[Search] [txt|pdf|bibtex] [Tracker] [Email] [Nits]

Versions: 00 01 02                                                      
Network Working Group                                 M. Fine
Internet Draft                                        K. McCloghrie
                                                      Cisco Systems
                                                      S. Hahn
                                                      Intel
                                                      K. Chan
                                                      Nortel Networks
                                                      A. Smith
                                                      Extreme Networks

                                                      26 February 1999




                               An Initial
               Quality of Service Policy Information Base
                    for COPS-PR Clients and Servers



                      draft-mfine-cops-pib-00.txt




Status of this Memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.  Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups.  Note that other groups may also distribute working
documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''

To view the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in an Internet-Drafts Shadow
Directory, see http://www.ietf.org/shadow.html.








Expires August 1999                                             [Page 1]


Draft                          Initial PIB                 February 1999


1.  Glossary

PRC     Policy Rule Class.  A type of policy data.  See [COPS-PR].
PRI     Policy Rule Instance.  An instance of a PRC.  See [COPS-PR].
PIB     Policy Information Base.  The database of policy information.
PDP     Policy Decision Point. See [COPS].
PEP     Policy Enforcement Point. See [COPS].

2.  Introduction

This document defines an initial set of policy rule classes that
describe the quality of service (QoS) policies for use by COPS-PR
clients and servers.

As described in [COPS-PR] QoS policy information is structured as
instances of policy rule classes.  A policy rule class (PRC) is an
ordered set of scalar attributes.  Policy rule classes are arranged in a
hierarchical structure similar to tables in SNMP's SMI [SNMP-SMI].  As
with SNMP tables, they are identified by a sequence of integer
identifiers.

For each policy rule class a device may have zero or more policy rule
instances.  Each policy instance is also identified by a sequence of
integers where the first part of the sequence is the ID of the PRC.
Collections of policy rule classes are defined in PIB modules.  These
modules are written using the same structure of management information
used by SNMP with the following modifications.

 (1)   The module begins with keyword PIB-DEFINITIONS rather than the
       keyword DEFINITIONS to identify it as a PIB rather than a MIB.

 (2)   All policy rule classes as expressed as tables where each table
       is a PRC and the table columns are the class attributes.  There
       is no scalar object as in SNMP.  This makes for a more consistent
       "class-based" structure.

 (3)   The OBJECT-TYPE macro has additional clause POLICY-ACCESS.  This
       clause can only be applied to a policy rule class (i.e., the
       table definition).  It takes the value "install", "install-
       notify" or "notify".  "Install" or "install-notify" means that
       PDP may install instances of this policy rule class.  "install-
       notify" or "notify" means that the PEP must report all instances
       of this class to the PDP in the initial request message, or when
       the PDP sends a message to synchronize state.  The assumed value
       if none is explicitly provided is "install".





Expires August 1999                                             [Page 2]


Draft                          Initial PIB                 February 1999


       For policy rule classes whose access is install or install-
       notify, the maximum access allowed from SNMP is read access.

 (4)   The OBJECT-TYPE macro has additional clause INSTALL-ERRORS which
       enumerates the possible reasons for rejecting the install
       decision from the PDP.  This clause may only appear on a policy
       rule class, i.e., on a table object type.  If this clause is not
       present, the install can still fail, but no policy class-specific
       error is reported.

To facilitate future extensions to the PIB, the attributes of a class
may be augmented in another, perhaps enterprise specific, PIB by
defining a class (using the AUGMENTS clause) in that newer PIB.
Instances of the new class are related to instances of the existing
class by means of the instance index.

3.  Mapping the PIB to a MIB

The PIB has been designed so that it can be easily and algorithmically
mapped into a MIB for the purpose of monitoring by SNMP.  This mapping
is achieved by means of the following rules.

 (1)   Replace the keyword POLICY-DEFINITIONS with the keyword
       DEFINITIONS.

 (2)   Delete all the POLICY-ACCESS clauses.

 (3)   Add a MAX-ACCESS clause for each OBJECT-TYPE.  For each table and
       entry OBJECT-TYPE the MAX-ACCESS is "not-accessible".  For each
       attribute that is an index, the MAX-ACCESS is "not-accessible".
       For the remaining attributes, the MAX-ACCESS is "read-only" if
       the POLICY-ACCESS for the class is "install" or "install-notify",
       and it is "read-create" if the POLICY-ACCESS for the class is
       "notify".

 (4)   Add a columnar attribute of type RowStatus with name status and
       with the next available OID if the POLICY-ACCESS is "notify".

 (5)   Delete all the INSTALL-ERRORS clauses.

4.  ACEs and ACLs

The basis of classification and policing for QoS is the access control
entry (ACE).  An ACE is simply a flow specification generally matching
flows of a particular type rather than individual microflows or





Expires August 1999                                             [Page 3]


Draft                          Initial PIB                 February 1999


aggregates.  Associated with each ACE is a permit or deny action.

