Network Working Group                                      T. Dietz, Ed.
Internet-Draft                                           NEC Europe Ltd.
Intended status: Standards Track                            A. Kobayashi
Expires: September 10, 2009                                  NTT PF Lab.
                                                               B. Claise
                                                     Cisco Systems, Inc.
                                                           March 9, 2009


     Definitions of Managed Objects for IP Flow Information Export
                      draft-ietf-ipfix-mib-06.txt

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.  This document may contain material
   from IETF Documents or IETF Contributions published or made publicly
   available before November 10, 2008.  The person(s) controlling the
   copyright in some of this material may not have granted the IETF
   Trust the right to allow modifications of such material outside the
   IETF Standards Process.  Without obtaining an adequate license from
   the person(s) controlling the copyright in such materials, this
   document may not be modified outside the IETF Standards Process, and
   derivative works of it may not be created outside the IETF Standards
   Process, except to format it for publication as an RFC or to
   translate it into languages other than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 10, 2009.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the



Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 1]


Internet-Draft                  IPFIX MIB                     March 2009


   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.












































Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 2]


Internet-Draft                  IPFIX MIB                     March 2009


Abstract

   This document defines managed objects for IP Flow Information Export
   (IPFIX).  These objects provide information for monitoring IPFIX
   Exporters and IPFIX Collectors including the basic configuration
   information.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  5

   2.  IPFIX Documents Overview . . . . . . . . . . . . . . . . . . .  6

   3.  The Internet-Standard Management Framework . . . . . . . . . .  7

   4.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  8

   5.  Structure of the IPFIX MIB . . . . . . . . . . . . . . . . . .  9
     5.1.  The Transport Session Table  . . . . . . . . . . . . . . .  9
     5.2.  The Template Table . . . . . . . . . . . . . . . . . . . . 11
     5.3.  The Template Definition Table  . . . . . . . . . . . . . . 13
     5.4.  The Export Table . . . . . . . . . . . . . . . . . . . . . 14
     5.5.  The Metering Process Table . . . . . . . . . . . . . . . . 16
     5.6.  The Observation Point Table  . . . . . . . . . . . . . . . 17
     5.7.  The Selector Table . . . . . . . . . . . . . . . . . . . . 18
     5.8.  The Selector Functions . . . . . . . . . . . . . . . . . . 18
     5.9.  The Statistical Tables . . . . . . . . . . . . . . . . . . 19
       5.9.1.  The Transport Session Statistical Table  . . . . . . . 19
       5.9.2.  The Template Statistical Table . . . . . . . . . . . . 19
       5.9.3.  The Metering Process Statistical Table . . . . . . . . 20
       5.9.4.  The Selector Statistical Table . . . . . . . . . . . . 20

   6.  Relationship to Other MIB Modules  . . . . . . . . . . . . . . 21
     6.1.  Relationship to the ENTITY MIB . . . . . . . . . . . . . . 21
     6.2.  MIB modules required for IMPORTS . . . . . . . . . . . . . 21

   7.  MIB Definitions  . . . . . . . . . . . . . . . . . . . . . . . 22

   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 57

   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 59

   10. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . 60

   11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 61
     11.1. Normative References . . . . . . . . . . . . . . . . . . . 61
     11.2. Informative References . . . . . . . . . . . . . . . . . . 61



Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 3]


Internet-Draft                  IPFIX MIB                     March 2009


   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 63


















































Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 4]


Internet-Draft                  IPFIX MIB                     March 2009


1.  Introduction

   This document defines a MIB module for monitoring IP Flow Information
   Export (IPFIX) Devices including Exporters and Collectors.  The full
   configuration of the IPFIX Metering Process is out of the scope this
   MIB.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].









































Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 5]


Internet-Draft                  IPFIX MIB                     March 2009


2.  IPFIX Documents Overview

   The IPFIX protocol provides network administrators with access to IP
   Flow information.  The architecture for the export of measured IP
   Flow information out of an IPFIX Exporting Process to a Collecting
   Process is defined in [I-D.ietf-ipfix-architecture], per the
   requirements defined in [RFC3917].  The protocol document [RFC5101]
   specifies how IPFIX Data Record and Templates are carried via a
   congestion-aware transport protocol from IPFIX Exporting Processes to
   IPFIX Collecting Process.  IPFIX has a formal description of IPFIX
   Information Elements, their name, type and additional semantic
   information, as specified in [RFC5102].  Finally [I-D.ietf-ipfix-as]
   describes what type of applications can use the IPFIX protocol and
   how they can use the information provided.  It furthermore shows how
   the IPFIX framework relates to other architectures and frameworks.

   It is assumed that Flow metering, export and collection is performed
   according to the IPFIX architecture defined in
   [I-D.ietf-ipfix-architecture].  The monitored configuration
   parameters of the export and collection of Flow Templates and Records
   is modeled according to [RFC5101].  Packet selection and filtering
   methods that may be optionally used by the IPFIX Metering Process are
   not considered in this MIB module.  They are defined in the Packet
   Sampling (PSAMP) framework [I-D.ietf-psamp-framework] and sampling
   techniques [I-D.ietf-psamp-sample-tech] documents.  Nevertheless the
   entry point for those methods in [I-D.ietf-psamp-mib] is given within
   this MIB module since PSAMP export protocol [I-D.ietf-psamp-protocol]
   is based on the IPFIX protocol.























Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 6]


Internet-Draft                  IPFIX MIB                     March 2009


3.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
   [RFC2580].





































Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 7]


Internet-Draft                  IPFIX MIB                     March 2009


4.  Terminology

   The definitions of the basic terms like IP Traffic Flow, Exporting
   Process, Collecting Process, Observation Points, etc. can be found in
   the IPFIX protocol document [RFC5101].














































Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 8]


Internet-Draft                  IPFIX MIB                     March 2009


5.  Structure of the IPFIX MIB

   The IPFIX MIB consists of six main tables, the Transport Session
   table, the Template table and the corresponding Template Definition
   table, the Export table, the Metering Process table and the
   Observation Point table.  Since the IPFIX architecture
   [I-D.ietf-ipfix-architecture] foresees the possibility of using
   filtering and/or sampling functions to reduce the data volume the MIB
   provides the basic objects for these functions with the Selector
   Table and a subtree for hooking standard filtering and sampling
   functions.

   All remaining objects contain statistical values for the different
   tables contained in the MIB.  Finally an entry point for extensions
   of the IPFIX MIB is given that can be used e.g. for the PSAMP MIB
   [I-D.ietf-psamp-mib].

   The following subsections describe all tables in the IPFIX MIB
   module.

5.1.  The Transport Session Table

   The Transport Session is the basis of the MIB.  The Transport Session
   table (ipfixTransportSessionTable) contains all Transport Sessions
   between Exporter and Collector.  The table specifies the layer 4
   protocol of the Transport Session and, depending on that protocol,
   further parameters for the Transport Session.  In case of UDP and TCP
   these are the source and destination address as well as the source
   and destination port.  For SCTP the table contains the SCTP Assoc Id
   which is the index for the SCTP association in the SCTP MIB
   [RFC3873].  The mode of operation of the device, i.e. if the
   Transport Session is used for collecting or exporting is given in the
   ipfixTransportSessionDeviceMode object.  Further on it contains the
   configured refresh parameters for Templates and Option Templates that
   are used across unreliable connections as UDP.  Finally a status of
   the Transport Session is given in the table.

   To illustrate the use of the above tables let us assume the following
   scenario: We have an Exporter on IP address 192.0.2.22 and a
   Collector on IP address 192.0.2.37.  The Exporter uses TCP to export
   Templates and Data Records.  The same Exporter also exports to a
   Collector with the IP address of 192.0.2.44.  This would lead to the
   following Transport Session Table on the Exporter:








Dietz, et al.          draft-ietf-ipfix-mib-06.txt              [Page 9]


Internet-Draft                  IPFIX MIB                     March 2009


    ipfixTransportSessionTable (2)
    |
    +- ipfixTransportSessionEntry (1)
       |
       +- index (5) (ipfixTransportSessionIndex)
       |  +- ipfixTrasportSessionIndex (1) = 5
       |  +- ipfixTransportSessionProtocol (2) = 6 (TCP)
       |  +- ipfixTransportSessionSourceAddressType (3) = 1 (ipv4)
       |  +- ipfixTransportSessionSourceAddress (4) = 192.0.2.22
       |  +- ipfixTransportSessionDestinationAddressType (5) = 1 (ipv4)
       |  +- ipfixTransportSessionDestinationAddress (6) = 192.0.2.37
       |  +- ipfixTransportSessionSourcePort (7) = 7653
       |  +- ipfixTransportSessionDestinationPort (8) = 4739
       |  +- ipfixTransportSessionSctpAssocId (9) = 0
       |  +- ipfixTransportSessionDeviceMode (10) = exporting(1)
       |  +- ipfixTransportSessionTemplateRefreshTimeout (11) = 0
       |  +- ipfixTransportSessionOptionTemplateRefreshTimeout (12) = 0
       |  +- ipfixTransportSessionTemplateRefreshPacket (13) = 0
       |  +- ipfixTransportSessionOptionTemplateRefreshPacket (14) = 0
       |  +- ipfixTransportSessionStatus (15) = 2 (active)
       .
       .
       .
       +- index (11) (ipfixTransportSessionIndex)
          +- ipfixTrasportSessionIndex (1) = 11
          +- ipfixTransportSessionProtocol (2) = 17 (UDP)
          +- ipfixTransportSessionSourceAddressType (3) = 1 (ipv4)
          +- ipfixTransportSessionSourceAddress (4) = 192.0.2.22
          +- ipfixTransportSessionDestinationAddressType (5) = 1 (ipv4)
          +- ipfixTransportSessionDestinationAddress (6) = 192.0.2.44
          +- ipfixTransportSessionSourcePort (7) = 14287
          +- ipfixTransportSessionDestinationPort (8) = 4739
          +- ipfixTransportSessionSctpAssocId (9) = 0
          +- ipfixTransportSessionDeviceMode (10) = exporting(1)
          +- ipfixTransportSessionTemplateRefreshTimeout (11) = 100
          +- ipfixTransportSessionOptionTemplateRefreshTimeout (12)
          |                                                     = 100
          +- ipfixTransportSessionTemplateRefreshPacket (13) = 10
          +- ipfixTransportSessionOptionTemplateRefreshPacket (14) = 10
          +- ipfixTransportSessionStatus (15) = 2 (active)

   The values in brackets are the OID numbers.  The Collectors would
   then have the same entry except that the index would most likely
   differ and the ipfixTransportSessionDeviceMode would be
   collecting(2).






Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 10]


Internet-Draft                  IPFIX MIB                     March 2009


5.2.  The Template Table

   The Template table lists all Templates (including Option Templates)
   that are sent (by an Exporter) or received (by a Collector).  The
   (Option) Templates are unique per Transport Session which also gives
   the device mode (Exporter or Collector) and Observation Domain, thus
   the table is indexed by

   o  the Transport Session Index (ipfixTransportSessionIndex)

   o  and the Observation Domain Id (ipfixTemplateObservationDomainId).

   It contains the Set Id and an Access Time denoting the time when the
   (Option) Template was last sent or received.

