PPVPN WG                                           Yacine El Mghazli
   Internet Draft                                               Alcatel

   <draft-yacine-ppvpn-2547bis-pib-02.txt>                 Kwok Ho Chan
   Expires: August 2003                                 Nortel Networks

                                                          February 2003




                   BGP/MPLS VPN Policy Information Base



Status of this Memo


   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026 [STD].

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress".

   The list of current Internet-Drafts can be accessed at
        http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at
        http://www.ietf.org/shadow.html.


Abstract

   This document describes a Policy Information Base (PIB) for a device
   implementing the BGP/MPLS VPN [2547bis] Architecture. The
   Provisioning Classes defined here provide policy control of resources
   implementing the BGP/MPLS VPN Architecture. These Provisioning
   Classes can be used with other non BGP/MPLS VPN Provisioning Classes
   (defined in other PIBs) to provide for a comprehensive policy
   controlled mapping of service requirements to device resource
   capability and usage.






El Mghazli, et al.      Expires - August 2003                [Page 1]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Table of Contents


   1. Glossary.......................................................3
   2. Introduction...................................................3
   3. Relationship to the MPLS VPN MIB...............................4
   4. Assumptions and Prerequisites..................................4
   5. Operational Overview...........................................5
      5.1 Features List..............................................5
      5.2 Roles usage with the 2547bis PIB...........................5
   6. PIB overview...................................................6
      6.1 Capabilities Group.........................................6
      6.2 Policy Group...............................................7
      6.3 FeedBack Group.............................................8
   7. PIB Usage Example..............................................9
   8. BGP/MPLS VPN PIB Definition...................................12
      8.1 The BGP/MPLS VPN PIB......................................12
   9. Subject Category Considerations...............................30
   10. Intellectual Property Considerations.........................31
   11. IANA Considerations..........................................31
   Security Considerations..........................................31
   Normative References.............................................31
   Acknowledgments..................................................33
   Author's Addresses...............................................33
   Full Copyright Statement.........................................35




















El Mghazli, et al.      Expires - August 2003                [Page 2]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


1. Glossary

   PRC   Provisioning Class. A type of policy data.
   PRI   Provisioning Instance. An instance of a PRC.
   PIB   Policy Information Base. The database of policy information.
   PDP   Policy Decision Point. See [RAP-FRWK].
   PEP   Policy Enforcement Point. See [RAP-FRWK].
   PRID  Rovisioning Instance Identifier. Uniquely identifies an
         instance of a PRC.
   PE    Provider Edge. See [2547bis].
   CE    Customer Edge. See [2547bis].
   RR    Route Reflector. See [2547bis].
   VRF   Virtual Routing and Forwarding. See [2547bis].
   ORF   Outbound Route Filtering. See [2547bis].


2. Introduction

   [SPPI] describes a structure for specifying policy information that
   can then be transmitted to a network device for the purpose of
   configuring policy at that device. The model underlying this
   structure is one of well-defined provisioning classes and instances
   of these classes residing in a virtual information store called the
   Policy Information Base (PIB).

   This document specifies a set of provisioning classes specifically or
   configuring BGP/MPLS VPN services in the service provider devices (PE
   routers).

   One way to provision policy is by means of the COPS protocol [COPS]
   with the extensions for provisioning [COPS-PR]. This protocol
   supports multiple clients, each of which may provision policy for a
   specific policy domain such as VPNs. The PRCs defined in this
   BGP/MPLS VPN PIB are intended for use by the COPS-PR PPVPN client-
   type [COPS-PPVPN]. Furthermore, these PRCs are in addition to any
   other PIBs that may be defined for the PPVPN client type in the
   future, as well as the PRCs defined in the Framework PIB [FR-PIB] and
   the Feedback Framework PIB [FEED-PIB].

   The COPS-PR protocol offers significant advantages when dealing with
   dynamic configuration and when compared to traditional management
   solutions. Moreover, dynamic VPN resource assignment is crucial to
   cope with the frequent changes requests from customer's (e.g., sites
   joining or leaving a VPN), as well as to achieve scalability. The PEs
   should be able to dynamically assign the VPN resources. This
   capability is especially important for temporary access VPN services.





El Mghazli, et al.      Expires - August 2003                [Page 3]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


3. Relationship to the MPLS VPN MIB

   The present version of the BGP/MPLS VPN PIB has been designed to be
   as close as possible to the MPLS VPN MIB [MPLS-VPN-MIB] for
   consistency purposes.

   However, in order to take advantage of the specifics of SPPI and
   COPS-PR in general, the BGP/MPLS VPN PIB has its own structure and
   data organization.


4. Assumptions and Prerequisites

   It is assumed that certain things are configured and operational
   inorder for the tables and objects described in this PIB to
   workcorrectly. These things are outlined below:

     . Customer Visible Routing:
     Routing protocols running on the customer interface (between PE
     routers and CE devices) must be configurable per VRF. To this end,
     the service provider may use any of the management solutions such
     SNMP with the routing protocols MIBs.

     . Routing across the SP backbone:
     The MP-iBGP mechanisms specific to BGP/MPLS VPNs are assumed to be
     configured and operational in order for PEs to exchange their
     routes. To this end, the service provider may use any of the
     management solutions such as SNMP with the BGP4 specific MIB,
     namely [BGP4-MIB].

     Then the BGP/MPLS mechanisms are in charge of dynamically
     distribute these routes between sites according to the VPN
     policies contained in the present PIB.

     . VPN Tunneling and QoS:
     MPLS in general, must be configured and operational. To this end,
     the service provider may use any of the management solutions such
     as SNMP with the MPLS specific MIBs, namely [LSR-MIB], [FTN-MIB]
     or [TE-MIB].

     The LSPs establishment between PEs within the service provider
     network is out of the scope of this document. It is the service
     provider's responsibility to establish internal LSPs in order to
     connect its PEs or RRs together. The LSPs can be either best-
     effort or QoS-aware, traffic engineered or not, etc.

     In the case of hierarchical and recursive VPNs, the LSPs
     establishment on the PE-CE interface is also out of the scope of
     this document.


El Mghazli, et al.      Expires - August 2003                [Page 4]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



     This requires coordination of identifiers of tunnels, hierarchical
     tunnels, VPNs, and any associated service information, for
     example, a QoS service. This is an implementation concern.

     . Underlying infrasructure:
     The configuration of a VPN must be coordinated with the
     configuration of the underlying infrastructure, including Layer 1
     and 2 networks interconnecting components of a PPVPN. This is out
     of the scope of this document.


5. Operational Overview

5.1 Features List

   BGP/MPLS VPN management supports configuration of intranet and
   extranet membership. COPS-PR enables VPN service creation,
   configuration, monitoring and deletion. It supports the 'VPN join'
   and 'VPN prune' operations dynamically.

   BGP/MPLS VPN configuration using COPS-PR enables dynamic provisioning
   of resources associated with VPN services. For example, the number
   and size of VRF instances is provisionable.

   The PIB supports BGP/MPLS VPN service as Enterprise VPN, Carrier's
   Carrier VPN (a.k.a. hierachical VPNs), or Inter/Multi-provider
   Backbone VPN (a.k.a. recursive VPNs).

   The PIB supports the maintenance and troubleshooting of BGP/MPLS
   VPNs.

   The PIB supports BGP/MPLS VPNs that are configured on a particular
   physical interface or sub-interface if the interface can be divided
   (e.g. Frame Relay, ATM, or Ethernet VLAN) by the router.

   COPS-PR must be supported by PE routers and the present PIB shall be
   used to configure and maintain one or more VPN Routing and Forwarding
   Tables (VRFs).

   The BGP/MPLS VPN PIB enables the monitoring of some specific
   parameters for usage feedback purposes.