Ordered sets of these ACEs are used to create Access Control Lists
(ACLs).  Then, ordered sets of these ACLs are applied to interfaces
together with a classification rule for each ACL (and a direction to
indicate an input or output ACL).  Thus, associated with each interface
and direction is an ordered set of ACLs, each ACL consisting of an
ordered set of ACEs.

On input, each packet is checked against the set of ACLs configured on
the ingress interface for the input direction starting with the first in
the set.  Similarly, on output each packet is checked against the set of
ACLs configured on the egress interface for the output direction.  For
each ACL, the packet is checked against the set of ACEs in order.  If a
packet matches an ACE in an ACL and the action is a permit, then the
action associated with that ACL is applied to that packet and no further
ACEs are compared.  If the action is a deny then the rest of the ACEs in
the current ACL are skipped and the matching proceeds with the first ACE
of the next ACL (thus, providing a rudimentary "NOT" capability).  If
the packet does not match any of the ACEs in the ACL, the next ACL is
tried.

5.  Roles

The policy to apply to an interface may depend on many factors such as
immutable characteristics of the interface (e.g., ethernet or frame
relay), the status of the interface (e.g., half or full duplex), or user
configuration (e.g., branch office or headquarters interface).  Rather
than specifying policies explicitly for each interface in the QoS
domain, policies are specified in terms of interface functionality.

To describe these functionalities of an interface we use the concept of
"roles".  A role is simply a string that is associated with an
interface.  A given interface may have any number of roles
simultaneously.  Policy rule classes have an attribute called a "role-
combination" which is an unordered set of roles.  Instances of a given
policy rule class are applied to interface if and only if the set of
roles in the role combination is identical to the set of the roles of
the interface.

Thus, roles provide a way to bind policy to interfaces without having to
to explicitly identify interfaces in a consistent manner across all
network devices.  (The SNMP experience with ifIndex has proved this to
be a difficult task.)  That is, roles provide a level of indirection to
the application of a set of policies to specific interfaces.





Expires August 1999                                             [Page 4]


Draft                          Initial PIB                 February 1999


Furthermore, if the same policy is being applied to several interfaces,
that policy need be pushed to the device only once, rather than once per
interface, as long as the interfaces are configured with the same role
combination.

We point out that, in the event that the administrator needs to have
unique policy for each interface, this can be achieved by configuring
each interface with a unique role.

The PEP reports all its role combinations to the PDP at connect time or
whenever they change.

The comparing of roles (or role combinations) must be case insensitive.
For display purposes, roles (or role combinations) should preserve the
case specified by the user.

The concept and usage of roles in this document is consistent with that
specified in [QOS-POL].  Roles are currently under discussion in the
IETF's Policy WG; as and when that discussion reaches a conclusion, this
PIB will be updated in accordance with that conclusion.

6.  Summary of the PIB

This section gives a brief summary of the top level groups in the PIB.

Device Configuration
     This group contains device configuration information.  This
     configuration is either set by management or reflects the physical
     configuration of the device.

General Policy Configuration
     This group contains general, global configuration such as the
     mapping from DSCP to 802.1p CoS.

The IP Classification Group
     This group describes the IP ACLs used for classification of IP
     flows.

QoS Interface Group
     This group specifies the configuration of the various interface
     types including the setting of queueing parameters and mapping of
     DSCPs to queues.








Expires August 1999                                             [Page 5]


Draft                          Initial PIB                 February 1999


7.  PIB Definitions

QOS-POLICY-PIB   PIB-DEFINITIONS ::= BEGIN


IMPORTS
    Unsigned32, IpAddress      FROM SNMPv2-SMI
    DisplayString, TruthValue  FROM SNMPv2-TC;


qosPolicyPib  MODULE-IDENTITY
    LAST-UPDATED "199902261800Z"
    ORGANIZATION "IETF RAP WG"
    CONTACT-INFO "
                  Michael Fine
                  Cisco Systems, Inc.
                  170 West Tasman Drive
                  San Jose, CA  95134-1706 USA
                  Phone: +1 408 527 8218
                  Email: mfine@cisco.com

                  Keith McCloghrie
                  Cisco Systems, Inc.
                  170 West Tasman Drive,
                  San Jose CA 95134-1706. USA
                  Phone: +1 408 526 5260
                  Email: kzm@cisco.com"
    DESCRIPTION
            "The PIB module containing an initial set of policy
             rule classes that describe the quality of service
             (QoS) policies."
    ::= { tbd }

qosPolicyPibClasses OBJECT IDENTIFIER ::= { qosPolicyPib 1 }


-- New textual conventions
--

-- DiffServ Codepoint
--
Dscp ::= TEXTUAL-CONVENTION
    DESCRIPTION
        "An integer that is in the range of the DiffServ codepoint
        values."





