A. Valentine Internet Draft Hughes Network Systems Ltd Document: draft-valentine-dubnetint-mib-00.txt March 2000 Category: Informational DVB Cable Network Interface Unit MIB for EuroModem compliant Cable Modems Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a basic set of managed objects for SNMP- based management of EuroModem v1.0 compliant Cable Network Interface Units. This memo specifies a MIB module in a manner that is compliant to the SNMP SMIv2[RFC2578][RFC2579][RFC2580]. The set of objects is consistent with the SNMP framework and existing SNMP standards. This memo is a product of the DVB/DAVIC interoperability consortium. Comments are solicited and should be addressed to the author 1. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [RFC2571]. Valentine Informational - Expires September 2000 1 DVB Cable Network Interface Unit MIB March 2000 o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 2. Glossary 2.1. CATV Originally "Community Antenna Television", now used to refer to any cable or hybrid fiber and cable system used to deliver video signals to a community. Valentine Informational - Expires September 2000 2 DVB Cable Network Interface Unit MIB March 2000 2.2. DAVIC Digital Audiovisual Council. International council for internetworking audio and video systems. 2.3. Downstream The direction from the head-end towards the subscriber. 2.4. DVB Digital Video Broadcasting. The DVB projects produce open and interoperable global standards for digital audio and video distribution. 2.5. EuroModem. EuroModem. A specification for an interoperable European Cable Modem [EUROM]. 2.6. Head-end The origination point in most cable systems of the subscriber video signals. Generally also the location of the INA equipment. 2.7. INA Interactive Network Adapter. This can act as a bridge or router in the cable head-end. It is responsible for controlling the bandwidth available to each NIU. 2.8. NIU Network Interface Unit. The unit is located at the subscriber premises and provides interactive services via the cable network. The NIU is under the control of the INA, but may request additional bandwidth/connections when required. The NIU can act as a bridge or router. 2.9. RF Radio Frequency. 2.10. Upstream The direction from the subscriber towards the head-end. 3. Overview Valentine Informational - Expires September 2000 3 DVB Cable Network Interface Unit MIB March 2000 This MIB provides a set of objects required for the management of EuroModem v1.0 compliant NIUs. The MIB specification is derived from the EuroModem v1.0 specification [EUROM]. EuroModem NIUs are currently IPv4 only devices and may implement either SNMPv1 or SNMPv3. This MIB is intended for NIUs that implement SNNMPv3 and IPv4. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3.1. Structure of the MIB This MIB is structured into eight groups: o The dvbNiuSystem group extends the MIB-II 'system' group with objects needed for cable device system management. o The dvbNiuSoftware group provides objects necessary for managing software images and upgrades via download. See 3.2.1 o The dvbNiuDhcp group configures DHCP/BOOTP functionality provided by the NIU. This group is optional. See 3.2.2 o The dvbNiuEvent group provides control and logging for event reporting. See 3.2.3 o The dvbNiuIpFilter group configures filters at the IP layer. The IP filter table is also used to provide support for anti spoofing, NAT, NAPT and TOS mapping. This group is optional. See 3.3 o The dvbNiuNat group provides basic configuration for the NIU NAT capability. This group is optional. o The dvbNiuNapt group provides basic configuration for the NIU NAPT capability. This group is optional. o The dvbNiuEthFilter group configures filters at the link layer. This is primarily intended for use when the NIU is performing Ethernet MAC bridging. This group is optional. See 3.3 3.2. Management requirements 3.2.1. Software Management The NIU may download and store multiple software images. The method for performing the download and using the image is as follows: o set dvbNiuSwServer to the address of the TFTP server for software upgrades. Valentine Informational - Expires September 2000 4 DVB Cable Network Interface Unit MIB March 2000 o set dvbNiuSwFilename to the filename including path of the image to download to the NIU. o set dvbNiuDownloadSlot to the image slot on the NIU in which to place the downloaded image. By default this will be set to the next free slot or the first slot designated as 'backup'. o set dvbNiuSwAdminStatus to 'initUpgrd'. The status of the software download is obtained by reading dvbNiuSwAdminStatus. If the NIU was unable to successfully perform the download, the status returned will reflect the cause. Upon successful download the operator must configure dvbNiuSwVerTable if they wish to use the image as the boot or backup version. Note only one image may be marked as bootable. 3.2.3. IP Address Assignment IP addresses may be assigned to NIU interfaces using static and dynamic assignments. Objects are provided by the MIB to support both methods. dvbNiuStaticIpTable provides objects to assign static IP addresses to NIU interfaces, where each interface may have multiple IP addresses. An IP address assignment in the table MUST NOT be removed from the table if the destination address of the SNMP packet removing it is using that IP address. dvbNiuDhcpTable provides objects for managing dynamically assigned IP addresses via DHCP and BOOTP. DHCP/BOOTP requests may be for NIU interfaces and relayed requests from the subscriber. If an NIU interface does not have dynamic IP address allocation enabled then the IP address of the interface MUST be specified in dvbNiuStaticIpTable. Note: The dvbNiuStaticIpTable should be used with care. Where possible dvbNiuDhcpTable SHOULD be used in preference. When an interface has both a static IP address assigned and dynamic addresses assignment enabled, the assigned dynamic address overrides all assignments for that interface in the dvbNiuStaticIpTable table. 3.2.3. Events and Traps This MIB provides control facilities for reporting events through traps and non-volatile logging. If events are reported through traps, the specified conventions must be followed. Other means of event reporting are outside the scope of this document. Vendors SHOULD provide time-of-day clocks in NIUs to provide useful time stamping of events. Where possible this SHOULD be synchronised with a central time source, this will aid fault finding when multiple equipment logs are being investigated. Valentine Informational - Expires September 2000 5 DVB Cable Network Interface Unit MIB March 2000 When dvbNiuEventPolicy is set to clearNow(4), the first entry in the log MUST be the date and time the log was cleared and the source IP address of the SNMP SET request which caused the log to be cleared. For each vendor-specific event that is reportable via TRAP, the vendor must create an enterprise-specific trap definition. Trap definitions MUST include the event reason encoded as DisplayString and should be defined as: trapName NOTIFICATION-TYPE OBJECTS { ifIndex, eventReason, other useful objects } STATUS current DESCRIPTION "trap description" ::= Object Id Note that ifIndex is only included if the event or trap is interface related. An example (fake) vendor defined trap might be: xyzVendorRsUncorrHighMark NOTIFICATION-TYPE OBJECTS { eventReason, xyzRsUncorrCount } STATUS current DESCRIPTION "Sent by a NIU when a configurable number of reed solomon uncorrectable errors occur during the sampling period (5 minutes). Used to warn a management station of potential degradation of the HFC." ::= { xyzTraps 23 } In this example eventReason is a DisplayString providing a human readable error message and xyzRsUncorrCount is a Integer32 which indicates the number of reed solomon uncorrectable errors during the epoch. 3.2.4. Trap Throttling The NIU MUST provide support for trap message throttling as described below. The network operator can employ message rate throttling or trap limiting by manipulating the appropriate MIB variables. 3.2.4.1. Trap rate throttling Valentine Informational - Expires September 2000 6 DVB Cable Network Interface Unit MIB March 2000 Network operators may employ either of two rate control methods. In the first method, the device ceases to send traps when the rate exceeds the specified maximum message rate. It resumes sending traps only if reactivated by a network management station request. In the second method, the device resumes sending traps when the rate falls below the specified maximum message rate. The network operator configures the specified maximum message rate by setting the measurement interval (in seconds), and the maximum number of traps to be transmitted within the measurement interval. The operator can query the operational throttling state (to determine whether traps are enabled or blocked by throttling) of the device, as well as query and set the administrative throttling state (to manage the rate control method) of the device. 