5.2 Roles usage with the 2547bis PIB

   According to [FR-PIB], roles provide a way to bind policy to
   interfaces without having to explicitly identify interfaces in a
   consistent manner across all network devices. That is, roles provide


El Mghazli, et al.      Expires - August 2003                [Page 5]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


   a level of indirection to the application of a set of policies to
   specific interfaces. This separates the policy definition from device
   implementation specific interface identification. Furthermore, if the
   same policy is being applied to several interfaces, that policy need
   be pushed to the device only once, rather than once per interface, as
   long as the interfaces are configured with the same role combination.

   When using the BGP/MPLS VPN PIB, the manager SHOULD set the roles
   according to interfaces VPN membership. The role combination of a
   customer interface must correspond to the VPNs it belongs to.

   Hence, the PEP interprets this information and connect interfaces to
   VRFs accordingly. But such an interpretation is an implementation
   concern, hence it is out of the scope of the present document.


6. PIB overview

   This PIB is structured based on the need to configure the VRFs
   realizing a VPN among the different PE routers, and the
   parameterization of these VRFs.

   In addition, the PIB includes tables describing the capabilities and
   limitations of the device using a general extensible framework [FR-
   PIB]. These tables are reported to the PDP and assist the PDP with
   the configuration of VRFs that can be instantiated by the device.

   Finally, this PIB offers feedback tables in order for the PEP to
   monitor, record and report specific information. These tables are
   reported periodically to the PDP based on selection criteria set by
   the PDP itself. This feedback mechanism follows the feedback
   extensible framework [FEED-FRWK].

   The 3 groups are summarized below in this section.


6.1 Capabilities Group

   This group consists of PRCs to indicate to the PDP the types of
   interface supported on the PEP in terms of their BGP/MPLS VPN
   capabilities (MPLS support, interface type with respect to the
   BGP/MPLS VPN mechanisms) and PRCs to indicate the device routing
   capabilities. This group describes capabilities in terms of the types
   of interfaces and general routing capabilities of the device. The
   framework PIB [FR-PIB] provides a general extensible framework for
   defining the capabilities and limitations of the elements listed
   above. The capability tables allow intelligent configuration of the
   elements by a PDP.



El Mghazli, et al.      Expires - August 2003                [Page 6]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


     . Routing Capabilities:
     This table represents routing capabilities of the device (PE) in
     terms of protocol support, maximum number of routes and maximum
     number of VRFs in the PE. The configuration of VRFs in the PE must
     be according to these values.

     . Interfaces Capabilities:
     This table represents PE customer interfaces capabilities
     essentially in terms of MPLS support. An interface can either
     support MPLS, MPLS TE tunnels or even not support MPLS at all.


6.2 Policy Group

   This group contains configuration of the functional elements that
   comprise the BGP/MPLS VPN route distribution policy that applies to a
   device. This group contains VRFs, Route Targets, interfaces and ORF
   peers. This group takes configuration in terms of interface types and
   role combinations [FR-PIB]; it does not deal with individual
   interfaces on the device.

     . VRF Table:
     This table specifies BGP/MPLS VPN VRF Table associated
     information. Entries in this table define VRF routing instances
     associated with BGP/MPLS VPN interfaces or sub-interfaces. A
     specific Route Distinguisher is affected to each VRF in each PE.
     The whole pool of RDs is managed by the PDP.

     . Route Target Table:
     This table contains the objects necessary to configure and monitor
     route targets for a particular VRF. According to BGP/MPLS VPN
     framework [2547bis], the configuration of import and export route
     targets realize topological route distribution policies and, as a
     consequence, the so-called VPNs.

     . Interface Table:
     This table contains configuration information related to customer
     interfaces participating in BGP/MPLS VPNs. This table takes
     configuration in terms of interface index, referencing the Role
     Combination rows [FR-PIB].

     . Outbound Route Filtering Peer Table:
     Outbound Route Filtering resolve a scalability issue of BGP/MPLS
     VPN mechanism, they enables a PE to know among all the BGP peers
     which PE might exchange VPN membership and routing information
     with. This is a network management level information, based on
     backbone topological information. [BGP-ORF] offers a distributed
     way to deal with ORFs and the ORF table here offers a centralized
     way to build ORFs.


El Mghazli, et al.      Expires - August 2003                [Page 7]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



     This class contains the actual BGP peers of the device among all
     the provider PEs. Based on the information contained in this
     table, the PE implementation can build BGP ORFs. In case the PE
     routers uses BGP to exchange ORF capabilities [BGP-ORF], this
     table should be ignored and each PE router is a potential BGP
     peer.

6.3 FeedBack Group

   According to the framework of COPS-PR policy usage feedback [FEED-
   FRWK], there are three basic types of policy used to define what the
   PEP is to monitor, record and report. These are the selection
   criteria policy, the usage policy and the feedback report linkage
   policy.

   The selection criteria policy is installed by the PDP. It defines the
   conditions used by the PEP to monitor and record a usage policy. The
   selection criteria policy may only be used for defining usage
   feedback selection criteria.

   The usage policy defines what attributes are monitored and recorded
   by the PEP. The usage policies specify counts related to a specific
   action such as routes being added in a VRF. The PDP decides which
   PRC(s) best suit(s) its requirements. The PEP may support multiple
   usage feedback PRCs. The PDP then decides which PRC to associate with
   a particular selection criterion.

   A usage feedback policy and selection policy are tightly associated
   with one another. A third policy, the frwkFeedbackLinkTable, is used
   to associate, or provide a linkage for the selection and usage
   policies. The frwkFeedbackLinkTable [FEED-PIB] also specifies when to
   report the usage feedback. The frwkFeedbackLinkTable entry permits
   the same selection criteria instance to be re-used for various usage
   feedback policies. The frwkFeedbackLinkTable contains the value of
   the selection criteria instance as well as contains the value of the
   usage feedback PRC.

   The PDP is not aware of the instance identifier of the usage feedback
   policy when installing the selection criteria and feedback linkage
   policies. The usage feedback policy is instantiated on the PEP by the
   installation of a feedback report linkage and the PEP designates the
   instance identifier. The usage feedback policy class always contains
   an attribute of type ReferenceId that contains the instance value of
   the associated frwkFeedbackLinkTable instance installed by the PDP.

     . Usage Tables:




El Mghazli, et al.      Expires - August 2003                [Page 8]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


     Route Count: This table contain counters of routes hold by a VRF.
     The aim of this table is to trigger alarms when the maximum number
     of routes for a given VRF is nearly exceeded.

     Label Count: This table contain counters of labels illegally
     received by a VRF. It is used in the case of interprovider VPNs
     for PE routers to notify the management system that a given VRF
     receives packets with non-affected labels for interdomain routes.

     . Threshold Table:
     This table contains the thresholds which triggers a report of the
     counters of either routes or labels.

     . Selection Table:
     In the present PIB, this class identifies a VRF to collect usage
     information from.


7. PIB Usage Example


   Below is an example of a fulfilled BGP/MPLS VPN PIB. The example
   given in this section aims at realizing the following configuration
   in a PE router:

                         +------------------+
            +-           | +---+   +----+   |ospf
            | ~~~~~~~~~~~| | M |   |VRF |---+----IF1 (intranet VPN1)
            |            | | P |---|  1 |---+----IF2 (intranet VPN1)
            |            | |   |   +----+   |eBGP
            | ~~~~~~~~~~~| | i |   +----+   |
   backbone |            | | B |---|VRF |---+----IF3 (intranet VPN1 &
     LSPs   |            | | G |   |  2 |   |static   extranet VPN2)
            | ~~~~~~~~~~~| | P |   +----+   |
            |            | |   |   +----+   |
            |            | | 4 |---|VRF |---+----IF4 (inter-SP VPN3)
            | ~~~~~~~~~~~| |   |   |  3 |   |eBGP
            +-           | +---+   +----+   |
                         +------------------+

                Figure 1. PE router example configuration


   -- Local settings:

   The following tables are BGP/MPLS VPN specific. They give an example
   of the routing and interface capabilities for a particular device
   (PE). These information are sent to the PDP mainly at the beginning
   of the session.