Expires August 1999                                             [Page 6]


Draft                          Initial PIB                 February 1999


    SYNTAX INTEGER (0..63)


-- Ip Precedence
--
IpPrecedence ::= TEXTUAL-CONVENTION
    DESCRIPTION
        "An integer that is in the range of the IP precedence
        values."
    SYNTAX INTEGER (0..7)


-- Layer 2 CoS
--
QosLayer2Cos ::= TEXTUAL-CONVENTION
    DESCRIPTION
        "An integer that is in the range of the layer 2 CoS values.
        This corresponds to the 802.1p priority values."
    SYNTAX INTEGER (0..7)


-- Interface types
--
QosInterfaceQueueCount ::= TEXTUAL-CONVENTION
    DESCRIPTION
        "An integer that describes the number of queues an interface
        supports.  It is limited to the range of DSCP values."
    SYNTAX INTEGER (0..63)


-- Role
--
Role ::= TEXTUAL-CONVENTION
    DESCRIPTION
        "A display string but where the characters '+', ' ' (space),
        NULL, LF, CR, BELL, BS, HT (tab) VT and FF are illegal."
    SYNTAX DisplayString (SIZE (0..31))


-- Role Combination
--
RoleCombination ::= TEXTUAL-CONVENTION
    DESCRIPTION
        "A Display string consisting of a set of roles concatenated
        with a '+' character where the roles are in lexicographic





Expires August 1999                                             [Page 7]


Draft                          Initial PIB                 February 1999


        order from minimum to maximum."
    SYNTAX DisplayString  (SIZE (0..255))


-- Policy Instance Index
--
PolicyInstanceId ::= TEXTUAL-CONVENTION
    DESCRIPTION
        "An textual convention for an attribute that is an an integer
        index attribute of class.  It is used for attributes that
        exist for the purpose of providing a policy rule instance
        with a unique instance identifier.

        For any instance identifier that refers to another policy
        rule instance, that other policy instance must exist.
        Furthermore, it is an error to try to delete a policy rule
        instance that is referred to by another instance without
        first deleting the referencing instance."
    SYNTAX Unsigned32


--
-- Device Configuration
--

-- This group contains device configuration information.  This
-- configuration is either set by management or reflects the physical
-- configuration of the device.  This configuration is generally
-- reported to the PDP (i.e., the policy server so that the PDP can
-- determine what policies to download to the PEP (i.e., the device).


qosDeviceConfig ::= { qosPolicy 1 }


qosPrcSupportTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosPrcSupportEntry
    POLICY-ACCESS notify
    STATUS current
    DESCRIPTION
        "Each instance of this class specifies a PRC that the device
        supports and a bit string to indicate the attributes of the
        class that are supported.  These PRIs are sent to the PDP to
        indicate to the PDP which PRCs, and which attributes of these
        PRCs, the device supports.  All install and install-notify PRCs





Expires August 1999                                             [Page 8]


Draft                          Initial PIB                 February 1999


        supported by the device must be represented in this table."
    ::= { qosDeviceConfig 1 }

qosPrcSupportEntry OBJECT-TYPE
    SYNTAX QosPrcSupportEntry
    INDEX { qosPrcSupportId }
    ::= { qosPrcSupportTable 1 }

QosPrcSupportEntry ::=
    SEQUENCE {
        qosPrcSupportId PolicyInstanceId,
        qosPrcSupportSupportedPrc OBJECT IDENTIFIER,
        qosPrcSupportSupportedAttrs OCTET STRING
    }

qosPrcSupportId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "Id to uniquely identify an instance."
    ::= { qosPrcSupportEntry 1 }


qosPrcSupportSupportedPrc OBJECT-TYPE
    SYNTAX OBJECT IDENTIFIER
    DESCRIPTION
        "The object ID of a supported PRC.  There may not be more
        than one instance of PRC qosPrcSupportTable with the same
        value of qosPrcSupportSupportedPrc."
        ::= { qosPrcSupportEntry 2 }

qosPrcSupportSupportedAttrs OBJECT-TYPE
    SYNTAX OCTET STRING
    DESCRIPTION
        "A bit string representing the supported attributes of the
        class."
        ::= { qosPrcSupportEntry 3 }


qosDevicePibIncarnationTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosDevicePibIncarnationEntry
    POLICY-ACCESS install-notify
    STATUS current
    DESCRIPTION
        "This class contains a single policy rule instance that
        identifies the current incarnation of the PIB and the PDP





Expires August 1999                                             [Page 9]


Draft                          Initial PIB                 February 1999


        that installed this incarnation.  The instance of this class
        is reported to the PDP at client connect time so that the PDP
        can (attempt to) ascertain the current state of the PIB."
    INSTALL-ERRORS {
        tooManyPris(1),
        }
    ::= { qosDeviceConfig 2 }

qosDevicePibIncarnationEntry OBJECT-TYPE
    SYNTAX QosDevicePibIncarnationEntry
    INDEX { qosDeviceIncarnationId }
    ::= { qosDevicePibIncarnationTable 1 }