3.2.4.2. Limiting the trap rate Network operators may wish to limit the number of traps sent by a device over a specified time period. The device ceases to send traps when the number of traps exceeds the specified threshold. It resumes sending traps only when the measurement interval has passed. The network operator defines the maximum number of traps he is willing to handle and sets the measurement interval to a large number (in hundredths of a second). For this case, the administrative throttling state is set to stop at threshold which is the maximum number of traps. See "Techniques for Managing Asynchronously Generated Alerts" [RFC1224] for further information. 3.2.5 IP Anti-Spoofing The IP filter table dvbNiuIpFilterTable SHOULD be used to prevent IP spoofing. To aid the network operator in preventing spoofing the filter table can be auto populated with anti-spoofing filters by setting dvbNiuIpFilterEnable to enabledAuto. When this feature is enabled, filters to accept packets for the following MUST automatically be added: o IP subnets assigned to the customer interfaces (non DVB interfaces) using dvbNiuStaticIpTable and removed when the IP subnet is deleted from dvbNiuStaticIpTable. o IP addresses dynamically assigned to customer equipment through BOOTP relay. Filters created in this manner are deleted either by a DHCP release or by the network operator. 3.3. Protocol Filters The NIU MIB provides objects for both Ethernet and IP protocol filters. The Ethernet protocol filter entries can be used to limit NIU forwarding to a restricted set of network-layer protocols (such as IP, IPX, NetBIOS, and Appletalk). Valentine Informational - Expires September 2000 7 DVB Cable Network Interface Unit MIB March 2000 The IP protocol filter entries can be used to restrict upstream or downstream traffic based on source and destination IP addresses, transport-layer protocols (such as TCP, UDP, and ICMP), and source and destination TCP/UDP port numbers. In general, a NIU applies filters (or more properly, classifiers) in an order appropriate to the layering model. Specifically, the Ethernet layer filters are applied first, then the IP layer inbound filter and finally the IP layer outbound ******************* * Ethernet Filter * ******************* | v **************** * IP Filter In * **************** | v ***************** * IP Filter Out * ***************** 3.3.1. Ethernet EtherType/SNAP/LLC Filters û dvbNiuEthernetFilterTable The Ethernet (level-2) filters are contained in the dvbNiuEthernetFilterTable and are applied to level-2 frames entering the cable modem from either the DVB MAC interface or from one of the CPE (Ethernet or other Ethernet like) interfaces. These filters are used to prohibit the processing and forwarding of certain types of level-2 traffic that may be disruptive to the network. The filters, as currently specified, can be set to cause the NIU to either drop frames which match at least one filter, or to process a frame which matches at least filter. Some examples of possible configurations would be to only permit IP (and ARP) traffic, or to drop NETBUEI traffic. 3.3.2. IP Filtering - dvbNiuIpFilterTable The IP Filtering table acts as a classifier table. Each row in the table describes a template against which IP packets are compared. The template includes source and destination addresses (and their associated masks), upper level protocol (e.g. TCP, UDP), source and destination port ranges, TOS and TOS mask. A row also contains interface and traffic direction match values which have to be considered in combination. All columns of a particular row must match the appropriate fields in the packet, and must match the Valentine Informational - Expires September 2000 8 DVB Cable Network Interface Unit MIB March 2000 interface and direction items for the packet to result in a match to the packet. When classifying a packet, the table is scanned beginning with the lowest number filter. If the agent finds a match, it performs the specified action. If the matched filter has the continue bit set, the agent continues the scan possibly matching additional filters and performing the specified actions. This allows the agent to take one set of actions for the 24.0.16/255.255.255.0 group and one set of actions for telnet packets to/from 24.0.16.30 and these sets of actions may not be mutually exclusive. Once a packet is matched, one of five actions happen based on the setting of dvbNiuFilterAction in the row. The actions are: o Discarded. The packet is dropped, and no further processing is required. o Accept. The packet is accepted and processing of the packet continues. o NAT. The packet is to be accepted and have NAT applied. Processing of the packet continues using its new IP address. o NAPT. The packet is to be accepted and have NAT applied. Processing of the packet continues using its new IP address and port number. o TosMap. Invokes the action of rewriting the TOS bits in the IP header based up the entry in dvbNiuIpTOSMapTable identified by dvbNiuIpFilterActionPtr. If dvbNiuIpFilterContinue is set to true, scanning of the table continues (unless the packet was discarded) and additional matches may result. 4. Definitions DVB-CABLE-NIU-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Integer32, Unsigned32, IpAddress, experimental FROM SNMPv2-SMI RowStatus, DateAndTime, TruthValue, TEXTUAL-CONVENTION FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB Valentine Informational - Expires September 2000 9 DVB Cable Network Interface Unit MIB March 2000 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF InterfaceIndexOrZero, InterfaceIndex, ifIndex, FROM IF-MIB; -- Before this MIB will parse it requires a valid SMI subtree -- For the purposes of parsing the MIB I have put the MIB under the -- 'experimental' subtree. Strictly this is reserved for MIBs being -- developed by IETF working groups. xx should be replaced with a -- numeric value which will not clash with any MIBs local to your -- organsation and it should only be used for the purpose of -- testing. If this MIB becomes part of the IETF IPCDN work then -- the issue of a valid subtree will be resolved, otherwise it is -- recommended that ECCA obtain an enterprise number from IANA under -- which this MIB can be placed. dvbDevice OBJECT IDENTIFIER ::= { experimental xx } -- See Above dvbNiu MODULE-IDENTITY LAST-UPDATED "0003050000Z" ORGANIZATION "DVB/DAVIC Interoperability Consortium Technical Working Group" CONTACT-INFO " Andrew Valentine Postal: Hughes Network Systems Ltd Saxon Street, Linford Wood, Milton Keynes. MK14 6LD ENGLAND Tel: +44 1908 221122 Fax: +44 1908 221127 E-mail: a.valentine@eu.hns.com" DESCRIPTION "The MIB modules for NIUs that conform to the EuroModem specification. This MIB assumes the NIU implements MIB-II RFC 1213" REVISION "0003050000Z" DESCRIPTION "dvbNiuNmAccessTable has been removed as this MIB is intended for SNMPv3" REVISION "9912030000Z" DESCRIPTION "All references to modem/Cdm have been replaced with NIU. Fixed group references in the compliance section. Removed DEFVAL clause from scalar objects. Corrected description of dvbNiuEventTable. dvbNiuDhcpTable has been Valentine Informational - Expires September 2000 10 DVB Cable Network Interface Unit MIB March 2000 modified to support backup DHCP servers. dvbNiuEuroloader object has been added to enable or disable the EuroLoader. dvbNiuOperStatus now only reflects the NIU status, MAC status has been moved to the interface MIB." REVISION "9910010000Z" DESCRIPTION "The mib has been modified to incorporate the comments made by the WGT during the 27/28 Sep 1999 meeting. The most significant changes were to the DHCP group and to the management of traps. Also some groups are now optional." REVISION "9907071500Z" DESCRIPTION "The initial version of the MIB" ::= {dvbDevice 1} -- Sub divided dvbNiu into MIB objects and conformance dvbNiuMIBobjects OBJECT IDENTIFIER ::= {dvbNiu 1} dvbNiuMIBConform OBJECT IDENTIFIER ::= {dvbNiu 2} -- Define groups under dvbNiuMIBobjects dvbNiuSystem OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 1} dvbNiuSoftware OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 2} dvbNiuDhcp OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 3} dvbNiuEvent OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 4} dvbNiuIpFilter OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 5} dvbNiuNat OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 6} dvbNiuNapt OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 7} dvdNiuEthFilter OBJECT IDENTIFIER ::= {dvbNiuMIBobjects 8} --Define identifiers under dvbNiuMIBConform dvbNiuCompliances OBJECT IDENTIFIER ::= {dvbNiuMIBConform 1} dvbNiuGroups OBJECT IDENTIFIER ::= {dvbNiuMIBConform 2} -- Definition of textual conventions DvbEventPriority ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "This represents possible event priorities. These