Network Working Group R. Sahita, Ed.
Request for Comments: 3318 S. Hahn
Category: Informational Intel Labs
K. Chan
Nortel Networks
K. McCloghrie
Cisco Systems
March 2003
Network Working Group R. Sahita, Ed.
Request for Comments: 3318 S. Hahn
Category: Informational Intel Labs
K. Chan
Nortel Networks
K. McCloghrie
Cisco Systems
March 2003
Framework Policy Information Base
框架政策信息库
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
Abstract
摘要
This document defines a set of PRovisioning Classes (PRCs) and textual conventions that are common to all clients that provision policy using Common Open Policy Service (COPS) protocol for Provisioning.
本文档定义了一组资源调配类(PRC)和文本约定,这些类和约定对于使用公共开放策略服务(COPS)协议进行资源调配的所有客户端都是通用的。
Structure of Policy Provisioning Information (SPPI) describes a structure for specifying policy information that can then be transmitted to a network device for the purpose of configuring policy at that device. The model underlying this structure is one of well-defined (PRCs) and instances of these classes (PRIs) residing in a virtual information store called the Policy Information Base (PIB).
策略供应信息结构(SPPI)描述了一种用于指定策略信息的结构,该策略信息随后可以传输到网络设备,以便在该设备上配置策略。此结构的基础模型是一个定义良好的类(PRC)和这些类的实例(PRI),它们驻留在称为策略信息库(PIB)的虚拟信息存储中。
One way to provision policy is by means of the (COPS) protocol with the extensions for provisioning. This protocol supports multiple clients, each of which may provision policy for a specific policy domain such as QoS, virtual private networks, or security.
提供策略的一种方法是通过(COPS)协议和提供扩展来实现。该协议支持多个客户端,每个客户端可以为特定的策略域(如QoS、虚拟专用网络或安全性)提供策略。
As described in COPS usage for Policy Provisioning (COPS-PR), each client supports a non-overlapping and independent set of PIB modules. However, some PRovisioning Classes are common to all subject-categories (client-types) and need to be present in each.
如COPS策略配置使用(COPS-PR)中所述,每个客户端都支持一组不重叠且独立的PIB模块。但是,某些资源调配类对于所有主题类别(客户端类型)都是通用的,并且需要在每个主题类别中都存在。
Table of Contents
目录
Conventions used in this document.................................2
1. Glossary.......................................................2
2. General PIB Concepts...........................................3
2.1. Roles......................................................3
2.1.1. An Example.............................................5
2.2. Management of Role-Combinations from the PDP...............6
2.3. Updating a Request State...................................7
2.3.1 Full Request State......................................8
2.3.2 Installing PRIs in a Request............................8
2.3.3 Updating PRIs in a Request..............................8
2.3.4 Removing PRIs from a Request............................9
2.3.5 Removing EXTENDED, AUGMENTED PRIs.......................9
2.3.6 Error Handling in Request updates.......................9
2.4. Multiple PIB Instances....................................10
2.5. Reporting and Configuring of Device Capabilities..........11
2.6. Reporting of Device Limitations...........................12
3. The Framework TC PIB module...................................12
4. Summary of the Framework PIB..................................17
4.1. Base PIB classes Group....................................17
4.2. Device Capabilities group.................................19
4.3. Classifier group..........................................20
4.4. Marker group..............................................20
5. The Framework PIB Module......................................21
6. Security Considerations.......................................66
7. IANA Considerations...........................................67
8. References....................................................67
8.1 Normative References.......................................67
8.2 Informative References.....................................68
9. Acknowledgments...............................................68
10. Authors' Addresses...........................................69
11. Full Copyright Statement.....................................70
Conventions used in this document.................................2
1. Glossary.......................................................2
2. General PIB Concepts...........................................3
2.1. Roles......................................................3
2.1.1. An Example.............................................5
2.2. Management of Role-Combinations from the PDP...............6
2.3. Updating a Request State...................................7
2.3.1 Full Request State......................................8
2.3.2 Installing PRIs in a Request............................8
2.3.3 Updating PRIs in a Request..............................8
2.3.4 Removing PRIs from a Request............................9
2.3.5 Removing EXTENDED, AUGMENTED PRIs.......................9
2.3.6 Error Handling in Request updates.......................9
2.4. Multiple PIB Instances....................................10
2.5. Reporting and Configuring of Device Capabilities..........11
2.6. Reporting of Device Limitations...........................12
3. The Framework TC PIB module...................................12
4. Summary of the Framework PIB..................................17
4.1. Base PIB classes Group....................................17
4.2. Device Capabilities group.................................19
4.3. Classifier group..........................................20
4.4. Marker group..............................................20
5. The Framework PIB Module......................................21
6. Security Considerations.......................................66
7. IANA Considerations...........................................67
8. References....................................................67
8.1 Normative References.......................................67
8.2 Informative References.....................................68
9. Acknowledgments...............................................68
10. Authors' Addresses...........................................69
11. Full Copyright Statement.....................................70
Conventions used in this document
本文件中使用的公约
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
PRC PRovisioning Class. A type of policy data. See [POLTERM]. PRI PRovisioning Instance. An instance of a PRC. See [POLTERM]. PIB Policy Information Base. The database of policy information. See [POLTERM] PDP Policy Decision Point. See [RAP-FRAMEWORK]. PEP Policy Enforcement Point. See [RAP-FRAMEWORK].
PRC供应类。策略数据的一种类型。见[POLTERM]。PRI配置实例。中国的一个例子。见[POLTERM]。PIB政策信息库。政策信息数据库。参见[POLTERM]PDP政策决策点。请参阅[RAP-FRAMEWORK]。政治公众人物政策执行点。请参阅[RAP-FRAMEWORK]。
The policy to apply to an interface may depend on many factors, such as immutable characteristics of the interface (e.g., Ethernet or frame relay), the status of the interface (e.g., half or full duplex), or user configuration (e.g., branch office or headquarters interface). Rather than specifying policies explicitly for each interface of all devices in the network, policies are specified in terms of interface functionality.
应用于接口的策略可能取决于许多因素,例如接口的不变特性(例如,以太网或帧中继)、接口的状态(例如,半双工或全双工)或用户配置(例如,分支办公室或总部接口)。不是为网络中所有设备的每个接口明确指定策略,而是根据接口功能指定策略。
To describe these functionalities of an interface, we use the concept of "Roles". A Role is simply a string that is associated with an interface. A given interface may have any number of roles simultaneously. Provisioning classes have an attribute called a "RoleCombination" which is a lexicographically ordered set of roles. Instances of a given PRovisioning Class are applied to an interface if and only if the set of roles in the role combination matches the set of the roles of the interface.
为了描述接口的这些功能,我们使用了“角色”的概念。角色只是一个与接口关联的字符串。给定的接口可以同时具有任意数量的角色。供应类有一个名为“rolecombinion”的属性,它是一组按字典顺序排列的角色。当且仅当角色组合中的角色集与接口的角色集匹配时,给定配置类的实例才会应用于接口。
Thus, roles provide a way to bind policy to interfaces without having to explicitly identify interfaces in a consistent manner across all network devices. That is, roles provide a level of indirection to the application of a set of policies to specific interfaces. This separates the policy definition from device implementation specific interface identification. Furthermore, if the same policy is being applied to several interfaces, that policy needs to be pushed to the device only once, rather than once per interface, as long as the interfaces are configured with the same role combination.
因此,角色提供了一种将策略绑定到接口的方法,而无需在所有网络设备上以一致的方式显式标识接口。也就是说,角色为将一组策略应用到特定接口提供了一定程度的间接性。这将策略定义与特定于设备实现的接口标识分开。此外,如果相同的策略应用于多个接口,则只要接口配置了相同的角色组合,该策略只需推送到设备一次,而不是每个接口一次。
We point out that, in the event that the administrator needs to have a unique policy for each interface, the administrator can configure each interface with a unique role.
我们指出,如果管理员需要为每个接口设置唯一的策略,那么管理员可以为每个接口配置唯一的角色。
The PEP sends all its Capability Set Names, Role Combinations, Policy Controlled Interfaces, and their relationships to the PDP in the first COPS request (REQ) message for a handle, and whenever any updates or deletes occur. The PDP can install new instances or change existing instances of these PRIs. This operation can also occur in subsequent request messages generated in response to COPS state synchronization (SSQ) requests and local configuration changes.
PEP在句柄的第一条COPS请求(REQ)消息中以及任何更新或删除发生时,将其所有功能集名称、角色组合、策略控制接口及其关系发送给PDP。PDP可以安装新实例或更改这些PRI的现有实例。此操作也可能发生在响应COPS状态同步(SSQ)请求和本地配置更改而生成的后续请求消息中。
The comparing of roles (or role combinations) is case sensitive.
角色(或角色组合)的比较区分大小写。
By convention, when formatting the role-combination for exchange within a protocol message, within a PIB object's value, or as a printed value, the set is formatted in lexicographical order of the role's ASCII values; that is, the role that is first is formatted first. For example, "a+b" and "b+a" are NOT different role-combinations; rather, they are different formatting of the same role-combination, and hence for this example:
按照惯例,在协议消息内、PIB对象值内或作为打印值格式化用于交换的角色组合时,将按照角色ASCII值的字典顺序格式化集合;也就是说,首先格式化的角色。例如,“a+b”和“b+a”不是不同的角色组合;相反,它们是相同角色组合的不同格式,因此在本例中:
- "a+b" is the valid formatting of that role-combination, - "b+a" is an invalid formatting of that role-combination.
- “a+b”是该角色组合的有效格式,-“b+a”是该角色组合的无效格式。
The role-combination of interfaces to which no roles have been assigned is known as the "null" role-combination. (Note the deliberate use of lower-case letters for "null" so that it avoids confusion with the ASCII NULL character that has a value of zero but a length of one.)
未分配任何角色的接口的角色组合称为“空”角色组合。(请注意,故意使用小写字母表示“null”,以避免与值为零但长度为1的ASCII null字符混淆。)
In an "install" or an "install-notify" class, the wildcard role-combination "*" can be used. In addition to providing for interface-specific roles, it also allows for other optimizations in reducing the number of role-combinations for which a policy has to be specified. For example:
在“安装”或“安装通知”类中,可以使用通配符角色组合“*”。除了提供特定于接口的角色外,它还允许进行其他优化,以减少必须为其指定策略的角色组合的数量。例如:
Suppose we have three interfaces:
假设我们有三个接口:
Roles A, B and R1 are assigned to interface I1 Roles A, B and R2 are assigned to interface I2 Roles A, B and R3 are assigned to interface I3
角色A、B和R1分配给接口I1角色A、B和R2分配给接口I2角色A、B和R3分配给接口I3
Then, a PRI of a fictional IfDscpAssignTable that has the following values for its attributes:
然后,一个虚构的IfDscpAssignTable的PRI,其属性具有以下值:
ifDscpAssignPrid = 1
ifDscpAssignRoles = "*+A+B"
ifDscpAssignName = "4queues"
ifDscpAssignDscpMap = 1
ifDscpAssignPrid = 1
ifDscpAssignRoles = "*+A+B"
ifDscpAssignName = "4queues"
ifDscpAssignDscpMap = 1
will apply to all three interfaces, because "*" matches with R1, R2 and R3. The policies can be assigned to an interface due to more than one wild-carded role combo matching a given interface's role combo string. The PDP should attempt to resolve conflicts between policies before sending policies to the PEP. In the situation where the PDP sends multiple policies to a PEP and they do conflict, either because of an error by the PDP or because of a device specific conflict, the PEP MUST reject the installation of the conflicting policies and return an error.
将应用于所有三个接口,因为“*”与R1、R2和R3匹配。由于多个通配符角色组合匹配给定接口的角色组合字符串,因此可以将策略分配给接口。PDP应在向政治公众人物发送政策之前,尝试解决政策之间的冲突。如果PDP向PEP发送多个策略,并且由于PDP的错误或设备特定的冲突,这些策略确实存在冲突,则PEP必须拒绝安装冲突的策略并返回错误。
Formally, - The wildcard Role is denoted by "*", - The "*" Role is not allowed to be defined as part of the role-combination of an interface as notified by the PEP to the PDP; it is only allowed in policies installed/deleted via COPS-PR from the PDP to the PEP. - For a policy to apply to an interface when the policy's role-combination is "*+a+b", the interface's role-combination: - Must include "a" and "b", and - Can include zero or more other roles. - The wildcard character "*" is listed before the other roles as "*" is lexicographically before "a"; however, the wildcard matches any zero or more roles, irrespective of lexicographical order. For example: "*+b+e+g" would match "a+b+c+e+f+g".
形式上,-通配符角色用“*”表示,-不允许将“*”角色定义为PEP通知PDP的接口角色组合的一部分;仅在通过COPS-PR从PDP到PEP安装/删除的策略中允许使用此选项。-若要在策略的角色组合为“*+a+b”时将策略应用于接口,接口的角色组合:-必须包括“a”和“b”,并且-可以包括零个或多个其他角色。-通配符“*”列在其他角色之前,因为“*”在“a”之前按字典顺序排列;但是,通配符匹配任何零个或多个角色,而不考虑字典顺序。例如:“*+b+e+g”将与“a+b+c+e+f+g”匹配。
Note that the characters "+" and "*" MUST not be used in an interface Role. The Framework Role PIB module in section 4 of this document contains the Role and RoleCombination Textual Conventions.
请注意,在接口角色中不能使用“+”和“*”字符。本文档第4节中的框架角色PIB模块包含角色和角色组合文本约定。
The functioning of roles might be best understood by an example. Suppose I have a device with three interfaces, with roles as follows:
角色的功能最好通过一个例子来理解。假设我有一个具有三个接口的设备,其角色如下:
IF1: "finance" IF2: "finance" IF3: "manager"
IF1:“财务”IF2:“财务”IF3:“经理”
Suppose, I also have a PDP with two policies:
假设我还有一个具有两个策略的PDP:
P1: Packets from finance department (role "finance") get DSCP 5 P2: Packets from managers (role "manager") get DSCP 6
P1:来自财务部门(角色“财务”)的数据包获得DSCP 5 P2:来自经理(角色“经理”)的数据包获得DSCP 6
To obtain policy, the PEP reports to the PDP that it has some interfaces with role combination "finance" and some with role combination "manager". In response, the PDP downloads policy P1 associated with role combination "finance" and downloads a second policy P2 associated with role combination "manager".
为获取政策,政治公众人物向PDP报告,其与角色组合“财务”有一些接口,与角色组合“经理”有一些接口。作为响应,PDP下载与角色组合“finance”关联的策略P1,并下载与角色组合“manager”关联的第二策略P2。
Now suppose the finance person attached to IF2 is promoted to manager and so the system administrator adds the role "manager" to IF2. The PEP now reports to the PDP that it has three role combinations: some interfaces with role combination "finance", some with role combination "manager" and some with role combination "finance+manager". In response, the PDP downloads an additional third policy associated with the new role combination "finance+manager".
现在假设附加到IF2的财务人员被提升为经理,因此系统管理员将角色“经理”添加到IF2。政治公众人物现在向PDP报告其有三种角色组合:一些角色组合为“财务”,一些角色组合为“经理”,一些角色组合为“财务+经理”。作为响应,PDP下载与新角色组合“财务+经理”相关的第三个附加策略。
How the PDP determines the policy for this new role combination is entirely the responsibility of the PDP. It could do so algorithmically or by rule. For example, there might be a rule that specifies that manager policy takes preference over department policy. Or there might be a third policy installed in the PDP as follows:
PDP如何确定新角色组合的策略完全由PDP负责。它可以通过算法或规则来实现。例如,可能有一条规则指定经理策略优先于部门策略。或者PDP中可能安装了第三个策略,如下所示:
P3: Packets from finance managers (role "finance" and role "manager") get DSCP 7
P3:来自财务经理(角色“财务”和角色“经理”)的数据包获得DSCP 7
The point here is that the PDP is required to determine what policy applies to this new role combination and to download a third policy to the PEP for the role combination "finance+manager", even if that policy is the same as one already downloaded. The PEP is not required (or allowed) to construct policy for new role combinations from existing policy.
此处的要点是,PDP需要确定适用于此新角色组合的策略,并为角色组合“财务+经理”向政治公众人物下载第三个策略,即使该策略与已下载的策略相同。政治公众人物不需要(或不允许)为现有策略中的新角色组合构建策略。
The PEP notifies the PDP of the Role-Combination assigned to each interface and capability set name in a COPS configuration request (instances of the frwkIfRoleComboTable). The first request sent to the PDP must be a 'full state' request. A 'full state' request for a PEP includes notify and install-notify table PRIs for the PEP which must be interpreted as the complete state of the PEP and must not be interpreted as updates to any previous set of PRIs sent in a previous message. Any previous PRIs from the PEP should be discarded when a 'full state' request is received for the particular request handle. A request is specified as a 'full state' request by setting the frwkPibIncarnationFullState attribute in the frwkPibIncarnation PRI sent in the request.
PEP通知PDP在COPS配置请求(frwkIfRoleComboTable实例)中分配给每个接口和功能集名称的角色组合。发送给PDP的第一个请求必须是“完整状态”请求。PEP的“完整状态”请求包括PEP的notify和install notify table PRI,该PRI必须解释为PEP的完整状态,不得解释为对先前消息中发送的任何先前PRI集的更新。当收到特定请求句柄的“完整状态”请求时,应丢弃PEP以前的任何PRI。通过在请求中发送的frwkPibIncarnation PRI中设置frwkPibIncarnationFullState属性,将请求指定为“完整状态”请求。
All existing frwkIfRoleCombo instances must be sent to the PDP in the first configuration request for a request handle. If the Role-Combinations are not assigned specific values, default ('null') Role-Combinations must be sent to the PDP for all ifIndices active on the PEP and updates must be sent every time the IfIndices are updated. The PEP may notify the PDP of the Capability sets (if any) via the frwkCapabilitySetTable. If the PEP does not need to notify the PDP of capability sets, it must set the capability set name in the frwkIfRoleComboTable instances to a zero length string.
必须在请求句柄的第一个配置请求中将所有现有frwkIfRoleCombo实例发送给PDP。如果未为角色组合分配特定值,则必须向PDP发送PEP上所有活动ifIndices的默认(“null”)角色组合,并且每次更新ifIndices时都必须发送更新。政治公众人物可通过frwkCapabilitySetTable通知PDP能力集(如有)。如果PEP不需要通知PDP功能集,则必须将frwkIfRoleComboTable实例中的功能集名称设置为零长度字符串。
In response to this configuration request, if applicable, the PDP may send policies for the PEP in a solicited decision or must send a null decision. The PEP must then send a solicited report message for the decision.
为了响应此配置请求,如果适用,PDP可以在请求的决策中为政治公众人物发送策略,或者必须发送空决策。政治公众人物随后必须发送请求报告消息,以获取决策。
At any later time, the PDP can update the Role-Combinations assigned to a specific interface, identified by IfIndex, or for an aggregate, identified by the capability set name, via an unsolicited decision to the PEP on any open request handle. The PDP does this by sending updated PRIs for the frwkIfRoleComboTable.
