Internet Draft Diana Rawlins Expiration: January 2001 WorldCom File: draft-rawlins-acct-fr-pib-00.txt Amol Kulkarni Intel Kwok Ho Chan Nortel Networks Dinesh Dutt Cisco Framework of COPS-PR Policy Information Base for Accounting Usage Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119]. Abstract This document establishes a flexible PIB framework for accounting. The accounting framework accommodates usage related data for accounting purposes needed for a wide variety of emerging technologies. The framework is re-usable and can be extended with additional accounting PIB modules to make it specific to certain client types. This document also contains examples of an accounting framework PIB module and an accounting PIB for diffserv. Rawlins et al. Expires January 2001 [Page 1] Internet Draft ACCT-FR-PIB July 2000 Table Of Contents 1 Introduction.....................................................3 2 General Concepts.................................................3 2.2 Overview.......................................................3 2.2.1 Normal Operation.............................................3 2.2.2 Failover.....................................................4 2.2.3 Context......................................................4 2.2.4 Delete Request States........................................4 3 Definition Structure.............................................4 3.1 Usage for Accounting PIB Modules...............................4 3.2 Periodic nature of report accounting...........................5 4 The Accounting Framework PIB.....................................5 4.1 Summary of the Accounting Framework PIB........................5 4.2 The Accounting Framework PIB Module............................5 5 Example Accounting PIB Module:..................................10 5.1 A simple Accounting PIB Module based on the DiffServ QoS PIB..10 5.2 QoS Accounting PIB Example....................................10 6 Security Considerations.........................................13 7 Acknowledgements................................................13 8 Authors' Addresses..............................................13 9 References......................................................14 Rawlins et al. Expires January 2001 [Page 2] Internet Draft ACCT-FR-PIB July 2000 1 Introduction The purpose of this document is to establish a flexible PIB framework for usage by accounting. The goals of the accounting framework PIB are: 1) To accommodate usage related data for accounting purposes relevant to the emerging technologies such as VPN as well as supporting existing technologies such as AAA, and DiffServ. 2) To make efficient use of network resources by optimizing usage data formats and messaging. 3) To bound the scope of this framework to the network resource usage monitored and recorded by the PEP and collected at the PDP. The charging and billing models as well as other accounting events detectable by the PDP are beyond the scope of this framework. 4) To re-use the existing framework PIB as much as possible. 5) To provide an example Accounting Usage PIB module. 2 General Concepts 2.2 Overview 2.2.1 Normal Operation The PDP specifies the accounting interval in the Accounting Timer object that is included in the Client Accept message during connection establishment. The PEP notifies the PDP of its client type reporting capabilities during the initial request for configuration data. The reporting capabilities supplied in the initial configuration request informs the PDP of an accounting interval that is different than the one specified by the PDP in the Client Accept message. The PDP may decide to accommodate this change or not and returns decisions accordingly. For a successful requested configuration, the PDP installs accounting policy along with other policy relevant for the client type. The PEP monitors and records the usage as directed by the installed accounting policy. The PEP sends the accounting PRID and EPD bindings in bulk to the PDP via an unsolicited report. In the event the report accounting data exceeds the max message size capability, the PEP shall span the