QosDevicePibIncarnationEntry ::=
    SEQUENCE {
        qosDeviceIncarnationId PolicyInstanceId,
        qosDevicePdpName DisplayString
        qosDevicePibIncarnation OCTET STRING,
        qosDevicePibTtl Unsigned32
    }

qosDeviceIncarnationId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "Id to uniquely identify an instance."
    ::= { qosDevicePibIncarnationEntry 1 }


qosDevicePdpName OBJECT-TYPE
    SYNTAX DisplayString
    DESCRIPTION
        "The name of the PDP that installed the current incarnation
        of the PIB into the device.  By default it is the zero length
        string."
        ::= { qosDevicePibIncarnationEntry 2 }

qosDevicePibIncarnation OBJECT-TYPE
    SYNTAX OCTET STRING
    DESCRIPTION
        "An ID to identify the current incarnation.  It has meaning
        to the PDP that installed the PIB and perhaps its standby
        PDPs. By default the zero-length string."
        ::= { qosDevicePibIncarnationEntry 3 }

qosDevicePibTtl OBJECT-TYPE





Expires August 1999                                            [Page 10]


Draft                          Initial PIB                 February 1999


    SYNTAX Unsigned32
    DESCRIPTION
        "The number of seconds after a client close or TCP timeout
        for which the PEP continues to enforce the policy in the PIB.
        After this interval, the PIB is considered expired and the
        device no longer enforces the policy installed in the PIB."
        ::= { qosDevicePibIncarnationEntry 4 }


qosInterfaceTypeTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosInterfaceTypeEntry
    POLICY-ACCESS notify
    STATUS current
    DESCRIPTION
        "This class describes the interface types of the interfaces
        that exist on the device.  It includes the queue count, role
        combination and capabilities of interfaces.  An instance is
        required for each different combination of queue count, role
        combination, and interface capabilities that is operational
        on the device at any given time.  The PEP does not report
        which specific interfaces have which characteristics."
    ::= { qosDeviceConfig 3 }

qosInterfaceTypeEntry OBJECT-TYPE
    SYNTAX QosInterfaceTypeEntry
    INDEX { qosInterfaceTypeId }
    ::= { qosInterfaceTypeTable 1 }

QosInterfaceTypeEntry ::=
    SEQUENCE {
        qosInterfaceTypeId PolicyInstanceId,
        qosInterfaceQueueCount QosInterfaceQueueCount,
        qosInterfaceTypeRoles RoleCombination,
        qosInterfaceTypeCapabilities BITS
    }

qosInterfaceTypeId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "Id to uniquely identify an instance."
    ::= { qosInterfaceTypeEntry 1 }

qosInterfaceQueueCount OBJECT-TYPE
    SYNTAX QosInterfaceQueueCount
    DESCRIPTION





Expires August 1999                                            [Page 11]


Draft                          Initial PIB                 February 1999


        "The number of queues supported by interfaces to which
        this policy rule instance applies."
    ::= { qosInterfaceTypeEntry 2 }

qosInterfaceTypeRoles OBJECT-TYPE
    SYNTAX RoleCombination
    DESCRIPTION
        "The role combination of interfaces to which this policy
        rule instance applies."
    ::= { qosInterfaceTypeEntry 3 }

qosInterfaceTypeCapabilities OBJECT-TYPE
    SYNTAX BITS {
        other(1),

        -- Classification support
        inputIpClassification(2),
        outputIpClassification(3),

        -- Expect more to be added
        }
    DESCRIPTION
        "An enumeration of interface capabilities.  Used by the
        PDP to select which policies and configuration it should
        push to the PEP."
    ::= { qosInterfaceTypeEntry 4 }



--
-- General Config for the entire domain.
--

qosDomainConfig ::= { qosPolicy 2 }

-- Table of DiffServ codepoint mappings
-- Maps DSCP to IP precedence and CoS

qosDiffServMappingTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosDiffServMappingEntry
    POLICY-ACCESS install
    STATUS current
    DESCRIPTION
        "Maps each DSCP to an IP precedence and QosLayer2Cos.  When
        configured for the first time, all 64 entries of the table





Expires August 1999                                            [Page 12]


Draft                          Initial PIB                 February 1999


        must be specified. Thereafter, instances may be modified but
        not deleted unless all instances are deleted"
    INSTALL-ERRORS {
        tooManyPris(1),         -- Must have 0 or 64
        tooFewPris(2),
        outOfOrder(3),          -- Must have all 64 values
        }
    ::= { qosDomainConfig 1 }

qosDiffServMappingEntry OBJECT-TYPE
    SYNTAX QosDiffServMappingEntry
    INDEX { qosDscp }
    :: = { qosDiffServMappingTable 1 }

QosDiffServMappingEntry ::=
    SEQUENCE {
        qosDscp Dscp,
        qosIpPrecedence IpPrecedence,
        qosL2Cos QosLayer2Cos
        }

qosDscp OBJECT-TYPE
    SYNTAX Dscp
    DESCRIPTION
        "A DSCP"
    ::= { qosDiffServMappingEntry 1 }

qosIpPrecedence OBJECT-TYPE
    SYNTAX IpPrecedence
    DESCRIPTION
        "The IP precedence to use when mapping this DSCP to an IP
        precedence."
    ::= { qosDiffServMappingEntry 2 }

qosL2Cos OBJECT-TYPE
    SYNTAX QosLayer2Cos
    DESCRIPTION
        "The L2 CoS value to use when mapping this DSCP to layer 2
        CoS."
    ::= { qosDiffServMappingEntry 3 }