El Mghazli, et al.      Expires - August 2003                [Page 9]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



      ppvpn2547RoutingCapsTable
      {
         Prid=1, DistProtocol=eBGP+OSPF, MaxRoutes=500.000, MaxVrfs=500,
           BgpOrf = False;
      }

      ppvpn2547IfCapsTable
      {
         Prid=1, TunnelSupport=mplsTunnel;
         Prid=2, TunnelSupport=mpls;
         Prid=3, TunnelSupport=none;
      }


   -- Framework PIB:

   The following tables are defined in the generic framework PIB [FR-
   PIB]. The PRIs are set by the PDP and sent to the PEP for consistent
   later configuration.

   The framework Capability Set table defines the different interface
   types in terms of the BGP/MPLS VPN capabilities.

      frwkIfCapSetTable
      {
         Prid=1, Name="MPLS", Capability=ppvpn2547IfCaps.2;
         Prid=2, Name="NONE", Capability=ppvpn2547IfCaps.3;
         Prid=3, Name="MPLS",  Capability=ppvpn2547IfCaps.1;
      }

   The framework Role Combination table informs on which interface type
   each interface belongs to and also affect roles to each interface.
   The role affected to each interface SHOULD correspond to the VPN
   membership, as shown in the example bellow:

      frwkIfRoleComboTable
      {
         Prid=1, Roles=VPN1,      CapSetName="MPLS", IfIndex=1;
         Prid=2, Roles=VPN1,      CapSetName="NONE", IfIndex=2;
         Prid=3, Roles=VPN1+VPN2, CapSetName="MPLS", IfIndex=3;
         Prid=4, Roles=VPN3,      CapSetName="MPLS", IfIndex=4;   }

   Do note that two interfaces (IF1 & IF2), corresponding to two
   distinct sites    can belong to the same VPN and be connected to two
   distinct VRF.


   -- BGP/MPLS VPN PIB:


El Mghazli, et al.      Expires - August 2003               [Page 10]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



   The following tables are also BGP/MPLS VPN specific and realize
   routes distribution policies between sites. For further details about
   each PRCs, read the BGP/MPLS VPN PIB definition in the next section.

      ppvpn2547VrfTable{
         Prid=1, Roles=VPN1, VrfId=1,
           Descr="Intranet", RD=XX, MaxRoutes=1000;
         Prid=2, Roles=VPN1+VPN2, VrfId=2,
           Descr="Extranet", RD=YY, MaxRoutes=2000;
         Prid=3, Roles=VPN3, VrfId=3,
           Descr="Carrier's Carrier", RD=ZZ, MaxRoutes=500;
      }

   Do note that the roles enable to link an interface or a set of
   interfaces, according to the VPN membership information.

      ppvpn2547RouteTargetTable{
         Prid=1, Type=both  , VrfId=1, RT="VPN1",
           Decsr="CUG VPN1";
         Prid=2, Type=both  , VrfId=2, RT="VPN1",
           Decsr="CUG VPN1";
         Prid=3, Type=import, VrfId=2, RT="VPN2-Hub",
           Descr="Hub Site VPN2";
         Prid=4, Type=both,   VrfId=3, RT="VPN3",
           Descr="CC CUG VPN3";
      }

      ppvpn2547IfTable{
        Prid=1, IfIndex=1, EdgeType=customerEdge, VpnClassif=enterprise,
           RouteDistProtocol="OSPF";
        Prid=2, IfIndex=2, EdgeType=customerEdge, VpnClassif=enterprise,
           RouteDistProtocol="eBGP";
        Prid=3, IfIndex=3, EdgeType=customerEdge, VpnClassif=enterprise,
           RouteDistProtocol="none";
        Prid=4, IfIndex=4, EdgeType=providerEdge, VpnClassif=cc,
           RouteDistProtocol="eBGP";
      }

      ppvpn2547OrfPeerTable{
         Prid=1, Role=PE, AddrType=Ipv4, Addr=192.123.122.1;
         Prid=2, Role=PE, AddrType=Ipv4, Addr=192.123.145.5;
         Prid=3, Role=RR, AddrType=Ipv4, Addr=192.123.12.34;
         Prid=4, Role=PE, AddrType=Ipv4, Addr=192.156.78.25;
         Prid=5, Role=PE, AddrType=Ipv4, Addr=192.123.9.125;
      }


   -- Feedback


El Mghazli, et al.      Expires - August 2003               [Page 11]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



   The following table is defined in the generic feedback framework PIB
   [FEED-PIB]. These capabilities information are sent to the PDP mainly
   at the beginning of the session.

      frwkFeedbackSelUsageComboCapsTable{
         Id=1, Selection=ppvpn2547Selection,
               Usage=ppvpn2547RouteCountUsage,
               Threshold=ppvpn2547Threshold;
         Id=2, Selection=ppvpn2547Selection,
               Usage=ppvpn2547LabelCountUsage,
               Threshold=ppvpn2547Threshold;
      }

   The following tables are BGP/MPLS VPN specific. The PRIs are set by
   the PDP and sent to the PEP for periodic reporting.

      ppvpn2547SelectionTable{
         Prid=1, Vrf=ppvpn2547Vrf.1;
         Prid=2, Vrf=ppvpn2547Vrf.3;
      }

      ppvpn2547ThresholdTable{
         Prid=1, Thresh=10.000;
      }

   The following table is defined in the generic feedback framework  PIB
   [FEED-PIB]. The PRIs are set by the PDP and sent to the PEP for
   periodic reporting.

      frwkFeedbackLinkTable{
         Id=1, Sel=ppvpn2547Selection.1, Usage=ppvpn2547RouteCountUsage,
           Interval=10, Threshold=ppvpn2547Treshold.1, Flags=threshold;
         Id=2, Sel=ppvpn2547Selection.2, Usage=ppvpn2547LabelCountUsage,
           Interval=20, Threshold=NULL,                Flags=changeOnly;
      }


8. BGP/MPLS VPN PIB Definition

8.1 The BGP/MPLS VPN PIB

      PPVPN-PIB PIB-DEFINITIONS ::= BEGIN

      IMPORTS
          Unsigned32, Integer32, MODULE-IDENTITY, MODULE-COMPLIANCE,
          OBJECT-TYPE, OBJECT-GROUP, pib, TEXTUAL-CONVENTION
                  FROM COPS-PR-SPPI
          InstanceId, TagId, TagReferenceId, ReferenceId


El Mghazli, et al.      Expires - August 2003               [Page 12]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


                  FROM COPS-PR-SPPI-TC
          DisplayString
                  FROM SNMPv2-SMI
          TruthValue
                  FROM SNMPv2-TC
          RoleCombination
                  FROM FRAMEWORK-TC-PIB
          InetAddress, InetAddressType
                  FROM INET-ADDRESS-MIB;


      ppvpn2547PolicyPib  MODULE-IDENTITY
          SUBJECT-CATEGORIES { ppvpn(tbd) } -- PPVPN COPS Client Type
                                            -- to be assigned by IANA
          LAST-UPDATED "200301201800Z"
          ORGANIZATION "IETF PPVPN WG"
          CONTACT-INFO "
                         Yacine El Mghazli
                         Alcatel
                         Route de Nozay
                         F-91460 Marcoussis - FRANCE
                         Phone: +33 1 69 63 41 87
                         Email: yacine.el_mghazli@alcatel.fr

                         Kwok Ho Chan
                         Nortel Networks
                         600 Technology Park Drive
                         Billerica, MA, 01821   USA
                         Phone: +01 978 288 8175
                         Email: khchan@nortelnetworks.com"
          DESCRIPTION
               "The PIB module containing a set of provisioning classes
               that describe provider provisioned virtual private
               networks (PPVPN) policies for BGP/MPLS VPN. It includes
               general classes that may be extended by other PIB
               specifications as well as a set of PIB classes related to
               PPVPNs."
          REVISION "200207011800Z"
          DESCRIPTION
               "Intermediate version -01, published as
                draft-yacine-ppvpn-2547-pib-01.txt, with mainly the
                feedback features added."
          REVISION "200203081800Z"
          DESCRIPTION
               "Initial version, published as
                draft-yacine-ppvpn-2547-pib-00.txt."
          ::= { pib xxx } -- xxx to be assigned by IANA




El Mghazli, et al.      Expires - August 2003               [Page 13]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


   -- BGP/MPLS VPN specific Textual Conventions.