   To resume the above example the Exporter may want to export a
   Template and an Option Template for each Transport Session defined
   above.  This leads to the following Template Table defining Template
   and Option Template:
































Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 11]


Internet-Draft                  IPFIX MIB                     March 2009


    ipfixTemplateTable (3)
    |
    +- ipfixTemplateEntry (1)
       |
       +- index (5) (ipfixTransportSessionIndex)
       |  +- index (3) (ipfixTemplateObservationDomainId)
       |     + index (257) (ipfixTemplateId)
       |     | +- ipfixTemplateObservationDomainId (1) = 3
       |     | +- ipfixTemplateId (2) = 257
       |     | +- ipfixTemplateSetId (3) = 2
       |     | +- ipfixTemplateAccessTime (4)
       |     |                             = 2008-7-1,12:49:11.2,+2:0
       |     |
       |     + index (264) (ipfixTemplateId)
       |       +- ipfixTemplateObservationDomainId (1) = 3
       |       +- ipfixTemplateId (2) = 264
       |       +- ipfixTemplateSetId (3) = 3
       |       +- ipfixTemplateAccessTime (4)
       .                                   = 2008-7-1,12:47:04.8,+2:0
       .
       .
       .
       +- index (11) (ipfixTransportSessionIndex)
          +- index (3) (ipfixTemplateObservationDomainId)
             + index (273) (ipfixTemplateId)
             | +- ipfixTemplateObservationDomainId (1) = 3
             | +- ipfixTemplateId (2) = 273
             | +- ipfixTemplateSetId (3) = 2
             | +- ipfixTemplateAccessTime (4)
             |                             = 2008-7-1,12:49:11.2,+2:0
             |
             + index (289) (ipfixTemplateId)
               +- ipfixTemplateObservationDomainId (1) = 3
               +- ipfixTemplateId (2) = 289
               +- ipfixTemplateSetId (3) = 3
               +- ipfixTemplateAccessTime (4)
                                           = 2008-7-1,12:47:04.8,+2:0

   We assume that the Transport Session that is stored with index 5 in
   the Transport Session table of the Exporter is stored with index 17
   in the Transport Session table of the (corresponding) Collector.
   Then, the Template table would look as follows:









Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 12]


Internet-Draft                  IPFIX MIB                     March 2009


    ipfixTemplateTable (3)
    |
    +- ipfixTemplateEntry (1)
       |
       +- index (17) (ipfixTransportSessionIndex)
          +- index (3) (ipfixTemplateObservationDomainId)
             + index (257) (ipfixTemplateId)
             | +- ipfixTemplateObservationDomainId (1) = 3
             | +- ipfixTemplateId (2) = 257
             | +- ipfixTemplateSetId (3) = 2
             | +- ipfixTemplateAccessTime (4)
             |                             = 2008-7-1,12:49:11.8,+2:0
             |
             + index (264) (ipfixTemplateId)
               +- ipfixTemplateObservationDomainId (1) = 3
               +- ipfixTemplateId (2) = 264
               +- ipfixTemplateSetId (3) = 3
               +- ipfixTemplateAccessTime (4)
                                           = 2008-7-1,12:47:05.3,+2:0

   The table on the second Collector would be analog to the one shown
   above.

5.3.  The Template Definition Table

   The Template Definition table lists all the Information Elements
   contained in a Template or Option Template.  Therefore it has the
   same indexes as the corresponding Template table plus the Template
   Id.  Its own index denotes the order of the Information Element
   inside the Template if necessary.  Besides the Information Element Id
   and the length of the encoded value the table contains the enterprise
   number for enterprise specific Information Elements and flags for
   each Information Element.  The flags indicate if the Information
   Element is used for scoping or as a Flow key.

   To resume the above example again the Exporter is configured to
   export the octets received and dropped at the Observation Point since
   the last export of these values.  In addition it exports the start
   and end time of the flow relative to the timestamp contained in the
   IPFIX header.  This leads to the following Template Definition table
   on the Exporter:










Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 13]


Internet-Draft                  IPFIX MIB                     March 2009


    ipfixTemplateDefinitionTable (4)
    |
    +- ipfixTemplateDefinitionEntry (1)
       |
       +- index (5) (ipfixTransportSessionIndex)
          +- index (3) (ipfixTemplateObservationDomainId)
             + index (257) (ipfixTemplateId)
               +- index (1) (ipfixTemplateDefinitionIndex)
               |  +- ipfixTemplateDefinitionIndex (1) = 1
               |  +- ipfixTemplateDefinitionIeId (2) = 158
               |  |                      (flowStartDeltaMicroseconds)
               |  +- ipfixTemplateDefinitionIeLength (3) = 4
               |  +- ipfixTemplateDefinitionEnterprise (4) = 0
               |  +- ipfixTemplateDefinitionFlags (5) = 0
               |
               +- index (2) (ipfixTemplateDefinitionIndex)
               |  +- ipfixTemplateDefinitionIndex (1) = 2
               |  +- ipfixTemplateDefinitionIeId (2) = 159
               |  |                      (flowStartDeltaMicroseconds)
               |  +- ipfixTemplateDefinitionIeLength (3) = 4
               |  +- ipfixTemplateDefinitionEnterprise (4) = 0
               |  +- ipfixTemplateDefinitionFlags (5) = 0
               |
               +- index (3) (ipfixTemplateDefinitionIndex)
               |  +- ipfixTemplateDefinitionIndex (1) = 3
               |  +- ipfixTemplateDefinitionIeId (2) = 1
               |  |                                 (octetDeltaCount)
               |  +- ipfixTemplateDefinitionIeLength (3) = 8
               |  +- ipfixTemplateDefinitionEnterprise (4) = 0
               |  +- ipfixTemplateDefinitionFlags (5) = 0
               |
               +- index (4) (ipfixTemplateDefinitionIndex)
                  +- ipfixTemplateDefinitionIndex (1) = 4
                  +- ipfixTemplateDefinitionIeId (2) = 132
                  |                          (droppedOctetDeltaCount)
                  +- ipfixTemplateDefinitionIeLength (3) = 8
                  +- ipfixTemplateDefinitionEnterprise (5) = 0
                  +- ipfixTemplateDefinitionFlags (4) = 0

   The corresponding table entry on the collector is the same except
   that it would have another ipfixTransportSessionIndex, e.g. 17 to as
   in the previous example.

5.4.  The Export Table

   On Exporters, the Export table (ipfixExportTable) can be used to
   support features like failover, load-balancing, duplicate export to
   several Collectors etc.  The table has 5 indexes that link an entry



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 14]


Internet-Draft                  IPFIX MIB                     March 2009


   with

   o  the Metering Process table (ipfixMeteringProcessCacheId, see
      below),

   o  the Exported Template table (ipfixTemplateObservationDomainId and
      ipfixTemplateId)

   o  and the Transport Session table (ipfixTransportSessionIndex).

   Those entries with the same ipfixExportIndex, the same
   ipfixMeteringProcessCacheId and the same
   ipfixTemplateObservationDomainId define a Transport Session group.
   The member type for each group member describes its functionality.
   All Transport Sessions referenced in this table MUST have the
   ipfixTransportSessionMode exporting(1).

   If the Exporter does not use Transport Session grouping then each
   ipfixExportIndex contains a single ipfixMeteringProcessCacheId and
   thus a singe Transport Session (ipfixTransportSessionIndex) and this
   session MUST have the member type primary(1).

   For failover a Transport Session group can contain one Transport
   Session with member type "primary" and several Transport Sessions
   with type "secondary".  Entries with other member types are not
   allowed for that type of group.  For load-balancing or parallel
   export all Transport Sessions in the group MUST have the same member
   type either "loadBalancing" or "duplicate".

   The algorithms used for failover or load-balancing are out of the
   scope of this document.

   To continue the example we assume that the Exporter uses the two
   connections shown in the examples above as the primary export for a
   session protected by a secondary backup connection.  The Exporter
   then has the following entries in the ipfixExportTable:















Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 15]


Internet-Draft                  IPFIX MIB                     March 2009


    ipfixExportTable (5)
    |
    +- ipfixExportEntry (1)
       |
       +- index (9) (ipfixMeteringProcessCacheId)
       |  +- index (3) (ipfixTemplateObservationDomainId)
       |     +- index (257) (ipfixTemplateId)
       |     |  +- index (5) (ipfixTransportSessionIndex)
       |     |     +- index (7) (ipfixExportIndex)
       |     |        +- ipfixExportIndex (1) = 7
       |     |        +- ipfixExportMemberType (2) = 1 (primary)
       |     |
       |     +- index (273) (ipfixTemplateId)
       |        +- index (11) (ipfixTransportSessionIndex)
       |           +- index (7) (ipfixExportIndex)
       |              +- ipfixExportIndex (1) = 7
       |              +- ipfixExportMemberType (2) = 2 (secondary)
       |
       +- index (9) (ipfixMeteringProcessCacheId)
          +- index (3) (ipfixTemplateObservationDomainId)
             +- index (264) (ipfixTemplateId)
             |  +- index (5) (ipfixTransportSessionIndex)
             |  +- index (8) (ipfixExportIndex)
             |     +- ipfixExportIndex (1) = 8
             |     +- ipfixExportMemberType (2) = 2 (secondary)
             +- index (289) (ipfixTemplateId)
                +- index (11) (ipfixTransportSessionIndex)
                   +- index (8) (ipfixExportIndex)
                      +- ipfixExportIndex (1) = 8
                      +- ipfixExportMemberType (2) = 1 (primary)

   The example shows that the Exporter uses the Metering Cache 9
   explained below to export IPFIX Records for the Templates 257, 273,
   264 and 289.  Templates 257 and 264 are exported within Transport
   Session 5 and Templates 273 and 289 are exported within Transport
   Session 11.  If we assume that Templates 257 and 264 are identical
   then the Collector that receives Transport Session 11 is a backup for
   the Collector of Transport Session 5.

5.5.  The Metering Process Table

   The Metering Process as defined in [RFC5101] consists of a set of
   functions.  Maintaining the Flow Records is one of them.  This
   function is responsible for passing the Flow Records to the Exporting
   Process and also for detecting Flow expiration.  The Flow Records
   that are maintained by the Metering Process can be grouped by the
   Observation Points they are observed at.  The instance that maintains
   such a group of Flow Records is a kind of cache.  For this reason the



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 16]


Internet-Draft                  IPFIX MIB                     March 2009


   Metering Process table (ipfixMeteringProcessTable) is indexed by
   cache IDs (ipfixMeteringProcessCacheId).  Each cache can be
   maintained by a separate instance of the Metering Process which is
   represented by the Metering Process ID (ipfixMeteringProcessId).  To
   specify the Observation Point(s) where the Flow Records are gathered
   the ipfixMeteringProcessObservationPointGroupRef may contain an
   ipfixObservationPointGroupId from the Observation Point table
   (ipfixObservationPointTable) described in the next section.  If an
   Observation Point is not specified for the Flow Records the
   ipfixMeteringProcessObservationPointGroupRef MUST be zero(0).  The
   timeouts (ipfixMeteringProcessCacheActiveTimeout and
   ipfixMeteringProcessCacheInactiveTimeout) specify when Flow Records
   are passed to the Exporting Process.

    ipfixMeteringProcessTable(6)
    |
    +- ipfixMeteringProcessEntry(1)
       |
       +- index(9) (ipfixMeteringProcessCacheId)
          +- ipfixMeteringProcessCacheId(1) = 9
          +- ipfixMeteringProcessId(2) = 287
          +- ipfixMeteringProcessObservationPointGroupRef(3) = 17
          +- ipfixMeteringProcessCacheActiveTimeout(4) = 100
          +- ipfixMeteringProcessCacheInactiveTimeout(5) = 100

5.6.  The Observation Point Table

   The Observation Point Table (ipfixObservationPointTable) groups
   Observation Points with the ipfixObservationPointGroupId.  Each entry
   contains a reference to the ENTITY MIB [RFC4133].  The objects in the
   ENTITY MIB denote the Observation Point.  In addition a direction can
   be given to render more specific which Flow to monitor.



















Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 17]


Internet-Draft                  IPFIX MIB                     March 2009


    ipfixObservationPointTable(7)
    |
    +- ipfixObservationPointEntry(1)
       |
       +- index(17) (ipfixObservationPointGroupId)
          +- index(1) (ipfixObservationPointIndex)
          |  +- ipfixObservationPointGroupId(1) = 17
          |  +- ipfixObservationPointIndex(2) = 1
          |  +- ipfixObservationPointPhysicalEntity(3) = 6
          |  +- ipfixObservationPointPhysicalEntityDirection(4)
                                                             = 3 (both)
          |
          +- index(2)  (ipfixObservationPointIndex)
             +- ipfixObservationPointGroupId(1) = 17
             +- ipfixObservationPointIndex(2) = 2
             +- ipfixObservationPointPhysicalEntity(3) = 0
             +- ipfixObservationPointPhysicalEntityDirection(4)
                                                           = 1 (ingress)

5.7.  The Selector Table

   This table supports the usage of filtering and sampling functions as
   described in [I-D.ietf-ipfix-architecture].  The implementation and
   use of this table is optional.  If implemented it contains lists of
   functions per Metering Process cache (ipfixMeteringProcessCacheId).
   The Selector Index indicates the order of the functions i.e, the
   order in that the functions are applied to the packets observed at
   the Observation Points associated with the Metering Process cache.
   The functions are referred by object identifiers pointing to the
   function with its parameters.  If the table is implemented and no
   filtering or sampling is used for a Template then an entry for the
   Template should be created pointing to the Select All function
   (ipfixFuncSelectAll).

5.8.  The Selector Functions

   The subtree ipfixSelectorFunctions is a placeholder where all
   standard filtering and sampling functions should be located (if any)
   and is mainly built for extensibility in future versions.  It
   currently contains the Select All functions (ipfixFuncSelectAll).

   A future extension could produce e.g., the MIB tree shown in the
   following figure:








Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 18]


Internet-Draft                  IPFIX MIB                     March 2009


    ipfixSelectorFunctions
    |
    +- ipfixFuncSelectAll
    |  |
    |  +- ipfixFuncSelectAllAvail (is the function available?)
    |
    +- ipfixFuncF2
    |  |
    |  +- ipfixFuncF2Avail (is the function F2 available)
    |  |
    |  +- ipfixFuncF2Parameters (a table with parameters)
    ...
    |
    +- ipfixFunFn...

   If a Selector Function takes parameters the MIB should contain a
   table with an entry for each set of parameters used at the Exporter.
   In this way a future extension could point to an entry in that table
   to indicate both the used Selector Function as well as the parameters
   used for that function.

5.9.  The Statistical Tables

   For the ipfixTransportSessionTable, the ipfixTemplateTable, the
   ipfixMeteringProcessTable and the ipfixSelectorTable statistical
   tables are defined that augment those tables.  All the statistical
   tables contain a discontinuity object that hold a timestamp that
   denotes the time when a discontinuity event occurred to notify the
   management system that the counters contained in those tables might
   not be continuous anymore.

5.9.1.  The Transport Session Statistical Table

   The Transport Session Statistical Table
   (ipfixTransportSessionStatsTable) augments the
   ipfixTransportSessionTable with statistical values.  It contains the
   rate (in bytes per second) with which it receives or sends out IPFIX
   Messages, the number of bytes, packets, messages, Records, Templates
   and Option Templates received or sent and the number of messages that
   were discarded.

5.9.2.  The Template Statistical Table

   This table contains a statistical value for each Template.  It
   augments the Template Table (ipfixTemplateTable) and specifies the
   number of Data Records exported or collected for the Template.





Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 19]


Internet-Draft                  IPFIX MIB                     March 2009


5.9.3.  The Metering Process Statistical Table

   This table augments the Metering Process Table
   (ipfixMeteringProcessTable).  It contains the statistical values for
   the IPFIX Messages and Data Records exported, the number of errors
   that occurred in the Metering Process and the number of active and
   inactive flows that are currently observed.

5.9.4.  The Selector Statistical Table

   This table augments the Selector Table (ipfixSelectorTable) and
   introduces two generic statistical values, the number of packets
   observed and the number of packets dropped by the selector function.






































Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 20]


Internet-Draft                  IPFIX MIB                     March 2009


6.  Relationship to Other MIB Modules

   Besides the usual imports from the SNMP Standards [RFC2578],
   [RFC2579] and [RFC2580] the IPFIX MIB references the ENTITY MIB
   [RFC4133].

6.1.  Relationship to the ENTITY MIB

   The Observation Point table (ipfixObservationPointTable) contains a
   reference to the ENTITY MIB[RFC4133]
   (ipfixObservationPointPhysicalEntity).  If the implementors of the
   IPFIX MIB want to specify the physical entity where Flows are
   observed (if that is possible at all) then they SHOULD also implement
   the ENTITY MIB.  The implementation of the ENTITY MIB is optional.
   If it is not implemented then all values of the
   ipfixObservationPointPhysicalEntity columns in the Observation Point
   table are zero and the values of the
   ipfixObservationPointPhysicalEntityDirection columns are unknown(0).

6.2.  MIB modules required for IMPORTS

   The IPFIX MIB requires the modules SNMPv2-SMI[RFC2578], SNMPv2-
   TC[RFC2579] and SNMPv2-CONF[RFC2580].  Further on it imports the
   textual conventions InetAddressType and InetAddress from the INET
   ADDRESS MIB[RFC4001].


























Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 21]


Internet-Draft                  IPFIX MIB                     March 2009


7.  MIB Definitions

   This section contains the definitions of the IPFIX-MIB module.  There
   are different mandatory groups defined for Collector and Exporter
   implementations.  The statistical objects are made optional.

   IPFIX-MIB DEFINITIONS ::= BEGIN

   IMPORTS
       MODULE-IDENTITY, OBJECT-TYPE, mib-2, Unsigned32, Counter64,
       Gauge32
           FROM SNMPv2-SMI                                -- RFC2578
       TimeStamp, TruthValue, DateAndTime
           FROM SNMPv2-TC                                 -- RFC2579
       MODULE-COMPLIANCE, OBJECT-GROUP
           FROM SNMPv2-CONF                               -- RFC2580
       InetAddressType, InetAddress, InetPortNumber
           FROM INET-ADDRESS-MIB                          -- RFC4001
       PhysicalIndexOrZero
           FROM ENTITY-MIB;                               -- RFC4133

   ipfixMIB MODULE-IDENTITY
       LAST-UPDATED "200903060900Z"         -- 06 March 2009
       ORGANIZATION "IETF IPFIX Working Group"
       CONTACT-INFO
           "WG charter:
             http://www.ietf.org/html.charters/ipfix-charter.html

           Mailing Lists:
             General Discussion: ipfix@ietf.org
             To Subscribe: http://www1.ietf.org/mailman/listinfo/ipfix
             Archive:
         http://www1.ietf.org/mail-archive/web/ipfix/current/index.html

           Editor:
             Thomas Dietz
             NEC Europe Ltd.
             NEC Laboratories Europe
             Network Research Division
             Kurfuersten-Anlage 36
             69115 Heidelberg
             Germany
             Phone: +49 6221 4342-128
             Email: Thomas.Dietz@nw.neclab.eu

             Atsushi Kobayashi
             NTT Information Sharing Platform Laboratories
             3-9-11 Midori-cho



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 22]


Internet-Draft                  IPFIX MIB                     March 2009


             Musashino-shi
             180-8585
             Japan
             Phone: +81-422-59-3978
             Email: akoba@nttv6.net

             Benoit Claise
             Cisco Systems, Inc.
             De Kleetlaan 6a b1
             Degem 1831
             Belgium
             Phone:  +32 2 704 5622
             Email: bclaise@cisco.com"
       DESCRIPTION
           "The IPFIX MIB defines managed objects for IP Flow
           Information eXport. These objects provide information about
           managed nodes supporting the IP Flow Information Export
           protocol, for Exporters as well as for Collectors.

           Copyright (C) The IETF Trust (2008). This version
           of this MIB module is part of RFC yyyy; see the RFC itself
           for full legal notices."
   -- replace yyyy with actual RFC number & remove this notice

   --  Revision history

       REVISION     "200903060900Z"         -- 06 March 2009
       DESCRIPTION
           "Initial version, published as RFC yyyy."
   -- replace yyyy with actual RFC number & remove this notice

       ::= { mib-2 xxx }
   -- xxx to be assigned by IANA.

   --******************************************************************
   -- Top Level Structure of the MIB
   --******************************************************************

   ipfixObjects     OBJECT IDENTIFIER ::= { ipfixMIB 1 }
   ipfixConformance OBJECT IDENTIFIER ::= { ipfixMIB 2 }

   ipfixMainObjects OBJECT IDENTIFIER ::= { ipfixObjects 1 }
   ipfixExtensions  OBJECT IDENTIFIER ::= { ipfixObjects 2 }
   ipfixStatistics  OBJECT IDENTIFIER ::= { ipfixObjects 3 }

   --==================================================================
   -- 1.1: Objects used by all IPFIX implementations
   --==================================================================



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 23]


Internet-Draft                  IPFIX MIB                     March 2009


   --------------------------------------------------------------------
   -- 1.1.1: Exporter Version
   --------------------------------------------------------------------
   ipfixExportVersion OBJECT-TYPE
       SYNTAX      Unsigned32 (0..65535)
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "On Exporters the object contains the version number of the
           IPFIX Protocol that the Exporter uses to export its data.