are ordered from most (emergency) critical to least (debug)critical." SYNTAX INTEGER { emergency(1), alert(2), critical(3), Valentine Informational - Expires September 2000 11 DVB Cable Network Interface Unit MIB March 2000 error(4), warning(5), notice(6), information(7), debug(8) } -- Definition of MIB objects -- =============================================================== -- = NIU System Group = -- =============================================================== dvbNiuMibVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The MIB version number." ::= { dvbNiuSystem 1} dvbNiuSerialNum OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This is the serial number of the equipment. It should identify the manufacturer, model and revsion of the equiment" ::= { dvbNiuSystem 2 } dvbNiuResetNow OBJECT-TYPE SYNTAX INTEGER { resetNow(1), ready(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "When this object is set to resetNow it will cause a hardware reset followed by sign on. When read this object returns ready." ::= { dvbNiuSystem 3 } dvbNiuResetCounts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This counts the number of system resets since last power on." ::= { dvbNiuSystem 4} Valentine Informational - Expires September 2000 12 DVB Cable Network Interface Unit MIB March 2000 dvbNiuDateAndTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-write STATUS current DESCRIPTION "The date and time. See RFC1903" ::= { dvbNiuSystem 5} dvbNiuOperStatus OBJECT-TYPE SYNTAX INTEGER { provisioning(1), running(2), stopped(3), failed(4), other(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "The operational status of the NIU. provisioning - The NIU is currently provisioning. running - The NIU has at least one operating connection. stopped - The NIU has no operating connection. failed - The NIU has experienced a failure which prevents further operation. other - used for any case that is not explicitly identified" ::= { dvbNiuSystem 6 } dvbNiuModemtype OBJECT-TYPE SYNTAX INTEGER { classA(1), classB(2), other(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The EuroModem class to which the NIU belongs as specified in ECCA EuroModem Specification version 1.0" ::= { dvbNiuSystem 7 } -- Static IP address assignment table dvbNiuStaticIpTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuStaticIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to assign static IP addresses to NIU interfaces. It needs to be used with care! DHCP/BOOTP assigned addresses overide entries in this table. The table is related to ifTable in the IF-MIB." Valentine Informational - Expires September 2000 13 DVB Cable Network Interface Unit MIB March 2000 ::= { dvbNiuSystem 8 } dvbNiuStaticIpEntry OBJECT-TYPE SYNTAX DvbNiuStaticIpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row can only be created if there is a corresponding row in ifTable. The IP address to be assigned must be unique within the NIU. The interface is identified by ifIndex. For the HFC interface which is identified by 3 interfaces, the dvbRccMacLayer I/F shall be used to identify it. Rows are created/delete using dvbNiuStaticIpStatus." INDEX { ifIndex, dvbNiuStaticIpIndex } ::= { dvbNiuStaticIpTable 1 } DvbNiuStaticIpEntry ::= SEQUENCE { dvbNiuStaticIpIndex Unsigned32, dvbNiuStaticIpAddr IpAddress, dvbNiuStaticIpMask IpAddress, dvbNiuStaticIpStatus RowStatus } dvbNiuStaticIpIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuStaticIpEntry 1 } dvbNiuStaticIpAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address assigned to the interface." ::= { dvbNiuStaticIpEntry 2 } dvbNiuStaticIpMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP subnet mask for the interface." ::= { dvbNiuStaticIpEntry 3 } dvbNiuStaticIpStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current Valentine Informational - Expires September 2000 14 DVB Cable Network Interface Unit MIB March 2000 DESCRIPTION "This controls and reflects the status of the row. Rows can be created by using both createAndGo and createAndWait. Rows can be modified/deleted ONLY if the SNMP set request destination IP address is NOT assigned by the row being modified/deleted unless." ::= { dvbNiuStaticIpEntry 4 } -- Removed for SNMPv3 -- dvbNiuNmAccessTable OBJECT-TYPE -- SYNTAX SEQUENCE OF DvbNiuNmAccessEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "This table controls access to SNMP objects by network -- management stations. If the table is empty, access -- to SNMP objects is unrestricted. This table exists only -- on SNMPv1 or v2c agents and does not exist on SNMPv3 -- agents. See the conformance section for details. -- Specifically, for v3 agents, the appropriate MIBs and -- security models apply in lieu of this table. -- An empty table will ONLY allow network management access -- from the HFC network, any IP address is accepted. -- Simultaneous write access to this MIB is not recommended" -- := { dvbNiuSystem 9 } dvbNiuConfigSet OBJECT-TYPE SYNTAX INTEGER { storeConfig(1), readConfig(2), setFactory(3), local(4), localUnsaved(5), localSaved(6), factoryDefault(7) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to manage the configuration of the NIU. The following can be used to set the object. storeConfig - stores the current configuration to non volatile storage. This action changes configuration status to localSaved readConfig - retrieves the configuration held in non volatile storage. This action changes configuration status to local setFactory - sets the current configuration to factory default. This excludes static assigned IP addresses. This action changes configuration Valentine Informational - Expires September 2000 15 DVB Cable Network Interface Unit MIB March 2000 status to factoryDefault When the object is read it reports the configuration being used. local - the configuration is unchanged since being retrieved from non volatile storage. When changed it becomes localUnsaved localUnsaved - the configuration has changed and requires storing. When stored it becomes localSaved localSaved - the current configuration has been saved since being retrieved from non volatile storage factoryDefault - the current configuration is the factory default and requires saving. Once saved it becomes localSaved. If modified it becomes localUnsaved" ::= { dvbNiuSystem 10 } dvbNiuEuroloader OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Enables and disables the EuroLoader." ::= { dvbNiuSystem 11 } dvbNiuImplSet OBJECT-TYPE SYNTAX BITS { dhcp(0), ipFilters(1), ethFilters(2), addrTransNat(3), addrTransNapt(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object when read identifies which optional groups have been implemented. Implemented groups have their bit set. The bits represent the following: dhcp - dvbNiuDhcp group ipFilters - dvbNiuIpFilter group ethFilters - dvbNiuEthFileter group addrTransNat - dvbNiuNat group addrTransNapt - dvbNiuNapt group" ::= { dvbNiuSystem 12 } -- =============================================================== Valentine Informational - Expires September 2000 16 DVB Cable Network Interface Unit MIB March 2000 -- = Software Group = -- =============================================================== -- Software version table dvbNiuSwVerTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuSwVerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to check the versions of software stored in the NIU. It is also used to configure which/when versions of software is executed." ::= { dvbNiuSoftware 1 } dvbNiuSwVerEntry OBJECT-TYPE SYNTAX DvbNiuSwVerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "There will be a row for every storage slot within the NIU. A slot is a location where a full software image can be stored. Slot 0, is reserved for RAM." INDEX { dvbNiuSwIndex } ::= { dvbNiuSwVerTable 1 } DvbNiuSwVerEntry ::= SEQUENCE { dvbNiuSwIndex Unsigned32, dvbNiuSwSlot Integer32, dvbNiuSwVersion SnmpAdminString, dvbNiuSwState INTEGER, dvbNiuSwAction INTEGER, dvbNiuSwDateTime DateAndTime } dvbNiuSwIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuSwVerEntry 1 } dvbNiuSwSlot OBJECT-TYPE SYNTAX Integer32 (1..100) MAX-ACCESS read-only STATUS current DESCRIPTION "The slot number the software image is held in. Slot 0 is reserved for RAM, it is used to identify an image directly Valentine Informational - Expires September 2000 17 DVB Cable Network Interface Unit MIB March 2000 loaded into RAM e.g. for debug purposes. The slots should be consecutively numbered starting from 1." ::= { dvbNiuSwVerEntry 2 } dvbNiuSwVersion OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The version of the software located in the slot. This is a manufacturer dependant string." ::= { dvbNiuSwVerEntry 3 } dvbNiuSwState OBJECT-TYPE SYNTAX INTEGER { executing(1), failed(2), none(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The execution state of the software in the slot. If the s/w is currently executing the state will be executing(1). If the s/w tried to execute but failed it will