      Ppvpn2547RouteDistinguisher ::= TEXTUAL-CONVENTION
         STATUS        current
         DESCRIPTION
             "Syntax for a route distinguisher."
         SYNTAX  OCTET STRING(SIZE (0..256))

      Ppvpn2547RouteTarget ::= TEXTUAL-CONVENTION
         STATUS        current
         DESCRIPTION
             "Syntax for a route target."
         SYNTAX  OCTET STRING(SIZE (0..256))


   -- BGP/MPLS VPN PIB module

      ppvpn2547CapabilityClasses
         OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 1 }
      ppvpn2547PolicyClasses
         OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 2 }
      ppvpn2547FeedbackClasses
         OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 3 }
      ppvpn2547PibConformance
         OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 4 }


   -- Capabilities Classes

   --
   -- BGP/MPLS VPN PE Routing Capabilities
   --

      ppvpn2547RoutingCapsTable OBJECT-TYPE
          SYNTAX         SEQUENCE OF Ppvpn2547RoutingCapsEntry
          PIB-ACCESS     notify
          STATUS         current
          DESCRIPTION
              "This class represents routing capabilities of a device
               (PE)."
          ::= { ppvpn2547CapabilityClasses 1 }

      ppvpn2547RoutingCapsEntry OBJECT-TYPE
         SYNTAX         Ppvpn2547RoutingCapsEntry
         STATUS         current
         DESCRIPTION
             "An instance of the ppvpn2547RoutingCaps class."
         PIB-INDEX { ppvpn2547RoutingCapsPrid }
         ::= { ppvpn2547RoutingCapsTable 1 }


El Mghazli, et al.      Expires - August 2003               [Page 14]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



      ppvpn2547RoutingCapsEntry ::= SEQUENCE {
              ppvpn2547RoutingCapsPrid           InstanceId,
              ppvpn2547RoutingCapsDistProtocol   BITS,
              ppvpn2547RoutingCapsMaxRoutes      unsigned32,
              ppvpn2547RoutingCapsMaxVrfs        unsigned32,
              ppvpn2547RoutingCapsBgpOrf         TruthValue
      }

      ppvpn2547RoutingCapsPrid OBJECT-TYPE
          SYNTAX         InstanceId
          STATUS         current
          DESCRIPTION
              "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547RoutingCapsEntry 1 }

      ppvpn2547RoutingCapsDistProtocol OBJECT-TYPE
          SYNTAX         BITS { static (0),
                                ebgp   (1),
                                ospf   (2),
                                rip    (3),
                                isis   (4)
          }
          STATUS         current
          DESCRIPTION
              "Denotes the route distribution protocol supported by the
               PE across the PE-CE links. Note that more than one
               routing protocol may be enabled at the same time."
          ::= { ppvpn2547RoutingCapsEntry 2 }

      ppvpn2547RoutingCapsMaxRoutes OBJECT-TYPE
          SYNTAX        Unsigned32
          STATUS        current
          DESCRIPTION
             "Denotes maximum number of routes which this PE is
              able to hold."
          ::= { ppvpn2547RoutingCapsEntry 3 }

      ppvpn2547RoutingCapsMaxVrfs OBJECT-TYPE
          SYNTAX        Unsigned32
          STATUS        current
          DESCRIPTION
             "Denotes maximum number of VRF which this PE is
              able to hold."
          ::= { ppvpn2547RoutingCapsEntry 4 }

      ppvpn2547RoutingCapsBgpOrf OBJECT-TYPE
          SYNTAX        TruthValue


El Mghazli, et al.      Expires - August 2003               [Page 15]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


          STATUS        current
          DESCRIPTION
             "Denotes if the PEP supports Cooperative Route Filtering
              Capability for BGP [BGP-ORF]."
          ::= { ppvpn2547RoutingCapsEntry 5 }


   --
   -- PE Interface Capabilities
   --

      ppvpn2547IfCapsTable OBJECT-TYPE
          SYNTAX         SEQUENCE OF Ppvpn2547IfCapsEntry
          PIB-ACCESS     notify
          STATUS         current
          DESCRIPTION
            " This class represents interfaces capabilities of a device
              (PE) in terms of MPLS support."
          ::= { ppvpn2547CapabilityClasses 2 }

      ppvpn2547IfCapsEntry OBJECT-TYPE
          SYNTAX         Ppvpn2547IfCapsEntry
          STATUS         current
          DESCRIPTION
            "An instance of the ppvpn2547IfCaps class."
          PIB-INDEX { ppvpn2547IfCapsPrid }
          ::= { ppvpn2547IfCapsTable 1 }

      ppvpn2547IfCapsEntry ::= SEQUENCE {
              ppvpn2547IfCapsPrid           InstanceId,
              ppvpn2547IfCapsTunnelSupport  INTEGER,
      }

      ppvpn2547IfCapsPrid OBJECT-TYPE
          SYNTAX         InstanceId
          STATUS         current
          DESCRIPTION
              "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547IfCapsEntry 1 }

      ppvpn2547IfCapsTunnelSupport OBJECT-TYPE
          SYNTAX         INTEGER { none       (0),
                                   mpls       (1),
                                   mplsTunnel (2),
                                   ipsec      (3),
                                   l2tp       (4),
                                   ppp        (5),
                                   atmVc      (6),


El Mghazli, et al.      Expires - August 2003               [Page 16]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


                                   frDlci     (7),
                                   gre        (8),
                                   vLan       (9),
                                   other      (10)
          }       STATUS         current
          DESCRIPTION
              " Denotes the interface type in accordance with [IFMIB]
                which states that the interfaces tables contains
                information on the managed resource's interfaces and
                each sub-layer bellow the internetwork layer interface
                is considered as an interface."
          ::= { ppvpn2547IfCapsEntry 2 }


   -- Policy Classes

   --
   -- BGP/MPLS VPN VRF Table
   --

      ppvpn2547VrfTable OBJECT-TYPE
          SYNTAX       SEQUENCE OF Ppvpn2547VrfEntry
          PIB-ACCESS   install
          STATUS       current
          DESCRIPTION
             "This class specifies BGP/MPLS VPN VRF Table associated
              information. Entries in this table define VRF instances
              associated with MPLS/VPN interfaces. Note that multiple
              interfaces can belong to the same VRF instance."
          ::= { ppvpn2547PolicyClasses 1 }

      ppvpn2547VrfEntry OBJECT-TYPE
          SYNTAX       Ppvpn2547VrfEntry
          STATUS       current
          DESCRIPTION
             "An entry in this table is created by the provider for
              every VRF capable of supporting MPLS/BGP VPN."
          PIB-INDEX {  ppvpn2547VrfPrid }
          UNIQUENESS { ppvpn2547VrfId,
                       ppvpn2547VrfRoles,
                       ppvpn2547VrfRD }
          ::= { ppvpn2547VrfTable 1 }

      ppvpn2547VrfEntry ::= SEQUENCE  {
          ppvpn2547VrfPrid        InstanceId,
          ppvpn2547VrfVpnCombo       RoleCombination,
          ppvpn2547VrfId          TagReferenceId,
          ppvpn2547VrfDescription SnmpAdminString,
          ppvpn2547VrfRD          Ppvpn2547RouteDistinguisher,