           On Collectors the object contains the highest version
           number of all IPFIX Protocols understood by the Collector."
       REFERENCE
           "[RFC5101] Section 3.1 - Specification of the IP Flow
           Information Export (IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information"
       ::= { ipfixMainObjects 1 }

   --------------------------------------------------------------------
   -- 1.1.2: Transport Session Table
   --------------------------------------------------------------------
   ipfixTransportSessionTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixTransportSessionEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists the currently established Transport
           Sessions between an Exporting Process and a Collecting
           Process."
       ::= { ipfixMainObjects 2 }

   ipfixTransportSessionEntry OBJECT-TYPE
       SYNTAX      IpfixTransportSessionEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixTransportSessionTable"
       INDEX       { ipfixTransportSessionIndex }
       ::= { ipfixTransportSessionTable 1 }

   IpfixTransportSessionEntry ::=
       SEQUENCE {
          ipfixTransportSessionIndex                  Unsigned32,
          ipfixTransportSessionProtocol               Unsigned32,
          ipfixTransportSessionSourceAddressType      InetAddressType,
          ipfixTransportSessionSourceAddress          InetAddress,
          ipfixTransportSessionDestinationAddressType InetAddressType,



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 24]


Internet-Draft                  IPFIX MIB                     March 2009


          ipfixTransportSessionDestinationAddress     InetAddress,
          ipfixTransportSessionSourcePort             InetPortNumber,
          ipfixTransportSessionDestinationPort        InetPortNumber,
          ipfixTransportSessionSctpAssocId            Unsigned32,
          ipfixTransportSessionDeviceMode             INTEGER,
          ipfixTransportSessionTemplateRefreshTimeout Unsigned32,
          ipfixTransportSessionOptionTemplateRefreshTimeout Unsigned32,
          ipfixTransportSessionTemplateRefreshPacket  Unsigned32,
          ipfixTransportSessionOptionTemplateRefreshPacket Unsigned32,
          ipfixTransportSessionStatus                 INTEGER
       }

   ipfixTransportSessionIndex OBJECT-TYPE
       SYNTAX      Unsigned32 (1..4294967295)
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Locally arbitrary, but unique identifier of an entry in
           the ipfixTransportSessionTable. The value is expected to
           remain constant from a re-initialization of the entity's
           network management agent to the next re-initialization."
       ::= { ipfixTransportSessionEntry 1 }

   ipfixTransportSessionProtocol OBJECT-TYPE
       SYNTAX      Unsigned32 (1..255)
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The transport protocol used for receiving or transmitting
           IPFIX Messages. Protocol numbers are assigned by IANA.  A
           current list of all assignments is available from
           <http://www.iana.org/>."
       REFERENCE
           "[RFC5101] Section 10 - Specification of the IP Flow
           Information Export(IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information"
       ::= { ipfixTransportSessionEntry 2 }

   ipfixTransportSessionSourceAddressType OBJECT-TYPE
       SYNTAX      InetAddressType
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The type of address used for the source address
           as specified in RFC4001. This object is used with protocols
           (specified in ipfixTransportSessionProtocol) like TCP(6)
           and UDP(17) that have the notion of addresses. SCTP(132)
           should use the ipfixTransportSessionSctpAssocId instead.



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 25]


Internet-Draft                  IPFIX MIB                     March 2009


           If SCTP(132) or any other protocol without the notion of
           addresses is used the object MUST  be set to unknown(0)."
       ::= { ipfixTransportSessionEntry 3 }

   ipfixTransportSessionSourceAddress OBJECT-TYPE
       SYNTAX      InetAddress
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The source address of the Exporter of the IPFIX Transport
           Session. This value is interpreted according to the value of
           ipfixTransportSessionAddressType as specified in RFC4001.
           This object is used with protocols (specified in
           ipfixTransportSessionProtocol) like TCP(6) and UDP(17) that
           have the notion of addresses. SCTP(132) should use the
           ipfixTransportSessionSctpAssocId instead. If SCTP(132) or
           any other protocol without the notion of addresses is used
           the object MUST  be set to a zero-length string."
       ::= { ipfixTransportSessionEntry 4 }

   ipfixTransportSessionDestinationAddressType OBJECT-TYPE
       SYNTAX      InetAddressType
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The type of address used for the destination address
           as specified in RFC4001. This object is used with protocols
           (specified in ipfixTransportSessionProtocol) like TCP(6)
           and UDP(17) that have the notion of addresses. SCTP(132)
           should use the ipfixTransportSessionSctpAssocId instead.
           If SCTP(132) or any other protocol without the notion of
           addresses is used the object MUST  be set to unknown(0)."
       ::= { ipfixTransportSessionEntry 5 }

   ipfixTransportSessionDestinationAddress OBJECT-TYPE
       SYNTAX      InetAddress
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The destination address of the Collector of the IPFIX
           Transport Session. This value is interpreted according to
           the value of ipfixTransportSessionAddressType as specified
           in RFC4001. This object is used with protocols
           (specified in ipfixTransportSessionProtocol) like TCP(6)
           and UDP(17) that have the notion of addresses. SCTP(132)
           should use the ipfixTransportSessionSctpAssocId instead.
           If SCTP(132) or any other protocol without the notion of
           addresses is used the object MUST  be set to a zero-length



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 26]


Internet-Draft                  IPFIX MIB                     March 2009


           string"
       ::= { ipfixTransportSessionEntry 6 }

   ipfixTransportSessionSourcePort OBJECT-TYPE
       SYNTAX      InetPortNumber
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The transport protocol port number of the Exporter.
           This object is used with protocols (specified in
           ipfixTransportSessionProtocol) like TCP(6)
           and UDP(17) that have the notion of ports. SCTP(132)
           should use the ipfixTransportSessionSctpAssocId instead.
           If SCTP(132) or any other protocol without the notion of
           ports is used the object MUST  be set to zero."
       ::= { ipfixTransportSessionEntry 7 }

   ipfixTransportSessionDestinationPort OBJECT-TYPE
       SYNTAX      InetPortNumber
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The transport protocol port number of the Collector. The
           default value is 4739 for all currently defined transport
           protocol types. This object is used with protocols
           (specified in ipfixTransportSessionProtocol) like TCP(6)
           and UDP(17) that have the notion of ports. SCTP(132)
           should use the ipfixTransportSessionSctpAssocId instead.
           If SCTP(132) or any other protocol without the notion of
           ports is used the object MUST  be set to zero."
       ::= { ipfixTransportSessionEntry 8 }

   ipfixTransportSessionSctpAssocId OBJECT-TYPE
       SYNTAX      Unsigned32
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The association id used for the SCTP session between the
           Exporter and the Collector of the IPFIX Transport Session.
           It is equal to the sctpAssocIdentry in the sctpAssocTable
           defined in the SCTP MIB. This object is only valid if
           ipfixTransportSessionProtocol has the value 132 (SCTP). In
           all other cases the value MUST be zero."
       REFERENCE
           "[RFC3871] - Stream Control Transmission Protocol (SCTP)
           Management Information Base (MIB)"
       ::= { ipfixTransportSessionEntry 9 }




Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 27]


Internet-Draft                  IPFIX MIB                     March 2009


   ipfixTransportSessionDeviceMode OBJECT-TYPE
       SYNTAX      INTEGER {
                       exporting(1),
                       collecting(2)
                   }
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The mode of operation of the device for the given Transport
           Session. This object can have the following values:

           exporting(1)
               This value MUST be used if the Transport Session is
               used for exporting Records to other IPFIX Devices,
               i.e. this device acts as Exporter.

           collecting(2)
               This value MUST be used if the Transport Session is
               used for collecting Records from other IPFIX Devices,
               i.e. this device acts as Collector."
       ::= { ipfixTransportSessionEntry 10 }

   ipfixTransportSessionTemplateRefreshTimeout OBJECT-TYPE
       SYNTAX      Unsigned32
       UNITS       "seconds"
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "On Exporters this object contains the time in seconds
           after which IPFIX Templates MUST be resent by the
           Exporter.

           On Collectors this object contains the lifetime in seconds
           after which a Template becomes invalid when it is not
           received again within this lifetime.

           This object is only valid if ipfixTransportSessionProtocol
           has the value 17 (UDP). In all other cases the value MUST
           be zero."
       REFERENCE
           "[RFC5101] Sections 10.3.6 and 10.3.7 - Specification of
           the IP Flow Information Export(IPFIX) Protocol for the
           Exchange of IP Traffic Flow Information"
       ::= { ipfixTransportSessionEntry 11 }

   ipfixTransportSessionOptionTemplateRefreshTimeout OBJECT-TYPE
       SYNTAX      Unsigned32
       UNITS       "seconds"



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 28]


Internet-Draft                  IPFIX MIB                     March 2009


       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "On Exporters this object contains the time in seconds
           after which IPFIX Option Templates MUST be resent by the
           Exporter.

           On Collectors this object contains the lifetime in seconds
           after which an Option Template becomes invalid when it is
           not received again within this lifetime.

           This object is only valid if ipfixTransportSessionProtocol
           has the value 17 (UDP). In all other cases the value MUST
           be zero."
       REFERENCE
           "[RFC5101] Sections 10.3.6 and 10.3.7 - Specification of
           the IP Flow Information Export(IPFIX) Protocol for the
           Exchange of IP Traffic Flow Information"
       ::= { ipfixTransportSessionEntry 12 }

   ipfixTransportSessionTemplateRefreshPacket OBJECT-TYPE
       SYNTAX      Unsigned32
       UNITS       "packets"
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "On Exporters this object contains the number of exported
           IPFIX Messages after which IPFIX Templates MUST be resent
           by the Exporter.

           On Collectors this object contains the lifetime in number
           of exported IPFIX Messages after which a Template becomes
           invalid when it is not received again within this lifetime.

           This object is only valid if ipfixTransportSessionProtocol
           has the value 17 (UDP). In all other cases the value MUST
           be zero."
       REFERENCE
           "[RFC5101] Sections 10.3.6 and 10.3.7 - Specification of
           the IP Flow Information Export(IPFIX) Protocol for the
           Exchange of IP Traffic Flow Information"
       ::= { ipfixTransportSessionEntry 13 }

   ipfixTransportSessionOptionTemplateRefreshPacket OBJECT-TYPE
       SYNTAX      Unsigned32
       UNITS       "packets"
       MAX-ACCESS  read-only
       STATUS      current



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 29]


Internet-Draft                  IPFIX MIB                     March 2009


       DESCRIPTION
           "On Exporters this object contains the number of exported
           IPFIX Messages after which IPFIX Option Templates MUST be
           resent by the Exporter.

           On Collectors this object contains the lifetime in number
           of exported IPFIX Messages after which an Option Template
           becomes invalid when it is not received again within this
           lifetime.

           This object is only valid if ipfixTransportSessionProtocol
           has the value 17 (UDP). In all other cases the value MUST
           be zero."
       REFERENCE
           "[RFC5101] Sections 10.3.6 and 10.3.7 - Specification of
           the IP Flow Information Export(IPFIX) Protocol for the
           Exchange of IP Traffic Flow Information"
       ::= { ipfixTransportSessionEntry 14 }

   ipfixTransportSessionStatus OBJECT-TYPE
       SYNTAX      INTEGER {
                       unknown(0),
                       inactive(1),
                       active(2)
                   }
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The status of a Transport Session. This object can have the
           following values:

           unknown(0)
               This value MUST be used if the status of the
               connection cannot be detected by the equipment. This
               value should be avoided as far as possible.

           inactive(1)
               This value MUST be used for Transport Sessions that
               are specified in the system but not currently connected.
               The value can be used e.g. for Transport Sessions that
               are backup (secondary) sessions in a Transport Session
               group.

           active(2)
               This value MUST be used for Transport Sessions that are
               currently connected and transmitting or receiving data."
       ::= { ipfixTransportSessionEntry 15 }




Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 30]


Internet-Draft                  IPFIX MIB                     March 2009


   --------------------------------------------------------------------
   -- 1.1.3: Template Table
   --------------------------------------------------------------------
   ipfixTemplateTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixTemplateEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists the Templates and Option Templates that
           are transmitted by the Exporting Process or received by the
           Collecting Process.

           The table contains the Templates and Option Templates that
           are received or used for exporting data for a given
           Transport Session group and Observation Domain.

