Internet Draft Yacine El Mghazli Expires December 2002 Alcatel July 2002 BGP/MPLS VPN Policy Information Base Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026 [STD]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress". The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document describes a Policy Information Base (PIB) for a device implementing the BGP/MPLS VPN [2547bis] Architecture. The Provisioning Classes defined here provide policy control of resources implementing the BGP/MPLS VPN Architecture. These Provisioning Classes can be used with other non BGP/MPLS VPN Provisioning Classes (defined in other PIBs) to provide for a comprehensive policy controlled mapping of service requirements to device resource capability and usage. The COPS-PR protocol offers significant advantages when dealing with dynamic configuration and when compared to traditional management solutions. Moreover, dynamic VPN resource assignment is crucial to cope with the frequent changes requests from customer's (e.g., sites joining or leaving a VPN), as well as to achieve scalability. The PEs should be able to dynamically assign the VPN resources. This capability is especially important for dial and wireless VPN services. El Mghazli [Page 1] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119]. Table of Contents 1. Glossary..........................................................3 2. Introduction......................................................3 3. Relationship to the MPLS VPN MIB..................................3 4. Assumptions and prerequisites.....................................4 5. Operational overview..............................................5 5.1 Features List....................................................5 5.2 Roles usage with the 2547bis PIB.................................5 6. PIB Overview......................................................6 6.1 Capabilities Group...............................................6 6.2 Policy Group.....................................................7 6.3 Feedback Group...................................................8 7. PIB Usage Example................................................12 8. BGP/MPLS VPN PIB Definition......................................12 9. Acknowledgments..................................................34 10. Subject Category Considerations..................................34 11. Security Considerations..........................................35 12. Intellectual Property Considerations.............................35 13. IANA Considerations..............................................35 14. Authors' Addresses...............................................35 15. References.......................................................35 16 Full Copyright...................................................38 El Mghazli [Page 2] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 1. Glossary PRC Provisioning Class. A type of policy data. PRI Provisioning Instance. An instance of a PRC. PIB Policy Information Base. The database of policy information. PDP Policy Decision Point. See [RAP-FRWK]. PEP Policy Enforcement Point. See [RAP-FRWK]. PRID PRovisioning Instance Identifier. Uniquely identifies an instance of a PRC. PE Provider Edge. See [2547bis]. CE Customer Edge. See [2547bis]. RR Route Reflector. See [2547bis]. VRF Virtual Routing and Forwarding. See [2547bis]. ORF Outbound Route Filtering. See [2547bis]. 2. Introduction [SPPI] describes a structure for specifying policy information that can then be transmitted to a network device for the purpose of configuring policy at that device. The model underlying this structure is one of well-defined provisioning classes and instances of these classes residing in a virtual information store called the Policy Information Base (PIB). This document specifies a set of provisioning classes specifically for configuring BGP/MPLS VPN services in the service provider devices (PE routers). One way to provision policy is by means of the COPS protocol [COPS] with the extensions for provisioning [COPS-PR]. This protocol supports multiple clients, each of which may provision policy for a specific policy domain such as VPNs. The PRCs defined in this BGP/MPLS VPN PIB are intended for use by the COPS-PR PPVPN client- type [COPS-PPVPN]. Furthermore, these PRCs are in addition to any other PIBs that may be defined for the PPVPN client type in the future, as well as the PRCs defined in the Framework PIB [FR-PIB] and the Feedback Framework PIB [FEED-PIB]. The COPS-PR protocol offers significant advantages when dealing with dynamic configuration and when compared to traditional management solutions. Moreover, dynamic VPN resource assignment is crucial to cope with the frequent changes requests from customer's (e.g., sites joining or leaving a VPN), as well as to achieve scalability. The PEs should be able to dynamically assign the VPN resources. This capability is especially important for dial and wireless VPN services. 3. Relationship to the MPLS VPN MIB The present version of the BGP/MPLS VPN PIB has been designed to be the closest as possible to the MPLS VPN MIB [MPLS-VPN-MIB] for El Mghazli [Page 3] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 consistency purposes. However, in order to take advantage of the specifics of SPPI and COPS-PR in general, the BGP/MPLS VPN PIB has its own structure and data organization. 4. Assumptions and Prerequisites It is assumed that certain things are configured and operational in order for the tables and objects described in this PIB to work correctly. These things are outlined below: Customer Visible Routing: Routing protocols running on the customer interface (between PE routers and CE devices) must be configurable per VRF. To this end, the service provider may use any of the management solutions such as SNMP with the routing protocols MIBs. Routing across the SP backbone: The MP-iBGP mechanisms specific to BGP/MPLS VPNs is assumed to be configured and operational in order for PEs to exchange their routes. To this end, the service provider may use any of the management solutions such as SNMP with the BGP4 specific MIB, namely [BGP4-MIB]. Then the BGP/MPLS mechanisms are in charge of dynamically ditribute these routes between sites according to the VPN policies contained in the present PIB. VPN Tunneling and QoS: MPLS in general, must be configured and operational. To this end, the service provider may use any of the management solutions such as SNMP with the MPLS specific MIBs, namely [LSR-MIB], [FTN-MIB] or [TE-MIB]. The LSPs establishment between PEs within the service provider network is out of the scope of this document. It is the service provider's responsibility to establish internal LSPs in order to connect its PEs or RRs together. The LSPs can be either best-effort or QoS-aware, traffic engineered or not, etc. This requires coordination of identifiers of tunnels, hierarchical tunnels, VPNs, and any associated service information, for example, a QoS service. This is an implementation concern. Underlying infrasructure: El Mghazli [Page 4] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 The configuration of a PE-based PPVPN must be coordinated with the configuration of the underlying infrastructure, including Layer 1 and 2 networks interconnecting components of a PPVPN. This is out of the scope of this document. 