El Mghazli, et al.      Expires - August 2003               [Page 17]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


          ppvpn2547VrfMaxRoutes   Unsigned32
      }

      ppvpn2547VrfPrid OBJECT-TYPE
          SYNTAX       InstanceId
          STATUS       current
          DESCRIPTION
             "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547VrfEntry 1 }

      ppvpn2547VrfVpnCombo OBJECT-TYPE
          SYNTAX       RoleCombination
          STATUS       current
          DESCRIPTION
             "The interfaces to which the VRF is attached to,
              specified in terms of roles.  There must exist an entry
              in the frwkIfRoleComboTable [FR-PIB] specifying
              this role combination, together with the interface
              capability set specified by ppvpn2547IfName, prior to
              association with an instance of this class."
          ::= { ppvpn2547VrfEntry 2 }

      ppvpn2547VrfId OBJECT-TYPE
          SYNTAX       TagReferenceId
          PIB-TAG { ppvpn2547RouteTargetVrfId }
          STATUS       current
          DESCRIPTION
             "Identifies a VRF instance."
          ::= { ppvpn2547VrfEntry 3 }

      ppvpn2547VrfDescription OBJECT-TYPE
          SYNTAX        SnmpAdminString
          STATUS        current
          DESCRIPTION
              "The human-readable description of this VRF."
          ::= { ppvpn2547VrfEntry 4 }

      ppvpn2547VrfRD OBJECT-TYPE
          SYNTAX        Ppvpn2547RouteDistinguisher
          STATUS        current
          DESCRIPTION
              "The route distinguisher for this VRF."
          ::= { ppvpn2547VrfEntry 5 }

      ppvpn2547VrfMaxRoutes OBJECT-TYPE
          SYNTAX        Unsigned32
          STATUS        current
          DESCRIPTION


El Mghazli, et al.      Expires - August 2003               [Page 18]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


              "Denotes maximum number of routes which this VRF is
               configured to hold."
          ::= { ppvpn2547VrfEntry 6 }


   --
   -- BGP/MPLS VPN Route Target Table
   --

      ppvpn2547RouteTargetTable OBJECT-TYPE
          SYNTAX        SEQUENCE OF Ppvpn2547RouteTargetEntry
          PIB-ACCESS    install
          STATUS        current
          DESCRIPTION
              "This table specifies per-VRF route target association.
               Each entry identifies a connectivity policy supported as
               part of a VPN."
          ::= { ppvpn2547PolicyClasses 2 }

      ppvpn2547RouteTargetEntry OBJECT-TYPE
          SYNTAX        Ppvpn2547RouteTargetEntry
          STATUS        current
          DESCRIPTION
              "An entry in this table is created for each route target
              configured for a VRF supporting a MPLS/BGP VPN instance."
          PIB-INDEX  { ppvpn2547RouteTargetPrid}
          UNIQUENESS { ppvpn2547RouteTargetVrfId,
                      ppvpn2547RouteTargetType,
                      ppvpn2547RouteTargetPrecedence,
                      ppvpn2547RouteTargetRT
          }
          ::= { ppvpn2547RouteTargetTable 1 }

      ppvpn2547RouteTargetEntry ::= SEQUENCE {
          ppvpn2547RouteTargetPrid       InstanceId,
          ppvpn2547RouteTargetType       INTEGER,
          ppvpn2547RouteTargetVrfId      TagId,
          ppvpn2547RouteTargetRT         Ppvpn2547RouteTarget,
          ppvpn2547RouteTargetDescr      DisplayString
      }

      ppvpn2547RouteTargetPrid OBJECT-TYPE
          SYNTAX       InstanceId
          STATUS       current
          DESCRIPTION
              "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547RouteTargetEntry 1 }



El Mghazli, et al.      Expires - August 2003               [Page 19]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


      ppvpn2547RouteTargetType OBJECT-TYPE
          SYNTAX        INTEGER { import(1),
                                  export(2),
                                  both(3) }
          STATUS        current
          DESCRIPTION
              "The route target distribution type."
          ::= { ppvpn2547RouteTargetEntry 2 }

      ppvpn2547RouteTargetVrfId OBJECT-TYPE
          SYNTAX        TagId
          STATUS        current
          DESCRIPTION
              "A VRF is composed of an import RT list and a export RT
              list. Each RT belonging to the same VRF uses the same VRF
              ID. Hence, a VRF Id identifies which this RT is a part of.
              This needs to be the value of ppvpn2547VrfId attribute for
              an existing instance of ppvpn2547VrfEntry."
      ::= { ppvpn2547RouteTargetEntry 3 }

      ppvpn2547RouteTargetRT OBJECT-TYPE
          SYNTAX        Ppvpn2547RouteTarget
          STATUS        current
          DESCRIPTION
              "The route target value."
          ::= { ppvpn2547RouteTargetEntry 4 }

      ppvpn2547RouteTargetDescr OBJECT-TYPE
          SYNTAX        DisplayString
          STATUS        current
          DESCRIPTION
              "Description of the route target."
          ::= { ppvpn2547RouteTargetEntry 5 }


   --
   -- BGP/MPLS VPN Interface Table
   --

      ppvpn2547IfTable  OBJECT-TYPE
          SYNTAX        SEQUENCE OF Ppvpn2547IfEntry
          PIB-ACCESS    install
          STATUS        current
          DESCRIPTION
              "This table specifies per customer interface configuration
               information ."
          ::= { ppvpn2547PolicyClasses 3 }

      ppvpn2547IfEntry OBJECT-TYPE


El Mghazli, et al.      Expires - August 2003               [Page 20]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


          SYNTAX        Ppvpn2547IfEntry
          STATUS        current
          DESCRIPTION
              "An entry in this table is created for every interface
               type supporting MPLS/BGP VPN. Each entry in this table is
               meant to correspond to an entry in the Interfaces Table."
          PIB-INDEX { ppvpn2547IfPrid }
          UNIQUENESS { ppvpn2547IfRoles,
                       ppvpn2547IfName }
          ::= { ppvpn2547IfTable 1 }

      ppvpn2547IfEntry ::= SEQUENCE {
              ppvpn2547IfPrid               InstanceId,
              ppvpn2547IfIndex              ReferenceId,
              ppvpn2547IfEdgeType           INTEGER,
              ppvpn2547IfVpnClassification  INTEGER,
              ppvpn2547IfRouteDistProtocol  BITS
      }

      ppvpn2547IfPrid OBJECT-TYPE
          SYNTAX       InstanceId
          STATUS       current
          DESCRIPTION
             "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547IfEntry 1 }

      ppvpn2547IfIndex OBJECT-TYPE
          SYNTAX       ReferenceId
          PIB-REFERENCES { frwkRoleCombinationEntry }
          STATUS       current
          DESCRIPTION
             "The interface capability set to configure. The interface
              capability name specified by this attribute must exist in
              the frwkIfCapSetTable [FR-PIB] prior to association with
              an instance of this class."
          ::= { ppvpn2547IfEntry 2 }

      ppvpn2547IfCustomerEdgeType OBJECT-TYPE
          SYNTAX       INTEGER { providerEdge (1)
                                 customerEdge (2)
          }
          STATUS       current
          DESCRIPTION
             " The Customer Edge can be either another Provider Edge
               (PE) in the case of a multi-AS VPN  or a stub Customer
               Edge (CE) in case of an enterprise VPN. Either the
               providerEdge (PE) or customerEdge (CE) bit must be set
               accordingly."