           When an (Option) Template is no longer valid because
           the Exporter failed to retransmit it (see
           ipfixTemplateAccessTime)it MUST be removed from this table."
       ::= { ipfixMainObjects 3 }

   ipfixTemplateEntry OBJECT-TYPE
       SYNTAX      IpfixTemplateEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixTemplateTable"
       INDEX       {
           ipfixTransportSessionIndex,
           ipfixTemplateObservationDomainId,
           ipfixTemplateId
       }
       ::= { ipfixTemplateTable 1 }

   IpfixTemplateEntry ::=
       SEQUENCE {
           ipfixTemplateObservationDomainId Unsigned32,
           ipfixTemplateId                  Unsigned32,
           ipfixTemplateSetId               Unsigned32,
           ipfixTemplateAccessTime          DateAndTime
       }

   ipfixTemplateObservationDomainId OBJECT-TYPE
       SYNTAX      Unsigned32
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The ID of the Observation Domain to which the Observation



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 31]


Internet-Draft                  IPFIX MIB                     March 2009


           Points of this group belong to. This value is used when
           sending IPFIX Messages.

           The special value of 0 indicates that the Observation Points
           in this group cannot be applied to a single Observation
           Domain."
       REFERENCE
           "[RFC5101] Section 3.1 - Specification of the IP Flow
           Information Export (IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information"
       ::= { ipfixTemplateEntry 1 }

   ipfixTemplateId OBJECT-TYPE
       SYNTAX      Unsigned32 (256..65535)
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This number indicates the Template Id in the IPFIX
           message. Values from 0 to 255 are not allowed for Template
           Ids."
       REFERENCE
           "[RFC5101] Section 3.4.1 - Specification of the IP Flow
           Information Export (IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information"
       ::= { ipfixTemplateEntry 2 }

   ipfixTemplateSetId OBJECT-TYPE
       SYNTAX      Unsigned32 (1..65535)
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "This number indicates the set id of the Template. This
           object allows to easily retrieve the Template type.

           Currently there are two values defined. The value 2 is
           used for Sets containing Template definitions. The value 3
           is used for Sets containing Option Template definitions. A
           value greater than 255 is used for Sets containing Data
           Records for the (Option) Template Id given by the Set Id."
       REFERENCE
           "[RFC5101] Section 3.3.2 - Specification of the IP Flow
           Information Export (IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information"
       ::= { ipfixTemplateEntry 3 }

   ipfixTemplateAccessTime OBJECT-TYPE
       SYNTAX      DateAndTime
       MAX-ACCESS  read-only



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 32]


Internet-Draft                  IPFIX MIB                     March 2009


       STATUS      current
       DESCRIPTION
           "If the Transport Session is in exporting mode
           (ipfixTransportSessionMode) the time when this (Option)
           Template was last sent to the Collector(s). This time is
           used if the transport protocol is UDP to know when a
           retransmission of the (Option) Template is needed.

           If it is in collecting mode it this object contains the time
           when this (Option) Template was last received from the
           Exporter. This time is used if the transport protocol is UDP
           to know when this (Option) Template times out and thus is no
           longer valid."
       ::= { ipfixTemplateEntry 4 }

   --------------------------------------------------------------------
   -- 1.1.4: Exported Template Definition Table
   --------------------------------------------------------------------
   ipfixTemplateDefinitionTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixTemplateDefinitionEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "On Exporters this table lists the (Option) Template Fields
           of which a (Option) Template is defined. It defines the
           (Option) Template given in the ipfixTemplateId specified in
           the ipfixTemplateTable.

           On Collectors this table lists the (Option) Template Fields
           of which a (Option) Template is defined. It defines the
           (Option) Template given in the ipfixTemplateId specified in
           the ipfixTemplateTable."
       ::= { ipfixMainObjects 4 }

   ipfixTemplateDefinitionEntry OBJECT-TYPE
       SYNTAX      IpfixTemplateDefinitionEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixTemplateDefinitionTable"
       INDEX       {
           ipfixTransportSessionIndex,
           ipfixTemplateObservationDomainId,
           ipfixTemplateId,
           ipfixTemplateDefinitionIndex
       }
       ::= { ipfixTemplateDefinitionTable 1 }




Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 33]


Internet-Draft                  IPFIX MIB                     March 2009


   IpfixTemplateDefinitionEntry ::=
       SEQUENCE {
           ipfixTemplateDefinitionIndex      Unsigned32,
           ipfixTemplateDefinitionIeId       Unsigned32,
           ipfixTemplateDefinitionIeLength   Unsigned32,
           ipfixTemplateDefinitionEnterprise Unsigned32,
           ipfixTemplateDefinitionFlags      BITS
       }

   ipfixTemplateDefinitionIndex OBJECT-TYPE
       SYNTAX      Unsigned32 (1..65535)
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "The ipfixTemplateDefinitionIndex specifies the order in
           which the Information Elements are used in the (Option)
           Template Record.

           Since a IPFIX Message can contain a maximum of 65535
           Information Elements the index is limited to this value."
       REFERENCE
           "[RFC5101] Section 3.4.1 and 3.4.2 - Specification of the
           IP Flow Information Export (IPFIX) Protocol for the
           Exchange of IP Traffic Flow Information"
       ::= { ipfixTemplateDefinitionEntry 1 }

   ipfixTemplateDefinitionIeId OBJECT-TYPE
       SYNTAX      Unsigned32 (1..65535)
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "This indicates the Information Element Id at position
           ipfixTemplateDefinitionIndex in the (Option) Template
           ipfixTemplateId. This implicitly specifies the data type
           of the Information Element. The elements are registered
           at IANA. A current list of assignments can be found at
           <http://www.iana.org/assignments/ipfix>"
       REFERENCE
           "[RFC5101] Section 3.2 - Specification of the IP Flow
           Information Export (IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information

           [RFC5102] - Information Model for IP Flow Information Export"
       ::= { ipfixTemplateDefinitionEntry 2 }

   ipfixTemplateDefinitionIeLength OBJECT-TYPE
       SYNTAX      Unsigned32 (0..65535)
       MAX-ACCESS  read-only



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 34]


Internet-Draft                  IPFIX MIB                     March 2009


       STATUS      current
       DESCRIPTION
           "This indicates the length of the Information Element Id at
           position ipfixTemplateDefinitionIndex in the (Option)
           Template ipfixTemplateId."
       REFERENCE
           "[RFC5101] Section 3.2 - Specification of the IP Flow
           Information Export (IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information

           [RFC5102] - Information Model for IP Flow Information Export"
       ::= { ipfixTemplateDefinitionEntry 3 }

   ipfixTemplateDefinitionEnterprise OBJECT-TYPE
       SYNTAX      Unsigned32
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "IANA enterprise number of the authority defining the
           Information Element identifier in this Template Record.
           Enterprise numbers are assigned by IANA.  A current list of
           all assignments is available from
           <http://www.iana.org/assignments/enterprise-numbers/>."
       REFERENCE
           "[RFC5101] Section 3.2 - Specification of the IP Flow
           Information Export (IPFIX) Protocol for the Exchange of IP
           Traffic Flow Information

           [RFC5102] - Information Model for IP Flow Information Export"
       ::= { ipfixTemplateDefinitionEntry 4 }

   ipfixTemplateDefinitionFlags OBJECT-TYPE
       SYNTAX      BITS {
                       scope(0),
                       flowKey(1)
                   }
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "This bitmask indicates special attributes for the
           Information Element:

           scope(0)
               This Information Element is used for scope.

           flowKey(1)
               This Information Element is a Flow key.




Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 35]


Internet-Draft                  IPFIX MIB                     March 2009


           Thus we get the following values for an Information Element:

           '0'H
               The Information Element is neither used for scoping nor
               as Flow Key.
           '1'H (scope)
               The Information Element is used for scoping.
           '2'H (flowKey)
               The Information Element is used as Flow Key.
           '3'H (scope | flowKey)
               This combination is not allowed."
       REFERENCE
           "[RFC5101] Section 2 and 3.4.2.1 - Specification of the IP
           Flow Information Export (IPFIX) Protocol for the Exchange
           of IP Traffic Flow Information

           [RFC5102] - Information Model for IP Flow Information Export"
       ::= { ipfixTemplateDefinitionEntry 5 }

   --------------------------------------------------------------------
   -- 1.1.5: Export Table
   --------------------------------------------------------------------
   ipfixExportTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixExportEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists all exports of an IPFIX device.

           On Exporters this table contains all exports grouped by
           Transport Session, Observation Domain Id, Template Id and
           Metering Process represented by the
           ipfixMeteringProcessCacheId. Thanks to the ipfixExportIndex
           the exports can group one or more Transport Sessions to
           achieve a special functionality like failover management,
           load-balancing etc. The entries with the same
           ipfixExportIndex, the same ipfixObservationDomainId
           and the same ipfixMeteringProcessCacheId define a Transport
           Session group. If the Exporter does not use Transport
           Session grouping then each ipfixExportIndex contains a
           single ipfixMeteringProcessCacheId and thus a singe
           Transport Session and this session MUST have the member
           type primary(1). Transport Sessions referenced in this
           table MUST have the ipfixTransportSessionMode exporting(1).

           On Collectors this table is not needed."
       ::= { ipfixMainObjects 5 }




Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 36]


Internet-Draft                  IPFIX MIB                     March 2009


   ipfixExportEntry OBJECT-TYPE
       SYNTAX      IpfixExportEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixExportTable"
       INDEX       {
           ipfixMeteringProcessCacheId,
           ipfixTemplateObservationDomainId,
           ipfixTemplateId,
           ipfixTransportSessionIndex,
           ipfixExportIndex
       }
       ::= { ipfixExportTable 1 }

   IpfixExportEntry ::=
       SEQUENCE {
          ipfixExportIndex      Unsigned32,
          ipfixExportMemberType INTEGER
       }

   ipfixExportIndex OBJECT-TYPE
       SYNTAX      Unsigned32 (1..4294967295)
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Locally arbitrary, but unique identifier of an entry in
           the ipfixExportTable. The value is expected
           to remain constant from a re-initialization of the entity's
           network management agent to the next re-initialization.

