlEntry 11 }
hlHostControlStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
"The status of this hlHostControlEntry.
An entry may not exist in the active state unless all
objects in the entry have an appropriate value.
If this object is not equal to active(1), all associated
entries in the nlHostTable and alHostTable shall be deleted."
::= { hlHostControlEntry 12 }
nlHostTable OBJECT-TYPE
SYNTAX SEQUENCE OF NlHostEntry
MAX-ACCESS not-accessible
"A collection of statistics for a particular network layer
address that has been discovered on an interface of this
device.
The probe will populate this table for all network layer
protocols in the protocol directory table whose value of
protocolDirHostConfig is equal to supportedOn(3), and
will delete any entries whose protocolDirEntry is deleted or
has a protocolDirHostConfig value of supportedOff(2).
The probe will add to this table all addresses seen
as the source or destination address in all packets with no
MAC errors, and will increment octet and packet counts in the
table for all packets with no MAC errors."
::= { nlHost 2 }
nlHostEntry OBJECT-TYPE
SYNTAX NlHostEntry
MAX-ACCESS not-accessible
"A conceptual row in the nlHostTable.
The hlHostControlIndex value in the index identifies the
hlHostControlEntry on whose behalf this entry was created.
The protocolDirLocalIndex value in the index identifies the
network layer protocol of the nlHostAddress.
An example of the indexing of this entry is
nlHostOutPkts.1.783495.18.4.128.2.6.6.
Note that some combinations of index values may result in an
index that exceeds 128 sub-identifiers in length, which exceeds
the maximum for the SNMP protocol. Implementations should take
care to avoid such combinations."
INDEX { hlHostControlIndex, nlHostTimeMark,
protocolDirLocalIndex, nlHostAddress }
::= { nlHostTable 1 }
NlHostEntry ::= SEQUENCE {
nlHostTimeMark TimeFilter,
nlHostAddress OCTET STRING,
nlHostInPkts ZeroBasedCounter32,
nlHostOutPkts ZeroBasedCounter32,
nlHostInOctets ZeroBasedCounter32,
nlHostOutOctets ZeroBasedCounter32,
nlHostOutMacNonUnicastPkts ZeroBasedCounter32,
nlHostCreateTime LastCreateTime
}
nlHostTimeMark OBJECT-TYPE
SYNTAX TimeFilter
MAX-ACCESS not-accessible
"A TimeFilter for this entry. See the TimeFilter textual
convention to see how this works."
::= { nlHostEntry 1 }
nlHostAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS not-accessible
"The network address for this nlHostEntry.
This is represented as an octet string with
specific semantics and length as identified
by the protocolDirLocalIndex component of the index.
For example, if the protocolDirLocalIndex indicates an
encapsulation of IP, this object is encoded as a length
octet of 4, followed by the 4 octets of the IP address,
in network byte order."
::= { nlHostEntry 2 }
nlHostInPkts OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of packets without errors transmitted to
this address since it was added to the nlHostTable. Note that
this is the number of link-layer packets, so if a single
network-layer packet is fragmented into several link-layer
frames, this counter is incremented several times."
::= { nlHostEntry 3 }
nlHostOutPkts OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of packets without errors transmitted by
this address since it was added to the nlHostTable. Note that
this is the number of link-layer packets, so if a single
network-layer packet is fragmented into several link-layer
frames, this counter is incremented several times."
::= { nlHostEntry 4 }
nlHostInOctets OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of octets transmitted to this address
since it was added to the nlHostTable (excluding
framing bits, but including FCS octets), excluding
octets in packets that contained errors.
Note that this doesn't count just those octets in the particular
protocol frames but includes the entire packet that contained
the protocol."
::= { nlHostEntry 5 }
nlHostOutOctets OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of octets transmitted by this address
since it was added to the nlHostTable (excluding
framing bits, but including FCS octets), excluding
octets in packets that contained errors.