-- Table of Layer 2 CoS to DSCP mappings
--






Expires August 1999                                            [Page 13]


Draft                          Initial PIB                 February 1999


qosCosToDscpTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosCosToDscpEntry
    POLICY-ACCESS install
    STATUS current
    DESCRIPTION
        "Maps each of eight CoS values to a DSCP.  When configured
        for the first time, all 8 entries of the table must be
        specified. Thereafter, instances may be modified but not
        deleted unless all instances are deleted."
    ::= { qosDomainConfig 2 }

qosCosToDscpEntry OBJECT-TYPE
    SYNTAX QosCosToDscpEntry
    INDEX { qosCosToDscpCos }
    :: = { qosCosToDscpTable 1 }

QosCosToDscpEntry ::=
    SEQUENCE {
        qosCosToDscpCos QosLayer2Cos,
        qosCosToDscpDscp Dscp
        }

qosCosToDscpCos OBJECT-TYPE
    SYNTAX QosLayer2Cos
    DESCRIPTION
        "The L2 CoS value that is being mapped."
    ::= { qosDiffServMappingEntry 1 }

qosCosToDscpDscp OBJECT-TYPE
    SYNTAX Dscp
    DESCRIPTION
        "The DSCP value to use when mapping the L2 CoS to a DSCP."
    ::= { qosDiffServMappingEntry 2 }



--
-- The IP Classification and Policing Group
--


qosIpQos ::= { qosPolicy 3 }


-- The ACE Table





Expires August 1999                                            [Page 14]


Draft                          Initial PIB                 February 1999


--

qosIpAceTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosIpAceEntry
    POLICY-ACCESS install
    STATUS current
    DESCRIPTION
        "ACE definitions.  A packet has to match all fields in an
        ACE.  Wildcards may be specified for those fields that are
        not relevant."
    ::= { qosIpQos 1 }

qosIpAceEntry OBJECT-TYPE
    SYNTAX QosIpAceEntry
    INDEX { qosIpAceId }
    ::= { qosIpAceTable 1 }

QosIpAceEntry ::=
    SEQUENCE {
        qosIpAceId              PolicyInstanceId,
        qosIpAceDstAddr         IpAddress,
        qosIpAceDstAddrMask     IpAddress,
        qosIpAceSrcAddr         IpAddress,
        qosIpAceSrcAddrMask     IpAddress,
        qosIpAceDscpMin         Dscp,
        qosIpAceDscpMax         Dscp,
        qosIpAceProtocol        INTEGER,
        qosIpAceDstL4PortMin    INTEGER,
        qosIpAceDstL4PortMax    INTEGER,
        qosIpAceSrcL4PortMin    INTEGER,
        qosIpAceSrcL4PortMax    INTEGER,
        qosIpAcePermit          TruthValue
    }

qosIpAceId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "An integer index to uniquely identify this ACE among all the
        ACEs."
    ::= { qosIpAceEntry 1 }

qosIpAceDstAddr OBJECT-TYPE
    SYNTAX IpAddress
    DESCRIPTION
        "The IP address to match against the packet's destination IP





Expires August 1999                                            [Page 15]


Draft                          Initial PIB                 February 1999


        address."
    ::= { qosIpAceEntry 2 }

qosIpAceDstAddrMask OBJECT-TYPE
    SYNTAX IpAddress
    DESCRIPTION
        "A mask for the matching of the destination IP address.
        A zero bit in the mask means that the corresponding bit in
        the address always matches."
    ::= { qosIpAceEntry 3 }

qosIpAceSrcAddr OBJECT-TYPE
    SYNTAX IpAddress
    DESCRIPTION
        "The IP address to match against the packet's source IP
        address."
    ::= { qosIpAceEntry 4 }

qosIpAceSrcAddrMask OBJECT-TYPE
    SYNTAX IpAddress
    DESCRIPTION
        "A mask for the matching of the source IP address."
    ::= { qosIpAceEntry 5 }

qosIpAceDscpMin OBJECT-TYPE
    SYNTAX Dscp
    DESCRIPTION
        "The minimum value that the DSCP in the packet can have and
        match this ACE."
    ::= { qosIpAceEntry 6 }

qosIpAceDscpMax OBJECT-TYPE
    SYNTAX Dscp
    DESCRIPTION
        "The maximum value that the DSCP in the packet can have and
        match this ACE."
    ::= { qosIpAceEntry 7 }

qosIpAceProtocol OBJECT-TYPE
    SYNTAX INTEGER (0..255)
    DESCRIPTION
        "The IP protocol to match against the packet's protocol.
        A value of zero means match all."
    ::= { qosIpAceEntry 8 }






Expires August 1999                                            [Page 16]