在以后的任何时候,PDP可以通过在任何打开的请求句柄上主动向PEP作出决定,更新分配给特定接口(由IfIndex标识)或聚合(由能力集名称标识)的角色组合。PDP通过发送frwkIfRoleComboTable的更新PRI来实现这一点。
When the Interface Role Combination associations are updated by the PDP, the PEP SHOULD send updated 'full state' requests for all open contexts. A context is an instantiation of the PIB module(s) namespace identified by a unique COPS handle for a particular COPS client type. This is true even if the PEP's request state changes due to an internal event or if the state is changed by the PDP. If the role-combination updates were sent by the PDP, the PEP SHOULD send these updated requests only if it can process the unsolicited decision containing the frwkIfRoleCombo PRIs successfully, and it MUST do so after sending the success report for the unsolicited decision. If the PEP failed to process the decision (i.e., the frwkIfRoleCombo PRIs), it MUST only send a failure report to the PDP.
当PDP更新接口角色组合关联时,PEP应发送所有打开上下文的更新“完整状态”请求。上下文是由特定COPS客户端类型的唯一COPS句柄标识的PIB模块命名空间的实例化。即使PEP的请求状态因内部事件而改变,或者PDP改变了状态,这也是正确的。如果PDP发送了角色组合更新,政治公众人物应仅在其能够成功处理包含frwkIfRoleCombo PRI的未经请求的决策时发送这些更新的请求,并且必须在发送未经请求决策的成功报告后发送。如果政治公众人物未能处理该决定(即frwkIfRoleCombo PRI),则其只能向PDP发送一份失败报告。
On the other hand, the PDP must not expect to receive the updated requests with the revised role-combination information until after it receives a success report for these updates from the PEP. If the PDP does not receive updated requests on some request handles, the PEP must not be sent decision updates for that frwkIfRoleCombo updates, i.e., the PDP must have the previous request state that it maintained for that request handle.
另一方面,PDP在收到PEP关于这些更新的成功报告之前,不得期望收到更新后的请求以及修改后的角色组合信息。如果PDP在某些请求句柄上未收到更新的请求,则不得向PEP发送该frwkIfRoleCombo更新的决策更新,即PDP必须具有为该请求句柄保留的先前请求状态。
Note that, any unsolicited decisions received by the PEP in the time period after it receives updates to its Role-Combination associations and before receiving solicited decisions for the updated requests it sent for all context handles, could possibly contain outdated policies corresponding to the old Role-Combination associations as notified by this PEP in a previous request state.
请注意,政治公众人物在收到其角色组合关联的更新后以及收到其针对所有上下文句柄发送的更新请求的请求决定之前收到的任何未经请求的决定,可能包含与此PEP在以前的请求状态中通知的旧角色组合关联相对应的过时策略。
The PDP must respond to the updated requests by solicited decisions, sending policies if applicable or null decisions. The PEP must respond to these solicited decisions with solicited reports to complete the transaction.
PDP必须通过征求决定、发送政策(如适用)或无效决定来响应更新的请求。政治公众人物必须通过征求报告对这些征求决定作出回应,以完成交易。
This section describes the messages exchanged between the PEP and PDP when the PEP is updating a previously sent request for a particular COPS handle. Note that a PEP can incrementally update a request only if the frwkPibIncarnationFullState attribute is shown to be supported via the supported PRC table. If this attribute is not supported, the PDP must treat all PEP requests as the full request state.
本节描述了当PEP更新之前发送的特定COPS句柄请求时,PEP和PDP之间交换的消息。请注意,只有当FRWKPIBINCARTIONFULLSTATE属性通过受支持的PRC表显示为受支持时,PEP才能增量更新请求。如果不支持此属性,PDP必须将所有PEP请求视为完整请求状态。
When the PEP wants to send the entire request state to the PDP (for example, in response to a Synchronize State Request from the PDP), the PEP MUST send the incarnation instance with the frwkPibIncarnationFullState attribute set to 'true'.
当PEP希望将整个请求状态发送给PDP(例如,响应PDP的同步状态请求)时,PEP必须发送FrwkPiBinCarationFullState属性设置为“true”的化身实例。
A PDP that receives an incarnation instance in the request message with this attribute set to 'true', must clear the request information it maintains for this request handle and re-install the information received.
在请求消息中接收此属性设置为“true”的化身实例的PDP必须清除它为此请求句柄维护的请求信息,并重新安装接收到的信息。
If this attribute is set to 'false' or if the incarnation instance is missing in the request message, the request must be interpreted as an incremental update to the previous request message.
如果此属性设置为“false”,或者如果请求消息中缺少化身实例,则必须将该请求解释为对先前请求消息的增量更新。
If the PEP wants to install additional PRIs for a request handle, the PEP MUST ensure that the frwkPibIncarnationFullState attribute is set to 'false', and the PEP MUST use new (unused in this context) InstanceIds [SPPI] for these PRIs.
如果PEP希望为请求句柄安装其他PRI,则PEP必须确保FRWKPIbinCarationFullState属性设置为“false”,并且PEP必须为这些PRI使用新的(在此上下文中未使用)InstanceId[SPPI]。
When a PDP receives instances with new InstanceIds for a request with the frwkPibIncarnationFullState in the incarnation instance set to 'false', or if the request has no incarnation information, it must interpret these PRIs as an incremental update to the request state and add them to the request state it maintains for this handle.
当PDP接收到具有新InstanceID的实例时,该实例的化身实例中的FRWKPibinCarationFullState设置为“false”,或者如果该请求没有化身信息,则PDP必须将这些PRI解释为对请求状态的增量更新,并将其添加到为该句柄维护的请求状态中。
If the PEP wants to update previously installed PRIs for a request handle, the PEP MUST ensure that the frwkPibIncarnationFullState attribute is set to 'false' for these PRIs. Note that the PEP must send the same InstanceIds for the PRIs being updated. If the PEP uses new InstanceIds, the PDP must interpret them as Install's for this request state.
如果PEP希望为请求句柄更新以前安装的PRI,则PEP必须确保这些PRI的FRWKPIBINCANAtionFullState属性设置为“false”。请注意,PEP必须为正在更新的PRI发送相同的InstanceID。如果PEP使用新的InstanceID,PDP必须将其解释为该请求状态的安装。
When a PDP receives a request with instances having InstanceIds that exist in its state for that handle with the frwkPibIncarnationFullState in the incarnation instance set to 'false' or if the request has no incarnation information, it must interpret these PRIs as an update to the PRIs in the request state it maintains for this handle.
当PDP接收到一个请求,其中实例的InstanceID处于该句柄的状态,且化身实例中的FrwkPiBinCarationFullState设置为“false”,或者如果该请求没有化身信息,则PDP必须将这些PRI解释为在其为该句柄维护的请求状态下对PRI的更新。
If the PEP wants to remove previously installed PRIs for a request handle, the PEP MUST ensure that the frwkPibIncarnationFullState attribute is set to 'false', and MUST send the PRI bindings with the PRID set to the InstanceId of the PRI to be removed, and the length field in the EPD object header set to the header length only, effectively setting the data length to zero.
如果PEP希望删除以前为请求句柄安装的PRI,则PEP必须确保FRWKPIBINCANTIONFULLSTATE属性设置为“false”,并且必须将PRI绑定(PRID设置为要删除的PRI的InstanceId)发送到PRI的InstanceId,EPD对象标头中的长度字段仅设置为标头长度,有效地将数据长度设置为零。
Note that the PEP must send the same InstanceIds for the PRIs being removed. If the PEP sends new InstanceIds and the length field in the EPD object header is set to the header length only (implying the data length is zero), the PEP is attempting to remove an unknown/non-existent PRI. This SHOULD result in the PDP sending error PRIs in the solicited decision (see section 2.3.6 for a description of the frwkErrorTable).
请注意,PEP必须为要删除的PRI发送相同的InstanceID。如果PEP发送新的InstanceID,并且EPD对象标头中的长度字段仅设置为标头长度(意味着数据长度为零),则PEP将尝试删除未知/不存在的PRI。这将导致PDP在请求的决定中发送错误PRI(有关frwkErrorTable的说明,请参见第2.3.6节)。
If the PEP sends new InstanceIds, and the length field in the EPD object header is greater than the header length only (implying the EPD object has some attributes encoded in it), the PDP will interpret this as an install of the PRI if it can decode the EPD successfully.
如果PEP发送新的InstanceID,并且EPD对象标头中的长度字段仅大于标头长度(意味着EPD对象中编码了一些属性),PDP将解释为PRI的安装,前提是它能够成功解码EPD。
When a PDP receives a request with instances having InstanceIds that exist in its state for that handle with the frwkPibIncarnationFullState in the incarnation instance set to 'false', or if the request has no incarnation information, and the length field in the EPD object header is set to the header length only (implying the data length is zero), it must remove these PRIs from the request state it maintains for this handle.
当PDP接收到一个请求,其中实例的InstanceID处于该句柄的状态,且化身实例中的FrwkPiBinCarationFullState设置为“false”,或者如果该请求没有化身信息,且EPD对象标头中的长度字段仅设置为标头长度(表示数据长度为零),它必须从为此句柄维护的请求状态中删除这些PRI。
The PEP should remove the extended/augmented PRIs when it removes the base PRIs in the same COPS message. See [SPPI] for a description of EXTENDED/AUGMENTED PRCs. A PDP that receives removes for a base PRI must implicitly remove the extensions.
PEP在同一COPS消息中删除基本PRI时,应删除扩展/增强PRI。有关扩展/增强PRC的说明,请参见[SPPI]。接收基本PRI的删除的PDP必须隐式删除扩展。
If the PDP cannot process all the request installs/updates/removes in the COPS request message successfully, it MUST rollback to its previous request state and it MUST send a solicited decision to the PEP that contains frwkErrorTable instances. These instances contain an error code and a sub-code as defined in the [COPS-PR] CPERR object. For example, if the PEP tries to remove an instance that does not exist, the 'priInstanceInvalid' error code must be sent to the PEP in a frwkError PRI. The frwkError PRIs also contain the PRC and the InstanceId of the error-causing PRI. The PEP may then
如果PDP无法成功处理COPS请求消息中的所有请求安装/更新/删除,则必须回滚到其以前的请求状态,并且必须向包含frwkErrorTable实例的PEP发送请求决定。这些实例包含[COPS-PR]CPERR对象中定义的错误代码和子代码。例如,如果政治公众人物试图删除不存在的实例,则必须以frwkError PRI的形式将“priInstanceInvalid”错误代码发送给政治公众人物。frwkError PRI还包含PRC和导致错误的PRI的实例ID。届时政治公众人物可能会
examine these error PRIs and resend the modified request. Note that, until the PEP resends the request updates/removes, it will have configuration information for the last successful request state it sent to the PDP.
检查这些错误PRI并重新发送修改后的请求。请注意,在PEP重新发送请求更新/删除之前,它将具有发送给PDP的上一次成功请求状态的配置信息。
[COPS-PR] supports multiple, disjoint, independent instances of the PIB to represent multiple instances of configured policy. The intent is to allow for the pre-provisioning of policy that can then be made active by a single, short decision from the PDP.
[COPS-PR]支持PIB的多个不相交的独立实例,以表示已配置策略的多个实例。这样做的目的是允许预先提供策略,然后通过PDP的一个简短决定使策略处于活动状态。
A COPS context can be defined as an independent COPS request state for a particular subject category (client-type). A context may be an outsourcing context or a configuration context. A configuration context is an instance of the PIB triggered and controlled by the PDP, which contains device setup information. This device configuration information dictates the device behavior as specified by the PDP. An outsourcing context on the other hand, is a PIB instance that is triggered from the PEP side and is a request to the PDP for action. The action requested will be interpreted in the domain of the client-type. Configuration contexts belong to a set of configuration contexts for a specific client type - out of which one configuration context may be active. However, multiple outsourcing contexts can be active simultaneously.
COPS上下文可以定义为特定主题类别(客户端类型)的独立COPS请求状态。上下文可以是外包上下文或配置上下文。配置上下文是由PDP触发和控制的PIB实例,其中包含设备设置信息。此设备配置信息指示PDP指定的设备行为。另一方面,外包上下文是从PEP端触发的PIB实例,是对PDP的操作请求。请求的操作将在客户端类型的域中解释。配置上下文属于特定客户机类型的一组配置上下文,其中一个配置上下文可能处于活动状态。但是,多个外包上下文可以同时处于活动状态。
With the [COPS-PR] protocol, each of these states is identified by a unique client handle. The creation and deletion of these PIB instances can be controlled by the PDP as described in [COPS-PR] or can be triggered by an event by the PEP. A PEP must open at least one "request-state" for configuration for a given subject-category (client type). Additional "request-states" at the PEP may be initiated by the PDP or asynchronously generated by the PEP for outsourcing due to local events, which will be fully specified by the PRID/EPD data carried in the request.
在[COPS-PR]协议中,每个状态都由一个唯一的客户端句柄标识。这些PIB实例的创建和删除可由PDP控制,如[COPS-PR]中所述,也可由PEP的事件触发。PEP必须为给定主题类别(客户端类型)的配置打开至少一个“请求状态”。PEP的其他“请求状态”可由PDP发起,或由PEP异步生成,用于因本地事件而进行外包,这将由请求中携带的PRID/EPD数据完全指定。
The frwkPibIncarnationInCtxtSet flag defines a set of contexts out of which only one context can be active at any given time. This set is called the 'configuration contexts' set. At most, one context may be active from this 'configuration context' set at any given time. Contexts that have the frwkPibIncarnationInCtxtSet attribute set to 'true' belong to this set. Contexts that do not belong to this set have the frwkPibIncarnationInCtxtSet set to 'false' and belong to the set of 'outsourcing contexts'. Note that a PEP can have these two sets of contexts only if the frwkPibIncarnationInCtxtSet attribute is shown to be supported via the supported PRC table. If the
FRWKPIBINCARNATIONNCTXTSET标志定义了一组上下文,其中在任何给定时间只能有一个上下文处于活动状态。此集合称为“配置上下文”集合。在任何给定时间,最多可以从该“配置上下文”集中激活一个上下文。FRWKPIBINCANATIONNCTXTSET属性设置为“true”的上下文属于此集合。不属于此集合的上下文将FRWKPIBINCANATIONNCTXTSET设置为“false”,并属于“外包上下文”集合。请注意,只有通过受支持的PRC表显示FRWKPIBINCANATIONNCTXTSET属性受支持时,PEP才能具有这两组上下文。如果
frwkPibIncarnationInCtxtSet is not supported, a PEP must treat all contexts as belonging to the set of 'configuration contexts' i.e., at the most one context can be active at any given time.
不支持FRWKPIBINCANATIONNCTXTSET,政治公众人物必须将所有上下文视为属于“配置上下文”集合,即在任何给定时间最多只能有一个上下文处于活动状态。
Note that in the event that a PEP has a capability change such as a card hot swap or any other change in its notify information that may warrant a policy refresh, a subsequent complete or incremental request must be issued to the PDP containing the new/updated capabilities for all the configuration contexts. A request for re-configuration is issued for all request state configuration contexts, both for the active configuration context as well as any inactive configuration contexts. This is to ensure that when an inactive configuration context is activated, it has been pre-configured with policies compatible with the PEP's current capabilities.
请注意,如果PEP的功能发生变化,如卡热插拔或其通知信息中的任何其他变化,可能需要策略刷新,则必须向PDP发出后续完整或增量请求,其中包含所有配置上下文的新/更新功能。为所有请求状态配置上下文(活动配置上下文以及任何非活动配置上下文)发出重新配置请求。这是为了确保在激活非活动配置上下文时,已使用与PEP当前功能兼容的策略对其进行了预配置。
Although many PIB instances may be configured on a device (the maximum number of these instances being determined by the device itself), only one of the contexts from the 'configuration contexts' set can be active at any given time; the active one being selected by the PDP. The Framework PIB supports the attribute frwkPibIncarnationActive in the frwkPibIncarnationTable to allow the PDP to denote the PIB instance as being active in a COPS decision message, and similarly, to report the active state (active or not) of the PIB instance to the PDP in a COPS request message.
尽管可以在设备上配置多个PIB实例(这些实例的最大数量由设备本身决定),但在任何给定时间,只能激活“配置上下文”集中的一个上下文;由PDP选择的激活的一个。框架PIB支持FRWKPIBINCONATIONTABLE中的属性FRWKPIBINCONATIONACTIVE,以允许PDP在COPS决策消息中将PIB实例表示为处于活动状态,并且类似地,在COPS请求消息中将PIB实例的活动状态(活动或不活动)报告给PDP。
When the PEP installs an attribute frwkPibIncarnationActive that is 'true' in one PIB instance which belongs to the 'configuration contexts' set, the PEP must ensure, re-setting the attribute if necessary, that the frwkPibIncarnationActive attribute is 'false' in all other installed contexts that belong to this set. To switch contexts, the PDP should set the frwkPibIncarnationActive attribute to 'true' in the context it wants to make the active context. The PDP should set this attribute in a context to 'false' only if it wants to send an inactive context to the PEP or deactivate the active context on the PEP. If an active context is made inactive without activating another context, the PEP must not have any policies enforced from any configuration contexts installed.
当PEP在属于“配置上下文”集的一个PIB实例中安装属性frwkPiBinCarationActive为“true”时,PEP必须确保在属于该集的所有其他已安装上下文中,frwkPiBinCarationActive属性为“false”,并在必要时重新设置该属性。要切换上下文,PDP应在其想要创建活动上下文的上下文中将FRWKPIBINCANATIONACTIVE属性设置为“true”。仅当PDP希望向PEP发送非活动上下文或停用PEP上的活动上下文时,才应将上下文中的该属性设置为“false”。如果在未激活另一个上下文的情况下使活动上下文处于非活动状态,则PEP不得从安装的任何配置上下文强制执行任何策略。
Each network device providing policy-based services has its own inherent capabilities. These capabilities can be hardware specific, e.g., an Ethernet interface supporting input classification, or can be statically configured, e.g., supported queuing disciplines. These capabilities are organized into Capability Sets, with each Capability Set given a unique name (frwkCapabilitySetName) and associated with a set of Role Combinations. In that way, each Role Combination may be associated with a set of interfaces. These capabilities are
提供基于策略的服务的每个网络设备都有其固有的功能。这些功能可以是特定于硬件的,例如支持输入分类的以太网接口,也可以是静态配置的,例如支持的排队规则。这些功能被组织为功能集,每个功能集都有一个唯一的名称(frwkCapabilitySetName),并与一组角色组合相关联。这样,每个角色组合可以与一组接口相关联。这些能力是
communicated to the PDP when policy is requested by the PEP. Knowing device capabilities, the PDP can send the PRIs relevant to the specific device, rather than sending the entire PIB.
当政治公众人物请求政策时,通知PDP。了解设备功能后,PDP可以发送与特定设备相关的PRI,而不是发送整个PIB。
Specific capability PRCs may be defined in other PIBs. These capability instances are grouped via the frwkCapabilitySetTable. If the PEP wishes to send capability information to the PDP, the PIB must indicate which capabilities the PEP may send to the PDP by means of the 'notify' PIB-ACCESS clause as described in [SPPI]. If a PIB does not have any capabilities to communicate to the PDP, it must not send any instances for the frwkCapabilitySetTable. If in this case the frwkIfRoleCombo table is used to communicate role combinations assigned to interfaces (via IfIndex), the frwkRoleComboCapSetName attribute in the frwkIfRoleComboTable instances must be set to a zero length string.