5. Operational Overview 5.1 Features List BGP/MPLS VPN management supports configuration of intranet and extranet membership. COPS-PR enables VPN service creation, configuration, monitoring and deletion. It supports the 'VPN join' and 'VPN prune' operations dynamically. BGP/MPLS VPN configuration using COPS-PR enables dynamical provisioning of resources associated with VPN services. For example, the number and size of VRF instances is provisionable. The PIB supports BGP/MPLS VPN service as Enterprise VPN, Carrier's Carrier VPN, or Inter/Multi-provider Backbone VPN. The PIB supports the maintenance and troubleshooting of BGP/MPLS VPNs. The PIB supports BGP/MPLS VPNs that are configured on a particular physical interface or sub-interface if the interface can be divided (e.g. Frame Relay, ATM, or Ethernet VLAN) by the router. The PIB must be supported by PE routers and shall be used to configure and maintain one or more VPN Routing and Forwarding Tables (VRFs). The BGP/MPLS VPN PIB enables to monitor some specific parameters for accounting purposes. 5.2 Roles usage with the 2547bis PIB According to [FR-PIB], roles provide a way to bind policy to interfaces without having to explicitly identify interfaces in a consistent manner across all network devices. That is, roles provide a level of indirection to the application of a set of policies to specific interfaces. This separates the policy definition from device implementation specific interface identification. Furthermore, if the same policy is being applied to several interfaces, that policy need be pushed to the device only once, rather than once per interface, as long as the interfaces are configured with the same role combination. When using the BGP/MPLS VPN PIB, the manager SHOULD set the roles according to interfaces VPN membership. The role combination of a customer interface must correspond to the VPNs it belongs to. El Mghazli [Page 5] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 Hence, the PEP interprets this information and connect interfaces to VRFs accordingly. But such an interpretation is an implementation concern, hence it is out of the scope of the present document. 6. PIB overview This PIB is structured based on the need to configure the VRFs realizing a VPN among the different PE routers, and the parameterization of these VRFs. In addition, the PIB includes tables describing the capabilities and limitations of the device using a general extensible framework [FR- PIB]. These tables are reported to the PDP and assist the PDP with the configuration of VRFs that can be instantiated by the device. Finally, this PIB offers also feedback tables in order for the PEP to monitor, record and report specific information. These tables are reported periodically to the PDP based on selection criteria set by the PDP itself. This feedback mechanism follows the feedback extensible framework [FEED-FRWK]. The 3 groups are summarized bellow in this section. 6.1 Capabilities Group This group consists of PRCs to indicate to the PDP the types of interface supported on the PEP in terms of their BGP/MPLS VPN capabilities (MPLS support, interface type with respect to the BGP/MPLS VPN mechanisms) and PRCs to indicate the device routing capabilities. This group describes capabilities in terms of the types of interfaces and general routing capabilities of the device. The framework PIB [FR-PIB] provides a general extensible framework for defining the capabilities and limitations of the elements listed above. The capability tables allow intelligent configuration of the elements by a PDP. Routing Capabilities: This table represents routing capabilities of the device (PE) in terms of protocol support, maximum number of routes and maximum number of VRFs in the PE. The configuration of VRFs in the PE must be according to these values. Interfaces Capabilities: This table represents PE interfaces capabilities essentially in terms of MPLS support. An interface can either support MPLS, MPLS TE tunnels or even not support MPLS at all. In this latter case, such an interface cannot be used for BGP/MPLS VPN purposes. El Mghazli [Page 6] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 6.2 Policy Group This group contains configuration of the functional elements that comprise the BGP/MPLS VPN route distribution policy that applies to a device. This group contains VRFs and Route Targets, BGP peers, interfaces and routing table for each VRF instance. This group takes configuration in terms of interface types and role combinations [FR-PIB]; it does not deal with individual interfaces on the device. VRF Table: This table specifies BGP/MPLS VPN VRF Table associated information. Entries in this table define VRF routing instances associated with BGP/MPLS VPN interfaces or sub-interfaces. A specific Route Distinguisher is affected to each VRF in each PE. The whole pool of RDs is managed by the PDP. Route Target Table: This table contains the objects necessary to configure and monitor route targets for a particular VRF. According to BGP/MPLS VPN framework [2547bis], the configuration of import and export route targets realize topological route distribution policies and, as a consequence, the so-called VPNs. Interface Table: This table contains configuration information related to customer interfaces participating in BGP/MPLS VPNs. This table takes configuration in terms of interface index, referencing the Role Combination rows [FR-PIB]. BGP Peer Table: This class contains the BGP peers of the device for a particular VRF. Based on the information contained in this table, the PE implementation can build ORFs. In case the PE routers uses BGP to exchange ORF capabilities [BGP-ORF], this table should be ignored and each PE router is a potential BGP peer. Routing Table: The role of the VRF routes table is mainly to allow the network manager to monitor the content of the VRF specific routing table and also to configure static routes within the backbone. El Mghazli [Page 7] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 6.3 FeedBack Group According to the framework of COPS-PR policy usage feedback [FEED-FRWK], there are three basic types of policy used to define what the PEP is to monitor, record and report. These are the selection criteria policy, the usage policy and the feedback report linkage policy. The selection criteria policy is installed by the PDP. It defines the conditions used by the PEP to monitor and record a usage policy. The selection criteria policy may only be used for defining usage feedback selection criteria. The usage policy defines what attributes are monitored and recorded by the PEP. The usage policies specify counts related to a specific action such as routes being added in a VRF. The PDP decides which PRC(s) best suit(s) its requirements. The PEP may support multiple usage feedback PRCs. The PDP then decides which PRC to associate with a particular selection criterion. A usage feedback policy and selection policy are tightly associated with one another. A third policy, the frwkFeedbackLinkTable, is used to associate, or