Note that this doesn't count just those octets in the particular
protocol frames but includes the entire packet that contained
the protocol."
::= { nlHostEntry 6 }
nlHostOutMacNonUnicastPkts OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of packets without errors transmitted by this
address that were directed to any MAC broadcast addresses
or to any MAC multicast addresses since this host was
added to the nlHostTable. Note that this is the number of
link-layer packets, so if a single network-layer packet is
fragmented into several link-layer frames, this counter is
incremented several times."
::= { nlHostEntry 7 }
nlHostCreateTime OBJECT-TYPE
SYNTAX LastCreateTime
MAX-ACCESS read-only
STATUS current
"The value of sysUpTime when this entry was last activated.
This can be used by the management station to ensure that the
entry has not been deleted and recreated between polls."
::= { nlHostEntry 8 }
--
-- Network Layer Matrix Group
--
-- Counts the amount of traffic sent between each pair of network
-- addresses discovered by the probe.
-- Note that while the hlMatrixControlTable also has objects that
-- control optional alMatrixTables, implementation of the
-- alMatrixTables is not required to fully implement this group.
hlMatrixControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF HlMatrixControlEntry
MAX-ACCESS not-accessible
"A list of higher-layer (i.e., non-MAC) matrix control entries.
These entries will enable the collection of the network- and
application-level matrix tables containing conversation
statistics indexed by pairs of network addresses.
Both the network- and application-level matrix tables are
controlled by this table so that they will both be created
and deleted at the same time, further increasing the ease with
which they can be implemented as a single datastore. (Note that
if an implementation stores application-layer matrix records
in memory, it can derive network-layer matrix records from
them.)
Entries in the nlMatrixSDTable and nlMatrixDSTable will be
created on behalf of each entry in this table. Additionally,
if this probe implements the alMatrix tables, entries in the
alMatrix tables will be created on behalf of each entry in
this table."
::= { nlMatrix 1 }
hlMatrixControlEntry OBJECT-TYPE
SYNTAX HlMatrixControlEntry
MAX-ACCESS not-accessible
"A conceptual row in the hlMatrixControlTable.
An example of indexing of this entry is
hlMatrixControlNlDroppedFrames.1"
INDEX { hlMatrixControlIndex }
::= { hlMatrixControlTable 1 }
HlMatrixControlEntry ::= SEQUENCE {
hlMatrixControlIndex Integer32,
hlMatrixControlDataSource DataSource,
hlMatrixControlNlDroppedFrames Counter32,
hlMatrixControlNlInserts Counter32,
hlMatrixControlNlDeletes Counter32,
hlMatrixControlNlMaxDesiredEntries Integer32,
hlMatrixControlAlDroppedFrames Counter32,
hlMatrixControlAlInserts Counter32,
hlMatrixControlAlDeletes Counter32,
hlMatrixControlAlMaxDesiredEntries Integer32,
hlMatrixControlOwner OwnerString,
hlMatrixControlStatus RowStatus
}
hlMatrixControlIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
"An index that uniquely identifies an entry in the
hlMatrixControlTable. Each such entry defines
a function that discovers conversations on a particular
interface and places statistics about them in the
nlMatrixSDTable and the nlMatrixDSTable, and optionally the
alMatrixSDTable and alMatrixDSTable, on behalf of this
hlMatrixControlEntry."
::= { hlMatrixControlEntry 1 }
hlMatrixControlDataSource OBJECT-TYPE
SYNTAX DataSource
MAX-ACCESS read-create
"The source of the data for the associated matrix tables.
The statistics in this group reflect all packets
on the local network segment attached to the
identified interface.
This object may not be modified if the associated
hlMatrixControlStatus object is equal to active(1)."
::= { hlMatrixControlEntry 2 }
hlMatrixControlNlDroppedFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The total number of frames that were received by the probe
and therefore not accounted for in the *StatsDropEvents, but
that the probe chose not to count for this entry for
whatever reason. Most often, this event occurs when the probe
is out of some resources and decides to shed load from this
collection.