特定能力PRC可在其他PIB中定义。这些功能实例通过frwkCapabilitySetTable分组。如果政治公众人物希望向PDP发送能力信息,PIB必须指出政治公众人物可通过[SPPI]中所述的“通知”PIB访问条款向PDP发送哪些能力。如果PIB没有任何与PDP通信的能力,则不得发送frwkCapabilitySetTable的任何实例。在这种情况下,如果使用frwkIfRoleCombo表(通过IfIndex)传递分配给接口的角色组合,则必须将FRWKIFROLECOMOBOCAPSETNAME属性设置为零长度字符串。
To facilitate efficient policy installation, it is important to understand a device's limitations in relation to the advertised device capabilities. Limitations may be class-based, e.g., an "install" class is supported as a "notify" or only a limited number of class instances may be created, or attribute-based. Attribute limitations, such as supporting a restricted set of enumerations or requiring related attributes to have certain values, detail implementation limitations at a fine level of granularity.
为了便于高效地安装策略,了解设备相对于广告设备功能的限制非常重要。限制可能基于类,例如,支持将“安装”类作为“通知”或仅创建有限数量的类实例,或基于属性。属性限制,例如支持一组受限的枚举或要求相关属性具有特定值,在精细的粒度级别上详细说明了实现限制。
A PDP can avoid certain installation issues in a proactive fashion by taking into account a device's limitations prior to policy installation rather than in a reactive mode during installation. As with device capabilities, device limitations are communicated to the PDP when policy is requested.
PDP可以通过在策略安装之前考虑设备的限制,而不是在安装期间以反应模式,以主动方式避免某些安装问题。与设备功能一样,当请求策略时,设备限制会通知PDP。
Reported device limitations may be accompanied by guidance values that can be used by a PDP to determine acceptable values for the identified attributes.
报告的设备限制可能伴随指导值,PDP可使用这些指导值来确定已识别属性的可接受值。
FRAMEWORK-TC-PIB PIB-DEFINITIONS ::= BEGIN
FRAMEWORK-TC-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, TEXTUAL-CONVENTION, Unsigned32, pib FROM COPS-PR-SPPI;
从COPS-PR-SPPI导入模块标识、文本约定、未签名32、pib;
frwkTcPib MODULE-IDENTITY SUBJECT-CATEGORIES { all } LAST-UPDATED "200302130000Z" -- 13 Feb 2003 ORGANIZATION "IETF RAP WG"
frwkTcPib模块标识主题类别{all}最近更新的“200302130000Z”-2003年2月13日组织“IETF RAP WG”
CONTACT-INFO "Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134-1706 USA Phone: +1 408 526 5260 Email: kzm@cisco.com
联系信息“Keith McCloghrie Cisco Systems,Inc.美国加利福尼亚州圣何塞西塔斯曼大道170号95134-1706电话:+1 408 526 5260电子邮件:kzm@cisco.com
John Seligson Nortel Networks, Inc. 4401 Great America Parkway Santa Clara, CA 95054 USA Phone: +1 408 495 2992 Email: jseligso@nortelnetworks.com
John Seligson Nortel Networks,Inc.美国加利福尼亚州圣克拉拉大美洲大道4401号95054电话:+1 408 495 2992电子邮件:jseligso@nortelnetworks.com
Ravi Sahita Intel Labs. 2111 NE 25th Ave. Hillsboro, OR 97124 USA Phone: +1 503 712 1554 Email: ravi.sahita@intel.com
拉维萨希塔英特尔实验室。希尔斯博罗东北25大道2111号,或美国97124电话:+1503712 1554电子邮件:ravi。sahita@intel.com
RAP WG Mailing list: rap@ops.ietf.org " DESCRIPTION "The PIB module containing the Role and RoleCombination Textual Conventions and other generic TCs.
RAP工作组邮件列表:rap@ops.ietf.org“说明”包含角色和角色组合文本约定和其他通用TC的PIB模块。
Copyright (C) The Internet Society (2003). This version of this PIB module is part of RFC 3318; see the RFC itself for full legal notices."
版权所有(C)互联网协会(2003年)。此版本的PIB模块是RFC 3318的一部分;有关完整的法律通知,请参见RFC本身。”
REVISION "200302130000Z" -- 13 Feb 2003
DESCRIPTION "Initial version, published in RFC 3318."
::= { pib 3 }
REVISION "200302130000Z" -- 13 Feb 2003
DESCRIPTION "Initial version, published in RFC 3318."
::= { pib 3 }
Role ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A role represents a functionality characteristic or
capability of a resource to which policies are applied.
Examples of roles include Backbone_interface,
Frame_Relay_interface, BGP-capable-router, web-server,
firewall, etc.
The only valid character set is US-ASCII. Valid characters
are a-z, A-Z, 0-9, period, hyphen and underscore. A role
must always start with a letter (a-z or A-Z). A role must
not contain the US-ASCII characters '*' or '+' since they
have special meaning associated with them, explained in the
RoleCombination TEXTUAL CONVENTION."
Role ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A role represents a functionality characteristic or
capability of a resource to which policies are applied.
Examples of roles include Backbone_interface,
Frame_Relay_interface, BGP-capable-router, web-server,
firewall, etc.
The only valid character set is US-ASCII. Valid characters
are a-z, A-Z, 0-9, period, hyphen and underscore. A role
must always start with a letter (a-z or A-Z). A role must
not contain the US-ASCII characters '*' or '+' since they
have special meaning associated with them, explained in the
RoleCombination TEXTUAL CONVENTION."
SYNTAX OCTET STRING (SIZE (1..31))
语法八位字节字符串(大小(1..31))
RoleCombination ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An octet string containing concatenated Roles. For the
format specification of roles, refer to the 'Role' TEXTUAL-
CONVENTION. A valid Role Combination must be formed by a set
of valid Roles, concatenated by the US-ASCII character '+',
where the roles are in lexicographic order from minimum to
maximum. For example, 'a+b' and 'b+a' are NOT different
role-combinations; rather, they are different formatting of
the same (one) role-combination.
RoleCombination ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An octet string containing concatenated Roles. For the
format specification of roles, refer to the 'Role' TEXTUAL-
CONVENTION. A valid Role Combination must be formed by a set
of valid Roles, concatenated by the US-ASCII character '+',
where the roles are in lexicographic order from minimum to
maximum. For example, 'a+b' and 'b+a' are NOT different
role-combinations; rather, they are different formatting of
the same (one) role-combination.
Notice the roles within a role-combination are in Lexicographic order from minimum to maximum, hence, we declare: 'a+b' is the valid formatting of the role-combination, 'b+a' is an invalid formatting of the role-combination.
请注意,角色组合中的角色按从最小到最大的字典顺序排列,因此,我们声明:“a+b”是角色组合的有效格式,“b+a”是角色组合的无效格式。
Notice the need of zero-length role-combination as the role-combination of interfaces to which no roles have been assigned. This role-combination is also known as the 'null' role-combination. (Note the deliberate use of lower case letters to avoid confusion with the US-ASCII NULL character which has a value of zero but length of one.)
请注意,需要将零长度角色组合作为未分配角色的接口的角色组合。此角色组合也称为“空”角色组合。(注意故意使用小写字母以避免与US-ASCII空字符混淆,该字符的值为零,但长度为1。)
The US-ASCII character '*' is used to specify a wild carded
Role Combination. '*' must not be used to wildcard Roles.
Hence, we declare:
'*+a+b' is a valid wild carded Role Combination.
'eth*+a+b' is not a valid wild carded Role Combination.
Note that since Roles are lexicographically listed in a Role
Combination, the following is an invalid role combination,
since '*' is lexicographically before 'a': 'a+b+*'."
SYNTAX OCTET STRING (SIZE (0..255))
The US-ASCII character '*' is used to specify a wild carded
Role Combination. '*' must not be used to wildcard Roles.
Hence, we declare:
'*+a+b' is a valid wild carded Role Combination.
'eth*+a+b' is not a valid wild carded Role Combination.
Note that since Roles are lexicographically listed in a Role
Combination, the following is an invalid role combination,
since '*' is lexicographically before 'a': 'a+b+*'."
SYNTAX OCTET STRING (SIZE (0..255))
PrcIdentifierOid ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies a PRC. The value MUST be an OID
assigned to a PRC's entry definition. The Entry definition
of a PRC has an OID value XxxTable.1 where XxxTable is the
OID assigned to the PRC table object.
PrcIdentifierOid ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies a PRC. The value MUST be an OID
assigned to a PRC's entry definition. The Entry definition
of a PRC has an OID value XxxTable.1 where XxxTable is the
OID assigned to the PRC table object.
An attribute with this syntax MUST specify a PRC, which is defined in the PIB module(s) registered in the context of the client-type used.
具有此语法的属性必须指定PRC,该PRC在所用客户端类型上下文中注册的PIB模块中定义。
An attribute with this syntax cannot have the value 0.0 (zeroDotZero). If the attribute using this syntax can be set to 0.0 use the PrcIdentifierOidOrZero TEXTUAL-CONVENTION which makes such use explicit." SYNTAX OBJECT IDENTIFIER
具有此语法的属性的值不能为0.0(zeroDotZero)。如果使用此语法的属性可以设置为0.0,请使用PrcIdentifierOidOrZero TEXTICAL-CONNECTION,这使得此类使用显式。”语法对象标识符
PrcIdentifierOidOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies a PRC or zeroDotZero (0.0). The
value MUST be an OID assigned to a PRC's entry definition or
0.0 (zeroDotZero). The Entry definition of a PRC has an OID
value XxxTable.1 where XxxTable is the OID assigned to the
PRC table object.
PrcIdentifierOidOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies a PRC or zeroDotZero (0.0). The
value MUST be an OID assigned to a PRC's entry definition or
0.0 (zeroDotZero). The Entry definition of a PRC has an OID
value XxxTable.1 where XxxTable is the OID assigned to the
PRC table object.
An attribute with this syntax can have the value 0.0 (zeroDotZero) to indicate that it currently does not identify a PRC." SYNTAX OBJECT IDENTIFIER
具有此语法的属性可以具有值0.0(zeroDotZero),以指示它当前未标识PRC。”语法对象标识符
AttrIdentifier ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A Unsigned32 value that identifies an attribute in a PRC by
its sub-id. The sub-id is the OID assigned to this attribute
in the PRC definition.
AttrIdentifier ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A Unsigned32 value that identifies an attribute in a PRC by
its sub-id. The sub-id is the OID assigned to this attribute
in the PRC definition.
A AttrIdentifier value is always interpreted within the context of an attribute of type PrcIdentifierOid or PrcIdentifierOidOrZero. The PrcIdentifierOid (or PrcIdentifierOidOrZero) object which defines the context must be registered immediately before the object which uses the AttrIdentifier textual convention. If the context defining attribute is of type PrcIdentifierOidOrZero and has the value 0.0, then in that case this attribute value has no meaning.
AttrIdentifier值始终在PrcIdentifierOid或PrcIdentifierOidOrZero类型属性的上下文中解释。定义上下文的PrcIdentifierOid(或PrcIdentifierOidOrZero)对象必须在使用AttrIdentifier文本约定的对象之前立即注册。如果上下文定义属性的类型为PrcIdentifierOidOrZero,且值为0.0,则在这种情况下,此属性值没有意义。
An attribute with this syntax MUST specify a sub-id which MUST be defined in the PRC identified (if any) in the PrcIdentifierOid (or PrcIdentifierOidOrZero) attribute. The PrcIdentifierOid (orZero) and the AttrIdentifier attributes together identify a particular attribute in a particular PRC.
具有此语法的属性必须指定子id,该子id必须在PrcIdentifierOid(或PrcIdentifierOidOrZero)属性中标识的PRC中定义(如果有)。PrcIdentifierOid(orZero)和AttrIdentifier属性一起标识特定PRC中的特定属性。
An attribute with this syntax cannot have the value 0 (zero). If the attribute using this syntax can be set to 0 use the AttrIdentifierOrZero TEXTUAL-CONVENTION which makes that explicit." SYNTAX Unsigned32 (1..4294967295)
具有此语法的属性的值不能为0(零)。如果使用此语法的属性可以设置为0,请使用AttrIdentifierOrZero文本约定,该约定使该属性显式化。“syntax Unsigned32(1..4294967295)
AttrIdentifierOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A Unsigned32 value that identifies an attribute in a PRC by
its sub-id or has the value 0 (zero). The sub-id if non-
zero, is the OID assigned to this attribute in the PRC
definition.
AttrIdentifierOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A Unsigned32 value that identifies an attribute in a PRC by
its sub-id or has the value 0 (zero). The sub-id if non-
zero, is the OID assigned to this attribute in the PRC
definition.
An AttrIdentifierOrZero value is always interpreted within the context of an attribute of type PrcIdentifierOid or PrcIdentifierOidOrZero. The PrcIdentifierOid (or PrcIdentifierOidOrZero) object that defines the context must be registered immediately before the object which uses the AttrIdentifierOrZero textual convention. If the context defining attribute is of type PrcIdentifierOidOrZero and has the value 0.0, then in that case this attribute value has no meaning.
AttrIdentifierOrZero值始终在PrcIdentifierOid或PrcIdentifierOidOrZero类型属性的上下文中解释。定义上下文的PrcIdentifierOid(或PrcIdentifierOidOrZero)对象必须在使用AttrIdentifierOrZero文本约定的对象之前立即注册。如果上下文定义属性的类型为PrcIdentifierOidOrZero,且值为0.0,则在这种情况下,此属性值没有意义。
An attribute with this syntax can have the value 0 (zero) to indicate that it currently does not identify a PRC attribute. If it has a non-zero value, the PrcIdentifierOid (orZero) and the AttrIdentifierOrZero attributes together identify a particular attribute in a particular PRC." SYNTAX Unsigned32
具有此语法的属性可以具有值0(零),以指示它当前未标识PRC属性。如果具有非零值,则PrcIdentifierOid(orZero)和AttrIdentifierOrZero属性一起标识特定PRC中的特定属性。”语法Unsigned32
AttrIdentifierOid ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies an attribute in a PRC. The value
MUST be an OID assigned to a PRC's attribute definition. The
last sub-id is the sub-id of the attribute as it is
defined in the PRC entry definition. The prefix OID (after
dropping the last sub-id) is the OID assigned to the Entry
object of a defined PRC. The Entry definition of a PRC has
an OID value XxxTable.1 where XxxTable is the OID assigned
to the PRC Table object.
AttrIdentifierOid ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies an attribute in a PRC. The value
MUST be an OID assigned to a PRC's attribute definition. The
last sub-id is the sub-id of the attribute as it is
defined in the PRC entry definition. The prefix OID (after
dropping the last sub-id) is the OID assigned to the Entry
object of a defined PRC. The Entry definition of a PRC has
an OID value XxxTable.1 where XxxTable is the OID assigned
to the PRC Table object.
An attribute with this syntax MUST not have the value 0.0 (zeroDotZero). If 0.0 is a valid value, the TEXTUAL CONVENTION AttrIdentifierOidOrZero must be used which makes such use explicit."
具有此语法的属性的值不得为0.0(zeroDotZero)。如果0.0是一个有效值,则必须使用文本约定AttrIdentifierIdorZero,以明确此类使用。”
SYNTAX OBJECT IDENTIFIER
语法对象标识符
AttrIdentifierOidOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies an attribute in a PRC or has a value
0.0 (zeroDotZero). The value MUST be an OID assigned to a
PRC's attribute definition or the value 0.0.
AttrIdentifierOidOrZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An OID that identifies an attribute in a PRC or has a value
0.0 (zeroDotZero). The value MUST be an OID assigned to a
PRC's attribute definition or the value 0.0.
If not 0.0, the last sub-id MUST be the sub-id of the attribute as it is defined in the PRC Entry object definition. The prefix OID (after dropping the last sub-id) is the OID assigned to the Entry object of a defined PRC. The Entry definition of a PRC has an OID value XxxTable.1 Where, XxxTable is the OID assigned to the PRC Table object.
如果不是0.0,则最后一个子id必须是PRC条目对象定义中定义的属性的子id。前缀OID(删除最后一个子id后)是分配给已定义PRC的条目对象的OID。PRC的条目定义有一个OID值XxxTable.1,其中XxxTable是分配给PRC表对象的OID。
An attribute with this syntax can have the value 0.0 (zeroDotZero) to indicate that it currently does not identify a PRC's attribute." SYNTAX OBJECT IDENTIFIER
具有此语法的属性可以具有值0.0(zeroDotZero),以指示它当前未标识PRC的属性。“语法对象标识符”
ClientType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An Unsigned32 value that identifies a COPS Client-type. An
attribute with this syntax must be set to zero if it does
not specify a COPS client-type for the PRI."
REFERENCE
"The COPS (Common Open Policy Service) Protocol, RFC 2748."
SYNTAX Unsigned32 (0..65535)
ClientType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An Unsigned32 value that identifies a COPS Client-type. An
attribute with this syntax must be set to zero if it does
not specify a COPS client-type for the PRI."
REFERENCE
"The COPS (Common Open Policy Service) Protocol, RFC 2748."
SYNTAX Unsigned32 (0..65535)
ClientHandle ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An octet string that identifies a COPS Client handle. A
zero length value implies the attribute does not specify a
valid client handle."
REFERENCE
"The COPS (Common Open Policy Service) Protocol, RFC 2748."
SYNTAX OCTET STRING (SIZE(0..65535))
ClientHandle ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An octet string that identifies a COPS Client handle. A
zero length value implies the attribute does not specify a
valid client handle."
REFERENCE
"The COPS (Common Open Policy Service) Protocol, RFC 2748."
SYNTAX OCTET STRING (SIZE(0..65535))
END
终止
The Framework PIB defines four groups of PRCs:
PIB框架定义了四组PRC:
This contains PRCs intended to describe the PRCs supported by the PEP, PRC and/or attribute limitations and its current configuration.
其中包含PRC,旨在描述PEP、PRC和/或属性限制支持的PRC及其当前配置。
PRC Support Table
PRC支持表
As the technology evolves, we expect devices to be enhanced with new PIBs, existing PIBs to add new PRCs and existing PRCs to be augmented or extended with new attributes. Also, it is likely that some existing PRCs or individual attributes of PRCs will be deprecated. The PRC Support Table describes the PRCs that the device supports as well as the individual attributes of each PRC. Using this information the PDP can potentially tailor the policy to more closely match the capabilities of the device. The PRC Support Table instances are specific to the particular Subject Category (Client-Type). That is, the PRC Support Table for Subject Category 'A' will not include instances for classes supported by the Subject Category 'B'. Note that the COPS client-type [COPS] used for Framework PIB PRIs sent/received over COPS-PR MUST be the unique SUBJECT-CATEGORY number assigned for the area of policy being managed (e.g., QoS, Security etc). The PEP MUST ignore the attributes that it reports as not Supported in the decision from the PDP. The PEP SHOULD not send duplicate PRC support instances in a COPS Request and the PDP MUST ignore duplicate instances and MUST use the first instance received for a supported PRC in a COPS Request.