accounting data across messages and the PDP shall be able to accommodate multiple spanned report messages. The PEP provides the report with the accounting data within the interval specified either in the Accounting Timer object or reporting capability PRI. Alternatively, the report accounting data may be solicited. The PEP may reset measurements depending on the specific usage policy. The PDP is the collection point for the usage information monitored and reported by the PEP clients within the administrative domain. The PDP may also collect other accounting event information that is outside the scope of this document. Rawlins et al. Expires January 2001 [Page 3] Internet Draft ACCT-FR-PIB July 2000 The PDP installs accounting configuration information which describes what, when and how accounting is done. 2.2.2 Failover In the event the connection is lost between the PEP and PDP, the PEP continues to track usage information until either the connection is re-established or the TTL expires. Upon successful reconnection, if the PEP has cached decisions and accounting data, it provides the PDP with the accounting PRI's in bulk via an unsolicited report accounting message. The PEP sends the report as part of its response to the state synchronization request from the PDP. 2.2.3 Context The accounting policy is defined specific to a client type, i.e. QoS. The accounting PIB modules are associated with other PIB modules related to the client type. If the context of a client type switches, then the corresponding accounting policy changes as well. The PEP tracks and records usage per accounting policy defined by the active PIB instance. The PEP should retain the accounting data for the inactive contexts. When the PDP issues the DEC Request State Remove which initiates a context switch, the PEP responds with any existing accounting policy active for that handle prior to issuing a DRQ to delete the request state. 2.2.4 Delete Request States The PEP sends any outstanding accounting data monitored during the interval to the PDP via an unsolicited report prior to issuing a Delete Request State. 3 Definition Structure Accounting PIB modules adhere to the definitions provided by the Framework Policy Information Base and the Structure of Policy Provisioning Information documents. 3.1 Usage for Accounting PIB Modules The PEP defines accounting capabilities via the accounting PIB modules. In general, the accounting capabilities define the reporting interval limitations and describe the nature of reporting, i.e. solicited or unsolicited. The PDP is notified of the reporting characteristics such as the specific PRC or active reporting context via the policy framework PRCs PrcSupportTable, PIBIncarnationTable, and DeviceIdentificationTable. Rawlins et al. Expires January 2001 [Page 4] Internet Draft ACCT-FR-PIB July 2000 3.2 Periodic nature of report accounting The PDP informs the PEP of the accounting interval using the Accounting Timer object in the Client Accept message during client connection establishment. The PEP notifies the PDP of its accounting interval capabilities during the initial configuration request via the accounting capabilities PRC that is defined for the respective accounting module. The PDP decides whether the PEP's accounting capabilities are satisfactory. The PDP may specify accounting intervals in the specific accounting policies per the PEP's indicated capabilities. Generally the accounting policy is periodic in nature and the reporting is unsolicited. The unsolicited reports are supplied within the interval decided by the PDP. Note that periodic unsolicited reports (as dictated by timer intervals) use a deterministic amount of network resources. There may be instances where the nature of the accounting policy for a given client type or accounting PIB module is such that it is useful for the PDP to control when it receives the feedback. The PDP may therefore have the capability to solicit the accounting report. 