El Mghazli, et al.      Expires - August 2003               [Page 21]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


          ::= { ppvpn2547IfEntry 3 }

      ppvpn2547IfVpnClassification OBJECT-TYPE
          SYNTAX        INTEGER { enterprise (1),
                                  cc (2),
                                  interProviderOption1 (3)
                                  interProviderOption2 (4)
                                  interProviderOption3 (5)
          }
          STATUS        current
          DESCRIPTION
              "Denotes which VPN scenario this PE-CE link participates
               in:
                 - enterprise
                 - carrier's carrier
                 - inter-provider option 1 (VRF-to-VRF connections)
                 - inter-provider option 2 (MP-eBGP redistribution)
                 - inter-provider option 3 (multi-hop MP-eBGP)"
          ::= { ppvpn2547IfEntry 4 }

      ppvpn2547IfRouteDistProtocol OBJECT-TYPE
          SYNTAX        BITS { none  (0),
                               ebgp  (1),
                               ospf  (2),
                               rip   (3),
                               isis  (4)
          }
          STATUS        current
          DESCRIPTION
              "Denotes the route distribution protocol across the
               customer interface protocol. Note that more than one
               routing protocol may be enabled at the same time.
               Moreover, according to [2547bis], in the case this
               interface participates in a hierarchical (CsC) or
               recursive (multi-AS) VPN, the routing protocol accross
               this PE-CE link must be eBGP."
          ::= { ppvpn2547IfEntry 5 }


   --
   -- BGP/MPLS VPN ORF Peer Table
   --

      ppvpn2547OrfPeerTable OBJECT-TYPE
          SYNTAX        SEQUENCE OF Ppvpn2547OrfPeerEntry
          PIB-ACCESS    install
          STATUS        current
          DESCRIPTION
              "Each entry in this table specifies a iBGP peer of the


El Mghazli, et al.      Expires - August 2003               [Page 22]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


               device."
          ::= { ppvpn2547PolicyClasses 4 }

      ppvpn2547OrfPeerEntry OBJECT-TYPE
          SYNTAX        Ppvpn2547OrfPeerEntry
          STATUS        current
          DESCRIPTION
              "An entry in this table is created by the PDP for
               every distinct PE which may exchange VPN membership and
               reachability in formation with the device."
          PIB-INDEX  { ppvpn2547OrfPeerPrid }
          UNIQUENESS { ppvpn2547OrfPeerAddrType,
                       ppvpn2547OrfPeerAddr
          }
          ::= { ppvpn2547OrfPeerTable 1 }

      ppvpn2547OrfPeerEntry ::= SEQUENCE {
              ppvpn2547OrfPeerPrid         InstanceId,
              ppvpn2547OrfPeerRole         INTEGER,
              ppvpn2547OrfPeerAddrType     InetAddressType,
              ppvpn2547OrfPeerAddr         InetAddress
      }

      ppvpn2547OrfPeerPrid OBJECT-TYPE
          SYNTAX        InstanceId
          STATUS        current
          DESCRIPTION
               "An arbitrary integer index that uniquely identifies an
               instance of the class."
          ::= { ppvpn2547OrfPeerEntry 1 }

      ppvpn2547OrfPeerRole OBJECT-TYPE
          SYNTAX        INTEGER { pe(1),
                                  rr(2)
          }
          STATUS        current
          DESCRIPTION
              "Denotes the role played by this BGP peer. rr(0) stands
               for Route Reflector, pe(1) stands for Provider Edge"
          ::= { ppvpn2547OrfPeerEntry 2 }

      ppvpn2547OrfPeerAddrType  OBJECT-TYPE
          SYNTAX        InetAddressType
          STATUS        current
          DESCRIPTION
              "Denotes the address family of the PE address."
          ::= { ppvpn2547OrfPeerEntry 3 }

      ppvpn2547OrfPeerAddr  OBJECT-TYPE


El Mghazli, et al.      Expires - August 2003               [Page 23]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


          SYNTAX        InetAddress
      STATUS        current
      DESCRIPTION
          "Denotes the EBGP neighbor address."
      ::= { ppvpn2547OrfPeerEntry 4 }


   -- BGP/MPLS VPN Feedback Classes

   --
   -- BGP/MPLS VPN Route Count Usage Table
   --

      ppvpn2547RouteCountUsageTable OBJECT-TYPE
          SYNTAX       SEQUENCE OF Ppvpn2547RouteCountUsageEntry
          PIB-ACCESS   report-only
          STATUS       current
          DESCRIPTION
             "This class defines the usage attributes that the PEP is to
              monitor for VRFs. All routes hold by the VRF are counted.
              It also contains the PRID of the linkage instance
              associating the selection criteria with the usage
              instance."
          ::= { ppvpn2547FeedbackClasses 1 }

      ppvpn2547RouteCountUsageEntry OBJECT-TYPE
          SYNTAX       Ppvpn2547RouteCountUsageEntry
          STATUS       current
          DESCRIPTION
             "Defines the attributes the PEP is to monitor, record and
              report."
          PIB-INDEX {  ppvpn2547RouteCountUsagePrid }
          UNIQUENESS { ppvpn2547RouteCountUsageLinkRefId }
          ::= { ppvpn2547RouteCountUsageTable 1 }

      ppvpn2547RouteCountUsageEntry ::= SEQUENCE  {
          ppvpn2547RouteCountUsagePrid        InstanceId,
          ppvpn2547RouteCountUsageLinkRefId   ReferenceId,
          ppvpn2547RouteCountUsageCount       Counter32
      }

      ppvpn2547RouteCountUsagePrid OBJECT-TYPE
          SYNTAX       InstanceId
          STATUS       current
          DESCRIPTION
             "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547RouteCountUsageEntry 1 }



El Mghazli, et al.      Expires - August 2003               [Page 24]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


      ppvpn2547RouteCountUsageLinkRefId OBJECT-TYPE
          SYNTAX       ReferenceId
          PIB-REFERENCES { frwkFeedBackLinkEntry }
          STATUS       current
          DESCRIPTION
             "The ReferenceId of the Linkage Policy instance used to
              base this usage policy instance upon."
          ::= { ppvpn2547RouteCountUsageEntry 2 }

      ppvpn2547RouteCountUsageCount OBJECT-TYPE
          SYNTAX       Counter32
          STATUS       current
          DESCRIPTION
             "The count of Routes hold by the assocuiated VRF during the
              reporting interval."
          ::= { ppvpn2547RouteCountUsageEntry 3 }


   --
   -- BGP/MPLS VPN Label Count Usage Table
   --

      ppvpn2547LabelCountUsageTable OBJECT-TYPE
          SYNTAX       SEQUENCE OF Ppvpn2547LabelCountUsageEntry
          PIB-ACCESS   report-only
          STATUS       current
          DESCRIPTION
             "This class defines the usage attributes that the PEP is to
              monitor for VRFs. All labels illegally received by the VRF
              are counted. It also contains the PRID of the linkage
              instance associating the selection criteria with the usage
              instance."
          ::= { ppvpn2547FeedbackClasses 2 }

      ppvpn2547LabelCountUsageEntry OBJECT-TYPE
          SYNTAX       Ppvpn2547LabelCountUsageEntry
          STATUS       current
          DESCRIPTION
             "Defines the attributes the PEP is to monitor, record and
              report."
          PIB-INDEX {  ppvpn2547LabelCountUsagePrid }
          UNIQUENESS { ppvpn2547LabelCountUsageLinkRefId }
          ::= { ppvpn2547LabelCountUsageTable 1 }

      ppvpn2547LabelCountUsageEntry ::= SEQUENCE  {
          ppvpn2547LabelCountUsagePrid        InstanceId,
          ppvpn2547LabelCountUsageLinkRefId   ReferenceId,
          ppvpn2547LabelCountUsageCount       Counter32
      }


El Mghazli, et al.      Expires - August 2003               [Page 25]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



      ppvpn2547LabelCountUsagePrid OBJECT-TYPE
          SYNTAX       InstanceId
          STATUS       current
          DESCRIPTION
             "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547LabelCountUsageEntry 1 }

      ppvpn2547LabelCountUsageLinkRefId OBJECT-TYPE
          SYNTAX       ReferenceId
          PIB-REFERENCES { frwkFeedBackLinkEntry }
          STATUS       current
          DESCRIPTION
             "The ReferenceId of the Linkage Policy instance used to
              base this usage policy instance upon."
          ::= { ppvpn2547LabelCountUsageEntry 2 }

      ppvpn2547LabelCountUsageCount OBJECT-TYPE
          SYNTAX       Counter32
          STATUS       current
          DESCRIPTION
             "The count of labels illegally received by the associated
              VRF during the reporting interval."
          ::= { ppvpn2547LabelCountUsageEntry 3 }