This count does not include packets that were not counted
because they had MAC-layer errors.
Note that if the nlMatrixTables are inactive because no
protocols are enabled in the protocol directory, this value
should be 0.
Note that, unlike the dropEvents counter, this number is the
exact number of frames dropped."
::= { hlMatrixControlEntry 3 }
hlMatrixControlNlInserts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an nlMatrix entry has been
inserted into the nlMatrix tables. If an entry is inserted,
then deleted, and then inserted, this counter will be
incremented by 2. The addition of a conversation into both
the nlMatrixSDTable and nlMatrixDSTable shall be counted as
two insertions (even though every addition into one table must
be accompanied by an insertion into the other).
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the sum of then nlMatrixSDTable and nlMatrixDSTable
sizes can be determined by subtracting
hlMatrixControlNlDeletes from hlMatrixControlNlInserts."
::= { hlMatrixControlEntry 4 }
hlMatrixControlNlDeletes OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an nlMatrix entry has been
deleted from the nlMatrix tables (for any reason). If an
entry is deleted, then inserted, and then deleted, this
counter will be incremented by 2. The deletion of a
conversation from both the nlMatrixSDTable and nlMatrixDSTable
shall be counted as two deletions (even though every deletion
from one table must be accompanied by a deletion from the
other).
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the table size can be determined by subtracting
hlMatrixControlNlDeletes from hlMatrixControlNlInserts."
::= { hlMatrixControlEntry 5 }
hlMatrixControlNlMaxDesiredEntries OBJECT-TYPE
SYNTAX Integer32 (-1..2147483647)
MAX-ACCESS read-create
nlMatrix tables on behalf of this control entry. The probe
the table but may choose to create fewer entries in this
table for any reason, including the lack of resources.
If this object is set to a value less than the current number
of entries, enough entries are chosen in an
implementation-dependent manner and deleted so that the number
of entries in the table equals the value of this object.
If this value is set to -1, the probe may create any number
of entries in this table. If the associated
hlMatrixControlStatus object is equal to 'active', this
object may not be modified.
This object may be used to control how resources are allocated
on the probe for the various RMON functions."
::= { hlMatrixControlEntry 6 }
hlMatrixControlAlDroppedFrames OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The total number of frames that were received by the probe
and therefore not accounted for in the *StatsDropEvents, but
that the probe chose not to count for this entry for
whatever reason. Most often, this event occurs when the probe
is out of some resources and decides to shed load from this
collection.
This count does not include packets that were not counted
because they had MAC-layer errors.
Note that if the alMatrixTables are not implemented or are
inactive because no protocols are enabled in the protocol
directory, this value should be 0.
Note that, unlike the dropEvents counter, this number is the
exact number of frames dropped."
::= { hlMatrixControlEntry 7 }
hlMatrixControlAlInserts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an alMatrix entry has been
inserted into the alMatrix tables. If an entry is inserted,
then deleted, and then inserted, this counter will be
incremented by 2. The addition of a conversation into both
the alMatrixSDTable and alMatrixDSTable shall be counted as
two insertions (even though every addition into one table must
be accompanied by an insertion into the other).
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the table size can be determined by subtracting
hlMatrixControlAlDeletes from hlMatrixControlAlInserts."
::= { hlMatrixControlEntry 8 }
hlMatrixControlAlDeletes OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of times an alMatrix entry has been
deleted from the alMatrix tables. If an entry is deleted,
then inserted, and then deleted, this counter will be
incremented by 2. The deletion of a conversation from both
the alMatrixSDTable and alMatrixDSTable shall be counted as
two deletions (even though every deletion from one table must
be accompanied by a deletion from the other).