provide a linkage for the selection and usage policies. The frwkFeedbackLinkTable [FEED-PIB] also specifies when to report the usage feedback. The frwkFeedbackLinkTable entry permits the same selection criteria instance to be re-used for various usage feedback policies. The frwkFeedbackLinkTable contains the value of the selection criteria instance as well as contains the value of the usage feedback PRC. The PDP is not aware of the instance identifier of the usage feedback policy when installing the selection criteria and feedback linkage policies. The usage feedback policy is instantiated on the PEP by the installation of a feedback report linkage and the PEP designates the instance identifier. The usage feedback policy class always contains an attribute of type ReferenceId that contains the instance value of the associated frwkFeedbackLinkTable instance installed by the PDP. Route & Label Count Usage Tables: These tables contain respectively counters of routes hold by a VRF, and counters of labels illegally received by a VRF. Threshold Table: This table contains the thresholds which triggers a report of the counters of either routes or labels. Selection Table: El Mghazli [Page 8] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 This class identifies a VRF to collect usage information from. 7. PIB Usage Example Bellow is an example of a fulfilled BGP/MPLS VPN PIB. The example given in this section aims at realizing the following configuration in a PE router: +------------------+ | +----+ |ospf | +---+ |VRF1|---+----IF1 (intranet VPN1) | | B |---| |---+----IF2 (intranet VPN1) | | G | +----+ |eBGP (Backbone)IF4----+-+ P | +----+ | | | 4 |---|VRF2|---+----IF3 (intranet VPN1 & | +---+ | | |eBGP extranet VPN2) | +----+ | +------------------+ Figure 1. PE router example configuration -- Local settings: The following tables are BGP/MPLS VPN specific. They give an example of the routing and interface capabilities for a particular device (PE). These information are sent to the PDP mainly at the beginning of the session. ppvpn2547RoutingCapsTable { Prid=1, DistProtocol=eBGP+OSPF, MaxRoutes=500.000, MaxVrfs=500, ORFMgt = False; } ppvpn2547IfCapsTable { Prid=1, TunnelSupport=mplsTunnel, Type=network; Prid=2, TunnelSupport=mpls , Type=customer; Prid=3, TunnelSupport=none , Type=customer; } -- Framework PIB: The following tables are defined in the generic framework PIB [FR- PIB]. The PRIs are set by the PDP and sent to the PEP for consistent later configuration. El Mghazli [Page 9] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 The framework Capability Set table defines the different interface types in terms of the BGP/MPLS VPN capabilities. frwkIfCapSetTable { Prid=1, Name="Customer", Capability=ppvpn2547IfCaps.2; Prid=2, Name="Customer", Capability=ppvpn2547IfCaps.3; Prid=3, Name="Network", Capability=ppvpn2547IfCaps.1; } The framework Role Combination table informs on which interface type each interface belongs to and also affect roles to each interface. The role affected to each interface SHOULD correspond to the VPN membership, as shown in the example bellow: frwkIfRoleComboTable { Prid=1, Roles=VPN1, CapSetName="Customer", IfIndex=1; Prid=2, Roles=VPN1, CapSetName="Customer", IfIndex=2; Prid=3, Roles=VPN1+VPN2, CapSetName="Customer", IfIndex=3; Prid=4, Roles=SP, CapSetName="Network", IfIndex=4; } Do note that two interfaces, corresponding to 2 distinct sites belong to the same VPN. -- BGP/MPLS VPN PIB: The following tables are also BGP/MPLS VPN specific and realize routes distribution policies between sites. For further details about each PRCs, read the BGP/MPLS VPN PIB definition in the next section. ppvpn2547VrfTable{ Prid=1, Roles=VPN1, IfName="Customer", VrfId=0, Descr="Intranet", RD=XX, MaxRoutes=1000; Prid=2, Roles=VPN1+VPN2, IfName="Customer", VrfId=1, Descr="Extranet", RD=YY, MaxRoutes=2000; } Do note that the roles enable to link an interface or a set of interfaces, according to the VPN membership information. ppvpn2547RouteTargetTable{ Prid=1, Type=both , VrfId=0, RT="VPN1", Decsr="CUG VPN1"; Prid=2, Type=both , VrfId=1, RT="VPN1", Decsr="CUG VPN1"; Prid=3, Type=import, VrfId=1, RT="VPN2-Hub", Descr="Hub Site VPN2"; } ppvpn2547IfTable{ El Mghazli [Page 10] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 Prid=1, IfIndex=1, VpnClassif=enterprise, RouteDistProtocol="OSPF"; Prid=2, IfIndex=2, VpnClassif=enterprise, RouteDistProtocol="eBGP"; Prid=3, IfIndex=3, VpnClassif=enterprise, RouteDistProtocol="eBGP"; } ppvpn2547BgpPeerTable{ Prid=1, VrfId=0, PeerRole=PE, AddrType=Ipv4, Addr=192.123.122.1; Prid=2, VrfId=0, PeerRole=PE, AddrType=Ipv4, Addr=192.123.145.5; Prid=3, VrfId=0, PeerRole=PE, AddrType=Ipv4, Addr=192.123.12.34; Prid=4, VrfId=1, PeerRole=PE, AddrType=Ipv4, Addr=192.156.78.25; Prid=5, VrfId=1, PeerRole=PE, AddrType=Ipv4, Addr=192.123.9.125; } -- Feedback The following table is defined in the generic feedback framework PIB [FEED-PIB]. These capabilities information are sent to the PDP mainly at the beginning of the session. frwkFeedbackSelUsageComboCapsTable{ Id=1, Selection=ppvpn2547Selection, Usage=ppvpn2547RouteCountUsage, Threshold=ppvpn2547Threshold; Id=2, Selection=ppvpn2547Selection, Usage=ppvpn2547LabelCountUsage, Threshold=ppvpn2547Threshold; } The following tables are BGP/MPLS VPN specific. The PRIs are set by the PDP and sent to the PEP for periodic reporting. ppvpn2547SelectionTable{ Prid=1, Vrf=ppvpn2547Vrf.1; Prid=2, Vrf=ppvpn2547Vrf.2; } ppvpn2547ThresholdTable{ Prid=1, Thresh=10.000; } The following table is defined in the generic feedback framework PIB [FEED-PIB]. The PRIs are set by the PDP and sent to the PEP for periodic reporting. frwkFeedbackLinkTable{ Id=1, Sel=ppvpn2547Selection.1, Usage=ppvpn2547RouteCountUsage, Interval=10, Threshold=ppvpn2547Treshold.1, Flags=threshold; Id=2, Sel=ppvpn2547Selection.2, Usage=ppvpn2547LabelCountUsage, Interval=20, Threshold=NULL, Flags=changeOnly; } El Mghazli [Page 11] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 8. BGP/MPLS VPN PIB Definition 8.1. The BGP/MPLS VPN PIB PPVPN-PIB PIB-DEFINITIONS ::= BEGIN IMPORTS Unsigned32, Integer32, MODULE-IDENTITY, MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib, TEXTUAL-CONVENTION FROM COPS-PR-SPPI InstanceId, TagId, TagReferenceId, ReferenceId FROM COPS-PR-SPPI-TC DisplayString FROM SNMPv2-SMI TruthValue FROM SNMPv2-TC RoleCombination FROM FRAMEWORK-TC-PIB InetAddress, InetAddressType FROM INET-ADDRESS-MIB; ppvpn2547PolicyPib MODULE-IDENTITY SUBJECT-CATEGORIES { ppvpn(tbd) } -- PPVPN COPS Client Type -- to be assigned by IANA LAST-UPDATED "200207011800Z" ORGANIZATION "IETF PPVPN WG" CONTACT-INFO " Yacine El Mghazli Alcatel Route de Nozay F-91460 Marcoussis - FRANCE Phone: +33 1 69 63 41 87 Email: yacine.el_mghazli@alcatel.fr" DESCRIPTION "The PIB module containing a set of provisioning classes that describe provider provisioned virtual private networks (PPVPN) policies for BGP/MPLS VPN. It includes general classes that may be extended by other PIB specifications as well as a set of PIB classes related to PPVPNs." REVISION "200203081800Z" DESCRIPTION "Initial version, published as draft-yacine-ppvpn-2547-pib-00.txt." ::= { pib xxx } -- xxx to be assigned by IANA -- BGP/MPLS VPN