随着技术的发展,我们预计设备将通过新的PIB得到增强,现有PIB将添加新的PRC,现有PRC将通过新属性得到增强或扩展。此外,一些现有的PRC或PRC的个别属性可能会被弃用。PRC支持表描述了设备支持的PRC以及每个PRC的各个属性。使用此信息,PDP可以潜在地定制策略,以更紧密地匹配设备的功能。PRC支持表实例特定于特定的主题类别(客户端类型)。也就是说,科目类别“A”的PRC支持表不包括科目类别“B”支持的类的实例。请注意,通过COPS-PR发送/接收的框架PIB PRI使用的COPS客户端类型[COPS]必须是为所管理的策略领域(例如,QoS、安全性等)分配的唯一主题类别编号。政治公众人物必须忽略其报告为PDP决策不支持的属性。政治公众人物不应在COPS请求中发送重复的PRC支持实例,PDP必须忽略重复实例,并且必须在COPS请求中使用为受支持PRC接收的第一个实例。
PIB Incarnation Table
PIB化身表
This PRC contains exactly one row (corresponding to one PRI) per context. It identifies the PDP that was the last to download policy into the device and also contains an identifier to identify the version of the policy currently downloaded. This identifier, both its syntax and value, is meaningful only to the PDPs. It is intended to be a mechanism whereby a PDP, when accepting a connection from a PEP, can easily identify a known incarnation of policy. This PRC defines a flag via which the installed contexts are divided into a set of contexts ('configuration contexts') out of which only one context is active and a the remaining contexts form a set of 'outsourcing contexts' which are all active. The incarnation PRC also defines an attribute to indicate which configuration context is
此PRC每个上下文只包含一行(对应于一个PRI)。它标识最后一次将策略下载到设备中的PDP,还包含标识当前下载的策略版本的标识符。此标识符(包括其语法和值)仅对PDP有意义。它是一种机制,PDP在接受PEP的连接时,可以轻松识别已知的策略化身。此PRC定义了一个标志,通过该标志,已安装的上下文被划分为一组上下文(“配置上下文”),其中只有一个上下文处于活动状态,其余上下文形成一组“外包上下文”,所有上下文都处于活动状态。化身PRC还定义了一个属性,以指示所使用的配置上下文
the active one at the present time in the 'configuration contexts' set. The incarnation instance is specific to the particular Subject Category (Client-Type).
当前在“配置上下文”集中的活动上下文。化身实例特定于特定的主题类别(客户端类型)。
Component Limitations Table
组件限制表
Some devices may not be able to implement the full range of values for all attributes. In principle, each PRC supports a set of errors that the PEP can report to the PDP in the event that the specified policy is not implementable. It may be preferable for the PDP to be informed of the device limitations before actually attempting to install policy, and while the error can indicate that a particular attribute value is unacceptable to the PEP, this does not help the PDP ascertain which values would be acceptable. To alleviate these limitations, the PEP can report some limitations of attribute values and/or classes and possibly guidance values for the attribute in the Component Limitations Table
某些设备可能无法实现所有属性的完整值范围。原则上,每个PRC都支持一组错误,如果指定的策略无法实施,PEP可以向PDP报告这些错误。在实际尝试安装策略之前,PDP最好被告知设备限制,并且尽管错误可以指示特定属性值对于PEP是不可接受的,但这无助于PDP确定哪些值是可接受的。为了缓解这些限制,PEP可以在组件限制表中报告属性值和/或类的一些限制,以及可能的属性指导值
Device Identification Table
设备识别表
This PRC contains a single PRI that contains device-specific information that is used to facilitate efficient policy installation by a PDP. The instance of this PRC is reported to the PDP in a COPS request message so that the PDP can take into account certain device characteristics during policy installation.
此PRC包含一个PRI,该PRI包含设备特定信息,用于促进PDP高效安装策略。此PRC的实例在COPS请求消息中报告给PDP,以便PDP可以在策略安装期间考虑某些设备特性。
This group contains the PRCs that describe the characteristics of interfaces of the device and the Role Combinations assigned to them.
此组包含描述设备接口特征和分配给它们的角色组合的PRC。
Capabilities Set Table
能力集合表
The capabilities the PEP supports are described by rows in this PRC (frwkCapabilitySetTable). Each row, or instance of this class, associates a unique capability name with a set of capabilities that an entity on the PEP may support. The unique name is used to form a set of capabilities that the name represents. The capability references can specify instances in relevant capability tables in any PIB. The PEP notifies the PDP of these capability sets and then the PDP configures the interfaces, per role combination. The unique name (frwkCapabilitySetName) is not to be confused with the IfType object in the Interfaces Group MIB [RFC2863].
PEP支持的功能在本PRC中以行描述(frwkCapabilitySetTable)。该类的每一行或实例都将唯一的功能名称与PEP上的实体可能支持的一组功能相关联。唯一名称用于形成该名称所表示的一组功能。能力引用可以在任何PIB的相关能力表中指定实例。PEP通知PDP这些能力集,然后PDP根据角色组合配置接口。唯一名称(frwkCapabilitySetName)不能与接口组MIB[RFC2863]中的IfType对象混淆。
Interface and Role Combination Table
接口和角色组合表
The Capabilities Set Table (explained above) describes the entities on the PEP (for example, interfaces) by their capabilities, by assigning the capability sets a unique name (frwkCapabilitySetName). It is possible to tailor the behavior of interfaces by assigning specific role-combinations to the capability sets. This allows interfaces with the same capability sets to be assigned different policies, based on the current roles assigned to them. At the PDP, configuration is done in terms of these interface capability set names and the role-combinations assigned to them. Thus, each row of this class is a <Interface Index, interface capability set name, Role Combo> tuple, that indicates the roles that have been assigned to a particular capability set (as identified by frwkRoleComboCapSetName) and to a particular interface. Note that the uniqueness criteria for this PRC has all the attributes, thus a frwkRoleComboCapSetName may have multiple role-combinations that it is associated with. Via the IfIndex, this PRC answers the questions of 'which interfaces have a specific role combination?' and 'what role combination a specific interface is a part of?'.
功能集表(如上所述)通过为功能集分配唯一名称(frwkCapabilitySetName),按功能描述PEP上的实体(例如,接口)。通过向功能集分配特定的角色组合,可以定制接口的行为。这允许根据分配给接口的当前角色,为具有相同功能集的接口分配不同的策略。在PDP上,根据这些接口功能集名称和分配给它们的角色组合进行配置。因此,该类的每一行都是一个<Interface Index,Interface capability set name,Role Combo>元组,表示分配给特定功能集(由frwkRoleComboCapSetName标识)和特定接口的角色。请注意,此PRC的唯一性标准具有所有属性,因此frwkRoleComboCapSetName可能具有与其关联的多个角色组合。通过IfIndex,该PRC回答了“哪些接口具有特定角色组合?”和“特定接口是什么角色组合的一部分”的问题。
This group contains the IP, IEEE 802 and Internal Label Classifier elements. The set of tables consist of a Base Filter table that contains the Index InstanceId and the Negation flag for the filter. This frwkBaseFilterTable is extended to form the IP Filter table, the 802 Filter table [802] and the Internal Label table. Filters may also be defined outside this document and used to extend the Base Filter table.
该组包含IP、IEEE 802和内部标签分类器元素。这组表由一个基本筛选器表组成,该表包含索引InstanceId和筛选器的否定标志。此frwkBaseFilterTable被扩展以形成IP筛选器表、802筛选器表[802]和内部标签表。过滤器也可以在本文档之外定义,并用于扩展基本过滤器表。
The Extended classes do not have a separate Index value. Instances of the extended classes have the same indices as their base class instance. Inheritance is achieved using the EXTENDS keyword as defined in [SPPI].
扩展类没有单独的索引值。扩展类的实例具有与其基类实例相同的索引。继承是使用[SPPI]中定义的EXTENDS关键字实现的。
This group contains the 802 marker and internal label marker PRCs. The 802 marker may be applied to mark 802 packets with the required VLAN Id and/or priority value. The Internal Label marker is applied to traffic in order to label it with a network device specific label. Such a label is used to assist the differentiation of an input flow after it has been aggregated with other flows. The label is
此组包含802标记和内部标签标记PRCs。802标记可用于标记具有所需VLAN Id和/或优先级值的802分组。内部标签标记应用于流量,以便使用特定于网络设备的标签对其进行标记。这样的标签用于在输入流与其他流聚合后帮助区分输入流。标签是
implementation specific and may be used for other policy related functions like flow accounting purposes and/or other data path treatments.
特定于实现,可用于其他与策略相关的功能,如流量核算目的和/或其他数据路径处理。
FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN
FRAMEWORK-PIB PIB-DEFINITIONS ::= BEGIN
IMPORTS Unsigned32, Integer32, MODULE-IDENTITY, MODULE-COMPLIANCE, OBJECT-TYPE, OBJECT-GROUP, pib FROM COPS-PR-SPPI InstanceId, Prid FROM COPS-PR-SPPI-TC RoleCombination, PrcIdentifierOid, AttrIdentifierOrZero, ClientType, ClientHandle FROM FRAMEWORK-TC-PIB InetAddress, InetAddressType, InetAddressPrefixLength, InetPortNumber FROM INET-ADDRESS-MIB InterfaceIndex FROM IF-MIB DscpOrAny FROM DIFFSERV-DSCP-TC TruthValue, PhysAddress FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB;
从COPS-PR-SPPI实例ID导入无符号32、整数32、模块标识、模块符合性、对象类型、对象组、pib,从COPS-PR-SPPI-TC角色组合导入Prid,从FRAMEWORK-TC-pib InetAddress导入PrcIdentifierOid、AttrIdentifierZero、ClientType、ClientHandle,从FRAMEWORK-TC-pib InetAddress导入InetAddressType、inetAddressPrefixeLength,INET-ADDRESS-MIB接口的InetPortNumber来自IF-MIB DscpOrAny来自DIFFSERV-DSCP-TC TruthValue的InetPortNumber来自SNMPv2 TC SNMPAdministring来自SNMP-FRAMEWORK-MIB的PHYSADRESS;
frameworkPib MODULE-IDENTITY SUBJECT-CATEGORIES { all } LAST-UPDATED "200302130000Z" -- 13 Feb 2003 ORGANIZATION "IETF RAP WG" CONTACT-INFO " Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134-1706 USA Phone: +1 408 526 5260 Email: kzm@cisco.com
frameworkPib模块标识主题类别{all}最近更新的“200302130000Z”-2003年2月13日组织“IETF RAP WG”联系方式“Keith McCloghrie Cisco Systems,Inc.美国加利福尼亚州圣何塞市西塔斯曼大道170号邮编95134-1706电话:+1408 526 5260电子邮件:kzm@cisco.com
John Seligson Nortel Networks, Inc. 4401 Great America Parkway Santa Clara, CA 95054 USA Phone: +1 408 495 2992 Email: jseligso@nortelnetworks.com
John Seligson Nortel Networks,Inc.美国加利福尼亚州圣克拉拉大美洲大道4401号95054电话:+1 408 495 2992电子邮件:jseligso@nortelnetworks.com
Ravi Sahita Intel Labs. 2111 NE 25th Ave.
拉维萨希塔英特尔实验室。东北25大街2111号。
Hillsboro, OR 97124 USA Phone: +1 503 712 1554 Email: ravi.sahita@intel.com
希尔斯博罗,或97124美国电话:+15037121554电子邮件:拉维。sahita@intel.com
RAP WG Mailing list: rap@ops.ietf.org"
RAP工作组邮件列表:rap@ops.ietf.org"
DESCRIPTION "A PIB module containing the base set of PRCs that provide support for management of multiple PIB contexts, association of roles to device capabilities and other reusable PRCs. PEPs are required for to implement this PIB if the above features are desired. This PIB defines PRCs applicable to 'all' subject-categories.
描述“一个PIB模块,包含PRC的基本集,该PRC支持多个PIB上下文的管理、角色与设备功能的关联以及其他可重用PRC。如果需要上述功能,则需要PEP来实现该PIB。该PIB定义了适用于“所有”主题类别的PRC。
Copyright (C) The Internet Society (2003). This version of this PIB module is part of RFC 3318; see the RFC itself for full legal notices." REVISION "200302130000Z" -- 13 Feb 2003 DESCRIPTION "Initial version, published in RFC 3318."
版权所有(C)互联网协会(2003年)。此版本的PIB模块是RFC 3318的一部分;有关完整的法律通知,请参见RFC本身。“修订版”200302130000Z--2003年2月13日描述“初始版本,在RFC 3318中发布。”
::= { pib 2 }
::= { pib 2 }
-- -- The root OID for PRCs in the Framework PIB --
----框架PIB中PRC的根OID--
frwkBasePibClasses
OBJECT IDENTIFIER ::= { frameworkPib 1 }
frwkBasePibClasses
OBJECT IDENTIFIER ::= { frameworkPib 1 }
-- -- PRC Support Table --
----PRC支持表--
frwkPrcSupportTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkPrcSupportEntry PIB-ACCESS notify STATUS current DESCRIPTION "Each instance of this PRC specifies a PRC that the device supports and a bit string to indicate the attributes of the class that are supported. These PRIs are sent to the PDP to indicate to the PDP which PRCs, and which attributes of these PRCs, the device supports.
FrwkPrcSupportEntry PIB-ACCESS的frwkPrcSupportTable对象类型语法序列通知状态当前描述“此PRC的每个实例指定设备支持的PRC和一个位字符串,以指示支持的类的属性。这些PRI被发送到PDP,以向PDP指示设备支持哪些PRC以及这些PRC的哪些属性。
All install and install-notify PRCs supported by the device must be represented in this PRC. Notify PRCs may be represented for informational purposes."
设备支持的所有安装和安装通知PRC必须在此PRC中表示。Notify PRCs可用于提供信息。”
::= { frwkBasePibClasses 1 }
::= { frwkBasePibClasses 1 }
frwkPrcSupportEntry OBJECT-TYPE SYNTAX FrwkPrcSupportEntry STATUS current DESCRIPTION "An instance of the frwkPrcSupport class that identifies a specific PRC and associated attributes as supported by the device."
frwkPrcSupportEntry对象类型语法frwkPrcSupportEntry状态当前描述“识别设备支持的特定PRC和相关属性的frwkPrcSupport类的实例。”
PIB-INDEX { frwkPrcSupportPrid }
UNIQUENESS { frwkPrcSupportSupportedPrc }
PIB-INDEX { frwkPrcSupportPrid }
UNIQUENESS { frwkPrcSupportSupportedPrc }
::= { frwkPrcSupportTable 1 }
::= { frwkPrcSupportTable 1 }
FrwkPrcSupportEntry ::= SEQUENCE {
frwkPrcSupportPrid InstanceId,
frwkPrcSupportSupportedPrc PrcIdentifierOid,
frwkPrcSupportSupportedAttrs OCTET STRING
}
FrwkPrcSupportEntry ::= SEQUENCE {
frwkPrcSupportPrid InstanceId,
frwkPrcSupportSupportedPrc PrcIdentifierOid,
frwkPrcSupportSupportedAttrs OCTET STRING
}
frwkPrcSupportPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the frwkPrcSupport class."
frwkPrcSupportPrid对象类型语法InstanceId状态当前描述“唯一标识frwkPrcSupport类实例的任意整数索引。”
::= { frwkPrcSupportEntry 1 }
::= { frwkPrcSupportEntry 1 }
frwkPrcSupportSupportedPrc OBJECT-TYPE SYNTAX PrcIdentifierOid STATUS current DESCRIPTION "The object identifier of a supported PRC. The value is the OID of the Entry object of the PRC definition. The Entry Object definition of a PRC has an OID with value XxxTable.1 Where, XxxTable is the OID assigned to the PRC Table Object definition. There may not be more than one instance of the frwkPrcSupport class with the same value of frwkPrcSupportSupportedPrc."
FRWKPRCSupportedPRC对象类型语法PrcIdentifierOid状态当前说明“受支持PRC的对象标识符。该值是PRC定义的条目对象的OID。PRC的条目对象定义有一个值为XxxTable.1的OID,其中XxxTable是分配给PRC表对象定义的OID。FRWKPRCSupported类别的实例不得超过一个,且其值不得与FRWKPRCSupportedPRC相同。”
::= { frwkPrcSupportEntry 2 }
::= { frwkPrcSupportEntry 2 }
frwkPrcSupportSupportedAttrs OBJECT-TYPE SYNTAX OCTET STRING STATUS current DESCRIPTION "A bit string representing the supported attributes of the class that is identified by the frwkPrcSupportSupportedPrc object.
FRWKPRCSupportedAttrs对象类型语法八位字符串状态当前描述“表示由FRWKPRCSupportedPrc对象标识的类的受支持属性的位字符串。
Each bit of this bit string corresponds to a class attribute, with the most significant bit of the i-th octet of this octet string corresponding to the (8*i - 7)-th attribute, and the least significant bit of the i-th octet corresponding to the (8*i)-th class attribute. Each bit specifies whether or not the corresponding class attribute is currently supported, with a '1' indicating support and a '0' indicating no support.
该位字符串的每一位对应于一个类属性,该八位字节字符串的第i个八位字节的最高有效位对应于第(8*i-7)个属性,第i个八位字节的最低有效位对应于第(8*i)个类属性。每个位指定当前是否支持相应的类属性,“1”表示支持,“0”表示不支持。
If the value of this bit string is N bits long and there are more than N class attributes then the bit string is logically extended with 0's to the required length. On the other hand, If the PDP receives a bit string of length N and there are less that N class attributes then the PDP should ignore the extra bits in the bit string, i.e., assume those attributes are unsupported." REFERENCE "COPS Usage for Policy Provisioning. RFC 3084, section 2.2.1."
如果该位字符串的值为N位长,且有N个以上的类属性,则该位字符串将逻辑上用0扩展到所需的长度。另一方面,如果PDP接收到长度为N的位字符串,并且类属性少于N,则PDP应忽略位字符串中的额外位,即,假设这些属性不受支持。策略设置的“参考”COPS用法。RFC 3084,第2.2.1节。”
::= { frwkPrcSupportEntry 3 }
::= { frwkPrcSupportEntry 3 }
-- -- PIB Incarnation Table --
----PIB化身表--
frwkPibIncarnationTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkPibIncarnationEntry PIB-ACCESS install-notify STATUS current DESCRIPTION "This PRC contains a single PRovisioning Instance per installed context that identifies the current incarnation of the PIB and the PDP or network manager that installed this incarnation. The instance of this PRC is reported to the PDP in the REQ message so that the PDP can (attempt to) ascertain the current state of the PIB. A network manager may use the instance to determine the state of the device."