   --
   -- BGP/MPLS VPN Threshold Table
   --

      ppvpn2547ThresholdTable OBJECT-TYPE
          SYNTAX       SEQUENCE OF Ppvpn2547ThresholdEntry
          PIB-ACCESS   install
          STATUS       current
          DESCRIPTION
             "This class defines the threshold attributes corresponding
              to usage attributes specified in the
              ppvpn2547RouteCountUsageTable and
              ppvpn2547LabelCountUsageTable classes."
          ::= { ppvpn2547FeedbackClasses 3 }

      ppvpn2547ThresholdEntry OBJECT-TYPE
          SYNTAX       Ppvpn2547ThresholdEntry
          STATUS       current
          DESCRIPTION
             "Defines the attributes to hold thershold values."
          PIB-INDEX { ppvpn2547ThresholdPrid }
          ::= { ppvpn2547ThresholdTable 1 }



El Mghazli, et al.      Expires - August 2003               [Page 26]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


      ppvpn2547ThresholdEntry ::= SEQUENCE  {
          ppvpn2547ThresholdPrid    InstanceId,
          ppvpn2547ThresholdThresh  Unsigned32
      }

      ppvpn2547ThresholdPrid OBJECT-TYPE
          SYNTAX       InstanceId
          STATUS       current
          DESCRIPTION
             "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547ThresholdEntry 1 }

      ppvpn2547ThresholdThresh OBJECT-TYPE
          SYNTAX       Unsigned32
          STATUS       current
          DESCRIPTION
             "The threshold, in terms of number of routes or labels,
              that must be exceeded to trigger a report in the next
              reporting interval."
          ::= { ppvpn2547ThresholdEntry 2 }

   --
   -- BGP/MPLS VPN VRF Selection Table
   --

      ppvpn2547VrfSelectionTable OBJECT-TYPE
          SYNTAX       SEQUENCE OF Ppvpn2547VrfSelectionEntry
          PIB-ACCESS   install
          STATUS       current
          DESCRIPTION
             "This class defines a selection criteria that identifies a
              specific VRF to collect usage information from."
          ::= { ppvpn2547FeedbackClasses 4 }

      ppvpn2547VrfSelectionEntry OBJECT-TYPE
          SYNTAX       Ppvpn2547VrfSelectionEntry
          STATUS       current
          DESCRIPTION
             "Defines the attributes of the selection criteria
              identifying a specific policy where to monitor the
              associated usage."
          PIB-INDEX { ppvpn2547VrfSelectionPrid }
          UNIQUENESS { ppvpn2547VrfSelectionVrf }
          ::= { ppvpn2547VrfSelectionTable 1 }

      ppvpn2547VrfSelectionEntry ::= SEQUENCE  {
          ppvpn2547VrfSelectionPrid    InstanceId,
          ppvpn2547VrfSelectionId      ReferenceId


El Mghazli, et al.      Expires - August 2003               [Page 27]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


      }

      ppvpn2547VrfSelectionPrid OBJECT-TYPE
          SYNTAX       InstanceId
          STATUS       current
          DESCRIPTION
             "An arbitrary integer index that uniquely identifies an
              instance of the class."
          ::= { ppvpn2547VrfSelectionEntry 1 }

      ppvpn2547VrfSelectionId OBJECT-TYPE
          SYNTAX       ReferenceId
          PIB-REFERENCES { ppvpn2547VrfEntry }
          STATUS       current
          DESCRIPTION
             "The Prid of the VRF that one wants to collect usage
              information from."
          ::= { ppvpn2547VrfSelectionEntry 2 }


      -- Conformance Section

      ppvpn2547PibCompliances
          OBJECT IDENTIFIER ::= { ppvpn2547PibConformance 1 }
      ppvpn2547PibGroups
          OBJECT IDENTIFIER ::= { ppvpn2547PibConformance 2 }

      ppvpn2547PibCompliance MODULE-COMPLIANCE
          STATUS  current
          DESCRIPTION
                  "Describes the requirements for conformance to the
                  PPVPN BGP/MPLS VPN Policy PIB."

          MODULE  -- this module
              MANDATORY-GROUPS {
                  ppvpn2547PibVrfGroup,
                  ppvpn2547PibRouteTargetGroup,
                  ppvpn2547PibIfGroup,
                  ppvpn2547PibOrfPeerGroup,
                  ppvpn2547PibRouteGroup,
                  ppvpn2547PibRouteCountUsageGroup,
                  ppvpn2547PibLabelCountUsageGroup,
                  ppvpn2547PibThresholdGroup,
                  ppvpn2547PibVrfSelectionGroup
              }
          ::= { ppvpn2547PibCompliances 1 }

      ppvpn2547PibVrfGroup OBJECT-GROUP
          OBJECTS { ppvpn2547VrfRoles,


El Mghazli, et al.      Expires - August 2003               [Page 28]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


                    ppvpn2547VrfIfName,
                    ppvpn2547VrfId,
                    ppvpn2547VrfDescription,
                    ppvpn2547VrfRD,
                    ppvpn2547VrfMaxRoutes
          }
          STATUS current
          DESCRIPTION
             "The VRF Group defines the PIB Objects that describe a
              VRF."
          ::= { ppvpn2547PibGroups 1 }

      ppvpn2547PibRouteTargetGroup OBJECT-GROUP
          OBJECTS { ppvpn2547RouteTargetType,
                    ppvpn2547RouteTargetVrfId,
                    ppvpn2547RouteTargetRT,
                    ppvpn2547RouteTargetDescr
          }
          STATUS current
          DESCRIPTION
             "The Route Target Group defines the PIB Objects  that
              describe a Route Target."
          ::= { ppvpn2547PibGroups 2 }

      ppvpn2547PibIfGroup OBJECT-GROUP
          OBJECTS { ppvpn2547IfIndex,
                    ppvpn2547IfVpnClassification,
                    ppvpn2547IfRouteDistProtocol
          }
          STATUS current
          DESCRIPTION
             "The Interface Group defines  the  PIB  Objects  that
             describe a Interface."
          ::= { ppvpn2547PibGroups 3 }

      ppvpn2547PibOrfPeerGroup OBJECT-GROUP
          OBJECTS { ppvpn2547OrfPeerVrfId,
                    ppvpn2547OrfPeerRole,
                    ppvpn2547OrfPeerAddrType,
                    ppvpn2547OrfPeerAddr
          }
          STATUS current
          DESCRIPTION
             "The BGP Peer Group defines  the  PIB  Objects  that
             describe a BGP Peer."
          ::= { ppvpn2547PibGroups 4 }

      ppvpn2547PibRouteCountUsageGroup OBJECT-GROUP
          OBJECTS { ppvpn2547RouteCountUsageLinkRefId,


El Mghazli, et al.      Expires - August 2003               [Page 29]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


                    ppvpn2547RouteCountUsageCount
          }
          STATUS current
          DESCRIPTION
             "The Route Count Usage Group defines the PIB Objects that
              describe a Route Count Usage class."
          ::= { ppvpn2547PibGroups 5 }

      ppvpn2547PibLabelCountUsageGroup OBJECT-GROUP
          OBJECTS { ppvpn2547LabelCountUsageLinkRefId,
                    ppvpn2547LabelCountUsageCount
          }
          STATUS current
          DESCRIPTION
             "The Label Count Usage Group defines the PIB Objects that
              describe a Label Count Usage class."
          ::= { ppvpn2547PibGroups 6 }

      ppvpn2547PibThresholdGroup OBJECT-GROUP
          OBJECTS { ppvpn2547ThresholdThresh }
          STATUS current
          DESCRIPTION
             "The Threshold Group defines the PIB Objects that
              describe a Threshold class."
          ::= { ppvpn2547PibGroups 7 }

      ppvpn2547PibVrfSelectionGroup  OBJECT-GROUP
          OBJECTS { ppvpn2547VrfSelectionId }
          STATUS current
          DESCRIPTION
             "The VRF Selection Group defines the PIB Objects that
              describe a VRF Selection class."
          ::= { ppvpn2547PibGroups 8 }

      END



9. Subject Category Considerations

   The numbering space used for the BGP/MPLS VPN PIB, as indicated by
   the SUBJECT-CATEGORIES clause, will be assigned by the Internet
   Assigned Numbers Authority (IANA). Notice the numbering space used by
   SUBJECT-CATEGORIES maps to the Client Type numbering space in [COPS-
   PR]. This relationship is detailed in section 7.1 of [SPPI]. Due to
   the fact that Client Type value of 1 has already been used by [COPS-
   RSVP], the numbering space for SUBJECT-CATEGORIES will need to start
   with the value of 2.