specific Textual Conventions. Ppvpn2547RouteDistinguisher ::= TEXTUAL-CONVENTION STATUS current El Mghazli [Page 12] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 DESCRIPTION "Syntax for a route distinguisher." SYNTAX OCTET STRING(SIZE (0..256)) Ppvpn2547RouteTarget ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Syntax for a route target." SYNTAX OCTET STRING(SIZE (0..256)) -- BGP/MPLS VPN PIB module ppvpn2547CapabilityClasses OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 1 } ppvpn2547PolicyClasses OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 2 } ppvpn2547FeedbackClasses OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 3 } ppvpn2547PibConformance OBJECT IDENTIFIER ::= { ppvpn2547PolicyPib 4 } -- Capabilities Classes -- -- BGP/MPLS VPN PE Routing Capabilities -- ppvpn2547RoutingCapsTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547RoutingCapsEntry PIB-ACCESS notify STATUS current DESCRIPTION "This class represents routing capabilities of a device (PE)." ::= { ppvpn2547CapabilityClasses 1 } ppvpn2547RoutingCapsEntry OBJECT-TYPE SYNTAX Ppvpn2547RoutingCapsEntry STATUS current DESCRIPTION "An instance of the ppvpn2547RoutingCaps class." PIB-INDEX { ppvpn2547RoutingCapsPrid } ::= { ppvpn2547RoutingCapsTable 1 } ppvpn2547RoutingCapsEntry ::= SEQUENCE { ppvpn2547RoutingCapsPrid InstanceId, ppvpn2547RoutingCapsDistProtocol BITS, ppvpn2547RoutingCapsMaxRoutes unsigned32, ppvpn2547RoutingCapsMaxVrfs unsigned32, ppvpn2547RoutingCapsBgpOrf TruthValue } El Mghazli [Page 13] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ppvpn2547RoutingCapsPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547RoutingCapsEntry 1 } ppvpn2547RoutingCapsDistProtocol OBJECT-TYPE SYNTAX BITS { static (0), ebgp (1), ospf (2), rip (3), isis (4) } STATUS current DESCRIPTION "Denotes the route distribution protocol supported by the PE across the PE-CE links. Note that more than one routing protocol may be enabled at the same time." ::= { ppvpn2547RoutingCapsEntry 2 } ppvpn2547RoutingCapsMaxRoutes OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "Denotes maximum number of routes which this PE is able to hold." ::= { ppvpn2547RoutingCapsEntry 3 } ppvpn2547RoutingCapsMaxVrfs OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "Denotes maximum number of VRF which this PE is able to hold." ::= { ppvpn2547RoutingCapsEntry 4 } ppvpn2547RoutingCapsBgpOrf OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "Denotes if the PEP supports Cooperative Route Filtering Capability for BGP [BGP-ORF]." ::= { ppvpn2547RoutingCapsEntry 5 } -- -- PE Interface Capabilities -- ppvpn2547IfCapsTable OBJECT-TYPE El Mghazli [Page 14] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 SYNTAX SEQUENCE OF Ppvpn2547IfCapsEntry PIB-ACCESS notify STATUS current DESCRIPTION " This class represents interfaces capabilities of a device (PE) in terms of MPLS support." ::= { ppvpn2547CapabilityClasses 2 } ppvpn2547IfCapsEntry OBJECT-TYPE SYNTAX Ppvpn2547IfCapsEntry STATUS current DESCRIPTION "An instance of the ppvpn2547IfCaps class." PIB-INDEX { ppvpn2547IfCapsPrid } ::= { ppvpn2547IfCapsTable 1 } ppvpn2547IfCapsEntry ::= SEQUENCE { ppvpn2547IfCapsPrid InstanceId, ppvpn2547IfCapsTunnelSupport INTEGER, ppvpn2547IfCapsType INTEGER } ppvpn2547IfCapsPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547IfCapsEntry 1 } ppvpn2547IfCapsTunnelSupport OBJECT-TYPE SYNTAX INTEGER { none (0), mpls (1), mplsTunnel (2), other (3) } STATUS current DESCRIPTION " Denotes the interface type in accordance with [IFMIB] which states that the interfaces tables contains information on the managed resource's interfaces and each sub-layer bellow the internetwork layer interface is considered as an interface." ::= { ppvpn2547IfCapsEntry 2 } ppvpn2547IfCapsType OBJECT-TYPE SYNTAX INTEGER { network (1), customer (2) } STATUS current DESCRIPTION " Either the network(0) or customer(1) bit MUST be set. Denotes if the interface is a customer interface El Mghazli [Page 15] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 or a network interface." ::= { ppvpn2547IfCapsEntry 3 } -- Policy Classes -- -- BGP/MPLS VPN VRF Table -- ppvpn2547VrfTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547VrfEntry PIB-ACCESS install STATUS current DESCRIPTION "This class specifies BGP/MPLS VPN VRF Table associated information. Entries in this table define VRF instances associated with MPLS/VPN interfaces. Note that multiple interfaces can belong to the same VRF instance." ::= { ppvpn2547PolicyClasses 1 } ppvpn2547VrfEntry OBJECT-TYPE SYNTAX Ppvpn2547VrfEntry STATUS current DESCRIPTION "An entry in this table is created by the provider for every VRF capable of supporting MPLS/BGP VPN." PIB-INDEX { ppvpn2547VrfPrid } UNIQUENESS { ppvpn2547VrfId, ppvpn2547VrfRoles, ppvpn2547VrfIfName, ppvpn2547VrfRD } ::= { ppvpn2547VrfTable 1 } ppvpn2547VrfEntry ::= SEQUENCE { ppvpn2547VrfPrid InstanceId, ppvpn2547VrfRoles RoleCombination, ppvpn2547VrfIfName SnmpAdminString, ppvpn2547VrfId TagReferenceId, ppvpn2547VrfDescription SnmpAdminString, ppvpn2547VrfRD Ppvpn2547RouteDistinguisher, ppvpn2547VrfMaxRoutes Unsigned32 } ppvpn2547VrfPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547VrfEntry 1 } ppvpn2547VrfRoles OBJECT-TYPE El Mghazli [Page 16] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 SYNTAX RoleCombination STATUS current DESCRIPTION "The interfaces to which the VRF is attached to, specified in terms of roles. There must exist an entry in the frwkIfRoleComboTable [FR-PIB] specifying this role combination, together with the interface capability set specified by ppvpn2547IfName, prior to association with an instance of this class." ::= { ppvpn2547VrfEntry 2 } ppvpn2547VrfIfName OBJECT-TYPE SYNTAX SnmpAdminString STATUS current DESCRIPTION "The interface capability set to which the VRF is attached to. The interface capability name specified by this attribute must exist in the frwkIfCapSetTable [FR-PIB] prior to association with an instance of this class." ::= { ppvpn2547VrfEntry 3 } ppvpn2547VrfId OBJECT-TYPE SYNTAX TagReferenceId PIB-TAG { ppvpn2547RouteTargetVrfId } STATUS current DESCRIPTION "Identifies a VRF instance." ::= { ppvpn2547VrfEntry 4 } ppvpn2547VrfDescription OBJECT-TYPE SYNTAX SnmpAdminString STATUS current DESCRIPTION "The human-readable description of this VRF." ::= { ppvpn2547VrfEntry 5 } ppvpn2547VrfRD OBJECT-TYPE SYNTAX Ppvpn2547RouteDistinguisher STATUS current DESCRIPTION "The route distinguisher for this VRF." ::= { ppvpn2547VrfEntry 6 } ppvpn2547VrfMaxRoutes OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "Denotes maximum number of routes which this VRF is configured to hold." ::= { ppvpn2547VrfEntry 7 } -- El Mghazli [Page 17] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 -- BGP/MPLS VPN Route Target Table -- ppvpn2547RouteTargetTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547RouteTargetEntry PIB-ACCESS install STATUS current DESCRIPTION "This table specifies per-VRF route target association. Each entry identifies a connectivity policy supported as part of a VPN." ::= { ppvpn2547PolicyClasses 2 } ppvpn2547RouteTargetEntry OBJECT-TYPE SYNTAX Ppvpn2547RouteTargetEntry STATUS current DESCRIPTION "An entry in this table is