FRWKPiBinCarationTable对象类型语法序列FRWKPiBinCarationEntry PIB-ACCESS安装通知状态当前说明“此PRC包含每个已安装上下文的单个配置实例,用于标识PIB的当前版本以及安装此版本的PDP或网络管理器。该PRC的实例在REQ消息中报告给PDP,以便PDP可以(尝试)确定PIB的当前状态。网络管理器可以使用该实例来确定设备的状态。”
::= { frwkBasePibClasses 2 }
::= { frwkBasePibClasses 2 }
frwkPibIncarnationEntry OBJECT-TYPE SYNTAX FrwkPibIncarnationEntry STATUS current DESCRIPTION "An instance of the frwkPibIncarnation class. Only one instance of this PRC is ever instantiated per context"
FRWKPIbinCarationEntry对象类型语法FRWKPIbinCarationEntry状态当前描述“FRWKPIbinCarationClass的一个实例。每个上下文只能实例化此PRC的一个实例”
PIB-INDEX { frwkPibIncarnationPrid }
PIB索引{fRwkPiBinCarationPrid}
::= { frwkPibIncarnationTable 1 }
::= { frwkPibIncarnationTable 1 }
FrwkPibIncarnationEntry ::= SEQUENCE {
frwkPibIncarnationPrid InstanceId,
frwkPibIncarnationName SnmpAdminString,
frwkPibIncarnationId OCTET STRING,
frwkPibIncarnationLongevity INTEGER,
frwkPibIncarnationTtl Unsigned32,
frwkPibIncarnationInCtxtSet TruthValue,
frwkPibIncarnationActive TruthValue,
frwkPibIncarnationFullState TruthValue
}
FrwkPibIncarnationEntry ::= SEQUENCE {
frwkPibIncarnationPrid InstanceId,
frwkPibIncarnationName SnmpAdminString,
frwkPibIncarnationId OCTET STRING,
frwkPibIncarnationLongevity INTEGER,
frwkPibIncarnationTtl Unsigned32,
frwkPibIncarnationInCtxtSet TruthValue,
frwkPibIncarnationActive TruthValue,
frwkPibIncarnationFullState TruthValue
}
frwkPibIncarnationPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An index to uniquely identify an instance of this PRC."
FRWKPIBINCANAtionPRID对象类型语法InstanceId状态当前描述“唯一标识此PRC实例的索引。”
::= { frwkPibIncarnationEntry 1 }
::= { frwkPibIncarnationEntry 1 }
frwkPibIncarnationName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) STATUS current DESCRIPTION "The name of the PDP that installed the current incarnation of the PIB into the device. A zero-length string value for this type implies the PDP has not assigned this type any value. By default, it is the zero length string."
FRWKPIbinCarationName对象类型语法SNMPAdministring(大小(0..255))状态当前描述“将当前版本的PIB安装到设备中的PDP的名称。此类型的零长度字符串值表示PDP未为此类型分配任何值。默认情况下,它是零长度字符串。”
::= { frwkPibIncarnationEntry 2 }
::= { frwkPibIncarnationEntry 2 }
frwkPibIncarnationId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..255)) STATUS current DESCRIPTION "An ID to identify the current incarnation. It has meaning to the PDP/manager that installed the PIB and perhaps its standby PDPs/managers. A zero-length string value for this type implies the PDP has not assigned this type any value. By default, it is the zero-length string."
FRWKPiBinCarationId对象类型语法八位字节字符串(大小(0..255))状态当前说明“标识当前化身的ID。它对安装PIB的PDP/管理器以及可能的备用PDP/管理器具有意义。此类型的零长度字符串值表示PDP未为此类型分配任何值。默认情况下,它是长度为零的字符串。”
::= { frwkPibIncarnationEntry 3 }
::= { frwkPibIncarnationEntry 3 }
frwkPibIncarnationLongevity OBJECT-TYPE
SYNTAX INTEGER {
expireNever(1),
expireImmediate(2),
expireOnTimeout(3)
}
STATUS current
DESCRIPTION
"This attribute controls what the PEP does with the
downloaded policy on a Client Close message or a loss of
connection to the PDP.
frwkPibIncarnationLongevity OBJECT-TYPE
SYNTAX INTEGER {
expireNever(1),
expireImmediate(2),
expireOnTimeout(3)
}
STATUS current
DESCRIPTION
"This attribute controls what the PEP does with the
downloaded policy on a Client Close message or a loss of
connection to the PDP.
If set to expireNever, the PEP continues to operate with the installed policy indefinitely. If set to expireImmediate, the PEP immediately expires the policy obtained from the PDP and installs policy from local configuration. If set to expireOnTimeout, the PEP continues to operate with the policy installed by the PDP for a period of time specified by frwkPibIncarnationTtl. After this time (and it has not reconnected to the original or new PDP) the PEP expires this policy and reverts to local configuration.
如果设置为expireNever,PEP将继续无限期地使用已安装的策略运行。如果设置为ExpireMediate,PEP将立即使从PDP获得的策略过期,并从本地配置安装策略。如果设置为expireOnTimeout,PEP将在frwkPibIncarnationTtl指定的一段时间内继续使用PDP安装的策略运行。在此时间之后(且未重新连接到原始或新PDP),PEP将终止此策略并恢复到本地配置。
For all cases, it is the responsibility of the PDP to check the incarnation and download new policy, if necessary, on a reconnect. On receiving a Remove-State for the active
对于所有情况,PDP都有责任检查化身并在重新连接时下载新策略(如有必要)。接收到活动服务器的删除状态时
context, this attribute value MUST be ignored and the PEP should expire the policy in that active context immediately. Policy enforcement timing only applies to policies that have been installed dynamically (e.g., by a PDP via COPS)." REFERENCE "COPS Usage for Policy Provisioning. RFC 3084."
上下文中,必须忽略此属性值,PEP应立即使该活动上下文中的策略过期。策略实施时间仅适用于已动态安装的策略(例如,由PDP通过COPS安装)。“参考”COPS用于策略设置。RFC3084。”
::= { frwkPibIncarnationEntry 4 }
::= { frwkPibIncarnationEntry 4 }
frwkPibIncarnationTtl OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" STATUS current DESCRIPTION "The number of seconds after a Client Close or TCP timeout for which the PEP continues to enforce the policy in the PIB. After this interval, the PIB is considered expired and the device no longer enforces the policy installed in the PIB.
frwkPibIncarnationTtl对象类型语法Unsigned32个单位“秒”状态当前描述“客户端关闭或TCP超时后PEP继续在PIB中执行策略的秒数。在此间隔后,PIB被视为过期,设备不再执行PIB中安装的策略。
This attribute is only meaningful if frwkPibIncarnationLongevity is set to expireOnTimeout."
仅当FRWKPIBINCANAtionLifetime设置为expireOnTimeout时,此属性才有意义。“
::= { frwkPibIncarnationEntry 5 }
::= { frwkPibIncarnationEntry 5 }
frwkPibIncarnationInCtxtSet OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "When the PDP installs a PRI with this flag set to 'true' it implies this context belongs to the set of contexts out of which at the most one context can be active at a given time. If this attribute is set to 'false' this context is one of the outsourcing (simultaneous active) contexts on the PEP.
FRWKPIBINCANATIONNCTXTSET对象类型语法TruthValue STATUS current DESCRIPTION“当PDP安装PRI时,此标志设置为“true”,这意味着此上下文属于上下文集,在给定的时间内最多只能有一个上下文处于活动状态。如果此属性设置为“false”,则此上下文是其中之一政治公众人物(PEP)上的(同时活动)上下文。
This attribute is 'true' for all contexts belong to the set
of configuration contexts. Within the configuration context
set, one context can be active identified by the
frwkPibIncarnationActive attribute."
REFERENCE
"TruthValue Textual Convention, defined in RFC 2579."
::= { frwkPibIncarnationEntry 6 }
This attribute is 'true' for all contexts belong to the set
of configuration contexts. Within the configuration context
set, one context can be active identified by the
frwkPibIncarnationActive attribute."
REFERENCE
"TruthValue Textual Convention, defined in RFC 2579."
::= { frwkPibIncarnationEntry 6 }
frwkPibIncarnationActive OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "When the PDP installs a PRI on the PEP with this attribute set to 'true' and if this context belongs to the 'configuration contexts' set, i.e., the frwkPibIncarnationInCtxtSet is set to 'true', then the PIB instance to which this PRI belongs must become the active PIB instance. In this case, the previous active instance from this set MUST become inactive and the frwkPibIncarnationActive attribute in that PIB instance MUST be set to 'false'.
FRWKPiBinCarationActive对象类型语法TruthValue状态当前说明“当PDP在PEP上安装PRI时,该属性设置为'true',如果该上下文属于'configuration contexts'集,即FRWKPIbincarationInCxtSet设置为'true',则该PRI所属的PIB实例必须成为活动PIB实例。在这种情况下,此集合中的上一个活动实例必须变为非活动,并且该PIB实例中的FRWKPIBINCANATIONACTIVE属性必须设置为“false”。
When the PDP installs an attribute frwkPibIncarnationActive on the PEP that is 'true' in one PIB instance and if the context belongs to the 'configuration contexts' set, the PEP must ensure, re-setting the attribute if necessary, that the frwkPibIncarnationActive attribute is 'false' in all other contexts which belong to the 'configuration contexts' set."
当PDP在一个PIB实例中在PEP上安装属性frwkPiBinCarationActive为“true”且该上下文属于“配置上下文”集时,PEP必须确保,如有必要,重新设置该属性,在属于“配置上下文”集合的所有其他上下文中,frwkPiBinCarationActive属性为“false”。“
::= { frwkPibIncarnationEntry 7 }
::= { frwkPibIncarnationEntry 7 }
frwkPibIncarnationFullState OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "This attribute is interpreted only when sent in a COPS request message from the PEP to the PDP. It does not have any meaning when sent from the PDP to the PEP.
FRWKPiBincarationFullState对象类型语法TruthValue STATUS current DESCRIPTION“仅当从政治公众人物向PDP发送COPS请求消息时,才会解释此属性。从PDP向政治公众人物发送时,此属性没有任何意义。
If this attribute is set to 'true' by the PEP, then the request that the PEP sends to the PDP must be interpreted as the complete configuration request for the PEP. The PDP must in this case refresh the request information for the handle that the request containing this PRI was received on. If this attribute is set to 'false', then the request PRIs sent in the request must be interpreted as updates to the previous request PRIs sent using that handle. See section 3.3 for details on updating request state information." REFERENCE "RFC 3318 Section 2.3"
如果PEP将该属性设置为“true”,则PEP发送给PDP的请求必须解释为PEP的完整配置请求。在这种情况下,PDP必须刷新包含此PRI的请求在其上接收的句柄的请求信息。如果此属性设置为“false”,则请求中发送的请求PRI必须解释为使用该句柄发送的前一个请求PRI的更新。有关更新请求状态信息的详细信息,请参见第3.3节。“参考“RFC 3318第2.3节”
::= { frwkPibIncarnationEntry 8 }
::= { frwkPibIncarnationEntry 8 }
-- -- Device Identification Table
----设备标识表
--
--
frwkDeviceIdTable OBJECT-TYPE
FRWKDeviceTable对象类型
SYNTAX SEQUENCE OF FrwkDeviceIdEntry PIB-ACCESS notify STATUS current DESCRIPTION "This PRC contains a single PRovisioning Instance that contains general purpose device-specific information that is used to facilitate efficient policy communication by a PDP. The instance of this PRC is reported to the PDP in a COPS request message so that the PDP can take into account certain device characteristics during policy installation."
FRWKDeviceIdentintry PIB-ACCESS通知状态当前描述的语法序列“此PRC包含一个配置实例,该实例包含通用设备特定信息,用于促进PDP的高效策略通信。此PRC的实例在COPS请求消息中报告给PDP,以便PDP可以在策略安装期间考虑某些设备特性。”
::= { frwkBasePibClasses 3 }
::= { frwkBasePibClasses 3 }
frwkDeviceIdEntry OBJECT-TYPE SYNTAX FrwkDeviceIdEntry STATUS current DESCRIPTION "An instance of the frwkDeviceId class. Only one instance of this PRC is ever instantiated."
FRWKDeviceIndtry对象类型语法FRWKDeviceIndtry状态当前描述“frwkDeviceId类的一个实例。此PRC只有一个实例被实例化。”
PIB-INDEX { frwkDeviceIdPrid }
PIB索引{fRwkDeviceIDPID}
::= { frwkDeviceIdTable 1 }
::= { frwkDeviceIdTable 1 }
FrwkDeviceIdEntry ::= SEQUENCE {
frwkDeviceIdPrid InstanceId,
frwkDeviceIdDescr SnmpAdminString,
frwkDeviceIdMaxMsg Unsigned32,
frwkDeviceIdMaxContexts Unsigned32
}
FrwkDeviceIdEntry ::= SEQUENCE {
frwkDeviceIdPrid InstanceId,
frwkDeviceIdDescr SnmpAdminString,
frwkDeviceIdMaxMsg Unsigned32,
frwkDeviceIdMaxContexts Unsigned32
}
frwkDeviceIdPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An index to uniquely identify an instance of this PRC."
FRWKDeviceIDPID对象类型语法InstanceId状态当前描述“唯一标识此PRC实例的索引。”
::= { frwkDeviceIdEntry 1 }
::= { frwkDeviceIdEntry 1 }
frwkDeviceIdDescr OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..255)) STATUS current DESCRIPTION "A textual description of the PEP. This value should include the name and version identification of the PEP's hardware and software."
FRWKDeviceIDESCR对象类型语法SNMPAdministring(大小(1..255))状态当前描述“PEP的文本描述。此值应包括PEP硬件和软件的名称和版本标识。”
::= { frwkDeviceIdEntry 2 }
::= { frwkDeviceIdEntry 2 }
frwkDeviceIdMaxMsg OBJECT-TYPE SYNTAX Unsigned32 (64..4294967295) UNITS "octets" STATUS current DESCRIPTION "The maximum COPS-PR message size, in octets, that the device is capable of processing. Received messages with a size in excess of this value must cause the PEP to return an error to the PDP containing the global error code 'maxMsgSizeExceeded'. This is an additional error-avoidance mechanism to allow the administrator to know the maximum message size supported so that they have the ability to control the message size of messages sent to the device. This attribute must have a non-zero value. The device should send the MAX value for Unsigned32 for this attribute if it not defined." DEFVAL { 4294967295 }
FRWKDEVIEDMAXMSG对象类型语法Unsigned32(64..4294967295)单位“八位字节”状态当前说明“设备能够处理的最大COPS-PR消息大小(以八位字节为单位)。收到的大小超过此值的消息必须导致PEP向PDP返回包含全局错误代码“MaxMsgSizeExceeed”的错误。这是一种额外的错误避免机制,允许管理员知道支持的最大消息大小,以便他们能够控制发送到设备的消息的消息大小。此属性必须具有非零值。如果未定义此属性,则设备应为此属性发送Unsigned32的最大值。“deffal{4294967295}
::= { frwkDeviceIdEntry 3 }
::= { frwkDeviceIdEntry 3 }
frwkDeviceIdMaxContexts OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) UNITS "contexts" STATUS current DESCRIPTION "The maximum number of unique contexts supported by the device. This is an additional error-avoidance mechanism to allow the administrators to have the ability to know the maximum number of contexts supported so that they can control the number of configuration contexts they install on the device. This attribute must have a non-zero value. The device should send the MAX value for Unsigned32 for this attribute if it not defined." DEFVAL { 4294967295 }
frwkDeviceIdMaxContexts对象类型语法Unsigned32(1..4294967295)单位“上下文”状态当前说明“设备支持的唯一上下文的最大数量。这是一种额外的错误避免机制,允许管理员能够知道支持的最大上下文数,以便他们可以控制在设备上安装的配置上下文数。此属性必须具有非零值。如果未定义此属性,则设备应为此属性发送Unsigned32的最大值。“deffal{4294967295}
::= { frwkDeviceIdEntry 4 }
::= { frwkDeviceIdEntry 4 }
--
--
-- Component Limitations Table --
--组件限制表--
frwkCompLimitsTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkCompLimitsEntry PIB-ACCESS notify STATUS current DESCRIPTION "This PRC supports the ability to export information detailing PRC/attribute implementation limitations to the policy management system. Instances of this PRC apply only for PRCs with access type 'install' or 'install-notify'.
FrwkCompLimitsEntry PIB-ACCESS notify STATUS当前描述的frwkCompLimitsTable对象类型语法序列“此PRC支持将详细说明PRC/属性实施限制的信息导出到策略管理系统。此PRC的实例仅适用于访问类型为“install”或“install notify”的PRC。
Each instance of this PRC identifies a PRovisioning Class or attribute and a limitation related to the implementation of the class/attribute in the device. Additional information providing guidance related to the limitation may also be present. These PRIs are sent to the PDP to indicate which PRCs or PRC attributes the device supports in a restricted manner."
此PRC的每个实例标识一个供应类或属性以及与设备中的类/属性的实现相关的限制。还可能提供与限制相关的指导信息。这些PRI被发送到PDP,以指示设备以受限方式支持哪些PRC或PRC属性。”
::= { frwkBasePibClasses 4 }
::= { frwkBasePibClasses 4 }
frwkCompLimitsEntry OBJECT-TYPE SYNTAX FrwkCompLimitsEntry STATUS current DESCRIPTION "An instance of the frwkCompLimits class that identifies a PRC or PRC attribute and a limitation related to the PRC or PRC attribute implementation supported by the device. COPS-PR lists the error codes that MUST be returned (if applicable)for policy installation that don't abide by the restrictions indicated by the limitations exported. [SPPI] defines an INSTALL-ERRORS clause that allows PIB designers to define PRC specific error codes that can be returned for policy installation. This allows efficient debugging of PIB implementations." REFERENCE "COPS Usage for Policy Provisioning. RFC 3084."
frwkCompLimitsEntry对象类型语法frwkCompLimitsEntry STATUS current DESCRIPTION“frwkCompLimits类的实例,用于标识PRC或PRC属性以及与设备支持的PRC或PRC属性实现相关的限制。COPS-PR列出了必须返回的错误代码(如果适用)对于不遵守导出的限制所指示的限制的策略安装。[SPPI]定义了INSTALL-ERRORS子句,该子句允许PIB设计器定义可返回用于策略安装的PRC特定错误代码。这允许高效调试PIB实现。“参考“用于策略设置的COPS使用。RFC3084。”
PIB-INDEX { frwkCompLimitsPrid }
UNIQUENESS { frwkCompLimitsComponent,
frwkCompLimitsAttrPos,
frwkCompLimitsNegation,
frwkCompLimitsType,
frwkCompLimitsSubType,
frwkCompLimitsGuidance }
PIB-INDEX { frwkCompLimitsPrid }
UNIQUENESS { frwkCompLimitsComponent,
frwkCompLimitsAttrPos,
frwkCompLimitsNegation,
frwkCompLimitsType,
frwkCompLimitsSubType,
frwkCompLimitsGuidance }
::= { frwkCompLimitsTable 1 }
::= { frwkCompLimitsTable 1 }
FrwkCompLimitsEntry ::= SEQUENCE {
frwkCompLimitsPrid InstanceId,
frwkCompLimitsComponent PrcIdentifierOid,
frwkCompLimitsAttrPos AttrIdentifierOrZero,
frwkCompLimitsNegation TruthValue,
frwkCompLimitsType INTEGER,
frwkCompLimitsSubType INTEGER,
frwkCompLimitsGuidance OCTET STRING
}
FrwkCompLimitsEntry ::= SEQUENCE {
frwkCompLimitsPrid InstanceId,
frwkCompLimitsComponent PrcIdentifierOid,
frwkCompLimitsAttrPos AttrIdentifierOrZero,
frwkCompLimitsNegation TruthValue,
frwkCompLimitsType INTEGER,
frwkCompLimitsSubType INTEGER,
frwkCompLimitsGuidance OCTET STRING
}
frwkCompLimitsPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the frwkCompLimits class."