4 The Accounting Framework PIB 4.1 Summary of the Accounting Framework PIB The Accounting Framework PIB contains three PRCs intended to gather accounting data related to a particular device. The Reporting Capability Table This table contains exactly one row. It defines the minimum reporting interval in seconds that the PEP can support. This value is reported to the PDP along with other device capabilities during the initial request for configuration data. The Report Configuration Table Each row of this table specifies how often a report must be sent, the type of counter the PEP must maintain, and a reference to a PRC to which the attributes in the row apply. The ACE Statistics Table This table maintains statistics for ACE in the qosIpAceTable of the [FR-PIB]. These include the total number of packets matching the ACE, the byte count of these packets and a timestamp indicating when the values were last updated. 4.2 The Accounting Framework PIB Module ACCOUNTING-FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN Rawlins et al. Expires January 2001 [Page 5] Internet Draft ACCT-FR-PIB July 2000 IMPORTS ExtUTCTime, Unsigned32, Unsigned64, IpAddress, Integer32, MODULE-IDENTITY, OBJECT-TYPE FROM COPS-PR-SPPI TruthValue, TEXTUAL-CONVENTION FROM SNMPv2-TC PolicyInstanceId, PolicyReferenceId FROM COPS-PR-SPPI-TC; RoleCombination FROM POLICY-DEVICE-AUX-MIB; acctPolFrameworkPib MODULE-IDENTITY CLIENT_TYPE { all } LAST-UPDATED "200007122300Z" ORGANIZATION "IETF RAP WG" CONTACT-INFO " Diana Rawlins WorldCom 901 International Parkway Richardson, TX 75081 Phone: 972 729 1044 Email: diana.rawlins@wcom.com Amol Kulkarni JF3-206 2111 NE 25th Ave Hillsboro, Oregon 97124 Phone: 503-712-1168 Email: amol.kulkarni@intel.com Kwok Ho Chan Nortel Networks, Inc. 600 Technology Park Drive Billerica, MA 01821 USA Phone: 978-288-8175 Email: khchan@nortelnetworks.com " DESCRIPTION "The PIB module containing the base set of policy rule classes that are required for support of all accounting and reporting policies" ::= { tbd } -- -- The root OID for PRCs in the Accounting Framework PIB -- acctPolBasePibClass OBJECT IDENTIFIER ::= { acctPolFrameworkPib 1} -- -- The reporting Capability -- Rawlins et al. Expires January 2001 [Page 6] Internet Draft ACCT-FR-PIB July 2000 acctPolCapabilityTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctPolCapabilityEntry POLICY-ACCESS notify STATUS current DESCRIPTION "This class contains a single PRI that specifies the minimum reporting interval that the PEP can support." ::= { acctPolBasePibClass 1} acctPolCapabilityEntry OBJECT-TYPE SYNTAX AcctPolCapabilityEntry STATUS current DESCRIPTION "An instance of this class specifies the minimum reporting interval in seconds that the PEP can support." ::= { acctPolCapabilityTable 1} AcctPolCapabilityEntry ::= SEQUENCE { acctPolCapabilityMinInterval Unsigned32 } acctPolCapabilityMinInterval OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "The minimum reporting interval the PEP can support." ::= { acctPolCapabilityEntry 1 } -- -- The Report Configuration Table -- acctPolReportConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctPolReportConfigEntry POLICY-ACCESS install STATUS current DESCRIPTION "The PDP installs this information on the PEP, which describes how often reports are sent, whether the PDP can query the PEP for accounting information and what type of counters are used." ::= { acctPolBasePibClass 2} acctPolReportConfigEntry OBJECT-TYPE SYNTAX AcctPolReportConfigEntry STATUS current DESCRIPTION Rawlins et al. Expires January 2001 [Page 7] Internet Draft ACCT-FR-PIB July 2000 "An instance of this class describes what, when and how accounting is done." INDEX { acctPolReportConfigPrid } ::= { acctPolReportConfigTable 1} AcctPolReportConfigEntry ::= SEQUENCE { acctPolReportConfigPrid PibInstanceId, acctPolReportConfigTarget OBJECT IDENTIFIER acctPolReportConfigInterval Unsigned32, acctPolReportConfigCounterType INTEGER } acctPolReportConfigPrid OBJECT-TYPE SYNTAX PibInstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { acctPolReportConfigEntry 1 } acctPolReportConfigTarget OBJECT-TYPE SYNTAX OBJECT IDENTIFIER STATUS current DESCRIPTION "This attribute identifies the target class to which the remaining attributes apply. This allows the PDP to specify different