be failed(2). If the s/w is not in use then it will be none(3)." ::= { dvbNiuSwVerEntry 4 } dvbNiuSwAction OBJECT-TYPE SYNTAX INTEGER { boot(1), backup(2), none(3), emptySlot(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "When the NIU is initialising, this identifies which s/w image should be used. boot - identifies that this s/w should be used at initialisation. There must be one s/w version with this action and there must be only one. backup - is used to identify a s/w version to use in the event that the boot version fails. Multiple s/w versions may have this action. In this case they will be tried in slot order. none - is used to identify a s/w version that is not used at initialisation. emptySlot - identifies the slot as containing no s/w. If this is applied to a slot that currently Valentine Informational - Expires September 2000 18 DVB Cable Network Interface Unit MIB March 2000 contains a s/w image the image will be erased and not identified in the slot." ::= { dvbNiuSwVerEntry 5 } dvbNiuSwDateTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "The date and time the image was downloaded to the slot." ::= { dvbNiuSwVerEntry 6 } -- End of software version table dvbNiuSwServer OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This is the IP address of the TFTP server used for s/w updates" ::= { dvbNiuSoftware 2 } dvbNiuSwFilename OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..500)) MAX-ACCESS read-write STATUS current DESCRIPTION "This is the filename including the path for the software image that is to be downloaded." ::= { dvbNiuSoftware 3 } dvbNiuSwDownloadSlot OBJECT-TYPE SYNTAX Integer32 (0..100) MAX-ACCESS read-write STATUS current DESCRIPTION "This identifies the image slot which the software is to be downloaded into. The operator can manually select the slot to download into. Slot 0 is a special case which is used to identify a direct to RAM download, which should only be used for diagnostic purposes. By default this object will point to the first empty slot. If there are no empty slots it will point to the first backup image." ::= { dvbNiuSoftware 4 } dvbNiuSwAdminStatus OBJECT-TYPE SYNTAX INTEGER { initUpgrd(1), contactingTFTPServer(2), downloadInProgress(3), failureTFTP(4), Valentine Informational - Expires September 2000 19 DVB Cable Network Interface Unit MIB March 2000 badImage(5), badHardware(6), downloadSuccessful(7), idle(8) } MAX-ACCESS read-write STATUS current DESCRIPTION "This will administer the software upgrade and provide status of its progress. InitiateUpgrade - This is the only admin selectable value and initiates the upgrade ContactingTFTPServer - The TFTP server is being contacted DownloadInProgress - The image is currently being downloaded to the Niu TFTPFailure - There was a failure at the TFTP layer while downloading BadImage - The downloaded software image failed an integrity check BadHardware - The downloaded software image is not suitable for the H/W platform DownloadSuccessful - The downloaded software image has been successful Idle - No attempt to download software has been made since the last reset" ::= { dvbNiuSoftware 5 } -- =============================================================== -- = DHCP Group = -- =============================================================== dvbNiuDhcpTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuDhcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to manage the DHCP/BOOTP functionality on a per interface basis. All DHCP/BOOTP requests will be via the HFC interface." ::= { dvbNiuDhcp 1 } dvbNiuDhcpEntry OBJECT-TYPE SYNTAX DvbNiuDhcpEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "There will be a row for every interface within the equipment. For the HFC interface which is identified by 3 interfaces, the dvbRccMacLayer I/F shall be used to identify it. For an interface it is possible to specify the DHCP/BOOTP server to be used to obtain an IP address for the interface Valentine Informational - Expires September 2000 20 DVB Cable Network Interface Unit MIB March 2000 and any DHCP/BOOTP requests received on that interface that require relaying. Backup DHCP/BOOTP servers can be specified for each interface." INDEX { ifIndex, dvbNiuDhcpIndex } ::= { dvbNiuDhcpTable 1 } DvbNiuDhcpEntry ::= SEQUENCE { dvbNiuDhcpIndex Unsigned32, dvbNiuDhcpServer IpAddress, dvbNiuDhcpRelay INTEGER, dvbNiuDhcpReqIf INTEGER, dvbNiuDhcpSerType INTEGER, dvbNiuDhcpState INTEGER, dvbNiuDhcpStatus RowStatus } dvbNiuDhcpIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used to order the application of backup entries." ::= { dvbNiuDhcpEntry 1 } dvbNiuDhcpServer OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address of the DHCP / BOOTP server to be used for DHCP/BOOTP requests for the / received by the interface. This server MUST be accessible through the HFC interface. an IP address of 255.255.255.255 (broadcast) should be used when the IP address in unspecified." DEFVAL { 'FFFFFFFF'H } -- IP address 255.255.255.255 ::= { dvbNiuDhcpEntry 2 } dvbNiuDhcpRelay OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to select whether the NIU will relay DHCP/BootP requests received from this interface to the HFC interface. This option is ignored for the HFC interface. enabled - relay DHCP/BootP as per RFCs 951,1542, 2131 disabled - discard DHCP/BootP" DEFVAL { disabled } ::= { dvbNiuDhcpEntry 3 } Valentine Informational - Expires September 2000 21 DVB Cable Network Interface Unit MIB March 2000 dvbNiuDhcpReqIf OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to select whether the NIU will request an IP address by DHCP/BootP for this interface via the HFC interface. If this is disabled then there must be an entry in the static IP table for this interface. enabled - request address by DHCP/BootP disabled - Use static IP address assignment" -- DEFVAL { enabled } for the HFC interface ::= { dvbNiuDhcpEntry 4 } dvbNiuDhcpSerType OBJECT-TYPE SYNTAX INTEGER { primary(1), backup(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to identify whether the specified server for the interface is the primary server or backup. In the event that the primary server does not respond, the backup server is used. There can be only one primary server for an interface, but multiple backup servers. The backup servers use the values dvbNiuDhcpRelay and dvbNiuDhcpReqIf specified for the primary server for the interface, if a primary server is present otherwise the values are as defined for the backup server row. The order in which backup servers are tried is implied by the value of dvbNiuDhcpIndex, lowest first." -- DEFVAL { enabled } for the HFC interface ::= { dvbNiuDhcpEntry 5 } dvbNiuDhcpState OBJECT-TYPE SYNTAX INTEGER { idle(1), waitingForDHCPoffer(2), waitingForDHCPack(3), assigned(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This is the status for DHCP for this interface. idle - No DHCP request has been made waitingForDHCPoffer - Waiting for DHCP offer Valentine Informational - Expires September 2000 22 DVB Cable Network Interface Unit MIB March 2000 waitingForDHCPack - Waiting for DHCP ack assigned - IP address for I/F assigned by DHCP." ::= { dvbNiuDhcpEntry 6 } dvbNiuDhcpStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Rows in this table may be created by either the create-and-go or create-and-wait paradigms. There is no restriction on changing values in a row of this table while the row is active." ::= { dvbNiuDhcpEntry 7 } -- =============================================================== -- = Event Group = -- =============================================================== dvbNiuEventPolicy OBJECT-TYPE SYNTAX INTEGER { wrap(1), stop(2), oneHour(3), clearNow(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This defines event log policy. wrap When full the log wraps stop Stop event logging when full oneHour Clear the log at the start of every hour clearNow Clears the event log. Previous policy is restored. At initial startup this object has the default value of wrap(1)." ::= { dvbNiuEvent 1 } -- Event control table dvbNiuEventControlTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuEventControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table defines the action to be taken for the defined event priorities. A row will exist for each priority: Emergency, Alert, Critical, Error, Warning, Notice, Information and Debug. A bit field is used to identify the Valentine Informational - Expires September 2000 23 DVB Cable Network Interface Unit MIB March 2000 action to be taken for the event priority. Actions can be: place the event in the event table; issue an SNMP Trap" ::= { dvbNiuEvent 2 } dvbNiuEventControlEntry OBJECT-TYPE SYNTAX DvbNiuEventControlEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "There is a row per event and are recorded in chronological order." INDEX { dvbNiuEventCtrlPriority } ::= { dvbNiuEventControlTable 1 } DvbNiuEventControlEntry ::= SEQUENCE { dvbNiuEventControlPriority DvbEventPriority, dvbNiuEventControlAction