FRWKCompLimitsPID对象类型语法InstanceId状态当前描述“唯一标识frwkCompLimits类实例的任意整数索引。”
::= { frwkCompLimitsEntry 1 }
::= { frwkCompLimitsEntry 1 }
frwkCompLimitsComponent OBJECT-TYPE SYNTAX PrcIdentifierOid STATUS current DESCRIPTION "The value is the OID of a PRC (the table entry) which is supported in some limited fashion or contains an attribute that is supported in some limited fashion with regard to it's definition in the associated PIB module. The same OID may appear in the table several times, once for each implementation limitation acknowledged by the device."
frwkCompLimitsComponent对象类型语法PrcIdentifierOid状态当前描述“值是PRC的OID(表项)它以某种有限的方式受支持,或者包含一个属性,该属性在相关PIB模块中的定义方面以某种有限的方式受支持。同一OID可能会在表中出现多次,设备确认的每个实现限制都会出现一次。”
::= { frwkCompLimitsEntry 2 }
::= { frwkCompLimitsEntry 2 }
frwkCompLimitsAttrPos OBJECT-TYPE SYNTAX AttrIdentifierOrZero STATUS current DESCRIPTION "The relative position of the attribute within the PRC specified by the frwkCompLimitsComponent. A value of 1 would represent the first columnar object in the PRC and a value of N would represent the Nth columnar object in the PRC. A value of zero (0) indicates that the limit applies to the PRC itself and not to a specific attribute."
FRWKCompLimitsAtrPos对象类型语法AttrIdentifierOrZero状态当前描述“frwkCompLimitsComponent指定的属性在PRC中的相对位置。值1表示PRC中的第一个列对象,值N表示PRC中的第N个列对象。值为零(0)表示该限额适用于PRC本身,而非特定属性。”
::= { frwkCompLimitsEntry 3 }
::= { frwkCompLimitsEntry 3 }
frwkCompLimitsNegation OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "A boolean value ,if 'true', negates the component limit exported."
FRWKCompLimitsNavigation对象类型语法TruthValue STATUS current DESCRIPTION“一个布尔值,如果为“true”,则否定导出的组件限制。”
::= { frwkCompLimitsEntry 4 }
::= { frwkCompLimitsEntry 4 }
frwkCompLimitsType OBJECT-TYPE
SYNTAX INTEGER {
priSpaceLimited(1),
attrValueSupLimited(2),
attrEnumSupLimited(3),
attrLengthLimited(4),
prcLimitedNotify(5)
}
STATUS current
DESCRIPTION
"A value describing an implementation limitation for the
device related to the PRC or PRC attribute identified by
the frwkCompLimitsComponent and the frwkCompLimitsAttrPos
attributes.
frwkCompLimitsType OBJECT-TYPE
SYNTAX INTEGER {
priSpaceLimited(1),
attrValueSupLimited(2),
attrEnumSupLimited(3),
attrLengthLimited(4),
prcLimitedNotify(5)
}
STATUS current
DESCRIPTION
"A value describing an implementation limitation for the
device related to the PRC or PRC attribute identified by
the frwkCompLimitsComponent and the frwkCompLimitsAttrPos
attributes.
Values for this object are one of the following:
此对象的值为以下值之一:
priSpaceLimited(1) - No more instances than that specified by the guidance value may be installed in the given class. The component identified MUST be a valid PRC. The SubType used MUST be valueOnly(9).
PRISPACESLIMITED(1)-给定类别中安装的实例不得超过指导值规定的实例。标识的组件必须是有效的PRC。使用的子类型必须是valueOnly(9)。
attrValueSupLimited(2) - Limited values are acceptable for the identified component. The component identified MUST be a valid PRC attribute. The guidance OCTET STRING will be decoded according to the attribute type.
attrValueSupLimited(2)-可接受已识别组件的限制值。标识的组件必须是有效的PRC属性。制导八位字节字符串将根据属性类型进行解码。
attrEnumSupLimited(3) - Limited enumeration values are legal for the identified component. The attribute identified MUST be a valid enum type.
attrEnumSupLimited(3)-有限的枚举值对于标识的组件是合法的。标识的属性必须是有效的枚举类型。
attrLengthLimited(4) - The length of the specified value for the identified component is limited. The component identified MUST be a valid PRC attribute of base-type OCTET STRING.
attrLengthLimited(4)-已识别组件的指定值的长度是有限的。标识的组件必须是基类型八位字节字符串的有效PRC属性。
prcLimitedNotify (5) - The component is currently limited for use by request or report messages prohibiting decision installation. The component identified must be a valid PRC."
prcLimitedNotify(5)-该组件目前仅限于通过禁止安装决策的请求或报告消息使用。标识的组件必须是有效的PRC。”
::= { frwkCompLimitsEntry 5 }
::= { frwkCompLimitsEntry 5 }
frwkCompLimitsSubType OBJECT-TYPE
SYNTAX INTEGER {
none(1),
lengthMin(2),
lengthMax(3),
rangeMin(4),
rangeMax(5),
enumMin(6),
enumMax(7),
enumOnly(8),
valueOnly(9),
bitMask(10)
}
STATUS current
DESCRIPTION
"This object indicates the type of guidance related
to the noted limitation (as indicated by the
frwkCompLimitsType attribute) that is provided
in the frwkCompLimitsGuidance attribute.
frwkCompLimitsSubType OBJECT-TYPE
SYNTAX INTEGER {
none(1),
lengthMin(2),
lengthMax(3),
rangeMin(4),
rangeMax(5),
enumMin(6),
enumMax(7),
enumOnly(8),
valueOnly(9),
bitMask(10)
}
STATUS current
DESCRIPTION
"This object indicates the type of guidance related
to the noted limitation (as indicated by the
frwkCompLimitsType attribute) that is provided
in the frwkCompLimitsGuidance attribute.
A value of 'none(1)' means that no additional guidance is provided for the noted limitation type.
“无(1)”的值意味着没有为注明的限制类型提供额外的指导。
A value of 'lengthMin(2)' means that the guidance attribute provides data related to the minimum acceptable length for the value of the identified component. A corresponding class instance specifying the 'lengthMax(3)' value is required in conjunction with this sub-type.
“lengthMin(2)”的值意味着制导属性提供与所识别部件值的最小可接受长度相关的数据。指定“lengthMax(3)”值的相应类实例需要与此子类型结合使用。
A value of 'lengthMax(3)' means that the guidance attribute provides data related to the maximum acceptable length for the value of the identified component. A corresponding class instance specifying the 'lengthMin(2)' value is required in conjunction with this sub-type.
“lengthMax(3)”的值意味着制导属性提供了与所识别部件值的最大可接受长度相关的数据。指定“lengthMin(2)”值的相应类实例需要与此子类型结合使用。
A value of 'rangeMin(4)' means that the guidance attribute provides data related to the lower bound of the range for the value of the identified component. A corresponding class instance specifying the 'rangeMax(5)' value is required in conjunction with this sub-type.
“rangeMin(4)”的值意味着制导属性提供与已识别组件值范围下限相关的数据。指定“rangeMax(5)”值的相应类实例需要与此子类型结合使用。
A value of 'rangeMax(5)' means that the guidance attribute provides data related to the upper bound
值“rangeMax(5)”表示制导属性提供与上限相关的数据
of the range for the value of the identified component. A corresponding class instance specifying the 'rangeMin(4)' value is required in conjunction with this sub-type.
已识别组件的值的范围。指定“rangeMin(4)”值的相应类实例需要与此子类型结合使用。
A value of 'enumMin(6)' means that the guidance attribute provides data related to the lowest enumeration acceptable for the value of the identified component. A corresponding class instance specifying the 'enumMax(7)' value is required in conjunction with this sub-type.
“enumMin(6)”的值表示指南属性提供与所识别组件的值可接受的最低枚举相关的数据。指定“enumMax(7)”值的相应类实例需要与此子类型结合使用。
A value of 'enumMax(7)' means that the guidance attribute provides data related to the largest enumeration acceptable for the value of the identified component. A corresponding class instance specifying the 'enumMin(6)' value is required in conjunction with this sub-type.
“enumMax(7)”的值表示“指南”属性提供与所识别组件的值可接受的最大枚举相关的数据。指定“enumMin(6)”值的相应类实例需要与此子类型结合使用。
A value of 'enumOnly(8)' means that the guidance attribute provides data related to a single enumeration acceptable for the value of the identified component.
“enumOnly(8)”的值表示“指南”属性提供与单个枚举相关的数据,该枚举可为所识别组件的值所接受。
A value of 'valueOnly(9)' means that the guidance attribute provides data related to a single value that is acceptable for the identified component.
“valueOnly(9)”的值意味着指导属性提供与单个值相关的数据,该值可为所识别的组件接受。
A value of 'bitMask(10)' means that the guidance attribute is a bit mask such that all the combinations of bits set in the bitmask are acceptable values for the identified component which should be an attribute of type
“位掩码(10)”的值表示引导属性是位掩码,因此位掩码中设置的所有位组合都是识别组件的可接受值,该组件应为类型属性
'BITS'.
“比特”。
For example, an implementation of the frwkIpFilter class may be limited in several ways, such as address mask, protocol and Layer 4 port options. These limitations could be exported using this PRC with the following instances:
例如,frwkIpFilter类的实现可能以几种方式受到限制,例如地址掩码、协议和第4层端口选项。在以下情况下,可以使用此PRC导出这些限制:
Component Type Sub-Type Guidance
------------------------------------------------------------
DstPrefixLength attrValueSupLimited valueOnly 24
SrcPrefixLength attrValueSupLimited valueOnly 24
Protocol attrValueSupLimited rangeMin 10
Protocol attrValueSupLimited rangeMax 20
Component Type Sub-Type Guidance
------------------------------------------------------------
DstPrefixLength attrValueSupLimited valueOnly 24
SrcPrefixLength attrValueSupLimited valueOnly 24
Protocol attrValueSupLimited rangeMin 10
Protocol attrValueSupLimited rangeMax 20
The above entries describe a number of limitations that may be in effect for the frwkIpFilter class on a given device. The limitations include restrictions on acceptable values for certain attributes.
上述条目描述了给定设备上frwkIpFilter类可能存在的一些限制。这些限制包括对某些属性的可接受值的限制。
Also, an implementation of a PRC may be limited in the ways it can be accessed. For instance, for a fictitious PRC dscpMapEntry, which has a PIB-ACCESS of 'install-notify':
此外,PRC的实现可能会受到访问方式的限制。例如,对于一个虚构的PRC dscpMapEntry,其PIB-ACCESS为“安装通知”:
Component Type SubType Guidance
------------------------------------------------------------
dscpMapEntry prcLimitedNotify none zero-length string."
Component Type SubType Guidance
------------------------------------------------------------
dscpMapEntry prcLimitedNotify none zero-length string."
::= { frwkCompLimitsEntry 6 }
::= { frwkCompLimitsEntry 6 }
frwkCompLimitsGuidance OBJECT-TYPE SYNTAX OCTET STRING STATUS current DESCRIPTION "A value used to convey additional information related to the implementation limitation. Note that a guidance value will not necessarily be provided for all exported limitations. If a guidance value is not provided, the value must be a zero-length string.
FRWKCompLimitsGuidence对象类型语法八位字节字符串状态当前描述“用于传达与实施限制相关的附加信息的值。请注意,不必为所有导出的限制提供指导值。如果未提供指导值,则该值必须为零长度字符串。
The format of the guidance value, if one is present as indicated by the frwkCompLimitsSubType attribute, is described by the following table. Note that the format of guidance value is dictated by the base-type of the component whose limitation is being exported, interpreted in the context of the frwkCompLimitsType and frwkCompLimitsSubType values. Any other restrictions (such as size/range/enumerated value) on the guidance value MUST be complied with according to the definition of the component for which guidance is being specified.
下表说明了指导值的格式(如果存在frwkCompLimitsSubType属性指示的指导值)。请注意,指导值的格式由导出其限制的组件的基本类型决定,并在frwkCompLimitsType和frwkCompLimitsSubType值的上下文中进行解释。根据规定指南的部件定义,必须遵守指南值的任何其他限制(如尺寸/范围/枚举值)。
Note that numbers are encoded in network byte order.
请注意,数字是按网络字节顺序编码的。
Base Type Value
--------- -----
Unsigned32/Integer32/INTEGER 32-bit value.
Unsigned64/Integer64 64-bit Value.
OCTET STRING octets of data.
OID 32-bit OID components.
BITS Binary octets of length
same as Component specified."
Base Type Value
--------- -----
Unsigned32/Integer32/INTEGER 32-bit value.
Unsigned64/Integer64 64-bit Value.
OCTET STRING octets of data.
OID 32-bit OID components.
BITS Binary octets of length
same as Component specified."
::= { frwkCompLimitsEntry 7 }
::= { frwkCompLimitsEntry 7 }
-- -- Complete Reference specification table --
--——完整的参考规范表--
frwkReferenceTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkReferenceEntry PIB-ACCESS install-notify STATUS current DESCRIPTION "Each instance of this PRC specifies a reference to a PRI in a specific PIB context (handle) for a specific client-type. This table gives the PDP the ability to set up policies that span installed contexts and the PEP the ability to reference instances in another, perhaps configured context. The PEP must send a 'attrReferenceUnknown' COPS-PR error to the PDP if it encounters an invalid reference. " REFERENCE "COPS Usage for Policy Provisioning. RFC 3084, error codes section 4.5."
FrwkReferenceEntry PIB-ACCESS安装通知状态当前描述的frwkReferenceTable对象类型语法序列“此PRC的每个实例指定对特定PIB上下文(句柄)中PRI的引用”对于特定的客户端类型。此表使PDP能够设置跨越已安装上下文的策略,并使PEP能够在另一个(可能是已配置的)上下文中引用实例。如果遇到无效引用,PEP必须向PDP发送“attrReferenceUnknown”COPS-PR错误。“引用”“用于策略设置的COPS使用。RFC 3084,错误代码第4.5节。”
::= { frwkBasePibClasses 5 }
::= { frwkBasePibClasses 5 }
frwkReferenceEntry OBJECT-TYPE SYNTAX FrwkReferenceEntry STATUS current DESCRIPTION "Entry specification for the frwkReferenceTable."
frwkReferenceEntry对象类型语法frwkReferenceEntry状态当前描述“frwkReferenceTable的条目规范”
PIB-INDEX { frwkReferencePrid }
UNIQUENESS { }
PIB-INDEX { frwkReferencePrid }
UNIQUENESS { }
::= { frwkReferenceTable 1 }
::= { frwkReferenceTable 1 }
FrwkReferenceEntry ::= SEQUENCE {
frwkReferencePrid InstanceId,
frwkReferenceClientType ClientType,
frwkReferenceClientHandle ClientHandle,
frwkReferenceInstance Prid
}
FrwkReferenceEntry ::= SEQUENCE {
frwkReferencePrid InstanceId,
frwkReferenceClientType ClientType,
frwkReferenceClientHandle ClientHandle,
frwkReferenceInstance Prid
}
frwkReferencePrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the frwkReference class."
FRWKreferenceGrid对象类型语法InstanceId STATUS current DESCRIPTION“唯一标识frwkReference类实例的任意整数索引。”
::= { frwkReferenceEntry 1 }
::= { frwkReferenceEntry 1 }
frwkReferenceClientType OBJECT-TYPE SYNTAX ClientType STATUS current DESCRIPTION "Is unused if set to zero else specifies a client-type for which the reference is to be interpreted. This non-zero client-type must be activated explicitly via a separate COPS client-open else this attribute is not valid."
frwkReferenceClientType对象类型语法ClientType状态当前描述“如果设置为零,则未使用,否则指定要解释引用的客户端类型。必须通过单独的COPS客户端打开显式激活此非零客户端类型,否则此属性无效。”
::= { frwkReferenceEntry 2 }
::= { frwkReferenceEntry 2 }
frwkReferenceClientHandle OBJECT-TYPE SYNTAX ClientHandle STATUS current DESCRIPTION "Must be set to specify a valid client-handle in the scope of the client-type specified."
frwkReferenceClientHandle对象类型语法ClientHandle STATUS current DESCRIPTION“必须设置为在指定的客户端类型范围内指定有效的客户端句柄。”
::= { frwkReferenceEntry 3 }
::= { frwkReferenceEntry 3 }
frwkReferenceInstance OBJECT-TYPE SYNTAX Prid STATUS current DESCRIPTION "References a PRI in the context identified by frwkReferenceClientHandle for client-type identified by frwkReferenceClientType."
frwkReferenceInstance对象类型语法PRI STATUS current DESCRIPTION“在frwkReferenceClientHandle标识的上下文中引用frwkReferenceClientType标识的客户端类型的PRI。”
::= { frwkReferenceEntry 4 }
::= { frwkReferenceEntry 4 }
-- -- Error specification table --
----错误规格表--
frwkErrorTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkErrorEntry PIB-ACCESS install STATUS current DESCRIPTION "Each instance of this PRC specifies a class specific error object. Instances of this PRC are transient, i.e., instances received in a COPS decision message must not be maintained by the PEP in its copy of the PIB instances. This PRC allows a PDP to send error information to the PEP if the PDP cannot process updates to a Request successfully."
FrwkErrorEntry PIB-ACCESS的frwkErrorTable对象类型语法序列安装状态当前说明“此PRC的每个实例都指定一个特定于类的错误对象。此PRC的实例是暂时的,即政治公众人物不得在其PIB实例副本中维护在COPS决策消息中收到的实例。如果PDP无法成功处理请求更新,此PRC允许PDP向PEP发送错误信息。”
::= { frwkBasePibClasses 6 }
::= { frwkBasePibClasses 6 }
frwkErrorEntry OBJECT-TYPE SYNTAX FrwkErrorEntry STATUS current DESCRIPTION "Entry specification for the frwkErrorTable."
frwkErrorEntry对象类型语法frwkErrorEntry状态当前描述“frwkErrorTable的条目规范”
PIB-INDEX { frwkErrorPrid }
UNIQUENESS {
frwkErrorCode,
frwkErrorSubCode,
frwkErrorPrc,
frwkErrorInstance
}
PIB-INDEX { frwkErrorPrid }
UNIQUENESS {
frwkErrorCode,
frwkErrorSubCode,
frwkErrorPrc,
frwkErrorInstance
}
::= { frwkErrorTable 1 }
::= { frwkErrorTable 1 }
FrwkErrorEntry ::= SEQUENCE {
frwkErrorPrid InstanceId,
frwkErrorCode Unsigned32,
frwkErrorSubCode Unsigned32,
frwkErrorPrc PrcIdentifierOid,
frwkErrorInstance InstanceId
}
FrwkErrorEntry ::= SEQUENCE {
frwkErrorPrid InstanceId,
frwkErrorCode Unsigned32,
frwkErrorSubCode Unsigned32,
frwkErrorPrc PrcIdentifierOid,
frwkErrorInstance InstanceId
}
frwkErrorPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the frwkError class."
frwkErrorPrid对象类型语法InstanceId STATUS current DESCRIPTION“唯一标识frwkError类实例的任意整数索引。”
::= { frwkErrorEntry 1 }
::= { frwkErrorEntry 1 }
frwkErrorCode OBJECT-TYPE SYNTAX Unsigned32 (0..65535) STATUS current DESCRIPTION "Error code defined in COPS-PR CPERR object." REFERENCE "COPS Usage for Policy Provisioning. RFC 3084."
frwkErrorCode对象类型语法Unsigned32(0..65535)状态当前描述“COPS-PR CPERR对象中定义的错误代码”。参考“策略设置的COPS用法。RFC 3084。”
::= { frwkErrorEntry 2 }
::= { frwkErrorEntry 2 }
frwkErrorSubCode OBJECT-TYPE SYNTAX Unsigned32 (0..65535) STATUS current
frwkErrorSubCode对象类型语法Unsigned32(0..65535)状态当前
DESCRIPTION "The class-specific error object is used to communicate errors relating to specific PRCs."