To allow for efficient implementation strategies, agents may
delay updating this object for short periods of time. For
example, an implementation strategy may allow internal
data structures to differ from those visible via SNMP for
short periods of time. This counter may reflect the internal
data structures for those short periods of time.
Note that the table size can be determined by subtracting
hlMatrixControlAlDeletes from hlMatrixControlAlInserts."
::= { hlMatrixControlEntry 9 }
hlMatrixControlAlMaxDesiredEntries OBJECT-TYPE
SYNTAX Integer32 (-1..2147483647)
MAX-ACCESS read-create
alMatrix tables on behalf of this control entry. The probe
the table but may choose to create fewer entries in this
table for any reason, including the lack of resources.
If this object is set to a value less than the current number
of entries, enough entries are chosen in an
implementation-dependent manner and deleted so that the number
of entries in the table equals the value of this object.
If this value is set to -1, the probe may create any number
of entries in this table. If the associated
hlMatrixControlStatus object is equal to 'active', this
object may not be modified.
This object may be used to control how resources are allocated
on the probe for the various RMON functions."
::= { hlMatrixControlEntry 10 }
hlMatrixControlOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
"The entity that configured this entry and is
therefore using the resources assigned to it."
::= { hlMatrixControlEntry 11 }
hlMatrixControlStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
"The status of this hlMatrixControlEntry.
An entry may not exist in the active state unless all
objects in the entry have an appropriate value.
If this object is not equal to active(1), all
associated entries in the nlMatrixSDTable,
nlMatrixDSTable, alMatrixSDTable, and alMatrixDSTable
shall be deleted by the agent."
::= { hlMatrixControlEntry 12 }
nlMatrixSDTable OBJECT-TYPE
SYNTAX SEQUENCE OF NlMatrixSDEntry
MAX-ACCESS not-accessible
"A list of traffic matrix entries that collect statistics for
conversations between two network-level addresses. This table
is indexed first by the source address and then by the
destination address to make it convenient to collect all
conversations from a particular address.
The probe will populate this table for all network layer
protocols in the protocol directory table whose value of
protocolDirMatrixConfig is equal to supportedOn(3), and
will delete any entries whose protocolDirEntry is deleted or
has a protocolDirMatrixConfig value of supportedOff(2).
The probe will add to this table all pairs of addresses
seen in all packets with no MAC errors and will increment
octet and packet counts in the table for all packets with no
MAC errors.
Further, this table will only contain entries that have a
corresponding entry in the nlMatrixDSTable with the same
source address and destination address."
::= { nlMatrix 2 }
nlMatrixSDEntry OBJECT-TYPE
SYNTAX NlMatrixSDEntry
MAX-ACCESS not-accessible
"A conceptual row in the nlMatrixSDTable.
The hlMatrixControlIndex value in the index identifies the
hlMatrixControlEntry on whose behalf this entry was created.
The protocolDirLocalIndex value in the index identifies the
network-layer protocol of the nlMatrixSDSourceAddress and
nlMatrixSDDestAddress.
An example of the indexing of this table is
nlMatrixSDPkts.1.783495.18.4.128.2.6.6.4.128.2.6.7.
Note that some combinations of index values may result in an
index that exceeds 128 sub-identifiers in length, which exceeds
the maximum for the SNMP protocol. Implementations should take
care to avoid such combinations."
INDEX { hlMatrixControlIndex, nlMatrixSDTimeMark,
protocolDirLocalIndex,
nlMatrixSDSourceAddress, nlMatrixSDDestAddress }
::= { nlMatrixSDTable 1 }
NlMatrixSDEntry ::= SEQUENCE {
nlMatrixSDTimeMark TimeFilter,
nlMatrixSDSourceAddress OCTET STRING,
nlMatrixSDDestAddress OCTET STRING,
nlMatrixSDPkts ZeroBasedCounter32,
nlMatrixSDOctets ZeroBasedCounter32,
nlMatrixSDCreateTime LastCreateTime
}
nlMatrixSDTimeMark OBJECT-TYPE
SYNTAX TimeFilter
MAX-ACCESS not-accessible
"A TimeFilter for this entry. See the TimeFilter textual
convention to see how this works."