Draft                          Initial PIB                 February 1999


qosIpAceDstL4PortMin OBJECT-TYPE
    SYNTAX INTEGER (0..65536)
    DESCRIPTION
        "The minimum value that the packet's layer 4 destination
        port number can have and match this ACE."
    ::= { qosIpAceEntry 9 }

qosIpAceDstL4PortMax OBJECT-TYPE
    SYNTAX INTEGER (0..65536)
    DESCRIPTION
        "The maximum value that the packet's layer 4 destination
        port number can have and match this ACE."
    ::= { qosIpAceEntry 10 }

qosIpAceSrcL4PortMin OBJECT-TYPE
    SYNTAX INTEGER (0..65536)
    DESCRIPTION
        "The minimum value that the packet's layer 4 source port
        number can have and match this ACE."
    ::= { qosIpAceEntry 11 }

qosIpAceSrcL4PortMax OBJECT-TYPE
    SYNTAX INTEGER (0..65536)
    DESCRIPTION
        "The maximum value that the packet's layer 4 source port
        number can have and match this ACE."
    ::= { qosIpAceEntry 12 }

qosIpAcePermit OBJECT-TYPE
    SYNTAX TruthValue
    DESCRIPTION
        "If the packet matches this ACE and the value of this
        attribute is true, then the matching process terminates
        and the QoS associated with this ACE (indirectly through
        the ACL) is applied to the packet.  If the value of this
        attribute is false, then no more ACEs in this ACL are
        compared to this packet and matching continues with the
        first ACE of the next ACL."
    ::= { qosIpAceEntry 13 }



-- The ACL Definition Table
--






Expires August 1999                                            [Page 17]


Draft                          Initial PIB                 February 1999


qosIpAclDefinitionTable OBJECT-TYPE
    SYNTAX QosIpAclDefinitionEntry
    POLICY-ACCESS install
    STATUS current
    DESCRIPTION
        "A class that defines a set of ACLs each being an ordered list
        of ACEs.  Each instance of this class identifies one ACE of
        an ACL and the precedence order of that ACE with respect to
        other ACEs in the same ACL."
    ::= { qosIpQos 2 }

qosIpAclDefinitionEntry OBJECT-TYPE
    SYNTAX QosIpAclDefinitionEntry
    INDEX { qosIpAclDefinitionId }
    ::= { qosIpAclDefinitionTable 1 }

QosIpAclDefinitionEntry ::=
    SEQUENCE {
        qosIpAclDefinitionId PolicyInstanceId,
        qosIpAclId PolicyInstanceId,
        qosIpAceId PolicyInstanceId,
        qosIpAceOrder Unsigned32
    }

qosIpAclDefinitionId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "Unique ID of this policy rule instance."
    ::= { qosIpAclDefinitionEntry 1 }

qosIpAclId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "An index for this ACL.  There will be one instance of
        the class qosIpAclDefinition with this ID for each ACE in
        the ACL per role combination."
    ::= { qosIpAclDefinitionEntry 2 }

qosIpAceId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "This attribute specifies the ACE in the qosIpAceTable that
        is in the ACL specified by qosIpAclId at the position
        specified by qosIpAceOrder."
    ::= { qosIpAclDefinitionEntry 3 }





Expires August 1999                                            [Page 18]


Draft                          Initial PIB                 February 1999


qosIpAceOrder OBJECT-TYPE
    SYNTAX Unsigned32
    DESCRIPTION
        "The precedence order of this ACE.  The precedence order
        determines the position of this ACE in the ACL.  An ACE with
        a given precedence order is positioned in the access control
        list before one with a higher-valued precedence order."
    ::= { qosIpAclDefinitionEntry 4 }


-- The ACL Action Table
--

qosIpAclActionTable OBJECT-TYPE
    SYNTAX QosIpAclActionEntry
    POLICY-ACCESS install
    STATUS current
    DESCRIPTION
        "A class that applies a set of ACLs to interfaces specifying,
        for each interface, the precedence order of the ACL with respect
        to other ACLs applied to the same interface and, for each ACL,
        the action to take for a packet that matches a permit ACE in
        that ACL.  Interfaces are specified abstractly in terms of
        interface roles."
    ::= { qosIpQos 3 }

qosIpAclActionEntry OBJECT-TYPE
    SYNTAX QosIpAclActionEntry
    INDEX { qosIpAclActionId }
    ::= { qosIpAclActionTable 1 }

QosIpAclActionEntry ::=
    SEQUENCE {
        qosIpAclActionId PolicyInstanceId,
        qosIpAclId PolicyInstanceId,
        qosIpAclInterfaceRoles RoleCombination,
        qosIpAclInterfaceDirection INTEGER,
        qosIpAclOrder Unsigned32,
        qosIpAclDscp Dscp
    }

qosIpAclActionId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "An ID to uniquely identify the instance of the class."