BITS } dvbNiuEventControlPriority OBJECT-TYPE SYNTAX DvbEventPriority MAX-ACCESS not-accessible STATUS current DESCRIPTION "The priority level that is controlled by this entry. These are ordered from most (emergency) to least (debug) critical. Each event with a NIU has a particular priority level associated with it (as defined by the vendor). During normal operation no event more critical than notice(6) should be generated. Events between warning and emergency should be generated at appropriate levels of problems (e.g. emergency when the box is about to crash)." ::= { dvbNiuEventControlEntry 1 } dvbNiuEventControlAction OBJECT-TYPE SYNTAX BITS { local(0), trap(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This defines the actions to perform when an event happens of this priority. local causes the event to be written to the local event log. trap causes a trap to be issued." ::= { dvbNiuEventControlEntry 2 } -- Currently no traps are defined, these need to be added. -- End of Event control table dvbNiuEventTableMaxSize OBJECT-TYPE Valentine Informational - Expires September 2000 24 DVB Cable Network Interface Unit MIB March 2000 SYNTAX Integer32 (1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of entries the event log may hold" ::= { dvbNiuEvent 3 } -- Event table dvbNiuEventTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuEventEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Contains a log of network and device events that may be of interest in fault isolation and trouble shooting." ::= { dvbNiuEvent 4 } dvbNiuEventEntry OBJECT-TYPE SYNTAX DvbNiuEventEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entries are created when an event occurrs. dvbNiuEventPolicy can be used to clear the table in addition individual events can be deleted." INDEX { dvbNiuEventIndex } ::= { dvbNiuEventTable 1 } DvbNiuEventEntry ::= SEQUENCE { dvbNiuEventIndex Unsigned32, dvbNiuEventType DvbEventPriority, dvbNiuEventDateTime DateAndTime, dvbNiuEventDescription SnmpAdminString, dvbNiuEventCode SnmpAdminString, dvbNiuEventStatus RowStatus } dvbNiuEventIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This provides relative ordering of the objects in the event log. This object will always increase except when (a) the log is reset via dvbNiuEventPolicy, (b) the device reboots and does not implement non- volatile storage for this log, or (c) it reaches the value 2^31. The next entry for all the above cases is 1." ::= { dvbNiuEventEntry 1 } dvbNiuEventType OBJECT-TYPE Valentine Informational - Expires September 2000 25 DVB Cable Network Interface Unit MIB March 2000 SYNTAX DvbEventPriority MAX-ACCESS read-only STATUS current DESCRIPTION "This is the priority of the event." ::= { dvbNiuEventEntry 2 } dvbNiuEventDateTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "This is the date and time the event occurred." ::= { dvbNiuEventEntry 3 } dvbNiuEventDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This is a vendor specific textual description of the event." ::= { dvbNiuEventEntry 4 } dvbNiuEventCode OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This is the event code which uniquely identifies the event. The event codes should be in the form tppxxxxx where:- t - identifies who allocated the event identifier; d = dvb, v = vendor pp - identifies the priority; em = emergency, al = alert, cr = critical, er = error, wa = warning, no = notice, in = information, de = debug xxxxxxx - the event identifier which is 5 characters." ::= { dvbNiuEventEntry 5 } dvbNiuEventStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "This is used to delete individual events. The only valid management operation is destroy, which causes the event to be deleted. When read this object should always return active." ::= { dvbNiuEventEntry 6 } -- End of Event table -- These apply to traps sent to all Valentine Informational - Expires September 2000 26 DVB Cable Network Interface Unit MIB March 2000 dvbNiuEvThrottleAdminStatus OBJECT-TYPE SYNTAX INTEGER { unconstrained(1), maintainBelowThreshold(2), stopAtThreshold(3), inhibited(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "Controls the transmission of traps with respect to the trap pacing threshold. unconstrained(1) causes traps to be transmitted without regard to the threshold settings. maintainBelowThreshold(2) causes trap transmission to be suppressed if the number of traps would otherwise exceed the threshold. stopAtThreshold(3) causes trap transmission to cease at the threshold, and not resume until directed to do so. See also RFC 1224. inhibited(4) causes all trap transmission messages to be suppressed. Writing to this object resets the thresholding state. At initial startup, this object has a default value of unconstrained(1). All the network managers with the trap capability (dvbNiuNmAccessEntry) will be treated as a single entity with regard to Trap management. This is done to simplify implementation within the NIU." ::= { dvbNiuEvent 5 } dvbNiuEvThrottleInhibited OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "If true(1), trap is currently inhibited due to thresholds and/or the current setting of dvbNiuEvThrottleAdminStatus. In addition, this is set to true(1) if transmission is inhibited due to no trap (dvbNiuNmAccessEntry) destinations having been set." ::= { dvbNiuEvent 6 } dvbNiuEvThrottleThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "Number of trap events per DvbNiuEvThrottleInterval Valentine Informational - Expires September 2000 27 DVB Cable Network Interface Unit MIB March 2000 to be transmitted before throttling. At initial startup, this object returns 0." ::= { dvbNiuEvent 7 } dvbNiuEvThrottleInterval OBJECT-TYPE SYNTAX Integer32 (1..2147483647) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval over which the trap threshold applies. At initial startup, this object has a value of 1." ::= { dvbNiuEvent 8 } -- =============================================================== -- = IP Filter Group = -- =============================================================== dvbNiuIpFilterEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), enabledAuto(2), countHits(3), disabled(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This controls the IP filter table. enable - Enables the IP filter table. enabledAuto - Enables the IP filter table with automatic IP anti-spoofing population by sniffing DHCP and examining the static IP address assignment table. countHits - This option is used to debug the filter table. It allows packets to be checked against the filter table and increments dvbNiuIpFilterMatches for a matching filter, but ALL PACKETS ARE ALLOWED THROUGH. disabled - Disables IP filtering, all packets are allowed through. At initial startup this object has the default value of enabledAuto(2)." ::= { dvbNiuIpFilter 1 } dvbNiuIpFilterTable OBJECT-TYPE Valentine Informational - Expires September 2000 28 DVB Cable Network Interface Unit MIB March 2000 SYNTAX SEQUENCE OF DvbNiuIpFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An ordered list of filters or classifiers to apply to IP traffic. Filter application is ordered by the filter index, rather than by a best match algorithm (Note that this implies that the filter table may have gaps in the index values). Packets which match no filters will be discarded. Any IP packet can theoretically match multiple rows of this table. When considering a packet, the table is scanned in row index order (e.g. filter 10 is checked before filter 20). If the packet matches that filter (which means that it matches ALL criteria for that row), actions appropriate to dvbNiuIpFilterAction and dvbNiuIpFilterActionPtr are taken. If the packet was discarded processing is complete. If dvbNiuIpFilterContinue is set to true, the filter comparison continues with the next row in the table looking for additional matches." ::= { dvbNiuIpFilter 2 } dvbNiuIpFilterEntry OBJECT-TYPE SYNTAX DvbNiuIpFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a filter to apply to IP traffic received on a specified interface. All identity objects in this table (e.g. source and destination address/mask, protocol, source/dest port, TOS/mask, interface and direction) must match their respective fields in the packet for any given filter to match. To create an entry in this table, dvbNiuIpFilterIfIndex must be specified." INDEX { dvbNiuIpFilterIndex } ::= { dvbNiuIpFilterTable 1 } DvbNiuIpFilterEntry ::= SEQUENCE { dvbNiuIpFilterIndex Unsigned32, dvbNiuIpFilterStatus RowStatus, dvbNiuIpFilterAssignedBy INTEGER, dvbNiuIpFilterIfIndex InterfaceIndexOrZero, dvbNiuIpFilterDirection INTEGER, dvbNiuIpFilterTos OCTET STRING, dvbNiuIpFilterTosMask OCTET STRING, dvbNiuIpFilterSrcAddr IpAddress, dvbNiuIpFilterSrcMask IpAddress, dvbNiuIpFilterDstAddr IpAddress, dvbNiuIpFilterDstMask IpAddress, Valentine Informational - Expires September 2000 29 DVB Cable Network Interface Unit MIB March 2000 dvbNiuIpFilterProtocol Integer32, dvbNiuIpFilterSrcPortLow