           A common ipfixExportIndex between two entries from this
           table expresses that there is a relationship between the
           Transport Sessions in ipfixTransportSessionIndex. The type
           of relationship is expressed by the value of
           ipfixExportMemberType."
       ::= { ipfixExportEntry 1 }

   ipfixExportMemberType OBJECT-TYPE
       SYNTAX      INTEGER {
                       unknown(0),
                       primary(1),
                       secondary(2),
                       duplicate(3),
                       loadBalancing(4)
                   }
       MAX-ACCESS  read-only
       STATUS      current



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 37]


Internet-Draft                  IPFIX MIB                     March 2009


       DESCRIPTION
           "The type of a member Transport Session in a Transport
           Session group (identified by the value of ipfixExportIndex,
           ipfixObservationDomainId and ipfixMeteringProcessCacheId).
           The following values are valid:

           unknown(0)
               This value MUST be used if the status of the group
               membership cannot be detected by the equipment. This
               value should be avoided as far as possible.

           primary(1)
               This value is used for a group member that is used as
               the primary target of an Exporter. Other group members
               (with the same ipfixExportIndex and
               ipfixMeteringProcessCacheId) MUST NOT have the value
               primary(1) but MUST have the value secondary(2).
               This value MUST also be specified if the Exporter does
               not support Transport Session grouping.In this case the
               group contains only one Transport Session.

           secondary(2)
               This value is used for a group member that is used as a
               secondary target of an Exporter. The Exporter will use
               one of the targets specified as secondary(2) within the
               same Transport Session group when the primary target is
               not reachable.

           duplicate(3)
               This value is used for a group member that is used for
               duplicate exporting i.e., all group members identified
               by the ipfixExportIndex are exporting the same Records
               in parallel. This implies that all group members MUST
               have the the same membertype duplicate(3).

           loadBalancing(4)
               This value is used for a group member that is used as
               as one target for load-balancing. This means that a
               Record is sent to one of the group members in this
               group identified by ipfixExportIndex.
               This implies that all group members MUST have the same
               membertype load-balancing(4)."
       ::= { ipfixExportEntry 2 }

   --------------------------------------------------------------------
   -- 1.1.6: Metering Process Table
   --------------------------------------------------------------------
   ipfixMeteringProcessTable  OBJECT-TYPE



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 38]


Internet-Draft                  IPFIX MIB                     March 2009


       SYNTAX      SEQUENCE OF IpfixMeteringProcessEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists so called caches used at the Metering
           Process to store the metering data of Flows observed at
           the Observation Points given in the
           ipfixObservationPointGroupReference. The table lists the
           timeouts that specify when the cached metering data is
           exported as a Flow Record by the Templates linked to this
           entry.

           On Collectors the table is not needed."
       ::= { ipfixMainObjects 6 }

   ipfixMeteringProcessEntry OBJECT-TYPE
       SYNTAX      IpfixMeteringProcessEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixMeteringProcessTable."
       INDEX       { ipfixMeteringProcessCacheId }
       ::= { ipfixMeteringProcessTable 1 }

   IpfixMeteringProcessEntry ::=
       SEQUENCE {
           ipfixMeteringProcessCacheId              Unsigned32,
           ipfixMeteringProcessId                   Unsigned32,
           ipfixMeteringProcessObservationPointGroupRef Unsigned32,
           ipfixMeteringProcessCacheActiveTimeout   Unsigned32,
           ipfixMeteringProcessCacheInactiveTimeout Unsigned32
       }

   ipfixMeteringProcessCacheId OBJECT-TYPE
       SYNTAX      Unsigned32 (1..4294967295)
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Locally arbitrary, but unique identifier of an entry in the
           ipfixMeterinProcessTable. The value is expected to remain
           constant from a re-initialization of the entity's network
           management agent to the next re-initialization."
       ::= { ipfixMeteringProcessEntry 1 }

   ipfixMeteringProcessId OBJECT-TYPE
       SYNTAX      Unsigned32 (1..4294967295)
       MAX-ACCESS  read-only
       STATUS      current



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 39]


Internet-Draft                  IPFIX MIB                     March 2009


       DESCRIPTION
           "The Metering Process Id to which the given cache belongs
           to. How this value is chosen is implementation dependent."
       ::= { ipfixMeteringProcessEntry 2 }

   ipfixMeteringProcessObservationPointGroupRef OBJECT-TYPE
       SYNTAX      Unsigned32
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The Observation Point Group Id that links this table entry
           to the ipfixObservationPointTable. The matching
           ipfixObservationPointGroupId in that table gives the
           Observation Points used in that cache. If the Observation
           Points are unknown the
           ipfixMeteringProcessObservationPointGroupRef MUST be zero."
       ::= { ipfixMeteringProcessEntry 3 }

   ipfixMeteringProcessCacheActiveTimeout OBJECT-TYPE
       SYNTAX      Unsigned32
       UNITS       "seconds"
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The time in seconds after which an active Flow is expired.

           On the Exporter this object contains the time after which a
           Flow is expired (and a Data Record for the template is sent)
           even though packets matching this Flow are still received by
           the Metering Process. If this value is 0 the Flow is not
           prematurely expired."
       REFERENCE
           "[I-D.ietf-ipfix-architecture] Section 5.1.1, item 3 -
           Architecture for IP Flow Information Export"
       ::= { ipfixMeteringProcessEntry 4 }

   ipfixMeteringProcessCacheInactiveTimeout OBJECT-TYPE
       SYNTAX      Unsigned32
       UNITS       "seconds"
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The time in seconds after which an inactive Flow is
           expired.

           On the Exporter this object contains the time after which a
           Flow is expired (and a Data Record for the template is sent)
           when no packets matching this Flow are received by the



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 40]


Internet-Draft                  IPFIX MIB                     March 2009


           Metering Process for the given number of seconds. If this
           value is zero the Flow is timed out immediately i.e., a Data
           Record is sent for every packet received by the Metering
           Process."
       REFERENCE
           "[I-D.ietf-ipfix-architecture] Section 5.1.1, item 1 -
           Architecture for IP Flow Information Export"
       ::= { ipfixMeteringProcessEntry 5 }

   --------------------------------------------------------------------
   -- 1.1.7: Observation Point Table
   --------------------------------------------------------------------
   ipfixObservationPointTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixObservationPointEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists the Observation Points used within an
           Exporter by the Metering Process. The index
           ipfixObservationPointGroupId groups Observation Points
           and is referenced in the Metering Process table.

           On Collectors this table is not needed."
       ::= { ipfixMainObjects 7 }

   ipfixObservationPointEntry OBJECT-TYPE
       SYNTAX      IpfixObservationPointEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixObservationPointTable."
       INDEX       {
           ipfixObservationPointGroupId,
           ipfixObservationPointIndex
       }
       ::= { ipfixObservationPointTable 1 }

   IpfixObservationPointEntry ::=
       SEQUENCE {
           ipfixObservationPointGroupId            Unsigned32,
           ipfixObservationPointIndex              Unsigned32,
           ipfixObservationPointPhysicalEntity     PhysicalIndexOrZero,
           ipfixObservationPointPhysicalEntityDirection INTEGER
       }

   ipfixObservationPointGroupId OBJECT-TYPE
       SYNTAX      Unsigned32
       MAX-ACCESS  not-accessible



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 41]


Internet-Draft                  IPFIX MIB                     March 2009


       STATUS      current
       DESCRIPTION
           "Locally arbitrary, but unique identifier of an entry in the
           ipfixObservationDomainTable. The value is expected to remain
           constant from a re-initialization of the entity's network
           management agent to the next re-initialization.

           This index represents a group of Observation Points.

           The special value of 0 MUST NOT be used within this table
           but is reserved for the usage in the
           ipfixMeteringProcessTable. An index of 0 for the
           ipfixObservationPointGroupReference index in that table
           indicates that an Observation Point is unknown or
           unspecified for a Metering Process cache."
       ::= { ipfixObservationPointEntry 1 }

   ipfixObservationPointIndex OBJECT-TYPE
       SYNTAX      Unsigned32 (1..4294967295)
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Locally arbitrary, but unique identifier of an entry in the
           ipfixObservationDomainTable. The value is expected to remain
           constant from a re-initialization of the entity's network
           management agent to the next re-initialization.

           This index represents a single Observation Point in an
           Observation Point group."
       ::= { ipfixObservationPointEntry 2 }

   ipfixObservationPointPhysicalEntity OBJECT-TYPE
       SYNTAX      PhysicalIndexOrZero
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "This object contains the index of a physical entity in
           the Entity MIB. This physical entity is the given
           Observation Domain. If such a physical entity cannot be
           specified or is not known then the object is zero."
       ::= { ipfixObservationPointEntry 3 }

   ipfixObservationPointPhysicalEntityDirection OBJECT-TYPE
       SYNTAX      INTEGER {
                       unknown(0),
                       ingress(1),
                       egress(2),
                       both(3)



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 42]


Internet-Draft                  IPFIX MIB                     March 2009


                   }
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The direction of the flow that is monitored on the given
           physical entity. The following values are valid:

           unknown(0)
               This value muse be used if a direction is not
               known for the given physical entity.

           ingress(1)
               This value is used for monitoring incoming flows on the
               given physical entity.

           egress(2)
               This value is used for monitoring outgoing flows on the
               given physical entity.

           both(3)
               This value is used for monitoring incoming and outgoing
               flows on the given physical entity."
       ::= { ipfixObservationPointEntry 4 }

   --------------------------------------------------------------------
   -- 1.1.8: Selector Table
   --------------------------------------------------------------------
   ipfixSelectorTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixSelectorEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table contains Selector Functions connected to a
           Metering Process by the index ipfixMeteringProcessCacheId.
           The Selector Functions are applied to the packets observed
           at the given Metering Process cache in the order implied by
           the ipfixSelectorIndex. The resulting Flow Records are
           then exported by using the connected Templates.

           Since IPFIX does not define any Selector Function (except
           selecting every packet) this is a placeholder for future
           use and a guideline for implementing enterprise specific
           Selector Function objects.

           The following object tree should visualize how the Selector
           Function objects should be implemented:

           ipfixSelectorFunctions



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 43]


Internet-Draft                  IPFIX MIB                     March 2009


           |
           +- ipfixFuncSelectAll
           |  |
           |  +- ipfixFuncSelectAllAvail (is the function available?)
           |
           +- ipfixFuncF2
           |  |
           |  +- ipfixFuncF2Avail (is the function F2 available)
           |  |
           |  +- ipfixFuncF2Parameters (a table with parameters)
           ...
           |
           +- ipfixFunFn...

           If a Selector Function takes parameters the MIB should
           contain a table with an entry for each set of parameters
           used at the Exporter."
       ::= { ipfixMainObjects 8 }

   ipfixSelectorEntry OBJECT-TYPE
       SYNTAX      IpfixSelectorEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixSelectorTable."
       INDEX       {
           ipfixMeteringProcessCacheId,
           ipfixSelectorIndex
       }
       ::= { ipfixSelectorTable 1 }

   IpfixSelectorEntry ::= SEQUENCE {
           ipfixSelectorIndex    Unsigned32,
           ipfixSelectorFunction OBJECT IDENTIFIER
       }

   ipfixSelectorIndex OBJECT-TYPE
       SYNTAX      Unsigned32 (1..4294967295)
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Locally arbitrary, but unique identifier of an entry in the
           ipfixSelectorTable. The value is expected to remain
           constant from a re-initialization of the entity's network
           management agent to the next re-initialization."
       ::= { ipfixSelectorEntry 1 }

   ipfixSelectorFunction OBJECT-TYPE



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 44]


Internet-Draft                  IPFIX MIB                     March 2009


       SYNTAX      OBJECT IDENTIFIER
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The pointer to the Selector Function used at position
           ipfixSelectorIndex in the list of Selector Functions for
           the Metering Process cache specified by the index
           ipfixMeteringProcessCacheId."
       ::= { ipfixSelectorEntry 2 }

   --------------------------------------------------------------------
   -- 1.1.9: Packet Selector Functions for IPFIX
   --------------------------------------------------------------------
   ipfixSelectorFunctions OBJECT IDENTIFIER
       ::= { ipfixMainObjects 9 }