::= { nlMatrixSDEntry 1 }
nlMatrixSDSourceAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS not-accessible
"The network source address for this nlMatrixSDEntry.
This is represented as an octet string with
specific semantics and length as identified
by the protocolDirLocalIndex component of the index.
For example, if the protocolDirLocalIndex indicates an
encapsulation of IP, this object is encoded as a length
octet of 4, followed by the 4 octets of the IP address,
in network byte order."
::= { nlMatrixSDEntry 2 }
nlMatrixSDDestAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS not-accessible
"The network destination address for this
nlMatrixSDEntry.
This is represented as an octet string with
specific semantics and length as identified
by the protocolDirLocalIndex component of the index.
For example, if the protocolDirLocalIndex indicates an
encapsulation of IP, this object is encoded as a length
octet of 4, followed by the 4 octets of the IP address,
in network byte order."
::= { nlMatrixSDEntry 3 }
nlMatrixSDPkts OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of packets without errors transmitted from the
source address to the destination address since this entry was
added to the nlMatrixSDTable. Note that this is the number of
link-layer packets, so if a single network-layer packet is
fragmented into several link-layer frames, this counter is
incremented several times."
::= { nlMatrixSDEntry 4 }
nlMatrixSDOctets OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of octets transmitted from the source address to
the destination address since this entry was added to the
nlMatrixSDTable (excluding framing bits, but
including FCS octets), excluding octets in packets that
contained errors.
Note that this doesn't count just those octets in the particular
protocol frames but includes the entire packet that contained
the protocol."
::= { nlMatrixSDEntry 5 }
nlMatrixSDCreateTime OBJECT-TYPE
SYNTAX LastCreateTime
MAX-ACCESS read-only
STATUS current
"The value of sysUpTime when this entry was last activated.
This can be used by the management station to ensure that the
entry has not been deleted and recreated between polls."
::= { nlMatrixSDEntry 6 }
-- Traffic matrix tables from destination to source
nlMatrixDSTable OBJECT-TYPE
SYNTAX SEQUENCE OF NlMatrixDSEntry
MAX-ACCESS not-accessible
"A list of traffic matrix entries that collect statistics for
conversations between two network-level addresses. This table
is indexed first by the destination address and then by the
source address to make it convenient to collect all
conversations to a particular address.
The probe will populate this table for all network layer
protocols in the protocol directory table whose value of
protocolDirMatrixConfig is equal to supportedOn(3), and
will delete any entries whose protocolDirEntry is deleted or
has a protocolDirMatrixConfig value of supportedOff(2).
The probe will add to this table all pairs of addresses
seen in all packets with no MAC errors and will increment
octet and packet counts in the table for all packets with no
MAC errors.
Further, this table will only contain entries that have a
corresponding entry in the nlMatrixSDTable with the same
source address and destination address."
::= { nlMatrix 3 }
nlMatrixDSEntry OBJECT-TYPE
SYNTAX NlMatrixDSEntry
MAX-ACCESS not-accessible
"A conceptual row in the nlMatrixDSTable.
The hlMatrixControlIndex value in the index identifies the
hlMatrixControlEntry on whose behalf this entry was created.
The protocolDirLocalIndex value in the index identifies the
network-layer protocol of the nlMatrixDSSourceAddress and
nlMatrixDSDestAddress.
An example of the indexing of this table is
nlMatrixDSPkts.1.783495.18.4.128.2.6.7.4.128.2.6.6.
Note that some combinations of index values may result in an
index that exceeds 128 sub-identifiers in length, which exceeds
the maximum for the SNMP protocol. Implementations should take
care to avoid such combinations."