created for each route target configured for a VRF supporting a MPLS/BGP VPN instance." PIB-INDEX { ppvpn2547RouteTargetPrid} UNIQUENESS { ppvpn2547RouteTargetVrfId, ppvpn2547RouteTargetType, ppvpn2547RouteTargetPrecedence, ppvpn2547RouteTargetRT } ::= { ppvpn2547RouteTargetTable 1 } ppvpn2547RouteTargetEntry ::= SEQUENCE { ppvpn2547RouteTargetPrid InstanceId, ppvpn2547RouteTargetType INTEGER, ppvpn2547RouteTargetVrfId TagId, ppvpn2547RouteTargetRT Ppvpn2547RouteTarget, ppvpn2547RouteTargetDescr DisplayString } ppvpn2547RouteTargetPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547RouteTargetEntry 1 } ppvpn2547RouteTargetType OBJECT-TYPE SYNTAX INTEGER { import(1), export(2), both(3) } STATUS current DESCRIPTION "The route target distribution type." ::= { ppvpn2547RouteTargetEntry 2 } ppvpn2547RouteTargetVrfId OBJECT-TYPE El Mghazli [Page 18] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 SYNTAX TagId STATUS current DESCRIPTION "A VRF is composed of an import RT list and a export RT list. Each RT belonging to the same VRF uses the same VRF ID. Hence, a VRF Id identifies which this RT is a part of. This needs to be the value of ppvpn2547VrfId attribute for an existing instance of ppvpn2547VrfEntry." ::= { ppvpn2547RouteTargetEntry 3 } ppvpn2547RouteTargetRT OBJECT-TYPE SYNTAX Ppvpn2547RouteTarget STATUS current DESCRIPTION "The route target value." ::= { ppvpn2547RouteTargetEntry 4 } ppvpn2547RouteTargetDescr OBJECT-TYPE SYNTAX DisplayString STATUS current DESCRIPTION "Description of the route target." ::= { ppvpn2547RouteTargetEntry 5 } -- -- BGP/MPLS VPN Interface Table -- ppvpn2547IfTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547IfEntry PIB-ACCESS install STATUS current DESCRIPTION "This table specifies per customer interface configuration information ." ::= { ppvpn2547PolicyClasses 3 } ppvpn2547IfEntry OBJECT-TYPE SYNTAX Ppvpn2547IfEntry STATUS current DESCRIPTION "An entry in this table is created for every interface type supporting MPLS/BGP VPN. Each entry in this table is meant to correspond to an entry in the Interfaces Table." PIB-INDEX { ppvpn2547IfPrid } UNIQUENESS { ppvpn2547IfRoles, ppvpn2547IfName } ::= { ppvpn2547IfTable 1 } ppvpn2547IfEntry ::= SEQUENCE { ppvpn2547IfPrid InstanceId, ppvpn2547IfIndex ReferenceId, El Mghazli [Page 19] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ppvpn2547IfVpnClassification INTEGER, ppvpn2547IfRouteDistProtocol BITS } ppvpn2547IfPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547IfEntry 1 } ppvpn2547IfIndex OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { frwkRoleCombinationEntry } STATUS current DESCRIPTION "The interface capability set to configure. The interface capability name specified by this attribute must exist in the frwkIfCapSetTable [FR-PIB] prior to association with an instance of this class." ::= { ppvpn2547IfEntry 2 } ppvpn2547IfVpnClassification OBJECT-TYPE SYNTAX INTEGER { carrierOfCarrier (1), enterprise (2), interProvider (3) } STATUS current DESCRIPTION "Denotes whether this link participates in a carrier-of- carrier's, enterprise, or inter-provider scenario." ::= { ppvpn2547IfEntry 3 } ppvpn2547IfRouteDistProtocol OBJECT-TYPE SYNTAX BITS { none (0), ebgp (1), ospf (2), rip (3), isis (4) } STATUS current DESCRIPTION "Denotes the route distribution protocol across the customer interface protocol. Note that more than one routing protocol may be enabled at the same time." ::= { ppvpn2547IfEntry 4 } -- -- BGP/MPLS VPN BGP Peer Address Table -- El Mghazli [Page 20] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ppvpn2547BgpPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547BgpPeerEntry PIB-ACCESS install STATUS current DESCRIPTION "Each entry in this table specifies a per VRF MPLS/BGP neighbor." ::= { ppvpn2547PolicyClasses 4 } ppvpn2547BgpPeerEntry OBJECT-TYPE SYNTAX Ppvpn2547BgpPeerEntry STATUS current DESCRIPTION "An entry in this table is created by an LSR for every VRF capable of supporting MPLS/BGP VPN. The indexing provides an ordering of VRFs per-VPN interface." PIB-INDEX { ppvpn2547BgpPeerPrid } UNIQUENESS { ppvpn2547BgpPeerVrfId, ppvpn2547BgpPeerAddrType, ppvpn2547BgpPeerAddr } ::= { ppvpn2547BgpPeerTable 1 } ppvpn2547BgpPeerEntry ::= SEQUENCE { ppvpn2547BgpPeerPrid InstanceId, ppvpn2547BgpPeerVrfId ReferenceId, ppvpn2547BgpPeerRole INTEGER, ppvpn2547BgpPeerAddrType InetAddressType, ppvpn2547BgpPeerAddr InetAddress } ppvpn2547BgpPeerPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547BgpPeerEntry 1 } ppvpn2547BgpPeerVrfId OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { ppvpn2547VrfEntry } STATUS current DESCRIPTION "The reference Id of the VRF instance(s) because of which this device is the bgp neighbor." ::= { ppvpn2547BgpPeerEntry 2 } ppvpn2547BgpPeerRole OBJECT-TYPE SYNTAX INTEGER { pe(1), rr(2) El Mghazli [Page 21] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 } STATUS current DESCRIPTION "Denotes the role played by this BGP neighbor with respect to the corresponding VRF. rr(0) stands for Route Reflector, pe(1) stands for Provider Edge" ::= { ppvpn2547BgpPeerEntry 3 } ppvpn2547BgpPeerAddrType OBJECT-TYPE SYNTAX InetAddressType STATUS current DESCRIPTION "Denotes the address family of the PE address." ::= { ppvpn2547BgpPeerEntry 4 } ppvpn2547BgpPeerAddr OBJECT-TYPE SYNTAX InetAddress STATUS current DESCRIPTION "Denotes the EBGP neighbor address." ::= { ppvpn2547BgpPeerEntry 5 } -- -- VRF Routing Table -- ppvpn2547RouteTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547RouteEntry STATUS current DESCRIPTION "This table specifies per-VRF MPLS/BGP VPN routing information. Entries in this table define VRF routing entries associated with the specified MPLS/VPN interfaces. Note that this table contains both BGP and IGP routes, as both may appear in the same VRF." ::= { ppvpn2547PolicyClasses 5 } ppvpn2547RouteEntry OBJECT-TYPE SYNTAX Ppvpn2547RouteEntry STATUS current DESCRIPTION "An entry in this table is created by an LSR for every route present configured (either dynamically or statically) within the context of a specific VRF capable of supporting MPLS/BGP VPN. The indexing provides an ordering of VRFs per-VPN interface." PIB-INDEX { ppvpn2547RoutePrid } UNIQUENESS { ppvpn2547RouteVrfId, ppvpn2547RouteDest, ppvpn2547RouteMask, ppvpn2547RouteTos, ppvpn2547RouteNextHop } El Mghazli [Page 22] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ::= { ppvpn2547RouteTable 1 } ppvpn2547RouteEntry ::= SEQUENCE { ppvpn2547RoutePrid InstanceId, ppvpn2547RouteVrfId ReferenceId, ppvpn2547RouteDest InetAddress, ppvpn2547RouteDestAddrType InetAddressType, ppvpn2547RouteMask InetAddress, ppvpn2547RouteMaskAddrType InetAddressType, ppvpn2547RouteTos Unsigned32, ppvpn2547RouteNextHop InetAddress, ppvpn2547RouteNextHopAddrType InetAddressType, ppvpn2547RouteIfIndex InterfaceIndexOrZero, ppvpn2547RouteType INTEGER, ppvpn2547RouteProto INTEGER, ppvpn2547RouteInfo OBJECT IDENTIFIER, ppvpn2547RouteNextHopAS Unsigned32, ppvpn2547RouteMetric1 Integer32, ppvpn2547RouteMetric2 Integer32, ppvpn2547RouteMetric3 Integer32, ppvpn2547RouteMetric4 Integer32, ppvpn2547RouteMetric5 Integer32 } ppvpn2547RoutePrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547RouteEntry 1 } ppvpn2547RouteVrfId OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { ppvpn2547VrfEntry } STATUS current DESCRIPTION "The reference Id of the corresponding VRF instance." ::= { ppvpn2547RouteEntry 2 } ppvpn2547RouteDest OBJECT-TYPE SYNTAX InetAddress STATUS current DESCRIPTION "The destination IP address of this route. This object may not take a Multicast (Class D) address value. Any assignment (implicit or otherwise) of an instance of this object to a value x must be rejected if the bit-wise logical-AND of x with the value of the corresponding instance of the ppvpn2547RouteMask object is not equal to x." ::= { ppvpn2547RouteEntry 3 } El Mghazli [Page 23] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ppvpn2547RouteDestAddrType OBJECT-TYPE SYNTAX InetAddressType STATUS current DESCRIPTION "The address type of the ppvpn2547RouteDest entry." ::= { ppvpn2547RouteEntry 4 } ppvpn2547RouteMask OBJECT-TYPE SYNTAX InetAddress STATUS current DESCRIPTION "Indicate the mask to be logical-ANDed with the destination address before being compared to the value in the ppvpn2547RouteDest field. For those systems that do not support arbitrary subnet masks, an agent constructs the value of the ppvpn2547RouteMask by reference to the IP Address Class. Any assignment (implicit or otherwise) of an instance of this object to a value x must be rejected if the bit-wise logical-AND of x with the value of the corresponding instance of the ppvpn2547RouteDest object is not equal to ppvpn2547RouteDest." ::= { ppvpn2547RouteEntry 5 } ppvpn2547RouteMaskAddrType OBJECT-TYPE SYNTAX InetAddressType STATUS current DESCRIPTION "The address type of ppvpn2547RouteMask." ::= { ppvpn2547RouteEntry 6 } ppvpn2547RouteTos OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "The IP TOS Field is used to specify the policy to be applied to this route. The encoding of IP TOS is as specified by the following convention. Zero indicates the default path if no more specific policy applies. +-----+-----+-----+-----+-----+-----+-----+-----+ | | | | | PRECEDENCE | TYPE OF SERVICE | 0 | | | | | +-----+-----+-----+-----+-----+-----+-----+-----+ IP TOS IP TOS Field Policy Field Policy El Mghazli [Page 24] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 Contents Code Contents Code 0 0 0 0 ==> 0 0 0 0 1 ==> 2 0 0 1 0 ==> 4 0 0 1 1 ==> 6 0 1 0 0 ==> 8 0 1 0 1 ==> 10 0 1 1 0 ==> 12 0 1 1 1 ==> 14 1 0 0 0 ==> 16 1 0 0 1 ==> 18 1 0 1 0 ==> 20 1 0 1 1 ==> 22 1 1 0 0 ==> 24 1 1 0 1 ==> 26 1 1 1 0 ==> 28 1 1 1 1 ==> 30." ::= { ppvpn2547RouteEntry 7 } ppvpn2547RouteNextHop OBJECT-TYPE SYNTAX InetAddress STATUS current DESCRIPTION "On remote routes, the address of the next system en route; Otherwise, 0.0.0.0. ." ::= { ppvpn2547RouteEntry 8 } ppvpn2547RouteNextHopAddrType OBJECT-TYPE SYNTAX InetAddressType STATUS current DESCRIPTION "The address type of the ppvpn2547RouteNextHopAddrType object." ::= { ppvpn2547RouteEntry 9 } ppvpn2547RouteIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero STATUS current DESCRIPTION "The ifIndex value that identifies the local interface through which the next hop of this route should be reached. If this value is set to 0, this indicates that no interface is associated with this route." ::= { ppvpn2547RouteEntry 10 } ppvpn2547RouteType OBJECT-TYPE SYNTAX INTEGER { other (1), -- not specified reject (2), -- route to discard traffic local (3), -- local interface remote (4) -- remote destination } STATUS current DESCRIPTION "The type of route. Note that local(3) refers to a route for which the next hop is the final destination; remote(4) refers to a route for that the next hop is not the final destination. Routes which do not result in traffic forwarding or rejection should not be displayed even if the implementation keeps them stored internally. El Mghazli [Page 25] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 Reject (2) refers to a route which, if matched, discards the message as unreachable. This is used in some protocols as a means of correctly aggregating routes." ::= { ppvpn2547RouteEntry 11 } ppvpn2547RouteProto OBJECT-TYPE SYNTAX INTEGER { other (1), -- not specified local (2), -- local interface netmgmt (3), -- static route icmp (4), -- result of ICMP Redirect -- the following are all dynamic -- routing protocols egp (5), -- Exterior Gateway Protocol ggp (6), -- Gateway-Gateway Protocol hello (7), -- FuzzBall HelloSpeak rip (8), -- Berkeley RIP or RIP-II isIs (9), -- Dual IS-IS esIs (10), -- ISO 9542 ciscoIgrp (11), -- Cisco IGRP bbnSpfIgp (12), -- BBN SPF IGP ospf (13), -- Open Shortest Path First bgp (14), -- Border Gateway Protocol idpr (15), -- InterDomain Policy Routing ciscoEigrp (16) -- Cisco EIGRP } STATUS current DESCRIPTION "The routing mechanism via which this route was learned. Inclusion of values for gateway rout- ing protocols is not intended to imply that hosts should support those protocols." ::= { ppvpn2547RouteEntry 12 } ppvpn2547RouteInfo OBJECT-TYPE SYNTAX OBJECT IDENTIFIER STATUS current DESCRIPTION "A reference to MIB definitions specific to the particular routing protocol which is responsi- ble for this route, as determined by the value specified in the route's ppvpn2547RouteProto value. If this information is not present, its value SHOULD be set to the OBJECT IDENTIFIER { 0 0 }, which is a syntactically valid object identif-ier, and any implementation conforming to ASN.1 and the Basic Encoding Rules must be able to generate and recognize this value." ::= { ppvpn2547RouteEntry 13 } ppvpn2547RouteNextHopAS OBJECT-TYPE El Mghazli [Page 26] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 SYNTAX Unsigned32 STATUS current DESCRIPTION "The Autonomous System Number of the Next Hop. The semantics of this object are determined by the routing-protocol specified in the route's ppvpn2547RouteProto value. When this object is unknown or not relevant its value should be set to zero." ::= { ppvpn2547RouteEntry 14 } ppvpn2547RouteMetric1 OBJECT-TYPE SYNTAX Integer32 STATUS current DESCRIPTION "The primary routing metric for this route. The semantics of this metric are determined by the routing-protocol specified in the route's ppvpn2547RouteProto value. If this metric is not used, its value should be set to -1." ::= { ppvpn2547RouteEntry 15 } ppvpn2547RouteMetric2 OBJECT-TYPE SYNTAX Integer32 STATUS current DESCRIPTION "An alternate routing metric for this route. The semantics of this metric are determined by the routing-protocol specified in the route's ppvpn2547RouteProto value. If this metric is not used, its value should be set to -1." ::= { ppvpn2547RouteEntry 16 } ppvpn2547RouteMetric3 OBJECT-TYPE SYNTAX Integer32 STATUS current DESCRIPTION "An alternate routing metric for this route. The semantics of this metric are determined by the routing-protocol specified in the route's ppvpn2547RouteProto value. If this metric is not used, its value should be set to -1." ::= { ppvpn2547RouteEntry 17 } ppvpn2547RouteMetric4 OBJECT-TYPE SYNTAX Integer32 STATUS current DESCRIPTION "An alternate routing metric for this route. The semantics of this metric are determined by the routing-protocol specified in the route's ppvpn2547RouteProto value. If this metric is not used, its value should be set to -1." El Mghazli [Page 27] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ::= { ppvpn2547RouteEntry 18 } ppvpn2547RouteMetric5 OBJECT-TYPE SYNTAX Integer32 STATUS current DESCRIPTION "An alternate routing metric for this route. The semantics of this metric are determined by the routing-protocol specified in the route's ppvpn2547RouteProto value. If this metric is not used, its value should be set to -1." ::= { ppvpn2547RouteEntry 19 } -- BGP/MPLS VPN Feedback Classes -- -- BGP/MPLS VPN Route Count Usage Table -- ppvpn2547RouteCountUsageTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547RouteCountUsageEntry PIB-ACCESS report-only STATUS current DESCRIPTION "This class defines the usage attributes that the PEP is to monitor for VRFs. All routes hold by the VRF are counted. It also contains the PRID of the linkage instance associating the selection criteria with the usage instance." ::= { ppvpn2547FeedbackClasses 1 } ppvpn2547RouteCountUsageEntry OBJECT-TYPE SYNTAX Ppvpn2547RouteCountUsageEntry STATUS current DESCRIPTION "Defines the attributes the PEP is to monitor, record and report." PIB-INDEX { ppvpn2547RouteCountUsagePrid } UNIQUENESS { ppvpn2547RouteCountUsageLinkRefId } ::= { ppvpn2547RouteCountUsageTable 1 } ppvpn2547RouteCountUsageEntry ::= SEQUENCE { ppvpn2547RouteCountUsagePrid InstanceId, ppvpn2547RouteCountUsageLinkRefId ReferenceId, ppvpn2547RouteCountUsageCount Counter32 } ppvpn2547RouteCountUsagePrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." El Mghazli [Page 28] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ::= { ppvpn2547RouteCountUsageEntry 1 } ppvpn2547RouteCountUsageLinkRefId OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { frwkFeedBackLinkEntry } STATUS current DESCRIPTION "The ReferenceId of the Linkage Policy instance used to base this usage policy instance upon." ::= { ppvpn2547RouteCountUsageEntry 2 } ppvpn2547RouteCountUsageCount OBJECT-TYPE SYNTAX Counter32 STATUS current DESCRIPTION "The count of Routes hold by the assocuiated VRF during the reporting interval." ::= { ppvpn2547RouteCountUsageEntry 3 } -- -- BGP/MPLS VPN Label Count Usage Table -- ppvpn2547LabelCountUsageTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547LabelCountUsageEntry PIB-ACCESS report-only STATUS current DESCRIPTION "This class defines the usage attributes that the PEP is to monitor for VRFs. All labels illegally received by the VRF are counted. It also contains the PRID of the linkage instance associating the selection criteria with the usage instance." ::= { ppvpn2547FeedbackClasses 2 } ppvpn2547LabelCountUsageEntry OBJECT-TYPE SYNTAX Ppvpn2547LabelCountUsageEntry STATUS current DESCRIPTION "Defines the attributes the PEP is to monitor, record and report." PIB-INDEX { ppvpn2547LabelCountUsagePrid } UNIQUENESS { ppvpn2547LabelCountUsageLinkRefId } ::= { ppvpn2547LabelCountUsageTable 1 } ppvpn2547LabelCountUsageEntry ::= SEQUENCE { ppvpn2547LabelCountUsagePrid InstanceId, ppvpn2547LabelCountUsageLinkRefId ReferenceId, ppvpn2547LabelCountUsageCount Counter32 } ppvpn2547LabelCountUsagePrid OBJECT-TYPE El Mghazli [Page 29] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547LabelCountUsageEntry 1 } ppvpn2547LabelCountUsageLinkRefId OBJECT-TYPE SYNTAX ReferenceId PIB-REFERENCES { frwkFeedBackLinkEntry } STATUS current DESCRIPTION "The ReferenceId of the Linkage Policy instance used to base this usage policy instance upon." ::= { ppvpn2547LabelCountUsageEntry 2 } ppvpn2547LabelCountUsageCount OBJECT-TYPE SYNTAX Counter32 STATUS current DESCRIPTION "The count of labels illegally received by the assocuiated VRF during the reporting interval." ::= { ppvpn2547LabelCountUsageEntry 3 } -- -- BGP/MPLS VPN Threshold Table -- ppvpn2547ThresholdTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547ThresholdEntry PIB-ACCESS install STATUS current DESCRIPTION "This class defines the threshold attributes corresponding to usage attributes specified in the ppvpn2547RouteCountUsageTable and ppvpn2547LabelCountUsageTable classes." ::= { ppvpn2547FeedbackClasses 3 } ppvpn2547ThresholdEntry OBJECT-TYPE SYNTAX Ppvpn2547ThresholdEntry STATUS current DESCRIPTION "Defines the attributes to hold thershold values." PIB-INDEX { ppvpn2547ThresholdPrid } ::= { ppvpn2547ThresholdTable 1 } ppvpn2547ThresholdEntry ::= SEQUENCE { ppvpn2547ThresholdPrid InstanceId, ppvpn2547ThresholdThresh Unsigned32 } ppvpn2547ThresholdPrid OBJECT-TYPE El Mghazli [Page 30] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547ThresholdEntry 1 } ppvpn2547ThresholdThresh OBJECT-TYPE SYNTAX Unsigned32 STATUS current DESCRIPTION "The threshold, in terms of number of routes or labels, that must be exceeded to trigger a report in the next reporting interval." ::= { ppvpn2547ThresholdEntry 2 } -- -- BGP/MPLS VPN VRF Selection Table -- ppvpn2547VrfSelectionTable OBJECT-TYPE SYNTAX SEQUENCE OF Ppvpn2547VrfSelectionEntry PIB-ACCESS install STATUS current DESCRIPTION "This class defines a selection criteria that identifies a specific VRF to collect usage information from." ::= { ppvpn2547FeedbackClasses 4 } ppvpn2547VrfSelectionEntry OBJECT-TYPE SYNTAX Ppvpn2547VrfSelectionEntry STATUS current DESCRIPTION " Defines the attributes of the selection criteria identifying a specific policy where to monitor the associated usage." PIB-INDEX { ppvpn2547VrfSelectionPrid } UNIQUENESS { ppvpn2547VrfSelectionVrf } ::= { ppvpn2547VrfSelectionTable 1 } ppvpn2547VrfSelectionEntry ::= SEQUENCE { ppvpn2547VrfSelectionPrid InstanceId, ppvpn2547VrfSelectionId ReferenceId } ppvpn2547VrfSelectionPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class." ::= { ppvpn2547VrfSelectionEntry 1 } ppvpn2547VrfSelectionId OBJECT-TYPE El Mghazli [Page 31] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 SYNTAX ReferenceId PIB-REFERENCES { ppvpn2547VrfEntry } STATUS current DESCRIPTION "The Prid of the VRF that one wants to collect usage information from." ::= { ppvpn2547VrfSelectionEntry 2 } -- Conformance Section ppvpn2547PibCompliances OBJECT IDENTIFIER ::= { ppvpn2547PibConformance 1 } ppvpn2547PibGroups OBJECT IDENTIFIER ::= { ppvpn2547PibConformance 2 } ppvpn2547PibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Describes the requirements for conformance to the PPVPN BGP/MPLS VPN Policy PIB." MODULE -- this module MANDATORY-GROUPS { ppvpn2547PibVrfGroup, ppvpn2547PibRouteTargetGroup, ppvpn2547PibIfGroup, ppvpn2547PibBgpPeerGroup, ppvpn2547PibRouteGroup, ppvpn2547PibRouteCountUsageGroup, ppvpn2547PibLabelCountUsageGroup, ppvpn2547PibThresholdGroup, ppvpn2547PibVrfSelectionGroup } ::= { ppvpn2547PibCompliances 1 } ppvpn2547PibVrfGroup OBJECT-GROUP OBJECTS { ppvpn2547VrfRoles, ppvpn2547VrfIfName, ppvpn2547VrfId, ppvpn2547VrfDescription, ppvpn2547VrfRD, ppvpn2547VrfMaxRoutes } STATUS current DESCRIPTION "The VRF Group defines the PIB Objects that describe a VRF." ::= { ppvpn2547PibGroups 1 } ppvpn2547PibRouteTargetGroup OBJECT-GROUP OBJECTS { ppvpn2547RouteTargetType, El Mghazli [Page 32] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 ppvpn2547RouteTargetVrfId, ppvpn2547RouteTargetRT, ppvpn2547RouteTargetDescr } STATUS current DESCRIPTION "The Route Target Group defines the PIB Objects that describe a Route Target." ::= { ppvpn2547PibGroups 2 } ppvpn2547PibIfGroup OBJECT-GROUP OBJECTS { ppvpn2547IfIndex, ppvpn2547IfVpnClassification, ppvpn2547IfRouteDistProtocol } STATUS current DESCRIPTION "The Interface Group defines the PIB Objects that describe a Interface." ::= { ppvpn2547PibGroups 3 } ppvpn2547PibBgpPeerGroup OBJECT-GROUP OBJECTS { ppvpn2547BgpPeerVrfId, ppvpn2547BgpPeerRole, ppvpn2547BgpPeerAddrType, ppvpn2547BgpPeerAddr } STATUS current DESCRIPTION "The BGP Peer Group defines the PIB Objects that describe a BGP Peer." ::= { ppvpn2547PibGroups 4 } ppvpn2547PibRouteGroup OBJECT-GROUP OBJECTS { ppvpn2547RouteVrfId, ppvpn2547RouteDest, ppvpn2547RouteDestAddrType, ppvpn2547RouteMask, ppvpn2547RouteMaskAddrType, ppvpn2547RouteTos, ppvpn2547RouteNextHop, ppvpn2547RouteNextHopAddrType, ppvpn2547RouteIfIndex, ppvpn2547RouteType, ppvpn2547RouteProto, ppvpn2547RouteAge, ppvpn2547RouteInfo, ppvpn2547RouteNextHopAS, ppvpn2547RouteMetric1, ppvpn2547RouteMetric2, ppvpn2547RouteMetric3, ppvpn2547RouteMetric4, ppvpn2547RouteMetric5 El Mghazli [Page 33] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 } STATUS current DESCRIPTION "The Route Group defines the PIB Objects that describe a Route." ::= { ppvpn2547PibGroups 5 } ppvpn2547PibRouteCountUsageGroup OBJECT-GROUP OBJECTS { ppvpn2547RouteCountUsageLinkRefId, ppvpn2547RouteCountUsageCount } STATUS current DESCRIPTION "The Route Count Usage Group defines the PIB Objects that describe a Route Count Usage class." ::= { ppvpn2547PibGroups 6 } ppvpn2547PibLabelCountUsageGroup OBJECT-GROUP OBJECTS { ppvpn2547LabelCountUsageLinkRefId, ppvpn2547LabelCountUsageCount } STATUS current DESCRIPTION "The Label Count Usage Group defines the PIB Objects that describe a Label Count Usage class." ::= { ppvpn2547PibGroups 7 } ppvpn2547PibThresholdGroup OBJECT-GROUP OBJECTS { ppvpn2547ThresholdThresh } STATUS current DESCRIPTION "The Threshold Group defines the PIB Objects that describe a Threshold class." ::= { ppvpn2547PibGroups 8 } ppvpn2547PibVrfSelectionGroup OBJECT-GROUP OBJECTS { ppvpn2547VrfSelectionId } STATUS current DESCRIPTION "The VRF Selection Group defines the PIB Objects that describe a VRF Selection class." ::= { ppvpn2547PibGroups 9 } END 9. Acknowledgments This PIB builds on all the work that has gone into the BGP/MPLS VPN Management Information Base [MPLS-VPN-MIB]. Special thanks also to Jeremy De Clercq for his help and advices. El Mghazli [Page 34] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 10. Subject Category Considerations The numbering space used for the BGP/MPLS VPN PIB, as indicated by the SUBJECT-CATEGORIES clause, will be assigned by the Internet Assigned Numbers Authority (IANA). Notice the numbering space used by SUBJECT-CATEGORIES maps to the Client Type numbering space in [COPS- PR]. This relationship is detailed in section 7.1 of [SPPI]. Due to the fact that Client Type value of 1 has already been used by [COPS-RSVP], the numbering space for SUBJECT-CATEGORIES will need to start with the value of 2. Other PIB Modules may use the same SUBJECT-CATEGORIES as this BGP/MPLS VPN PIB Module. In such situations, PRC numbering space under a specific SUBJECT-CATEGORIES should be coordinated with existing PIB Modules using the same SUBJECT-CATEGORIES. 11. Security Considerations The information contained in a PIB when transported by the COPS protocol [COPS-PR] may be sensitive, and its function of provisioning a PEP requires that only authorized communication take place. The use of IPSEC between PDP and PEP, as described in [COPS], provides the necessary protection against these threats. 12. Intellectual Property Considerations The IETF is being notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights. 13. IANA Considerations This document standardizes a Policy Information Base (PIB) module, requesting an IANA assigned PIB number. 14. Authors' Addresses Yacine El Mghazli Alcatel Route de Nozay F-91460 Marcoussis - FRANCE Phone: +33 1 69 63 41 87 Email: yacine.el_mghazli@alcatel.fr 15. References El Mghazli [Page 35] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 [2547bis] Rosen, E., Rekhter, Y., Bogovic, T., Brannon, S., Carugi, M., Chase, C., Chung, T., De Clercq, J., Dean, E., Hitchin, P., Leelanivas, M., Marshall, D., Martini, L., Srinivasan, V., Vedrenne, A., "BGP/MPLS VPNs", Internet Draft , February 2001. [MPLSArch] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC3031, January 2001. [VPN-RFC2685] Fox B., et al, "Virtual Private Networks Identifier", RFC 2685, September 1999. [LSR-MIB] Srinivasan, C., Viswanathan, A. and T. Nadeau, "MPLS Label Switch Router Management Information Base Using SMIv2", Internet Draft , January 2001. [TE-MIB] Srinivasan, C., Viswanathan, A. and T. Nadeau, "MPLS Traffic Engineering Management Information Base Using SMIv2", Internet Draft , March 2001. [FTN-MIB] T. Nadeau, C. Srinivasan, A. Viswanathan, "Multiprotocol Label Switching (MPLS) FEC-To-NHLFE (FTN) Management Information Base", draft-ietf-mpls-ftn-mib-04.txt, January 2002. [MPLS-VPN-MIB] Nadeau, T., Fang, L. Chiussi, F., Dube, J., Tatham, M and H. van der Linde, "MPLS/BGP Virtual Private Network Management Information Base Using SMIv2", Internet Draft , February 2002. [BGP-ORF] Chen, Rekhter, "Cooperative Route Filtering Capability for BGP-4", November 2001, work in progress. [BGP4-MIB] J. Haas, S. Hares, S. Willis, J. Burruss, J. Chu, "Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol (BGP-4)", draft-ietf-idr-bgp4-mib- 09.txt, March 2002. [COPS] Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R., and A. Sastry, "The COPS (Common Open Policy Service) Protocol" El Mghazli [Page 36] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 RFC 2748, January 2000. [COPS-PR] K. Chan, D. Durham, S. Gai, S. Herzog, K. McCloghrie, F. Reichmeyer, J. Seligson, A. Smith, R. Yavatkar, "COPS Usage for Policy Provisioning,", RFC 3084, March 2001 [COPS-PPVPN] Y. El Mghazli, "A COPS client-type for layer 3 PPVPN", work in progress. [SPPI] K. McCloghrie, M. Fine, J. Seligson, K. Chan, S. Hahn, R. Sahita, A. Smith, F. Reichmeyer, "Structure of Policy Provisioning Information", RFC 3159,August 2001. [FR-PIB] M. Fine, K. McCloghrie, J. Seligson, K. Chan, S. Hahn, R. Sahita, A. Smith, F. Reichmeyer, "Framework Policy Information Base", Internet Draft , June 2002. [RAP-FRWK] R. Yavatkar, D. Pendarakis, "A Framework for Policy-based Admission Control", RFC 2753, January 2000. [FEED-PIB] D. Rawlins, A. Kulkarni, K.H. Chan, M. Bokaemper, D. Dutt, "Framework of COPS-PR Policy Information base Usage Feedback", Internet Draft , March 2002. [FEED-FRWK] D. Rawlins, A. Kulkarni, "Framework of COPS-PR Policy Usage Feedback", Internet Draft , March 2002. [SNMP-SMI] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [IFMIB] K. McCloghrie, F. Kastenholz, "The Interfaces Group MIB using SMIv2", RFC 2233, November 1997. [INETADDRESS] Daniele, M., Haberman, B., Routhier, S., Schoenwaelder, J., "Textual Conventions for Internet Network Addresses.", RFC 2851, June 2000. [STD] El Mghazli [Page 37] Internet Draft draft-yacine-ppvpn-2547bis-pib-01.txt April 2002 Bradner, S., "The Internet Standards Process -- Revision 3", BCP 9, RFC 2026, October 1996. 17. Full Copyright Copyright c The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. El Mghazli [Page 38]