   --------------------------------------------------------------------
   -- 1.1.9.1: Function 1: Selecting All Packets
   --------------------------------------------------------------------
   ipfixFuncSelectAll OBJECT IDENTIFIER
       ::= { ipfixSelectorFunctions 1 }

   ipfixFuncSelectAllAvail OBJECT-TYPE
       SYNTAX      TruthValue
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "This object indicates the availability of the trivial
           function of selecting all packets. This function is always
           available."
       ::= { ipfixFuncSelectAll 1 }

   --------------------------------------------------------------------
   -- 1.2.1: Transport Session Statistics Table
   --------------------------------------------------------------------
   ipfixTransportSessionStatsTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixTransportSessionStatsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists Transport Sessions statistics between
           Exporting Process and Collecting Process."
       ::= { ipfixStatistics 1 }

   ipfixTransportSessionStatsEntry OBJECT-TYPE
       SYNTAX      IpfixTransportSessionStatsEntry
       MAX-ACCESS  not-accessible
       STATUS      current



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 45]


Internet-Draft                  IPFIX MIB                     March 2009


       DESCRIPTION
           "Defines an entry in the ipfixTransportSessionStatsTable"
       AUGMENTS    { ipfixTransportSessionEntry }
       ::= { ipfixTransportSessionStatsTable 1 }

   IpfixTransportSessionStatsEntry ::=
       SEQUENCE {
           ipfixTransportSessionRate              Gauge32,
           ipfixTransportSessionPackets           Counter64,
           ipfixTransportSessionBytes             Counter64,
           ipfixTransportSessionMessages          Counter64,
           ipfixTransportSessionDiscardedMessages Counter64,
           ipfixTransportSessionRecords           Counter64,
           ipfixTransportSessionTemplates         Counter64,
           ipfixTransportSessionOptionTemplates   Counter64,
           ipfixTransportSessionDiscontinuityTime TimeStamp
       }

   ipfixTransportSessionRate OBJECT-TYPE
       SYNTAX      Gauge32
       UNITS       "bytes/second"
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of bytes per second received by the
           Collector or transmitted by the Exporter. A
           value of zero (0) means that no packets were sent or
           received yet. This object is updated every second."
       ::= { ipfixTransportSessionStatsEntry 1 }

   ipfixTransportSessionPackets OBJECT-TYPE
       SYNTAX      Counter64
       UNITS       "packets"
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of packets received by the Collector
           or transmitted by the Exporter.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTransportSessionDiscontinuityTime."
       ::= { ipfixTransportSessionStatsEntry 2 }

   ipfixTransportSessionBytes OBJECT-TYPE
       SYNTAX      Counter64
       UNITS       "bytes"
       MAX-ACCESS  read-only



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 46]


Internet-Draft                  IPFIX MIB                     March 2009


       STATUS      current
       DESCRIPTION
           "The number of bytes received by the Collector
           or transmitted by the Exporter.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTransportSessionDiscontinuityTime."
       ::= { ipfixTransportSessionStatsEntry 3 }

   ipfixTransportSessionMessages OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of IPFIX messages received by the
           Collector or transmitted by the Exporter.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTransportSessionDiscontinuityTime."
       ::= { ipfixTransportSessionStatsEntry 4 }

   ipfixTransportSessionDiscardedMessages OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of received IPFIX Message that are malformed,
           cannot be decoded, are received in the wrong order or are
           missing according to the sequence number.

           If used at the Exporter the number of messages that could
           not be sent due to e.g. internal buffer overflows, network
           congestion, or routing issues.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTransportSessionDiscontinuityTime."
       ::= { ipfixTransportSessionStatsEntry 5 }

   ipfixTransportSessionRecords OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of Data Records received by the Collector or
           transmitted by the Exporter.



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 47]


Internet-Draft                  IPFIX MIB                     March 2009


           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTransportSessionDiscontinuityTime."
       ::= { ipfixTransportSessionStatsEntry 6 }

   ipfixTransportSessionTemplates OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of Templates received or transmitted.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTransportSessionDiscontinuityTime."
       ::= { ipfixTransportSessionStatsEntry 7 }

   ipfixTransportSessionOptionTemplates OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of Option Templates received or transmitted.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTransportSessionDiscontinuityTime."
       ::= { ipfixTransportSessionStatsEntry 8 }

   ipfixTransportSessionDiscontinuityTime OBJECT-TYPE
       SYNTAX       TimeStamp
       MAX-ACCESS   read-only
       STATUS       current
       DESCRIPTION
           "The value of sysUpTime at the most recent occasion at which
           one or more of the Transport Session counters suffered a
           discontinuity.
           A value of zero indicates no such discontinuity has
           occurred since the last re-initialisation of the local
           management subsystem."
       ::= { ipfixTransportSessionStatsEntry 9 }

   --------------------------------------------------------------------
   -- 1.2.2: Template Statistics Table
   --------------------------------------------------------------------
   ipfixTemplateStatsTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixTemplateStatsEntry



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 48]


Internet-Draft                  IPFIX MIB                     March 2009


       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists statistics objects per Template."
       ::= { ipfixStatistics 2 }

   ipfixTemplateStatsEntry OBJECT-TYPE
       SYNTAX      IpfixTemplateStatsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixTemplateStatsTable"
       AUGMENTS    { ipfixTemplateEntry }
       ::= { ipfixTemplateStatsTable 1 }

   IpfixTemplateStatsEntry ::=
       SEQUENCE {
           ipfixTemplateDataRecords       Counter64,
           ipfixTemplateDiscontinuityTime TimeStamp
       }

   ipfixTemplateDataRecords OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of Data Records that are transmitted or received
           per Template.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTemplateDiscontinuityTime."
       ::= { ipfixTemplateStatsEntry 1 }

   ipfixTemplateDiscontinuityTime OBJECT-TYPE
       SYNTAX       TimeStamp
       MAX-ACCESS   read-only
       STATUS       current
       DESCRIPTION
           "The value of sysUpTime at the most recent occasion at which
           one or more of the Template counters suffered a
           discontinuity.
           A value of zero indicates no such discontinuity has
           occurred since the last re-initialisation of the local
           management subsystem."
       ::= { ipfixTemplateStatsEntry 2 }

   --------------------------------------------------------------------



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 49]


Internet-Draft                  IPFIX MIB                     March 2009


   -- 1.2.3: Metering Process Statistics Table
   --------------------------------------------------------------------
   ipfixMeteringProcessStatsTable  OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixMeteringProcessStatsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table lists statistic objects that have data per
           Metering Process cache.

           On Collectors this table is not needed."
       ::= { ipfixStatistics 3 }

   ipfixMeteringProcessStatsEntry OBJECT-TYPE
       SYNTAX      IpfixMeteringProcessStatsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixMeteringProcessStatsTable."
       AUGMENTS    { ipfixMeteringProcessEntry }
       ::= { ipfixMeteringProcessStatsTable 1 }

   IpfixMeteringProcessStatsEntry ::=
       SEQUENCE {
           ipfixMeteringProcessCacheActiveFlows     Gauge32,
           ipfixMeteringProcessCacheInactiveFlows   Gauge32,
           ipfixMeteringProcessMessages             Counter64,
           ipfixMeteringProcessErrors               Counter64,
           ipfixMeteringProcessDataRecords          Counter64,
           ipfixMeteringProcessDiscontinuityTime    TimeStamp
       }

   ipfixMeteringProcessCacheActiveFlows OBJECT-TYPE
       SYNTAX      Gauge32
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of Flows currently active at this cache."
       ::= { ipfixMeteringProcessStatsEntry 1 }

   ipfixMeteringProcessCacheInactiveFlows OBJECT-TYPE
       SYNTAX      Gauge32
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of Flows currently inactive at this cache."
       ::= { ipfixMeteringProcessStatsEntry 2 }




Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 50]


Internet-Draft                  IPFIX MIB                     March 2009


   ipfixMeteringProcessMessages OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of IPFIX messages transmitted.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTemplateDiscontinuityTime."
       ::= { ipfixMeteringProcessStatsEntry 3 }

   ipfixMeteringProcessErrors OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of messages that could not be sent due to e.g.
           internal buffer overflows or network congestion.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTemplateDiscontinuityTime."
       ::= { ipfixMeteringProcessStatsEntry 4 }

   ipfixMeteringProcessDataRecords OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of Data Records transmitted.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTemplateDiscontinuityTime."
       ::= { ipfixMeteringProcessStatsEntry 5 }

   ipfixMeteringProcessDiscontinuityTime OBJECT-TYPE
       SYNTAX       TimeStamp
       MAX-ACCESS   read-only
       STATUS       current
       DESCRIPTION
           "The value of sysUpTime at the most recent occasion at which
           one or more of the Metering Process counters suffered a
           discontinuity.
           A value of zero indicates no such discontinuity has
           occurred since the last re-initialisation of the local
           management subsystem."



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 51]


Internet-Draft                  IPFIX MIB                     March 2009


       ::= { ipfixMeteringProcessStatsEntry 6 }

   --------------------------------------------------------------------
   -- 1.2.4: Selector Statistics Table
   --------------------------------------------------------------------
   ipfixSelectorStatsTable OBJECT-TYPE
       SYNTAX      SEQUENCE OF IpfixSelectorStatsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "This table contains statistics for the Selector Functions
           connected to Metering Process by the index
           ipfixMeteringProcessCacheId.

           The indexes MUST match an entry in the ipfixSelectorTable."
       ::= { ipfixStatistics 4 }

   ipfixSelectorStatsEntry OBJECT-TYPE
       SYNTAX      IpfixSelectorStatsEntry
       MAX-ACCESS  not-accessible
       STATUS      current
       DESCRIPTION
           "Defines an entry in the ipfixSelectorStatsTable."
       AUGMENTS    { ipfixSelectorEntry }
       ::= { ipfixSelectorStatsTable 1 }

   IpfixSelectorStatsEntry ::= SEQUENCE {
           ipfixSelectorStatsPacketsObserved   Counter64,
           ipfixSelectorStatsPacketsDropped    Counter64,
           ipfixSelectorStatsDiscontinuityTime TimeStamp
       }

   ipfixSelectorStatsPacketsObserved OBJECT-TYPE
       SYNTAX      Counter64
       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of packets observed at the entry point of the
           function. The entry point may be the Observation Point or
           the exit point of another Selector Function.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTemplateDiscontinuityTime."
       ::= { ipfixSelectorStatsEntry 1 }

   ipfixSelectorStatsPacketsDropped OBJECT-TYPE
       SYNTAX      Counter64



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 52]


Internet-Draft                  IPFIX MIB                     March 2009


       MAX-ACCESS  read-only
       STATUS      current
       DESCRIPTION
           "The number of packets dropped while selecting packets.
           Discontinuities in the value of this counter can occur at
           re-initialisation of the management system, and at other
           times as indicated by the value of
           ipfixTemplateDiscontinuityTime."
       ::= { ipfixSelectorStatsEntry 2 }

   ipfixSelectorStatsDiscontinuityTime OBJECT-TYPE
       SYNTAX       TimeStamp
       MAX-ACCESS   read-only
       STATUS       current
       DESCRIPTION
           "The value of sysUpTime at the most recent occasion at which
           one or more of the Selector counters suffered a
           discontinuity.
           A value of zero indicates no such discontinuity has
           occurred since the last re-initialisation of the local
           management subsystem."
       ::= { ipfixSelectorStatsEntry 3 }

   --==================================================================
   -- 2: Conformance Information
   --==================================================================
   ipfixCompliances OBJECT IDENTIFIER ::= { ipfixConformance 1 }
   ipfixGroups      OBJECT IDENTIFIER ::= { ipfixConformance 2 }

   --------------------------------------------------------------------
   -- 2.1: Compliance Statements
   --------------------------------------------------------------------
   ipfixCollectorCompliance MODULE-COMPLIANCE
       STATUS      current
       DESCRIPTION
           "An implementation that builds an IPFIX Collector
           that complies to this module MUST implement the objects
           defined in the mandatory group ipfixCommonGroup.