INDEX { hlMatrixControlIndex, nlMatrixDSTimeMark,
protocolDirLocalIndex,
nlMatrixDSDestAddress, nlMatrixDSSourceAddress }
::= { nlMatrixDSTable 1 }
NlMatrixDSEntry ::= SEQUENCE {
nlMatrixDSTimeMark TimeFilter,
nlMatrixDSSourceAddress OCTET STRING,
nlMatrixDSDestAddress OCTET STRING,
nlMatrixDSPkts ZeroBasedCounter32,
nlMatrixDSOctets ZeroBasedCounter32,
nlMatrixDSCreateTime LastCreateTime
}
nlMatrixDSTimeMark OBJECT-TYPE
SYNTAX TimeFilter
MAX-ACCESS not-accessible
"A TimeFilter for this entry. See the TimeFilter textual
convention to see how this works."
::= { nlMatrixDSEntry 1 }
nlMatrixDSSourceAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS not-accessible
"The network source address for this nlMatrixDSEntry.
This is represented as an octet string with
specific semantics and length as identified
by the protocolDirLocalIndex component of the index.
For example, if the protocolDirLocalIndex indicates an
encapsulation of IP, this object is encoded as a length
octet of 4, followed by the 4 octets of the IP address,
in network byte order."
::= { nlMatrixDSEntry 2 }
nlMatrixDSDestAddress OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..255))
MAX-ACCESS not-accessible
"The network destination address for this
nlMatrixDSEntry.
This is represented as an octet string with
specific semantics and length as identified
by the protocolDirLocalIndex component of the index.
For example, if the protocolDirLocalIndex indicates an
encapsulation of IP, this object is encoded as a length
octet of 4, followed by the 4 octets of the IP address,
in network byte order."
::= { nlMatrixDSEntry 3 }
nlMatrixDSPkts OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of packets without errors transmitted from the
source address to the destination address since this entry was
added to the nlMatrixDSTable. Note that this is the number of
link-layer packets, so if a single network-layer packet is
fragmented into several link-layer frames, this counter is
incremented several times."
::= { nlMatrixDSEntry 4 }
nlMatrixDSOctets OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
"The number of octets transmitted from the source address
to the destination address since this entry was added to the
nlMatrixDSTable (excluding framing bits, but
including FCS octets), excluding octets in packets that
contained errors.
Note that this doesn't count just those octets in the particular
protocol frames but includes the entire packet that contained
the protocol."
::= { nlMatrixDSEntry 5 }
nlMatrixDSCreateTime OBJECT-TYPE
SYNTAX LastCreateTime
MAX-ACCESS read-only
STATUS current
"The value of sysUpTime when this entry was last activated.
This can be used by the management station to ensure that the
entry has not been deleted and recreated between polls."
::= { nlMatrixDSEntry 6 }
nlMatrixTopNControlTable OBJECT-TYPE
SYNTAX SEQUENCE OF NlMatrixTopNControlEntry
MAX-ACCESS not-accessible
"A set of parameters that control the creation of a
report of the top N matrix entries according to
a selected metric."
::= { nlMatrix 4 }
nlMatrixTopNControlEntry OBJECT-TYPE
SYNTAX NlMatrixTopNControlEntry
MAX-ACCESS not-accessible
"A conceptual row in the nlMatrixTopNControlTable.
An example of the indexing of this table is
nlMatrixTopNControlDuration.3"
INDEX { nlMatrixTopNControlIndex }
::= { nlMatrixTopNControlTable 1 }
NlMatrixTopNControlEntry ::= SEQUENCE {
nlMatrixTopNControlIndex Integer32,
nlMatrixTopNControlMatrixIndex Integer32,
nlMatrixTopNControlRateBase INTEGER,
nlMatrixTopNControlTimeRemaining Integer32,
nlMatrixTopNControlGeneratedReports Counter32,
nlMatrixTopNControlDuration Integer32,
nlMatrixTopNControlRequestedSize Integer32,
nlMatrixTopNControlGrantedSize Integer32,
nlMatrixTopNControlStartTime TimeStamp,
nlMatrixTopNControlOwner OwnerString,
nlMatrixTopNControlStatus RowStatus
}
nlMatrixTopNControlIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS not-accessible
STATUS current
"An index that uniquely identifies an entry
in the nlMatrixTopNControlTable. Each such
entry defines one topN report prepared for
one interface."