intervals and counter types for different classes." ::= { acctPolReportConfigEntry 2 } acctPolReportConfigInterval OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "This attribute defines the reporting interval in seconds. A value of zero indicates that no unsolicited reports should be sent. If the PDP requires a report, it may solicit one. A value other than zero defines an interval after which an unsolicited report should be sent to the PDP." ::= { acctPolReportConfigEntry 3 } acctPolReportConfigCounterType OBJECT-TYPE SYNTAX INTEGER { other (1), interval (2), Rawlins et al. Expires January 2001 [Page 8] Internet Draft ACCT-FR-PIB July 2000 running (3) } STATUS current DESCRIPTION "This attribute describes the type of counter to be implemented. If set to 'interval', the counter is reset after each reporting interval. If set to 'running', the counter keeps a running count and is never reset. The count eventually wraps around. If set to 'other', a different type of counter can be specified by augmenting the PRC with additional attributes." ::= { acctPolReportConfigEntry 4 } -- --ACE statistics table. -- acctPolAceStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF AcctPolAceStatsEntry POLICY-ACCESS install-notify STATUS current DESCRIPTION "The class contains packet and byte counts of all packets that are an exact match for an ACE. This class augments qosIpAceTable. The use of AUGMENTS implies that whenever an instance of qosIpAceEntry is created, a corresponding instance of qosAcctAceStatsEntry is also created." ::= { acctPolBasePibClass 3 } acctPolAceStatsEntry OBJECT-TYPE SYNTAX AcctPolAceStatsEntry STATUS current DESCRIPTION "An instance of this class describes the packet and byte counts for each ACE. " AUGMENTS( qosIpAceTable ) ::= { acctPolAceStatsTable 1 } AcctPolAceStatsEntry::= SEQUENCE { acctPolAceStatsPacketCount Unsigned32, acctPolAceStatsByteCount Unsigned64, acctPolAceStatsTimeStamp ExtUTCTime } Rawlins et al. Expires January 2001 [Page 9] Internet Draft ACCT-FR-PIB July 2000 acctPolAceStatsPacketCount OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "The count of packets matching the specified ACE during the reporting interval." ::= {acctPolAceStatsEntry 1} acctPolAceStatsByteCount OBJECT-TYPE SYNTAX Unsigned64 STATUS current DESCRIPTION "The byte count of packets matching the specified ACE during the reporting interval." ::= { acctPolAceStatsEntry 2} acctPolAceStatsTimeStamp OBJECT-TYPE SYNTAX ExtUTCTime STATUS current DESCRIPTION "The time stamp indicating the last time the counts were updated." ::= { acctPolAceStatsEntry 3} END 5 Example Accounting PIB Module: 5.1 A simple Accounting PIB Module based on the DiffServ QoS PIB Simple examples of an accounting framework PIB and diffserv QoS accounting PIB modules are presented in the following. The example diffserv QoS accounting PIB module basically reflects counts of packets. This sample accounting policy monitors packet counts by DSCP per Interface Type, Name and Role Combination. The total counts for the period are monitored as well the as metering actions such as out of profile packets being dropped or remarked are monitored. 5.2 QoS Accounting PIB Example DIFFSERV-ACCOUNTING-PIB PIB-DEFINITIONS ::= BEGIN IMPORTS ExtUTCTime, Unsigned32, Unsigned64, IpAddress, Integer32, MODULE-IDENTITY, OBJECT-TYPE FROM COPS-PR-SPPI TruthValue, TEXTUAL-CONVENTION Rawlins et al. Expires January 2001 [Page 10] Internet Draft ACCT-FR-PIB July 2000 FROM SNMPv2-TC PolicyInstanceId, PolicyReferenceId FROM COPS-PR-SPPI-TC; RoleCombination FROM POLICY-DEVICE-AUX-MIB; qosacctPolicyIpPib MODULE-IDENTITY CLIENT-TYPE { tbd -- QoS Client Type } LAST-UPDATED "200007042300Z" ORGANIZATION "IETF DIFFSERV WG" CONTACT-INFO " Diana Rawlins WorldCom 901 International Parkway Richardson, TX 75081 Phone: 972 729 1044 Email: diana.rawlins@wcom.com " DESCRIPTION "The PIB module containing a set of policy rule classes that describe accounting policies for DiffServ." ::= { tbd } qosActPolicyGenPibClasses OBJECT IDENTIFIER ::= { qosacctPolicyIpPib 1} -- -- Textual Conventions -- -- -- DiffServ Codepoint -- Dscp ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An integer that is in the range of the DiffServ codepoint values." SYNTAX INTEGER (0..63) -- -- Conformance Accounting -- qosacctMonitorParameters OBJECT IDENTIFIER ::= { qosacctPolicyGenPibClasses 1 } -- -- Conformance Table Rawlins et al. Expires January 2001 [Page 11] Internet Draft ACCT-FR-PIB July 2000 -- qosacctConformanceTable OBJECT-TYPE SYNTAX SEQUENCE OF qosacctConfEntry POLICY-ACCESS install-notify STATUS current DESCRIPTION "The class contains conformance counts that are accumulated per period by the PEP and reported to the PDP. " ::= { qosacctMonitorParameters 1 } qosacctConfEntry OBJECT-TYPE SYNTAX QosacctConfEntry STATUS current DESCRIPTION "An instance of this class describes the packet counts conforming to a defined traffic profile. " INDEX { qosacctConfPrid } UNIQUENESS { qosacctConfName, QosacctConfDSCP } ::= { qosacctConformanceTable 1 } qosacctConfEntry::= SEQUENCE { qosacctConfPrid PolicyInstanceId, qosacctConfIfName SnmpAdminString qosacctConfIfRoleCombo RoleCombination, qosacctConfDSCP DSCP, qosacctConfReMarked INTEGER, qosacctConfDropped INTEGER, qosacctConfTotalTransit INTEGER } qosacctConfPrid OBJECT-TYPE SYNTAX PolicyInstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies a instance of the class." ::= { qosacctConfEntry 1 } qosacctConfIfName OBJECT-TYPE SYNTAX SnmpAdminString STATUS current DESCRIPTION "The name of the interface type. The interface type name is the unique identifier of an interface type." ::= { qosacctConfEntry 2 } Rawlins et al. Expires January 2001 [Page 12] Internet Draft ACCT-FR-PIB July 2000 qosacctConfIfRoleCombo OBJECT-TYPE SYNTAX RoleCombination STATUS current DESCRIPTION "The role combination. " ::= { qosacctConfEntry 3 } qosacctConfDSCP OBJECT-TYPE SYNTAX INTEGER STATUS current DESCRIPTION "The DSCP" ::= { qosacctConfEntry 4 } qosacctConfDropped OBJECT-TYPE SYNTAX INTEGER STATUS current DESCRIPTION "The current count of packets dropped for the DSCP per Interface Type Name / Role Combination. " ::= { qosacctConfEntry 5 } qosacctConfReMark OBJECT-TYPE SYNTAX INTEGER STATUS current DESCRIPTION "The current count of packets remarked for the DSCP per Interface Type Name / Role Combination. " ::= { qosacctConfEntry 6 } END 6 Security Considerations The accounting information is sensitive and requires that authorized messaging occur between the PEP and the PDP. This protection can be accomplished with IPSEC between the PEP and the PDP or using the security mechanisms described in the base COPS protocol. 7 Acknowledgements The authors would like to thank Dave Durham and Russell Fenger of Intel and John K. Gallant of WorldCom for their contribution to this document. 8 Authors' Addresses Rawlins et al. Expires January 2001 [Page 13] Internet Draft ACCT-FR-PIB July 2000 Diana Rawlins WorldCom 901 International Parkway Richardson, Texas 75081 Phone: 972-729-1044 Email: Diana.Rawlins@wcom.com Amol Kulkarni JF3-206 2111 NE 25th Ave Hillsboro, Oregon 97124 Phone: 503-712-1168 Email: amol.kulkarni@intel.com Kwok Ho Chan Nortel Networks, Inc. 600 Technology Park Drive Billerica, MA 01821 USA Phone: 978-288-8175 Email: khchan@nortelnetworks.com Dinesh G Dutt Cisco Systems, Inc. 170 Tasman Dr. San Jose, CA 95134-1706 Phone: 408-527-0955 Email: ddutt@cisco.com 9 References [COPS] Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and A. Sastry, "The COPS (Common Open Policy Service) Protocol" RFC 2748, January 2000. [COPS-PR] K. Chan, D. Durham, S. Gai, S. Herzog, K. McCloghrie, F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage for Policy Provisioning," draft-ietf-rap-cops-pr-02.txt, March 2000. [SPPI] K. McCloghrie, et.al., "Structure of Policy Provisioning Information," draft-ietf-rap-sppi-00.txt, march 2000. [FR-PIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, A. Smith, F. Reichmeyer "Framework Policy Information Base", Internet Draft , March 2000 [DSPIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Han, A. Smith, F. Reichmeyer, "Differentiated Services Quality of Service Policy Information Base", Internet Draft, March 2000 Rawlins et al. Expires January 2001 [Page 14]