DESCRIPTION“特定于类的错误对象用于传递与特定PRC相关的错误。”
::= { frwkErrorEntry 3 }
::= { frwkErrorEntry 3 }
frwkErrorPrc OBJECT-TYPE SYNTAX PrcIdentifierOid STATUS current DESCRIPTION "The PRC due to which the error specified by codes (frwkErrorCode , frwkErrorSubCode) occurred."
frwkErrorPrc对象类型语法PrcIdentifierOid状态当前描述“发生代码(frwkErrorCode,frwkErrorSubCode)指定错误的PRC。”
::= { frwkErrorEntry 4 }
::= { frwkErrorEntry 4 }
frwkErrorInstance OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "The PRI of the identified PRC (frwkErrorPrc) due to which the error specified by codes (frwkErrorCode , frwkErrorSubCode) occurred. Must be set to zero if unused."
frwkErrorInstance对象类型语法InstanceId STATUS current DESCRIPTION“已识别PRC(frwkErrorPrc)的PRI,由于该PRI,代码(frwkErrorCode,frwkErrorSubCode)指定的错误发生。如果未使用,则必须将其设置为零。”
::= { frwkErrorEntry 5 }
::= { frwkErrorEntry 5 }
-- -- The device capabilities and role combo classes group --
----设备功能和角色组合类组--
frwkDeviceCapClasses
OBJECT IDENTIFIER ::= { frameworkPib 2 }
--
-- Capability Set Table
--
frwkDeviceCapClasses
OBJECT IDENTIFIER ::= { frameworkPib 2 }
--
-- Capability Set Table
--
frwkCapabilitySetTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkCapabilitySetEntry PIB-ACCESS notify STATUS current DESCRIPTION
frwkCapabilitySetTable对象类型FRWKCapabilityStentry PIB-ACCESS的语法序列通知状态当前描述
"This PRC describes the capability sets that exist on the interfaces on the device. The capability set is given a unique name that identifies a set. These capability set names are used by the PDP to determine policy information to be associated with interfaces that possess similar sets of capabilities."
“此PRC描述设备接口上存在的功能集。该功能集具有唯一名称,用于标识一个功能集。PDP使用这些功能集名称来确定与具有类似功能集的接口关联的策略信息。”
::= { frwkDeviceCapClasses 1 }
::= { frwkDeviceCapClasses 1 }
frwkCapabilitySetEntry OBJECT-TYPE SYNTAX FrwkCapabilitySetEntry STATUS current DESCRIPTION "An instance of this PRC describes a particular set of capabilities and associates a unique name with the set."
FRWkCapabilityStentry对象类型语法FRWkCapabilityStentry状态当前描述“此PRC的实例描述了一组特定的功能,并将唯一名称与该集关联。”
PIB-INDEX { frwkCapabilitySetPrid }
UNIQUENESS { frwkCapabilitySetName,
frwkCapabilitySetCapability }
PIB-INDEX { frwkCapabilitySetPrid }
UNIQUENESS { frwkCapabilitySetName,
frwkCapabilitySetCapability }
::= { frwkCapabilitySetTable 1 }
::= { frwkCapabilitySetTable 1 }
FrwkCapabilitySetEntry ::= SEQUENCE {
frwkCapabilitySetPrid InstanceId,
frwkCapabilitySetName SnmpAdminString,
frwkCapabilitySetCapability Prid
}
FrwkCapabilitySetEntry ::= SEQUENCE {
frwkCapabilitySetPrid InstanceId,
frwkCapabilitySetName SnmpAdminString,
frwkCapabilitySetCapability Prid
}
frwkCapabilitySetPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies a instance of the class."
FRWkCapabilitySetpId对象类型语法InstanceId状态当前描述“唯一标识类实例的任意整数索引。”
::= { frwkCapabilitySetEntry 1 }
::= { frwkCapabilitySetEntry 1 }
frwkCapabilitySetName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..255)) STATUS current DESCRIPTION "The name for the capability set. This name is the unique identifier of a set of capabilities. This attribute must not be assigned a zero-length string."
frwkCapabilitySetName对象类型语法SnmpAdminString(大小(1..255))状态当前描述“功能集的名称。此名称是一组功能的唯一标识符。不得为此属性分配长度为零的字符串。”
::= { frwkCapabilitySetEntry 2 }
::= { frwkCapabilitySetEntry 2 }
frwkCapabilitySetCapability OBJECT-TYPE SYNTAX Prid STATUS current DESCRIPTION
frwkCapabilitySetCapability对象类型语法Prid状态当前描述
"The complete PRC OID and instance identifier specifying the capability PRC instance for the interface. This attribute references a specific instance of a capability table. The
“完整的PRC OID和实例标识符,用于指定接口的能力PRC实例。此属性引用能力表的特定实例
capability table whose instance is referenced must be defined in the client type specific PIB that this PIB is used with. The referenced capability instance becomes a part of the set of capabilities associated with the specified frwkCapabilitySetName."
引用其实例的功能表必须在与此PIB一起使用的特定于客户端类型的PIB中定义。引用的功能实例将成为与指定的frwkCapabilitySetName关联的功能集的一部分。”
::= { frwkCapabilitySetEntry 3 }
::= { frwkCapabilitySetEntry 3 }
-- -- Interface and Role Combination Tables --
----接口和角色组合表--
frwkRoleComboTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkRoleComboEntry PIB-ACCESS install-notify STATUS current DESCRIPTION "This is an abstract PRC that may be extended or referenced to enumerate the role combinations, capability set names assigned to any interface on a PEP. The identification of the interface is to be defined by its extensions or referencing PRCs."
FrwkRoleComboEntry PIB-ACCESS的frwkRoleComboTable对象类型语法序列安装通知状态当前说明“这是一个抽象PRC,可对其进行扩展或引用,以枚举分配给PEP上任何接口的角色组合、功能集名称。接口的标识将通过其扩展或引用PRC来定义。”
::= { frwkDeviceCapClasses 2 }
::= { frwkDeviceCapClasses 2 }
frwkRoleComboEntry OBJECT-TYPE SYNTAX FrwkRoleComboEntry STATUS current DESCRIPTION "An instance of this PRC describes one association of an interface to a role-combination and capability set name . Note that an interface can have multiple associations. This constraint is controlled by the extending or referencing PRC's uniqueness clause."
frwkRoleComboEntry对象类型语法frwkRoleComboEntry STATUS current DESCRIPTION“此PRC的实例描述接口与角色组合和功能集名称的一个关联。请注意,接口可以有多个关联。此约束由扩展或引用PRC的UNIQUISITY子句控制。”
PIB-INDEX { frwkRoleComboPrid }
UNIQUENESS { }
PIB-INDEX { frwkRoleComboPrid }
UNIQUENESS { }
::= { frwkRoleComboTable 1 }
::= { frwkRoleComboTable 1 }
FrwkRoleComboEntry ::= SEQUENCE {
frwkRoleComboPrid InstanceId,
frwkRoleComboRoles RoleCombination,
frwkRoleComboCapSetName SnmpAdminString
}
FrwkRoleComboEntry ::= SEQUENCE {
frwkRoleComboPrid InstanceId,
frwkRoleComboRoles RoleCombination,
frwkRoleComboCapSetName SnmpAdminString
}
frwkRoleComboPrid OBJECT-TYPE SYNTAX InstanceId
frwkRoleComboPrid对象类型语法实例ID
STATUS current DESCRIPTION "An arbitrary integer index that uniquely identifies an instance of the class."
STATUS current DESCRIPTION“唯一标识类实例的任意整数索引。”
::= { frwkRoleComboEntry 1 }
::= { frwkRoleComboEntry 1 }
frwkRoleComboRoles OBJECT-TYPE SYNTAX RoleCombination STATUS current DESCRIPTION "The role combination assigned to a specific interface."
frwkRoleComboRoles对象类型语法角色组合状态当前描述“分配给特定接口的角色组合。”
::= { frwkRoleComboEntry 2 }
::= { frwkRoleComboEntry 2 }
frwkRoleComboCapSetName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) STATUS current DESCRIPTION "The name of the capability set associated with the Role Combination specified in frwkRoleComboRoles. If this is a zero length string it implies the PEP is not exporting any capability set information for this RoleCombination. The PDP must then use the RoleCombinations provided as the only means of assigning policies If a non-zero length string is specified, the name must exist in frwkCapabilitySetTable."
frwkRoleComboCapSetName对象类型语法SnmpAdminString(大小(0..255))状态当前说明“与frwkRoleComboRoles中指定的角色组合关联的功能集的名称。如果这是一个长度为零的字符串,则表示政治公众人物没有为此角色组合导出任何能力集信息。然后,PDP必须使用提供的角色组合作为分配策略的唯一方式。如果指定了长度非零的字符串,则名称必须存在于frwkCapabilitySetTable中。”
::= { frwkRoleComboEntry 3 }
::= { frwkRoleComboEntry 3 }
-- -- Interface, Role Combination association via IfIndex --
----接口,通过IfIndex的角色组合关联--
frwkIfRoleComboTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkIfRoleComboEntry PIB-ACCESS install-notify STATUS current DESCRIPTION "This PRC enumerates the interface to role combination and frwkRoleComboCapSetName mapping for all policy managed interfaces of a device. Policy for an interface depends not only on the capability set of an interface but also on its roles. This table specifies all the <interface index, interface capability set name, role combination> tuples currently on the device"
FrwkIfRoleComboEntry PIB-ACCESS的frwkIfRoleComboTable对象类型语法序列安装通知状态当前说明“此PRC枚举设备的所有策略管理接口的接口到角色组合和frwkRoleComboCapSetName映射。接口的策略不仅取决于接口的功能集,还取决于接口的角色。此表指定当前设备上的所有<interface index,interface capability set name,role combination>元组“
::= { frwkDeviceCapClasses 3 }
::= { frwkDeviceCapClasses 3 }
frwkIfRoleComboEntry OBJECT-TYPE SYNTAX FrwkIfRoleComboEntry STATUS current DESCRIPTION "An instance of this PRC describes the association of a interface to an capability set name and a role combination. Note that a capability set name can have multiple role combinations assigned to it, but an IfIndex can have only one role combination associated."
frwkIfRoleComboEntry对象类型语法frwkIfRoleComboEntry STATUS current DESCRIPTION“此PRC的实例描述接口与功能集名称和角色组合的关联。请注意,功能集名称可以分配多个角色组合,但IfIndex只能关联一个角色组合。”
EXTENDS { frwkRoleComboEntry }
UNIQUENESS { frwkIfRoleComboIfIndex,
frwkRoleComboCapSetName }
EXTENDS { frwkRoleComboEntry }
UNIQUENESS { frwkIfRoleComboIfIndex,
frwkRoleComboCapSetName }
::= { frwkIfRoleComboTable 1 }
::= { frwkIfRoleComboTable 1 }
FrwkIfRoleComboEntry ::= SEQUENCE {
frwkIfRoleComboIfIndex InterfaceIndex
}
FrwkIfRoleComboEntry ::= SEQUENCE {
frwkIfRoleComboIfIndex InterfaceIndex
}
frwkIfRoleComboIfIndex OBJECT-TYPE SYNTAX InterfaceIndex STATUS current DESCRIPTION "The value of this attribute is the ifIndex which is associated with the specified RoleCombination and interface capability set name."
FRWKIFCROLECOMBOIFINDEX对象类型语法接口索引状态当前描述“此属性的值是与指定的角色组合和接口功能集名称关联的ifIndex。”
::= { frwkIfRoleComboEntry 1 }
::= { frwkIfRoleComboEntry 1 }
-- -- The Classification classes group --
----分类类组--
frwkClassifierClasses
OBJECT IDENTIFIER ::= { frameworkPib 3 }
--
-- The Base Filter Table
--
frwkClassifierClasses
OBJECT IDENTIFIER ::= { frameworkPib 3 }
--
-- The Base Filter Table
--
frwkBaseFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkBaseFilterEntry PIB-ACCESS install STATUS current
FRWKBASEFILTERNTRY PIB-ACCESS安装状态当前的frwkBaseFilterTable对象类型语法序列
DESCRIPTION "The Base Filter class. A packet has to match all fields in an Filter. Wildcards may be specified for those fields that are not relevant."
DESCRIPTION“基本筛选器类。数据包必须匹配筛选器中的所有字段。可以为那些不相关的字段指定通配符。”
::= { frwkClassifierClasses 1 }
::= { frwkClassifierClasses 1 }
frwkBaseFilterEntry OBJECT-TYPE SYNTAX FrwkBaseFilterEntry STATUS current DESCRIPTION "An instance of the frwkBaseFilter class."
frwkBaseFilterEntry对象类型语法frwkBaseFilterEntry状态当前描述“frwkBaseFilter类的实例”
PIB-INDEX { frwkBaseFilterPrid }
PIB索引{fRwkbaseFilterGrid}
::= { frwkBaseFilterTable 1 }
::= { frwkBaseFilterTable 1 }
FrwkBaseFilterEntry ::= SEQUENCE {
frwkBaseFilterPrid InstanceId,
frwkBaseFilterNegation TruthValue
}
FrwkBaseFilterEntry ::= SEQUENCE {
frwkBaseFilterPrid InstanceId,
frwkBaseFilterNegation TruthValue
}
frwkBaseFilterPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index to uniquely identify this Filter among all the Filters."
FRWKBaseFilterGrid对象类型语法InstanceId STATUS current DESCRIPTION“用于在所有筛选器中唯一标识此筛选器的整数索引。”
::= { frwkBaseFilterEntry 1 }
::= { frwkBaseFilterEntry 1 }
frwkBaseFilterNegation OBJECT-TYPE SYNTAX TruthValue STATUS current DESCRIPTION "This attribute behaves like a logical NOT for the filter. If the packet matches this filter and the value of this attribute is 'true', the action associated with this filter is not applied to the packet. If the value of this attribute is 'false', then the action is applied to the packet."
FRWKBaseFilterNavigation对象类型语法TruthValue状态当前说明“此属性的行为类似于筛选器的逻辑NOT。如果数据包与此筛选器匹配且此属性的值为“true”,则与此筛选器关联的操作不会应用于数据包。如果此属性的值为“false”,则该操作将应用于数据包。“
::= { frwkBaseFilterEntry 2 }
::= { frwkBaseFilterEntry 2 }
-- -- The IP Filter Table --
----IP筛选器表--
frwkIpFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkIpFilterEntry PIB-ACCESS install STATUS current DESCRIPTION "Filter definitions. A packet has to match all fields in a filter. Wildcards may be specified for those fields that are not relevant."
frwkIpFilterTable FrwkIpFilterEntry PIB-ACCESS的对象类型语法序列安装状态当前描述“筛选器定义。数据包必须匹配筛选器中的所有字段。可以为那些不相关的字段指定通配符。”
INSTALL-ERRORS {
invalidDstL4PortData(1),
invalidSrcL4PortData(2)
}
::= { frwkClassifierClasses 2 }
INSTALL-ERRORS {
invalidDstL4PortData(1),
invalidSrcL4PortData(2)
}
::= { frwkClassifierClasses 2 }
frwkIpFilterEntry OBJECT-TYPE SYNTAX FrwkIpFilterEntry STATUS current DESCRIPTION "An instance of the frwkIpFilter class."
frwkIpFilterEntry对象类型语法frwkIpFilterEntry状态当前描述“frwkIpFilter类的实例”
EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation,
frwkIpFilterAddrType,
frwkIpFilterDstAddr,
frwkIpFilterDstPrefixLength,
frwkIpFilterSrcAddr,
frwkIpFilterSrcPrefixLength,
frwkIpFilterDscp,
frwkIpFilterFlowId,
frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax }
EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation,
frwkIpFilterAddrType,
frwkIpFilterDstAddr,
frwkIpFilterDstPrefixLength,
frwkIpFilterSrcAddr,
frwkIpFilterSrcPrefixLength,
frwkIpFilterDscp,
frwkIpFilterFlowId,
frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax }
::= { frwkIpFilterTable 1 }
::= { frwkIpFilterTable 1 }
FrwkIpFilterEntry ::= SEQUENCE {
frwkIpFilterAddrType InetAddressType,
frwkIpFilterDstAddr InetAddress,
frwkIpFilterDstPrefixLength InetAddressPrefixLength,
frwkIpFilterSrcAddr InetAddress,
frwkIpFilterSrcPrefixLength InetAddressPrefixLength,
frwkIpFilterDscp DscpOrAny,
frwkIpFilterFlowId Integer32,
frwkIpFilterProtocol Unsigned32,
frwkIpFilterDstL4PortMin InetPortNumber,
FrwkIpFilterEntry ::= SEQUENCE {
frwkIpFilterAddrType InetAddressType,
frwkIpFilterDstAddr InetAddress,
frwkIpFilterDstPrefixLength InetAddressPrefixLength,
frwkIpFilterSrcAddr InetAddress,
frwkIpFilterSrcPrefixLength InetAddressPrefixLength,
frwkIpFilterDscp DscpOrAny,
frwkIpFilterFlowId Integer32,
frwkIpFilterProtocol Unsigned32,
frwkIpFilterDstL4PortMin InetPortNumber,
frwkIpFilterDstL4PortMax InetPortNumber, frwkIpFilterSrcL4PortMin InetPortNumber, frwkIpFilterSrcL4PortMax InetPortNumber }
frwkIpFilterDstL4PortMax InetPortNumber,FRWKIPFILTERSRC4PortMin InetPortNumber,FRWKIPFILTERSRC4PortMax InetPortNumber}
frwkIpFilterAddrType OBJECT-TYPE
FRWKIPFILTERADDRYPE对象类型
SYNTAX InetAddressType STATUS current DESCRIPTION "The address type enumeration value to specify the type of the packet's IP address.
语法InetAddressType STATUS current DESCRIPTION“指定数据包IP地址类型的地址类型枚举值。
While other types of addresses are defined in the InetAddressType textual convention, an IP filter can only use IPv4 and IPv6 addresses directly to classify traffic. All other InetAddressTypes require mapping to the corresponding Ipv4 or IPv6 address before being used to classify traffic. Therefore, this object as such is not limited to IPv4 and IPv6 addresses, i.e., it can be assigned any of the valid values defined in the InetAddressType TC, but the mapping of the address values to IPv4 or IPv6 addresses for the address attributes (frwkIpFilterDstAddr and frwkIpFilterSrcAddr) must be done by the PEP. For example when dns (16) is used, the PEP must resolve the address to IPv4 or IPv6 at install time." REFERENCE "Textual Conventions for Internet Network Addresses. RFC 3291."