::= { nlMatrixTopNControlEntry 1 }
nlMatrixTopNControlMatrixIndex OBJECT-TYPE
SYNTAX Integer32 (1..65535)
MAX-ACCESS read-create
STATUS current
"The nlMatrix[SD/DS] table for which a topN report will be
prepared on behalf of this entry. The nlMatrix[SD/DS] table
is identified by the value of the hlMatrixControlIndex
for that table - that value is used here to identify the
particular table.
This object may not be modified if the associated
nlMatrixTopNControlStatus object is equal to active(1)."
::= { nlMatrixTopNControlEntry 2 }
nlMatrixTopNControlRateBase OBJECT-TYPE
SYNTAX INTEGER {
nlMatrixTopNPkts(1),
nlMatrixTopNOctets(2),
nlMatrixTopNHighCapacityPkts(3),
nlMatrixTopNHighCapacityOctets(4)
}
MAX-ACCESS read-create
STATUS current
"The variable for each nlMatrix[SD/DS] entry that the
nlMatrixTopNEntries are sorted by, as well as a control
for the table that the results will be reported in.
This object may not be modified if the associated
nlMatrixTopNControlStatus object is equal to active(1).
If this value is less than or equal to 2, when the report
is prepared, entries are created in the nlMatrixTopNTable
associated with this object.
If this value is greater than or equal to 3, when the report
is prepared, entries are created in the
nlMatrixTopNHighCapacityTable associated with this object."
::= { nlMatrixTopNControlEntry 3 }
nlMatrixTopNControlTimeRemaining OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-create
STATUS current
"The number of seconds left in the report currently
being collected. When this object is modified by
the management station, a new collection is started,
possibly aborting a currently running report. The
new value is used as the requested duration of this
report and is immediately loaded into the associated
nlMatrixTopNControlDuration object.
When the report finishes, the probe will automatically
start another collection with the same initial value
of nlMatrixTopNControlTimeRemaining. Thus, the management
station may simply read the resulting reports repeatedly,
checking the startTime and duration each time to ensure that a
report was not missed or that the report parameters were not
changed.
While the value of this object is non-zero, it decrements
by one per second until it reaches zero. At the time
that this object decrements to zero, the report is made
accessible in the nlMatrixTopNTable, overwriting any report
that may be there.
When this object is modified by the management station, any
associated entries in the nlMatrixTopNTable shall be deleted.
(Note that this is a different algorithm than the one used
in the hostTopNTable)."
DEFVAL { 1800 }
::= { nlMatrixTopNControlEntry 4 }
nlMatrixTopNControlGeneratedReports OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
"The number of reports that have been generated by this entry."
::= { nlMatrixTopNControlEntry 5 }
nlMatrixTopNControlDuration OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
"The number of seconds that this report has collected
during the last sampling interval.
When the associated nlMatrixTopNControlTimeRemaining object is
set, this object shall be set by the probe to the
same value and shall not be modified until the next
time the nlMatrixTopNControlTimeRemaining is set.
This value shall be zero if no reports have been
requested for this nlMatrixTopNControlEntry."
::= { nlMatrixTopNControlEntry 6 }
nlMatrixTopNControlRequestedSize OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
MAX-ACCESS read-create
STATUS current
"The maximum number of matrix entries requested for this report.
When this object is created or modified, the probe
should set nlMatrixTopNControlGrantedSize as closely to this
object as possible for the particular probe
implementation and available resources."
DE 
RFC-Zone : Requests for Comments (RFC)