Integer32, dvbNiuIpFilterSrcPortHigh Integer32, dvbNiuIpFilterDstPortLow Integer32, dvbNiuIpFilterDstPortHigh Integer32, dvbNiuIpFilterAction INTEGER, dvbNiuIpFilterMatches Counter32, dvbNiuIpFilterContinue TruthValue, dvbNiuIpFilterActionPtr Integer32 } dvbNiuIpFilterIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index used to order the application of filters. The filter with the lowest index is always applied first." ::= { dvbNiuIpFilterEntry 1 } dvbNiuIpFilterStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Specifying only this object (with the appropriate index) on a Niu is sufficient to create a filter row which matches all inbound packets on the ethernet interface, and results in the packets being discarded. Creation of the rows may be done via either create-and-wait or create-and-go, but the filter is not applied until this object is set to (or changes to) active. There is no restriction in changing any object in a row while this object is set to active." ::= { dvbNiuIpFilterEntry 2 } dvbNiuIpFilterAssignedBy OBJECT-TYPE SYNTAX INTEGER { dhcp(1), static(2), operator(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This identifies what created the filter and is automaticly set when a filter is created. dhcp - The filter was created by sniffing a DHCP request/response. These types of filter should be held in non-volitile RAM and can only be Valentine Informational - Expires September 2000 30 DVB Cable Network Interface Unit MIB March 2000 deleted by the network manager or a DHCP release. The filter will be for a subnet. static - The filter was created based on an entry in dvbNiuStaticIpTable It can be deleted by the network manager or when the entry in the dvbNiuStaticIpTable is modified. The filter will be for a subnet. operator - The filter was created by the network manager. These types of filter should be held in non-volitile RAM and can only be deleted by the network manager." ::= { dvbNiuIpFilterEntry 3 } dvbNiuIpFilterIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. Default value in NIU is the index of the customer-side (e.g. ethernet) interface." ::= { dvbNiuIpFilterEntry 4 } dvbNiuIpFilterDirection OBJECT-TYPE SYNTAX INTEGER { inbound(1), outbound(2), both(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Determines whether the filter is applied to inbound(1) traffic, outbound(2) traffic, or traffic in both(3) directions." DEFVAL { inbound } ::= { dvbNiuIpFilterEntry 5 } dvbNiuIpFilterTos OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "This is the value to be matched to the packet's TOS (Type of Service) value (after the TOS value is AND'd with dvbNiuIpFilterTosMask). A value for this object of 0 and a mask of 0 matches all TOS values." DEFVAL { '00'h } Valentine Informational - Expires September 2000 31 DVB Cable Network Interface Unit MIB March 2000 ::= { dvbNiuIpFilterEntry 6 } dvbNiuIpFilterTosMask OBJECT-TYPE SYNTAX OCTET STRING ( SIZE (1) ) MAX-ACCESS read-create STATUS current DESCRIPTION "The mask to be applied to the packet's TOS value before matching." DEFVAL { '00'h } ::= { dvbNiuIpFilterEntry 7 } dvbNiuIpFilterSrcAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The source IP address, or portion thereof, that is to be matched for this filter. The source address is first masked (and'ed) against dvbNiuIpFilterSrcMask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." DEFVAL { '00000000'h } -- IP Address 0.0.0.0 ::= { dvbNiuIpFilterEntry 8 } dvbNiuIpFilterSrcMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "A bit mask that is to be applied to the source address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." DEFVAL { '00000000'h } ::= { dvbNiuIpFilterEntry 9 } dvbNiuIpFilterDstAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The destination IP address, or portion thereof, that is to be matched for this filter. The destination address is first masked (and'ed) against dvbNiuIpFilterDstMask before being compared to this value. A value of 0 for this object and 0 for the mask matches all IP addresses." DEFVAL { '00000000'h } ::= { dvbNiuIpFilterEntry 10 } dvbNiuIpFilterDstMask OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create Valentine Informational - Expires September 2000 32 DVB Cable Network Interface Unit MIB March 2000 STATUS current DESCRIPTION "A bit mask that is to be applied to the destination address prior to matching. This mask is not necessarily the same as a subnet mask, but 1's bits must be leftmost and contiguous." DEFVAL { '00000000'h } ::= { dvbNiuIpFilterEntry 11 } dvbNiuIpFilterProtocol OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS read-create STATUS current DESCRIPTION "The IP protocol value that is to be matched. For example: icmp is 1, tcp is 6, udp is 17. A value of 256 matches ANY protocol." DEFVAL { 256 } ::= { dvbNiuIpFilterEntry 12 } dvbNiuIpFilterSrcPortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 0 } ::= { dvbNiuIpFilterEntry 13 } dvbNiuIpFilterSrcPortHigh OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer source port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { dvbNiuIpFilterEntry 14 } dvbNiuIpFilterDstPortLow OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive lower bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." Valentine Informational - Expires September 2000 33 DVB Cable Network Interface Unit MIB March 2000 DEFVAL { 0 } ::= { dvbNiuIpFilterEntry 15 } dvbNiuIpFilterDstPortHigh OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If dvbNiuIpFilterProtocol is udp or tcp, this is the inclusive upper bound of the transport-layer destination port range that is to be matched, otherwise it is ignored during matching." DEFVAL { 65535 } ::= { dvbNiuIpFilterEntry 16 } dvbNiuIpFilterAction OBJECT-TYPE SYNTAX INTEGER { discard(1), accept(2), nat(3), napt(4), tosmap(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is the action to be performed if there is a match against this filter. Possible actions are: discard - Discard the packet. accept - Accept the packet for further processing / forwarding. nat - Perform network address translation on this packet. This is used to identify internal addresses that can be mapped to external addresses. napt - Perform network port address translation on this packet. This is used to identify internal adresses that can be mapped to an external address/port. tosmap - Apply TOS to this packet." DEFVAL { discard } ::= { dvbNiuIpFilterEntry 17 } dvbNiuIpFilterMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Counts the number of times this filter was matched. This object is initialized to 0 at boot, or at row creation, and is reset only upon reboot." ::= { dvbNiuIpFilterEntry 18 } Valentine Informational - Expires September 2000 34 DVB Cable Network Interface Unit MIB March 2000 dvbNiuIpFilterContinue OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If this value is set to true and dvbNiuIpFilterAction is not discard, continue scanning and applying matching filter actions." DEFVAL { false } ::= { dvbNiuIpFilterEntry 19 } dvbNiuIpFilterActionPtr OBJECT-TYPE SYNTAX Integer32 (0..2147483647) MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the dvbNiuIpTosMapPolicyId in dvbNiuIpTOSMapTable that is to be applied if dvbNiuIpFilterAction is set to tosMap. If no matching policy exists, treat as if dvbNiuIpFilterAction were set to accept (1). If this object is set to the value of 0, there is no matching policy, and dvbNiuIpTOSMapTable MUST NOT be consulted." DEFVAL { 0 } ::= { dvbNiuIpFilterEntry 20 } -- End of IP filter table -- TOS Map Table dvbNiuIpTOSMapTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuIpTOSMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A Table which maps between a policy id (dvbNiuIpTosMapPolicyId) and a policy to be applied. This table applies only to the TOS within the IP header. Policy ID 0 is reserved." ::= { dvbNiuIpFilter 3 } dvbNiuIpTOSMapEntry OBJECT-TYPE SYNTAX DvbNiuIpTOSMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table used to describe Type of Service (TOS) bits processing. This table is an adjunct to the dvbNiuIpFilterTable. Entries in the latter table can point to specific rows in this (and other)tables and cause specific actions to Valentine Informational - Expires September 2000 35 DVB Cable Network Interface Unit MIB March 2000 be taken. This table permits the manipulation of the value of the Type of Service bits in the IP header of the matched packet as follows: Set the tosBits of the packet to (tosBits & dvbNiuIpTosMapAndMask) | dvbNiuIpTosMapOrMask This construct allows you to do a clear and set of all the TOS bits in a flexible manner." INDEX { dvbNiuIpTosMapIndex } ::= { dvbNiuIpTOSMapTable 1 } DvbNiuIpTOSMapEntry ::= SEQUENCE { dvbNiuIpTosMapIndex Unsigned32, dvbNiuIpTosMapPolicyId Unsigned32, dvbNiuIpTosMapStatus RowStatus, dvbNiuIpTosMapAndMask OCTET STRING (SIZE (1)), dvbNiuIpTosMapOrMask OCTET STRING (SIZE (1)) } dvbNiuIpTosMapIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuIpTOSMapEntry 1 } dvbNiuIpTosMapPolicyId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified. This index is used by dvbNiuIpFilterPolicyId as the pointer to the TOS mapping to be performed." ::= { dvbNiuIpTOSMapEntry 2 } dvbNiuIpTosMapStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The object used to create and delete entries in this table. A row created by specifying just this object results in a row which specifies no change to the TOS bits. A row may be created using either the create-and-go or create-and-wait paradigms. There is no restriction on the ability to change values in this row while the row is active." ::= { dvbNiuIpTOSMapEntry 3 } Valentine Informational - Expires September 2000 36 DVB Cable Network Interface Unit MIB March 2000 dvbNiuIpTosMapAndMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "This value is bitwise AND'd with the matched packet's TOS bits." DEFVAL { 'ff'h } ::= { dvbNiuIpTOSMapEntry 4 } dvbNiuIpTosMapOrMask OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1)) MAX-ACCESS read-create STATUS current DESCRIPTION "After bitwise AND'ing with the above bits, the packet's TOS bits are bitwise OR'd with these bits." DEFVAL { '00'h } ::= { dvbNiuIpTOSMapEntry 5 } -- End of TOS Map table -- =============================================================== -- = NAT Group = -- =============================================================== -- NAT assignment table dvbNiuNatTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuNatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is used to list external IP addresses available for assignment to internal IP addresses. The filter table is used to identify internal addresses that require NAT before entering the external domain. NAT assignment algorithims are vendor dependant. When an external IP address is no longer assigned to an IP addess, dvbNiuNatIntIp should be 0.0.0.0. If there are no free external addresses the packet requiring translation should be dropped." ::= { dvbNiuNat 1 } dvbNiuNatEntry OBJECT-TYPE SYNTAX DvbNiuNatEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row should be created for each external IP address available for translation. When an internal address is assignened to an external address, dvbNiuNatIntIp will Valentine Informational - Expires September 2000 37 DVB Cable Network Interface Unit MIB March 2000 contained the mapped internal address." INDEX { dvbNiuNatIndex } ::= { dvbNiuNatTable 1 } DvbNiuNatEntry ::= SEQUENCE { dvbNiuNatIndex Unsigned32, dvbNiuNatExtIp IpAddress, dvbNiuNatIntIp IpAddress, dvbNiuNatStatus RowStatus } dvbNiuNatIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuNatEntry 1 } dvbNiuNatExtIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION "An external IP address available for NAT assignment" ::= { dvbNiuNatEntry 2 } dvbNiuNatIntIp OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The internal IP address assigned to the external IP address. If no address is assigned this will be 0.0.0.0" DEFVAL { '00000000'h } -- IP Address 0.0.0.0 ::= { dvbNiuNatEntry 3 } dvbNiuNatStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This controls and reflects the status of the row. Rows can be created by using both createAndGo and createAndWait. Rows can be modified/deleted ONLY if the dvbNiuNatIntIp is 0.0.0.0. notInService can be applied to a row which currently has dvbNiuNatIntIp assigned, in this case when dvbNiuNatIntIp become free (0.0.0.0) the associated dvbNiuNatExtIp cannot be used for further assigments." Valentine Informational - Expires September 2000 38 DVB Cable Network Interface Unit MIB March 2000 ::= { dvbNiuNatEntry 4 } -- End of NAT table -- =============================================================== -- = NAPT Group = -- =============================================================== dvdNiuNaptAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The external IP address to be used for NAPT. The filter table is used to identify internal addresses that require NAPT before entering the external domain. NAPT assignment algorithims are vendor dependant. The value 0.0.0.0 specifies that NAPT is not available and the packet requiring it should be discarded. The value 255.255.255.255 specifies that NAPT will use the IP address assigned to the HFC interface. At initial startup this object has the default value of 0.0.0.0" ::= { dvbNiuNapt 1 } -- NAPT assignment table dvbNiuNaptTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuNaptEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the current internal/external port assignments. The NAPT assignment algorithims used for port assignments are vendor dependant." ::= { dvbNiuNapt 2 } dvbNiuNaptEntry OBJECT-TYPE SYNTAX DvbNiuNaptEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row should be created for each internal to external port mapping. Each row contains the internal and external ports used in the mapping, and the internal IP address of the host being mapped. When the assignment is no longer required the row should be deleted." INDEX { dvbNiuNaptIndex } ::= { dvbNiuNaptTable 1 } Valentine Informational - Expires September 2000 39 DVB Cable Network Interface Unit MIB March 2000 DvbNiuNaptEntry ::= SEQUENCE { dvbNiuNaptIndex Unsigned32, dvbNiuNaptExtPort Integer32, dvbNiuNaptIntPort Integer32, dvbNiuNaptIntIP IpAddress } dvbNiuNaptIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuNaptEntry 1 } dvbNiuNaptExtPort OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The external port assigned to the internal port." ::= { dvbNiuNaptEntry 2 } dvbNiuNaptIntPort OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The internal port that required mapping to the external port." ::= { dvbNiuNaptEntry 3 } dvbNiuNaptIntIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The internal IP address of the host to which the port mapping is being applied." ::= { dvbNiuNaptEntry 4 } -- End of NAPT table -- =============================================================== -- = Ethernet Filters Group = -- =============================================================== dvbNiuEthernetFilterEnable OBJECT-TYPE SYNTAX INTEGER { enabled(1), Valentine Informational - Expires September 2000 40 DVB Cable Network Interface Unit MIB March 2000 countHits(2), disabled(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This controls the Ethernet filter table. enable - Enables the Ethernet filter table. countHits - This option is used to debug the filter table. It allows framess to be checked against the filter table and increments dvbNiuEthernetFilterMatches for a matching filter, but ALL frames ARE ALLOWED THROUGH. disabled - Disables Ethernet filtering, all frames are allowed through. At initial startup this object has the default value of disabled(3)." ::= { dvdNiuEthFilter 1 } dvbNiuEthernetFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF DvbNiuEthernetFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of filters to apply to Ethernet type frames to control the types of upper layer protocols that can be transported. The EtherType/LLC field is examined and the filter table is checked to see if there is a filter for the protocol. If no match is found the frame is discarded, otherwise the filter action is performed. The filter table does not have to be ordered as there can be only one possible match." ::= { dvdNiuEthFilter 2 } dvbNiuEthernetFilterEntry OBJECT-TYPE SYNTAX DvbNiuEthernetFilterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Describes a filter to apply to Ethernet frame received on a specified interface. The dvbNiuEthernetFilterProtocol in this table must match its respective fields in the frame for any given filter to match." INDEX { dvbNiuEthernetFilterIndex } ::= { dvbNiuEthernetFilterTable 1 } DvbNiuEthernetFilterEntry ::= SEQUENCE { dvbNiuEthernetFilterIndex Unsigned32, dvbNiuEthernetFilterStatus RowStatus, dvbNiuEthernetFilterIfIndex InterfaceIndexOrZero, Valentine Informational - Expires September 2000 41 DVB Cable Network Interface Unit MIB March 2000 dvbNiuEthernetFilterEtherType INTEGER, dvbNiuEthernetFilterProtocol Integer32, dvbNiuEthernetFilterAction INTEGER, dvbNiuEthernetFilterMatches Counter32 } dvbNiuEthernetFilterIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index for this row. There are no ordering requirements for this table and any valid index may be specified." ::= { dvbNiuEthernetFilterEntry 1 } dvbNiuEthernetFilterStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. Creation of the rows may be done via either create-and-wait or create-and-go, but the filter is not applied until this object is set to (or changes to) active. There is no restriction in changing any object in a row while this object is set to active." ::= { dvbNiuEthernetFilterEntry 2 } dvbNiuEthernetFilterIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "The entry interface to which this filter applies. The value corresponds to ifIndex for either a CATV MAC or