Expires August 1999                                            [Page 19]


Draft                          Initial PIB                 February 1999


    ::= { qosIpAclActionEntry 1 }

qosIpAclId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "The ACL associated with this action."
    ::= { qosIpAclActionEntry 2 }

qosIpAclInterfaceRoles OBJECT-TYPE
    SYNTAX RoleCombination
    DESCRIPTION
        "The interfaces to which this ACL applies specified in terms
        of a set of roles."
    ::= { qosIpAclActionEntry 3 }

qosIpAclInterfaceDirection OBJECT-TYPE
    SYNTAX INTEGER { in(0), out(1) }
    DESCRIPTION
        "The direction of packet flow at the interface in question to
        which this ACL applies."
    ::= { qosIpAclActionEntry 4 }

qosIpAclOrder OBJECT-TYPE
    SYNTAX Unsigned32
    DESCRIPTION
        "An integer that determines the precedence order of this ACL in
        the list of ACLs applied to interfaces of the specified role
        combination. An ACL with a given precedence order is positioned
        in the list before one with a higher-valued precedence order."
    ::= { qosIpAclActionEntry 5 }

qosIpAclDscp OBJECT-TYPE
    SYNTAX Dscp
    DESCRIPTION
        "The DSCP to classify the packet with in the event that the
        packet matches an ACE in this ACL and the ACE is a permit."
    ::= { qosIpAclActionEntry 6 }




--
-- QoS Interface Group
--






Expires August 1999                                            [Page 20]


Draft                          Initial PIB                 February 1999


-- This group specifies the configuration of the various interface
-- types including the setting of queueing parameters and the
-- mapping of DSCPs to queues.

qosIfParameters ::= { qosPolicy 4 }


-- The Assignment of DSCPs to queues for each interface type.
--

qosIfDscpAssignmentTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosIfDscpAssignmentEntry
    POLICY-ACCESS install
    STATUS current
    DESCRIPTION
        "The assignment of each DSCP to a queue for each interface
        queue count.  There will be 64 instances of this class for
        each combination of queue count and role combination."
    ::= { qosIfParameters 1 }

qosIfDscpAssignmentEntry OBJECT-TYPE
    SYNTAX QosIfDscpAssignmentEntry
    INDEX { qosIfDscpAssignmentId }
    ::= { qosIfAssignmentTable 1 }

QosIfDscpAssignmentEntry ::=
    SEQUENCE {
        qosIfDscpAssignmentId PolicyInstanceId,
        qosIfDscpRoles RoleCombination,
        qosIfQueueCount QosInterfaceQueueCount,
        qosIfDscp Dscp,
        qosIfQueue INTEGER
        }

qosIfDscpAssignmentId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "An ID to uniquely identify the instance of the class."
    ::= { qosIfAssignmentEntry 1 }

qosIfDscpRoles OBJECT-TYPE
    SYNTAX RoleCombination
    DESCRIPTION
        "The role combination the interface must be configured with."
    ::= { qosIfAssignmentEntry 2 }





Expires August 1999                                            [Page 21]


Draft                          Initial PIB                 February 1999


qosIfQueueCount OBJECT-TYPE
    SYNTAX QosInterfaceQueueCount
    DESCRIPTION
        "This row applies only to interfaces that have as many queues
        as specified by this attribute."
    ::= { qosIfAssignmentEntry 3 }

qosIfDscp OBJECT-TYPE
    SYNTAX Dscp
    DESCRIPTION
        "The DSCP to which this row applies."
    ::= { qosIfAssignmentEntry 4 }

qosIfQueue OBJECT-TYPE
    SYNTAX INTEGER
    DESCRIPTION
        "The queue to be used for packets which have this DSCP.
        It must be in the range 1 through qosIfQueueCount."
    ::= { qosIfAssignmentEntry 5 }


-- Weights for interfaces that support WRR.
--

qosIfWeightsTable OBJECT-TYPE
    SYNTAX SEQUENCE OF QosIfWeightsEntry
    POLICY-ACCESS install
    STATUS current
    DESCRIPTION
        "A class of scheduling weights for each queue of an interface
        that supports weighted round robin scheduling.
    ::= { qosIfParameters 2 }

qosIfWeightsEntry OBJECT-TYPE
    SYNTAX QosIfWeightsEntry
    INDEX { qosIfWeightsId }
    ::= { qosIfWeightsTable 1 }

QosIfWeightsEntry ::=
    SEQUENCE {
        qosIfWeightsId PolicyInstanceId,
        qosIfWeightsRoles RoleCombination,
        qosIfWeightsNumQueues QosInterfaceQueueCount,
        qosIfWeightsQueue INTEGER,
        qosIfWeightsDrainSize INTEGER,





Expires August 1999                                            [Page 22]