           The implementation of all objects in the other groups is
           optional and depends on the corresponding functionality
           implemented in the equipment.

           An implementation that is compliant to this MIB module
           is limited to use only the values TCP (6), UDP (17) and
           SCTP (132) in the ipfixTransportSessionProtocol object
           because these are the only protocol currently specified
           for usage within IPFIX (see [RFC5101])."



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 53]


Internet-Draft                  IPFIX MIB                     March 2009


       MODULE  -- this module
       MANDATORY-GROUPS {
           ipfixCommonGroup
       }

       GROUP ipfixCommonStatsGroup
       DESCRIPTION
           "These objects should be implemented if the statistics
           function is implemented in the equipment."
       ::= { ipfixCompliances 1 }

   ipfixExporterCompliance MODULE-COMPLIANCE
       STATUS  current
       DESCRIPTION
           "An implementation that builds an IPFIX Exporter that
           complies to this module MUST implement the objects defined
           in the mandatory group ipfixCommonGroup. The implementation
           of all other objects depends on the implementation of the
           corresponding functionality in the equipment."
       MODULE  -- this module
       MANDATORY-GROUPS {
               ipfixCommonGroup,
               ipfixExporterGroup
       }

       GROUP ipfixCommonStatsGroup
       DESCRIPTION
           "These objects should be implemented if the statistics
           function is implemented in the equipment."

       GROUP ipfixExporterStatsGroup
       DESCRIPTION
           "These objects MUST be implemented if statistical functions
           are implemented on the equipment."
       ::= { ipfixCompliances 2 }

   --------------------------------------------------------------------
   -- 2.2: MIB Grouping
   --------------------------------------------------------------------
   ipfixCommonGroup OBJECT-GROUP
       OBJECTS {
           ipfixExportVersion,

           ipfixTransportSessionProtocol,
           ipfixTransportSessionSourceAddressType,
           ipfixTransportSessionSourceAddress,
           ipfixTransportSessionDestinationAddressType,
           ipfixTransportSessionDestinationAddress,



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 54]


Internet-Draft                  IPFIX MIB                     March 2009


           ipfixTransportSessionSourcePort,
           ipfixTransportSessionDestinationPort,
           ipfixTransportSessionSctpAssocId,
           ipfixTransportSessionDeviceMode,
           ipfixTransportSessionTemplateRefreshTimeout,
           ipfixTransportSessionOptionTemplateRefreshTimeout,
           ipfixTransportSessionTemplateRefreshPacket,
           ipfixTransportSessionOptionTemplateRefreshPacket,
           ipfixTransportSessionStatus,

           ipfixTemplateSetId,
           ipfixTemplateAccessTime,

           ipfixTemplateDefinitionIeId,
           ipfixTemplateDefinitionIeLength,
           ipfixTemplateDefinitionEnterprise,
           ipfixTemplateDefinitionFlags
       }
       STATUS      current
       DESCRIPTION
           "The main IPFIX objects."
       ::= { ipfixGroups 1 }

   ipfixCommonStatsGroup OBJECT-GROUP
       OBJECTS {
           ipfixTransportSessionRate,
           ipfixTransportSessionPackets,
           ipfixTransportSessionBytes,
           ipfixTransportSessionMessages,
           ipfixTransportSessionDiscardedMessages,
           ipfixTransportSessionRecords,
           ipfixTransportSessionTemplates,
           ipfixTransportSessionOptionTemplates,
           ipfixTransportSessionDiscontinuityTime,

           ipfixTemplateDataRecords,
           ipfixTemplateDiscontinuityTime
       }
       STATUS      current
       DESCRIPTION
           "Common statistical objects."
       ::= { ipfixGroups 3 }

   ipfixExporterGroup OBJECT-GROUP
       OBJECTS {
           ipfixExportMemberType,

           ipfixMeteringProcessId,



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 55]


Internet-Draft                  IPFIX MIB                     March 2009


           ipfixMeteringProcessObservationPointGroupRef,
           ipfixMeteringProcessCacheActiveTimeout,
           ipfixMeteringProcessCacheInactiveTimeout,

           ipfixObservationPointPhysicalEntity,
           ipfixObservationPointPhysicalEntityDirection,

           ipfixSelectorFunction,

           ipfixFuncSelectAllAvail
       }
       STATUS      current
       DESCRIPTION
           "The main objects for Exporters."
       ::= { ipfixGroups 4 }

   ipfixExporterStatsGroup OBJECT-GROUP
       OBJECTS {
           ipfixMeteringProcessMessages,
           ipfixMeteringProcessErrors,
           ipfixMeteringProcessDataRecords,
           ipfixMeteringProcessCacheActiveFlows,
           ipfixMeteringProcessCacheInactiveFlows,
           ipfixMeteringProcessDiscontinuityTime,

           ipfixSelectorStatsPacketsObserved,
           ipfixSelectorStatsPacketsDropped,
           ipfixSelectorStatsDiscontinuityTime
       }
       STATUS      current
       DESCRIPTION
           "The statistical objects for Exporters."
       ::= { ipfixGroups 5 }

   END
















Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 56]


Internet-Draft                  IPFIX MIB                     March 2009


8.  Security Considerations

   There are no management objects defined in this MIB module that have
   a MAX-ACCESS clause of read-write and/or read-create.  So, if this
   MIB module is implemented correctly, then there is no risk that an
   intruder can alter or create any management objects of this MIB
   module via direct SNMP SET operations.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:

   o  ipfixTransportSessionTable - contains configuration data that
      might be sensitive because objects in this table may reveal
      information about the network infrastructure

   o  ipfixExportTable - contains configuration data that might be
      sensitive because object in this table may reveal information
      about the network infrastructure as well

   o  ipfixMeteringProcessTable - contains configuration data that might
      be sensitive because objects in this table may reveal information
      about the IPFIX Device itself

   o  ipfixObservationPointTable - contains configuration data that
      might be sensitive because objects in this table may reveal
      information about the IPFIX Device itself and the network
      infrastructure

   o  ipfixSelectorFunctions - currently contains no sensitive data but
      might want to be secured anyway since it may contain sensitive
      data in a future version

   All other objects and tables contain no data that is considered
   sensitive.

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPsec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementers consider the security features as
   provided by the SNMPv3 framework (see [RFC3410], section 8),



Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 57]


Internet-Draft                  IPFIX MIB                     March 2009


   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.









































Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 58]


Internet-Draft                  IPFIX MIB                     March 2009


9.  IANA Considerations

   The MIB module in this document uses the following IANA-assigned
   OBJECT IDENTIFIER values recorded in the SMI Numbers registry:

           Descriptor        OBJECT IDENTIFIER value
           ----------        -----------------------
           ipfixMIB          { mib-2 xxxxx }











































Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 59]


Internet-Draft                  IPFIX MIB                     March 2009


10.  Acknowledgment

   This document is a product of the IPFIX working group.
















































Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 60]


Internet-Draft                  IPFIX MIB                     March 2009


11.  References

11.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2578]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Structure of Management Information
              Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.

   [RFC2579]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Textual Conventions for SMIv2",
              STD 58, RFC 2579, April 1999.

   [RFC2580]  McCloghrie, K., Perkins, D., and J. Schoenwaelder,
              "Conformance Statements for SMIv2", STD 58, RFC 2580,
              April 1999.

   [RFC4001]  Daniele, M., Haberman, B., Routhier, S., and J.
              Schoenwaelder, "Textual Conventions for Internet Network
              Addresses", RFC 4001, February 2005.

   [RFC3873]  Pastor, J. and M. Belinchon, "Stream Control Transmission
              Protocol (SCTP) Management Information Base (MIB)",
              RFC 3873, September 2004.

   [RFC4133]  Bierman, A. and K. McCloghrie, "Entity MIB (Version 3)",
              RFC 4133, August 2005.

   [RFC5101]  Claise, B., "Specification of the IP Flow Information
              Export (IPFIX) Protocol for the Exchange of IP Traffic
              Flow Information", RFC 5101, January 2008.

   [RFC5102]  Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
              Meyer, "Information Model for IP Flow Information Export",
              RFC 5102, January 2008.

11.2.  Informative References

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
              "Introduction and Applicability Statements for Internet-
              Standard Management Framework", RFC 3410, December 2002.

   [RFC3917]  Quittek, J., Zseby, T., Claise, B., and S. Zander,
              "Requirements for IP Flow Information Export (IPFIX)",
              RFC 3917, October 2004.




Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 61]


Internet-Draft                  IPFIX MIB                     March 2009


   [I-D.ietf-ipfix-architecture]
              Sadasivan, G., "Architecture for IP Flow Information
              Export", draft-ietf-ipfix-architecture-12 (work in
              progress), September 2006.

   [I-D.ietf-ipfix-as]
              Zseby, T., "IPFIX Applicability", draft-ietf-ipfix-as-12
              (work in progress), July 2007.

   [I-D.ietf-psamp-framework]
              Chiou, D., Claise, B., Duffield, N., Greenberg, A.,
              Grossglauser, M., Rexford, J., and S. Goldberg, "A
              Framework for Packet Selection and Reporting",
              draft-ietf-psamp-framework-13 (work in progress),
              June 2008.

   [I-D.ietf-psamp-sample-tech]
              Zseby, T., "Sampling and Filtering Techniques for IP
              Packet Selection", draft-ietf-psamp-sample-tech-11 (work
              in progress), July 2008.

   [I-D.ietf-psamp-mib]
              Dietz, T. and B. Claise, "Definitions of Managed Objects
              for Packet Sampling", draft-ietf-psamp-mib-06 (work in
              progress), June 2006.

   [I-D.ietf-psamp-protocol]
              Claise, B., "Packet Sampling (PSAMP) Protocol
              Specifications", draft-ietf-psamp-protocol-09 (work in
              progress), December 2007.





















Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 62]


Internet-Draft                  IPFIX MIB                     March 2009


Authors' Addresses

   Thomas Dietz (editor)
   NEC Europe Ltd.
   NEC Laboratories Europe
   Network Research Division
   Kurfuersten-Anlage 36
   Heidelberg  69115
   DE

   Phone: +49 6221 4342-128
   Email: Thomas.Dietz@nw.neclab.eu


   Atsushi Kobayashi
   NTT Information Sharing Platform Laboratories
   3-9-11 Midori-cho
   Musashino-shi, Tokyo  180-8585
   JA

   Phone: +81-422-59-3978
   Email: akoba@nttv6.net


   Benoit Claise
   Cisco Systems, Inc.
   De Kleetlaan 6a b1
   Degem  1831
   BE

   Phone: +32 2 704 5622
   Email: bclaise@cisco.com



















Dietz, et al.          draft-ietf-ipfix-mib-06.txt             [Page 63]