another network interface. If the value is zero, the filter applies to all interfaces. Default value in NIUs is the index of the customer-side (e.g. ethernet) interface." ::= { dvbNiuEthernetFilterEntry 3 } dvbNiuEthernetFilterEtherType OBJECT-TYPE SYNTAX INTEGER { ethernet2(1), snap(2), llc(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "The format of the etherent frame. This can be Ethernet2, 802.2 SNAP or 802.2 LLC. This is used to correctly Valentine Informational - Expires September 2000 42 DVB Cable Network Interface Unit MIB March 2000 locate the field identifying the protocol being transported." ::= { dvbNiuEthernetFilterEntry 4 } dvbNiuEthernetFilterProtocol OBJECT-TYPE SYNTAX Integer32 (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The protocol to filter on. For Ethernet2 and 802.2 SNAP the value in the EtherType field is checked. For 802.2 LLC the valus in the SAP field is checked." ::= { dvbNiuEthernetFilterEntry 4 } dvbNiuEthernetFilterAction OBJECT-TYPE SYNTAX INTEGER { accept(1), discard(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The action to be taken when there is a filter match. If it is accept, the frame will be forwarded otherwise the frame will be discarded." ::= { dvbNiuEthernetFilterEntry 5 } dvbNiuEthernetFilterMatches OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-create STATUS current DESCRIPTION "Counts the number of times this filter was matched. This object is initialized to 0 at boot, or at row creation, and is reset only upon reboot." ::= { dvbNiuEthernetFilterEntry 6 } -- Conformance statements dvbNiuCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for EuroModem NIUs which implement the DVB-CABLE-NIU-MIB MIB." MODULE -- dvbNiu MANDATORY-GROUPS { dvbNiuSystemGroup, dvbNiuSoftwareGroup, dvbNiuEventGroup } GROUP dvbNiuDhcpGroup DESCRIPTION "The group is optional but should be implemented if Valentine Informational - Expires September 2000 43 DVB Cable Network Interface Unit MIB March 2000 DHCP/BOOTP is implemented." GROUP dvbNiuIpFilterGroup DESCRIPTION "The group is optional but should be implemented if dvbNiuNatGroup or dvdNiuNaptGroup are implemeneted. The implementation of this group does not mandate the implementation of dvbNiuNatGroup or dvdNiuNaptGroup." GROUP dvbNiuNatGroup DESCRIPTION "The group is optional but should be implemented if NAT is implemented." GROUP dvbNiuNaptGroup DESCRIPTION "The group is optional but should be implemented if NAPT is implemented." GROUP dvdNiuEthFilterGroup DESCRIPTION "The group is optional but should be implemented if Ethernet filtering is implemented. If the NIU supports bridging then it is strongly recommended this group is implemented." ::= { dvbNiuCompliances 1 } dvbNiuSystemGroup OBJECT-GROUP OBJECTS { dvbNiuConfigSet, dvbNiuMibVersion, dvbNiuSerialNum, dvbNiuResetNow, dvbNiuResetCounts, dvbNiuDateAndTime, dvbNiuOperStatus, dvbNiuModemtype, dvbNiuStaticIpAddr, dvbNiuStaticIpMask, dvbNiuStaticIpStatus, dvbNiuEuroloader, dvbNiuImplSet } STATUS current DESCRIPTION "A collection of objects providing basic system level control and instrumentation of the EuroModem." ::= { dvbNiuGroups 1 } dvbNiuSoftwareGroup OBJECT-GROUP OBJECTS { dvbNiuSwVerEntry, Valentine Informational - Expires September 2000 44 DVB Cable Network Interface Unit MIB March 2000 dvbNiuSwVersion, dvbNiuSwState, dvbNiuSwAction, dvbNiuSwDateTime, dvbNiuSwServer, dvbNiuSwFilename, dvbNiuSwDownloadSlot, dvbNiuSwAdminStatus } STATUS current DESCRIPTION "A collection of objects providing control and instrumentation of the EuroModem's software." ::= { dvbNiuGroups 2 } dvbNiuDhcpGroup OBJECT-GROUP OBJECTS { dvbNiuDhcpServer, dvbNiuDhcpRelay, dvdNiuDhcpReqIf, dvbNiuDhcpServer, dvbNiuDhcpState, dvbNiuDhcpSerType, dvbNiuDhcpStatus } STATUS current DESCRIPTION "A collection of objects providing control over the EuroModem's DHCP/Bootp functionality." ::= { dvbNiuGroups 3 } dvbNiuEventGroup OBJECT-GROUP OBJECTS { dvbNiuEventPolicy, dvbNiuEventControlTable, dvbNiuEventTableMaxSize, dvbNiuTrapRate, dvbNiuEventControlPriority, dvbNiuEventControlAction, dvbNiuEventType, dvbEventDateTime, dvbEventDescription, dvbEventCode, dvbEventStatus, dvbNiuEvThrottleAdminStatus, dvbNiuEvThrottleInhibited, dvbNiuEvThrottleThreshold, dvbNiuEvThrottleInterval } STATUS current DESCRIPTION "A collection of objects used to control and monitor EuroModem events." Valentine Informational - Expires September 2000 45 DVB Cable Network Interface Unit MIB March 2000 ::= { dvbNiuGroups 4 } dvbNiuIpFilterGroup OBJECT-GROUP OBJECTS { dvbNiuIpFilterDstAddr, dvbNiuIpFilterDstMask, dvbNiuIpFilterStatus, dvbNiuIpFilterPolicyId, dvbNiuIpFilterAssignedBy, dvbNiuIpFilterProtocol, dvbNiuIpFilterIfIndex, dvbNiuIpFilterSrcPortLow, dvbNiuIpFilterDirection, dvbNiuIpFilterSrcPortHigh, dvbNiuIpFilterTos, dvbNiuIpFilterDstPortLow, dvbNiuIpFilterTosMask, dvbNiuIpFilterDstPortHigh, dvbNiuIpFilterSrcAddr, dvbNiuIpFilterAction, dvbNiuIpFilterMatches, dvbNiuIpFilterSrcMask, dvbNiuIpFilterContinue, dvbNiuIpFilterEnable, dvbNiuIpTosMapIndex, dvbNiuIpTosMapStatus, dvbNiuIpTosMapAndMask, dvbNiuIpTosMapOrMask } STATUS current DESCRIPTION "A collection of objects providing a filtering capability at the IP layer." ::= { dvbNiuGroups 5 } dvbNiuEthFilterGroup OBJECT-GROUP OBJECTS { dvbNiuEthernetFilterStatus, dvbNiuEthernetFilterIfIndex, dvbNiuEthernetFilterEtherType, dvbNiuEthernetFilterAction, dvbNiuEthernetFilterMatches, dvbNiuEthernetFilterEnable } STATUS current DESCRIPTION "A collection of objects providing a filtering capability at the Ethernet layer." ::= { dvbNiuGroups 6 } dvbNiuNatGroup OBJECT-GROUP OBJECTS { dvbNiuNatExtIp, Valentine Informational - Expires September 2000 46 DVB Cable Network Interface Unit MIB March 2000 dvbNiuNatIntIp, dvbNiuNatStatus } STATUS current DESCRIPTION "A collection of objects providing address translation at either the address level" ::= { dvbNiuGroups 7 } dvbNiuNaptGroup OBJECT-GROUP OBJECTS { dvdNiuNaptAddr, dvbNiuNaptExtPort, dvbNiuNaptIntPort, dvbNiuNaptIntIP } STATUS current DESCRIPTION "A collection of objects providing address translation at either the port level" ::= { dvbNiuGroups 8 } END 5. Security Considerations This MIB relates to a system which will provide metropolitan public internet access. As such, improper manipulation of the objects represented by this MIB may result in denial of service to a large number of end-users. In addition, manipulation of dvbNiuEthernetFilterTable and dvbNiuIpFilterTable may allow an end- user to increase their service levels, spoof their IP addresses or affect other end-users in either a positive or negative manner. There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. In addition to those mentioned above: o dvbNiuStaticIpTable and dvbNiuDhcpTable can be manipulated to prevent IP addresses being assigned to the NIU after a reset, which results in a denial of service. o The NIU may have its software changed by the actions of the management system. An improper software load may result in substantial vulnerabilities and the loss of the ability of the management system to control the NIU. o Setting docsDevEvThrottleAdminStatus = unconstrained(1) may cause flooding of traps, which can disrupt network service. Valentine Informational - Expires September 2000 47 DVB Cable Network Interface Unit MIB March 2000 This MIB does not affect confidentiality of services on a cable system. The DVB/DAVIC Interoperability Consortium expects to produce a MIB for the security mechanism in the near future. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User- based Security Model RFC 2574 [RFC2574] and the View- based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 6. References [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, Valentine Informational - Expires September 2000 48 DVB Cable Network Interface Unit MIB March 2000 May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [RFC1224] Steinberg, L., "Techniques for Managing Asynchronously Generated Alerts", RFC 1224, May 1991. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [EUROM] ECCA,"Technical Specification of a European Cable Modem for digital bi-directional communications via cable networks", Version 1.0, 12th May 1999 7. Acknowledgments This MIB was the result of the work undertaken by DVB/DAVIC Interoperability consortium to define a common management interface for EuroModem compliant NIU. RFC 2669 edited by Michael St Johns was used as the template for this document. Valentine Informational - Expires September 2000 49 DVB Cable Network Interface Unit MIB March 2000 8. Author's Addresses Andrew Valentine Hughes Network Systems Ltd Saxon Street, Linford Wood, Milton Keynes. MK14 6LD ENGLAND Phone: +44 1908 221122 Email: a.valentine@eu.hns.com Valentine Informational - Expires September 2000 50 DVB Cable Network Interface Unit MIB March 2000 Full Copyright Statement "Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into Valentine Informational - Expires September 2000 51