El Mghazli, et al.      Expires - August 2003               [Page 30]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003


   Other PIB Modules may use the same SUBJECT-CATEGORIES as this
   BGP/MPLS VPN PIB Module. In such situations, PRC numbering space
   under a specific SUBJECT-CATEGORIES should be coordinated with
   existing PIB Modules using the same SUBJECT-CATEGORIES.


10. Intellectual Property Considerations

   The IETF is being notified of intellectual property rights claimed in
   regard to some or all of the specification contained in this
   document. For more information consult the online list of claimed
   rights.


11. IANA Considerations

   This document standardizes a Policy Information Base (PIB) module,
   requesting an IANA assigned PIB number.


Security Considerations

   The information contained in a PIB when transported by the COPS
   protocol [COPS-PR] are sensitive, and its function of provisioning a
   PEP/EP requires that only authorized communication take place. The
   use of IPSEC between PDP and PEP, as described in [COPS], provides
   the necessary protection against these threats.


Normative References


   [STD] Bradner, S., "The Internet Standards Process -- Revision 3",
      BCP 9, RFC 2026, October 1996.

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
      Requirement Levels", BCP 14, RFC 2119, March 1997

   [2547bis] Rosen, E., Rekhter, Y., Bogovic, T., Brannon, S., Carugi,
      M., Chase, C., Chung, T., De Clercq, J., Dean, E., Hitchin, P.,
      Leelanivas, M., Marshall, D., Martini, L., Srinivasan, V.,
      Vedrenne, A., "BGP/MPLS VPNs", Internet Draft <draft-rosen-
      rfc2547bis-03.txt>, October 2002.

   [MPLSArch] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol
      Label Switching Architecture", RFC3031, January 2001.





El Mghazli, et al.      Expires - August 2003               [Page 31]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



   [VPN-RFC2685] Fox B., et al, "Virtual Private Networks Identifier",
      RFC 2685, September 1999.

   [LSR-MIB] Srinivasan, C., Viswanathan, A. and T. Nadeau, "MPLS Label
      Switch Router Management Information Base Using SMIv2", Internet
      Draft <draft-ietf-mpls-lsr-mib-09.txt>, October 2002.

   [TE-MIB] Srinivasan, C., Viswanathan, A. and T. Nadeau, "MPLS Traffic
      Engineering Management Information Base Using SMIv2", Internet
      Draft <draft-ietf-mpls-te-mib-09.txt>, November 2002.

   [FTN-MIB] T. Nadeau, C. Srinivasan, A. Viswanathan, "Multiprotocol
      Label Switching (MPLS) FEC-To-NHLFE (FTN) Management Information
      Base", draft-ietf-mpls-ftn-mib-05.txt, November 2002.

   [MPLS-VPN-MIB] Nadeau, T., Fang, L. Chiussi, F., Dube, J., Tatham, M
      and H. van der Linde, "MPLS/BGP Virtual Private Network Management
      Information Base Using SMIv2", Internet Draft <draft-ietf-ppvpn-
      mpls-vpn-mib-05.txt>, November 2002.

   [BGP-ORF] Chen, Rekhter, "Cooperative Route Filtering Capability for
      BGP-4", Internet Draft <draft-ietf-idr-route-filter-08.txt>,
      January 2003.

   [BGP4-MIB] J. Haas, S. Hares, S. Willis, J. Burruss, J. Chu,
      "Definitions of Managed Objects for the Fourth Version of Border
      Gateway Protocol (BGP-4)", draft-ietf-idr-bgp4-mib-18.txt, October
      2002.

   [COPS] Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and
      A. Sastry, "The COPS (Common Open Policy Service) Protocol" RFC
      2748, January 2000.

   [COPS-PR] K. Chan, D. Durham, S. Gai, S. Herzog, K. McCloghrie, F.
      Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage for
      Policy Provisioning,", RFC 3084, March 2001

   [COPS-PPVPN] Y. El Mghazli, "A COPS client-type for PPVPN", work in
      progress.

   [SPPI] K. McCloghrie, M. Fine, J. Seligson, K. Chan, S. Hahn, R.
      Sahita, A. Smith, F. Reichmeyer, "Structure of Policy Provisioning
      Information", RFC 3159, August 2001.

   [FR-PIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, R.
      Sahita, A. Smith, F. Reichmeyer, "Framework Policy Information




El Mghazli, et al.      Expires - August 2003               [Page 32]


Internet Draft  draft-yacine-ppvpn-2547bis-pib-02.txt   February 2003



      Base", Internet Draft <draft-ietf-rap-frameworkpib-09.txt>, June
      2002.

   [RAP-FRWK] R. Yavatkar, D. Pendarakis, "A Framework for Policy-based
      Admission Control", RFC 2753, January 2000.

   [FEED-PIB] D. Rawlins, A. Kulkarni, K.H. Chan, M. Bokaemper, D. Dutt,
      "Framework of COPS-PR Policy Information base Usage Feedback",
      Internet Draft <draft-ietf-rap-feedback-fr-pib-02.txt>, March
      2002.

   [FEED-FRWK] D. Rawlins, A. Kulkarni, "Framework of COPS-PR Policy
      Usage Feedback", Internet Draft <draft-ietf-rap-feedback-frwk-
      02.txt>, March 2002.

   [SNMP-SMI] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
      Rose and S. Waldbusser, "Structure of Management Information
      Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.

   [IFMIB] K. McCloghrie, F. Kastenholz, "The Interfaces Group MIB using
      SMIv2", RFC 2233, November 1997.

   [INETADDRESS] Daniele, M., Haberman, B., Routhier, S., Schoenwaelder,
      J., "Textual Conventions for Internet Network Addresses.", RFC
      2851, June 2000.


Acknowledgments

   This PIB builds on all the work that has gone into the BGP/MPLS VPN
   Management Information Base [MPLS-VPN-MIB]. Special thanks also to J.
   De Clercq for his valuable comments.


Author's Addresses

   Yacine El Mghazli
   Alcatel
   Route de Nozay
   91460 Marcoussis - FRANCE
   Phone: +33 1 69 63 41 87
   Email: yacine.el_mghazli@alcatel.fr

   Kwok Ho Chan
   Nortel Networks
   600 Technology Park Drive
   Billerica, MA, 01821   USA



El Mghazli, et al.      Expires - August 2003               [Page 33]


Internet Draft     draft-yacine-pana-cops-ep-00.txt      February 2003


   Phone: +01 978 288 8175
   Email: khchan@nortelnetworks.com

















































El Mghazli              Expires - August 2003               [Page 34]


Internet Draft     draft-yacine-pana-cops-ep-00.txt      February 2003


Full Copyright Statement

   "Copyright (C) The Internet Society (2003). All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
























El Mghazli              Expires - August 2003               [Page 35]