Draft                          Initial PIB                 February 1999


        qosIfWeightsQueueSize INTEGER,
        }

qosIfWeightsId OBJECT-TYPE
    SYNTAX PolicyInstanceId
    DESCRIPTION
        "An ID to uniquely identify the instance of the class."
    ::= { qosIfWeightsEntry 1 }

qosIfWeightsRoles OBJECT-TYPE
    SYNTAX RoleCombination
    DESCRIPTION
        "The role combination the interface must be configured with."
    ::= { qosIfWeightsEntry 2 }

qosIfWeightsNumQueues OBJECT-TYPE
    SYNTAX QosInterfaceQueueCount
    DESCRIPTION
        "The value of the weight in this PRI applies only to
        interfaces with the number of queues specified by this
        attribute."
    ::= { qosIfWeightsEntry 3 }

qosIfWeightsQueue OBJECT-TYPE
    SYNTAX INTEGER
    DESCRIPTION
        "The queue to which the weight applies"
    ::= { qosIfWeightsEntry 4 }

qosIfWeightsDrainSize OBJECT-TYPE
    SYNTAX INTEGER
    DESCRIPTION
        "The maximum number of bytes that may be drained from the
        queue in one cycle.  The percentage of the bandwidth allocated
        to this queue can be calculated from this attribute and the
        sum of the drain sizes of all the queues of the interface.

        For an interface that uses priority queueing, the drain size
        specifies the queue priority.  The higher the drain size the
        higher the priority."
    ::= { qosIfWeightsEntry 5 }

qosIfWeightsQueueSize OBJECT-TYPE
    SYNTAX INTEGER
    DESCRIPTION





Expires August 1999                                            [Page 23]


Draft                          Initial PIB                 February 1999


        "The size of the queue in bytes.  Some devices set queue size
        in terms of packets.  These devices must calculate the queue
        size in packets by assuming an average packet size suitable
        for the particular interface.

        Some devices have a fixed size buffer to be shared among all
        queues.  These devices must allocate a fraction of the
        total buffer space to this queue calculated as the the ratio
        of the queue size to the sum of the queue sizes for the
        interface."
    ::= { qosIfWeightsEntry 6 }


END




































Expires August 1999                                            [Page 24]


Draft                          Initial PIB                 February 1999


8.  Security Considerations

The information contained in a PIB when transported by the COPS protocol
[COPS-PR] may be sensitive, and its function of provisioning a PEP
requires that only authorized communication take place.  The use of
IPSEC between PDP and PEP, as described in [COPS], provides the
necessary protection against these threats.


9.  Intellectual Property Considerations

The IETF is being notified of intellectual property rights claimed in
regard to some or all of the specification contained in this docu- ment.
For more information consult the online list of claimed rights.

10.  Authors' Addresses

     Michael Fine
     Cisco Systems, Inc.
     170 West Tasman Drive
     San Jose, CA  95134-1706 USA
     Phone: +1 408 527 8218
     Email: mfine@cisco.com

     Keith McCloghrie
     Cisco Systems, Inc.
     170 West Tasman Drive
     San Jose, CA  95134-1706 USA
     Phone: +1 408 526 5260
     Email: kzm@cisco.com

     Scott Hahn
     Intel
     2111 NE 25th Avenue
     Hillsboro, OR 97124 USA
     503.264.8231
     Email: scott.hahn@intel.com

     Kwok Ho Chan
     Nortel Networks, Inc.
     600 Technology Park Drive
     Billerica, MA 01821 USA
     Phone: (978) 916-8175
     Email: khchan@nortelnetworks.com






Expires August 1999                                            [Page 25]


Draft                          Initial PIB                 February 1999


     Andrew Smith
     Extreme Networks
     10460 Bandley Drive
     Cupertino CA 95014 USA
     +1 (408) 342 0999
     Email: andrew@extremenetworks.com


11.  References

[COPS]  J. Boyle, R. Cohen, D. Durham, S. Herzog, R. Rajan, A. Sastry,
        "The COPS (Common Open Policy Service) Protocol"
        Internet-Draft, draft-ietf-rap-cops-06.txt, February 1999.

[COPS-PR] R. Yavatkar, K. McCloghrie, S. Herzog, F. Reichmeyer,
        D. Durham, K. Chan, S. Gai, "COPS Usage for Policy
        Provisioning", draft-sgai-cops-provisioning-00.txt,
        February 1999.

[QOS-POL] S. Gai, J. Strassner, D. Durham, S. Herzog, H. Mahon,
        F. Reichmeyer, "QoS Policy Framework Architecture",
        draft-sgai-policy-framework-00.txt, February 1999.

[SNMP-SMI] SNMPv2 Working Group, J. Case, K. McCloghrie, M. Rose,
        S. Waldbusser, "Structure of Management Information for
        Version 2 of the Simple Network Management Protocol (SNMPv2)",
        RFC 1902, January 1996.























Expires August 1999                                            [Page 26]


Draft                          Initial PIB                 February 1999


Table of Contents


1 Glossary ........................................................    2
2 Introduction ....................................................    2
3 Mapping the PIB to a MIB ........................................    3
4 ACEs and ACLs ...................................................    3
5 Roles ...........................................................    4
6 Summary of the PIB ..............................................    5
7 PIB Definitions .................................................    6
8 Security Considerations .........................................   25
9 Intellectual Property Considerations ............................   25
10 Authors' Addresses .............................................   25
11 References .....................................................   26




































Expires August 1999                                            [Page 27]