虽然InetAddressType文本约定中定义了其他类型的地址,但IP筛选器只能直接使用IPv4和IPv6地址对流量进行分类。所有其他inetAddressType需要映射到相应的Ipv4或IPv6地址,然后才能用于对流量进行分类。因此,该对象本身不限于IPv4和IPv6地址,即可以为其分配InetAddressType TC中定义的任何有效值,但地址属性(frwkIpFilterDstAddr和frwkIpFilterSrcAddr)的地址值到IPv4或IPv6地址的映射必须由PEP完成。例如,当使用dns(16)时,PEP必须在安装时将地址解析为IPv4或IPv6。Internet网络地址的“参考”文本约定。RFC 3291。”
::= { frwkIpFilterEntry 1 }
::= { frwkIpFilterEntry 1 }
frwkIpFilterDstAddr OBJECT-TYPE
frwkIpFilterDstAddr对象类型
SYNTAX InetAddress STATUS current DESCRIPTION "The IP address to match against the packet's destination IP address. If the address type is 'ipv4', 'ipv6', 'ipv4z' or 'ipv6z' then, the attribute frwkIpFilterDstPrefixLength indicates the number of bits that are relevant. " REFERENCE "Textual Conventions for Internet Network Addresses. RFC 3291."
语法InetAddress STATUS current DESCRIPTION“要与数据包的目标IP地址匹配的IP地址。如果地址类型为“ipv4”、“ipv6”、“ipv4z”或“ipv6z”,则属性FRWKIPFILTERDSTREFIXLENGTH表示相关的位数。“参考”Internet网络地址的文本约定。RFC 3291
::= { frwkIpFilterEntry 2 }
::= { frwkIpFilterEntry 2 }
frwkIpFilterDstPrefixLength OBJECT-TYPE SYNTAX InetAddressPrefixLength STATUS current DESCRIPTION "The length of a mask for the matching of the destination IP address. This attribute is interpreted only if the InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'. Masks are constructed by setting bits in sequence from the most-significant bit downwards for frwkIpFilterDstPrefixLength bits length. All other bits in the mask, up to the number needed to fill the length of the address frwkIpFilterDstAddr are cleared to zero. A zero bit in the mask then means that the corresponding bit in the address always matches.
FRWKIPFILTERDSPTRefixleLength对象类型语法INETAddressPrefixleLength状态当前说明“用于匹配目标IP地址的掩码的长度。仅当InetAddressType为“ipv4”、“ipv4z”、“ipv6”或“ipv6z”时,才会解释此属性。掩码是通过按FRWKIPFILTERDSTREFIXLENGTH bits length从最高有效位向下的顺序设置位来构造的。掩码中的所有其他位,直到填充地址frwkIpFilterDstAddr长度所需的数字,都被清除为零。掩码中的零位表示地址中的相应位始终匹配。
In IPv4 addresses, a length of 0 indicates a match of any address; a length of 32 indicates a match of a single host address, and a length between 0 and 32 indicates the use of a CIDR Prefix. IPv6 is similar, except that prefix lengths range from 0..128." REFERENCE "Textual Conventions for Internet Network Addresses. RFC 3291." DEFVAL { 0 }
在IPv4地址中,长度为0表示任何地址的匹配;长度为32表示单个主机地址的匹配,长度介于0和32之间表示使用CIDR前缀。IPv6与此类似,只是前缀长度范围为0..128。Internet网络地址的“参考”文本约定。RFC 3291.“定义{0}”
::= { frwkIpFilterEntry 3 }
::= { frwkIpFilterEntry 3 }
frwkIpFilterSrcAddr OBJECT-TYPE SYNTAX InetAddress STATUS current DESCRIPTION "The IP address to match against the packet's source IP address. If the address type is 'ipv4', 'ipv6', 'ipv4z' or 'ipv6z' then, the attribute frwkIpFilterSrcPrefixLength indicates the number of bits that are relevant." REFERENCE "Textual Conventions for Internet Network Addresses. RFC 3291."
frwkIpFilterSrcAddr对象类型语法InetAddress STATUS current DESCRIPTION“要与数据包的源IP地址匹配的IP地址。如果地址类型为“ipv4”、“ipv6”、“ipv4z”或“ipv6z”,则属性FRWKIPFILTERSRCPrefexLength表示相关的位数。”参考“因特网网络地址的文本约定。RFC 3291。”
::= { frwkIpFilterEntry 4 }
::= { frwkIpFilterEntry 4 }
frwkIpFilterSrcPrefixLength OBJECT-TYPE SYNTAX InetAddressPrefixLength UNITS "bits" STATUS current DESCRIPTION "The length of a mask for the matching of the source IP address. This attribute is interpreted only if the
frwkIpFilterSrcPrefixLength对象类型语法InetAddressPrefixLength单位“位”状态当前描述“用于匹配源IP地址的掩码长度。仅当
InetAddressType is 'ipv4', 'ipv4z', 'ipv6' or 'ipv6z'. Masks are constructed by setting bits in sequence from the most-significant bit downwards for frwkIpFilterSrcPrefixLength bits length. All other bits in the mask, up to the number needed to fill the length of the address frwkIpFilterSrcAddr are cleared to zero. A zero bit in the mask then means that the corresponding bit in the address always matches.
InetAddressType为“ipv4”、“ipv4z”、“ipv6”或“ipv6z”。掩码是通过按FRWKIPFILTERSRCPREFIXLENGHT bits length从最高有效位向下的顺序设置位来构造的。掩码中的所有其他位,直到填充地址frwkIpFilterSrcAddr长度所需的数字,都被清除为零。掩码中的零位表示地址中的相应位始终匹配。
In IPv4 addresses, a length of 0 indicates a match of any address; a length of 32 indicates a match of a single host address, and a length between 0 and 32 indicates the use of a CIDR Prefix. IPv6 is similar, except that prefix lengths range from 0..128." REFERENCE "Textual Conventions for Internet Network Addresses. RFC 3291." DEFVAL { 0 }
在IPv4地址中,长度为0表示任何地址的匹配;长度为32表示单个主机地址的匹配,长度介于0和32之间表示使用CIDR前缀。IPv6与此类似,只是前缀长度范围为0..128。Internet网络地址的“参考”文本约定。RFC 3291.“定义{0}”
::= { frwkIpFilterEntry 5 }
::= { frwkIpFilterEntry 5 }
frwkIpFilterDscp OBJECT-TYPE SYNTAX DscpOrAny STATUS current DESCRIPTION "The value that the DSCP in the packet can have and match this filter. A value of -1 indicates that a specific DSCP value has not been defined and thus all DSCP values are considered a match." REFERENCE "Management Information Base for the Differentiated Services Architecture. RFC 3289." DEFVAL { -1 }
frwkIpFilterDscp OBJECT-TYPE SYNTAX DscpOrAny STATUS current DESCRIPTION "The value that the DSCP in the packet can have and match this filter. A value of -1 indicates that a specific DSCP value has not been defined and thus all DSCP values are considered a match." REFERENCE "Management Information Base for the Differentiated Services Architecture. RFC 3289." DEFVAL { -1 }translate error, please retry
::= { frwkIpFilterEntry 6 }
::= { frwkIpFilterEntry 6 }
frwkIpFilterFlowId OBJECT-TYPE SYNTAX Integer32 (-1 | 0..1048575) STATUS current DESCRIPTION "The flow label or flow identifier in an IPv6 header that may be used to discriminate traffic flows. The value of -1 for this attribute MUST imply that any flow label value in the IPv6 header will match, resulting in the flow label field of the IPv6 header being ignored for matching this filter entry."
frwkIpFilterFlowId对象类型语法整数32(-1 | 0..1048575)状态当前说明“IPv6标头中的流标签或流标识符,可用于区分流量。此属性的值-1必须表示IPv6标头中的任何流标签值都将匹配,从而导致IPv6标头的流标签字段被忽略以匹配此筛选器条目。”
::= { frwkIpFilterEntry 7 }
::= { frwkIpFilterEntry 7 }
frwkIpFilterProtocol OBJECT-TYPE SYNTAX Unsigned32 (0..255) STATUS current DESCRIPTION "The layer-4 protocol Id to match against the IPv4 protocol number or the IPv6 Next-Header number in the packet. A value of 255 means match all. Note the protocol number of 255 is reserved by IANA, and Next-Header number of 0 is used in IPv6." DEFVAL { 255 }
frwkIpFilterProtocol对象类型语法Unsigned32(0..255)状态当前描述“要与数据包中的IPv4协议号或IPv6下一个标头号匹配的第4层协议Id。值255表示全部匹配。请注意,协议号255由IANA保留,下一个标头号0在IPv6中使用。“DEFVAL{255}”
::= { frwkIpFilterEntry 8 }
::= { frwkIpFilterEntry 8 }
frwkIpFilterDstL4PortMin OBJECT-TYPE SYNTAX InetPortNumber STATUS current DESCRIPTION "The minimum value that the packet's layer 4 destination port number can have and match this filter. This value must be equal to or lesser that the value specified for this filter in frwkIpFilterDstL4PortMax.
frwkIpFilterDstL4PortMin对象类型语法INETPORTNERM STATUS current DESCRIPTION“数据包的第4层目标端口号可以具有并与此筛选器匹配的最小值。此值必须等于或小于在frwkIpFilterDstL4PortMax中为此筛选器指定的值。
COPS-PR error code 'attrValueInvalid' must be returned if the frwkIpFilterSrcL4PortMin is greater than frwkIpFilterSrcL4PortMax" REFERENCE "COPS Usage for Policy Provisioning. RFC 3084, error codes section 4.5." DEFVAL { 0 }
如果FRWKIPFILTERSRC4PORTMIN大于FRWKIPFILTERSRC4PORTMAX用于策略设置的COPS“参考”,则必须返回COPS-PR错误代码“attrValueInvalid”。RFC 3084,错误代码第4.5节,“定义值{0}”
::= { frwkIpFilterEntry 9 }
::= { frwkIpFilterEntry 9 }
frwkIpFilterDstL4PortMax OBJECT-TYPE SYNTAX InetPortNumber STATUS current DESCRIPTION "The maximum value that the packet's layer 4 destination port number can have and match this filter. This value must be equal to or greater that the value specified for this filter in frwkIpFilterDstL4PortMin.
frwkIpFilterDstL4PortMax对象类型语法InetPortNumber状态当前描述“数据包的第4层目标端口号可以具有并与此筛选器匹配的最大值。此值必须等于或大于在frwkIpFilterDstL4PortMin中为此筛选器指定的值。
COPS-PR error code 'attrValueInvalid' must be returned if the frwkIpFilterDstL4PortMax is less than frwkIpFilterDstL4PortMin" REFERENCE "COPS Usage for Policy Provisioning. RFC 3084, error codes section 4.5."
如果frwkIpFilterDstL4PortMax小于frwkIpFilterDstL4PortMin“参考”策略设置的COPS用法,则必须返回COPS-PR错误代码“attrValueInvalid”。RFC 3084,错误代码第4.5节。”
DEFVAL { 65535 }
DEFVAL{65535}
::= { frwkIpFilterEntry 10 }
::= { frwkIpFilterEntry 10 }
frwkIpFilterSrcL4PortMin OBJECT-TYPE SYNTAX InetPortNumber STATUS current DESCRIPTION "The minimum value that the packet's layer 4 source port number can have and match this filter. This value must be equal to or lesser that the value specified for this filter in frwkIpFilterSrcL4PortMax.
frwkIpFilterSrcL4PortMin对象类型语法InetPortNumber状态当前描述“数据包的第4层源端口号可以具有并与此筛选器匹配的最小值。此值必须等于或小于在frwkIpFilterSrcL4PortMax中为此筛选器指定的值。
COPS-PR error code 'attrValueInvalid' must be returned if the frwkIpFilterSrcL4PortMin is greated than frwkIpFilterSrcL4PortMax" REFERENCE "COPS Usage for Policy Provisioning. RFC 3084, error codes section 4.5." DEFVAL { 0 }
如果FRWKIPFILTERSRC4PORTMIN大于FRWKIPFILTERSRC4PORTMAX“引用”策略设置的COPS用法,则必须返回COPS-PR错误代码“attrValueInvalid”。RFC 3084,错误代码第4.5节,“定义值{0}”
::= { frwkIpFilterEntry 11 }
::= { frwkIpFilterEntry 11 }
frwkIpFilterSrcL4PortMax OBJECT-TYPE SYNTAX InetPortNumber STATUS current DESCRIPTION "The maximum value that the packet's layer 4 source port number can have and match this filter. This value must be equal to or greater that the value specified for this filter in frwkIpFilterSrcL4PortMin.
FRWKIPFILTERSRC4PORTMAX对象类型语法InetPortNumber状态当前描述“数据包的第4层源端口号可以具有并与此筛选器匹配的最大值。此值必须等于或大于在FRWKIPFILTERSRC4PORTMIN中为此筛选器指定的值。
COPS-PR error code 'attrValueInvalid' must be returned if the frwkIpFilterSrcL4PortMax is less than frwkIpFilterSrcL4PortMin" REFERENCE "COPS Usage for Policy Provisioning. RFC error codes section 4.5." DEFVAL { 65535 }
如果FRWKIPFILTERSRC4PORTMAX小于FRWKIPFILTERSRC4PORTMIN“参考”策略设置的COPS用法,则必须返回COPS-PR错误代码“attrValueInvalid”。RFC错误代码第4.5节“deffal{65535}”
::= { frwkIpFilterEntry 12 }
::= { frwkIpFilterEntry 12 }
-- -- The IEEE 802 Filter Table --
----IEEE 802过滤器表--
frwk802FilterTable OBJECT-TYPE SYNTAX SEQUENCE OF Frwk802FilterEntry
Frwk802FilterEntry的frwk802FilterTable对象类型语法序列
PIB-ACCESS install
STATUS current
DESCRIPTION
"IEEE 802-based filter definitions. A class that contains
attributes of IEEE 802 (e.g., 802.3) traffic that form
filters that are used to perform traffic classification."
REFERENCE
"IEEE Standards for Local and Metropolitan Area Networks.
Overview and Architecture, ANSI/IEEE Std 802, 1990."
::= { frwkClassifierClasses 3 }
PIB-ACCESS install
STATUS current
DESCRIPTION
"IEEE 802-based filter definitions. A class that contains
attributes of IEEE 802 (e.g., 802.3) traffic that form
filters that are used to perform traffic classification."
REFERENCE
"IEEE Standards for Local and Metropolitan Area Networks.
Overview and Architecture, ANSI/IEEE Std 802, 1990."
::= { frwkClassifierClasses 3 }
frwk802FilterEntry OBJECT-TYPE SYNTAX Frwk802FilterEntry STATUS current DESCRIPTION "IEEE 802-based filter definitions. An entry specifies (potentially) several distinct matching components. Each component is tested against the data in a frame individually. An overall match occurs when all of the individual components match the data they are compared against in the frame being processed. A failure of any one test causes the overall match to fail.
frwk802FilterEntry对象类型语法frwk802FilterEntry状态当前描述“基于IEEE 802的筛选器定义。条目指定(可能)多个不同的匹配组件。每个组件分别根据一个帧中的数据进行测试。当所有单个组件都与正在处理的帧中的数据相匹配时,就会发生整体匹配。任何一个测试失败都会导致整体匹配失败。
Wildcards may be specified for those fields that are not relevant."
可以为那些不相关的字段指定通配符。”
EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation,
frwk802FilterDstAddr,
frwk802FilterDstAddrMask,
frwk802FilterSrcAddr,
frwk802FilterSrcAddrMask,
frwk802FilterVlanId,
frwk802FilterVlanTagRequired,
frwk802FilterEtherType,
frwk802FilterUserPriority }
EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation,
frwk802FilterDstAddr,
frwk802FilterDstAddrMask,
frwk802FilterSrcAddr,
frwk802FilterSrcAddrMask,
frwk802FilterVlanId,
frwk802FilterVlanTagRequired,
frwk802FilterEtherType,
frwk802FilterUserPriority }
::= { frwk802FilterTable 1 }
::= { frwk802FilterTable 1 }
Frwk802FilterEntry ::= SEQUENCE {
frwk802FilterDstAddr PhysAddress,
frwk802FilterDstAddrMask PhysAddress,
frwk802FilterSrcAddr PhysAddress,
frwk802FilterSrcAddrMask PhysAddress,
frwk802FilterVlanId Integer32,
frwk802FilterVlanTagRequired INTEGER,
frwk802FilterEtherType Integer32,
frwk802FilterUserPriority BITS
Frwk802FilterEntry ::= SEQUENCE {
frwk802FilterDstAddr PhysAddress,
frwk802FilterDstAddrMask PhysAddress,
frwk802FilterSrcAddr PhysAddress,
frwk802FilterSrcAddrMask PhysAddress,
frwk802FilterVlanId Integer32,
frwk802FilterVlanTagRequired INTEGER,
frwk802FilterEtherType Integer32,
frwk802FilterUserPriority BITS
}
}
frwk802FilterDstAddr OBJECT-TYPE SYNTAX PhysAddress STATUS current DESCRIPTION "The 802 address against which the 802 DA of incoming traffic streams will be compared. Frames whose 802 DA matches the physical address specified by this object, taking into account address wildcarding as specified by the frwk802FilterDstAddrMask object, are potentially subject to the processing guidelines that are associated with this entry through the related action class." REFERENCE "Textual Conventions for SMIv2, RFC 2579."
frwk802FilterDstAddr对象类型语法PHYSADRESS状态当前说明“将与传入流量流的802 DA进行比较的802地址。802 DA与此对象指定的物理地址相匹配的帧,考虑到FRWK802FilterdStatAddressMask对象指定的地址通配符,可能受通过相关操作类与此项关联的处理准则的约束。“参考”SMIv2的文本约定,RFC 2579
::= { frwk802FilterEntry 1 }
::= { frwk802FilterEntry 1 }
frwk802FilterDstAddrMask OBJECT-TYPE SYNTAX PhysAddress STATUS current DESCRIPTION "This object specifies the bits in a 802 destination address that should be considered when performing a 802 DA comparison against the address specified in the frwk802FilterDstAddr object.
frwk802FilterDstAddrMask对象类型语法PHYSADRESS STATUS current DESCRIPTION“此对象指定在与frwk802FilterDstAddr对象中指定的地址进行802 DA比较时应考虑的802目标地址中的位。
The value of this object represents a mask that is logically and'ed with the 802 DA in received frames to derive the value to be compared against the frwk802FilterDstAddr address. A zero bit in the mask thus means that the corresponding bit in the address always matches. The frwk802FilterDstAddr value must also be masked using this value prior to any comparisons.
此对象的值表示一个掩码,该掩码与接收帧中的802 DA逻辑地进行and运算,以导出要与frwk802FilterDstAddr地址进行比较的值。因此,掩码中的零位意味着地址中的相应位始终匹配。在进行任何比较之前,还必须使用此值屏蔽frwk802FilterDstAddr值。
The length of this object in octets must equal the length in octets of the frwk802FilterDstAddr. Note that a mask with no bits set (i.e., all zeroes) effectively wildcards the frwk802FilterDstAddr object."
此对象的长度(以八位字节为单位)必须等于frwk802FilterDstAddr的长度(以八位字节为单位)。请注意,未设置位(即全零)的掩码有效地通配符frwk802FilterDstAddr对象。”
::= { frwk802FilterEntry 2 }
::= { frwk802FilterEntry 2 }
frwk802FilterSrcAddr OBJECT-TYPE SYNTAX PhysAddress STATUS current DESCRIPTION "The 802 MAC address against which the 802 MAC SA of incoming traffic streams will be compared. Frames whose 802
frwk802FilterSrcAddr对象类型语法PhysAddress STATUS current DESCRIPTION“将与传入流量流的802 MAC SA进行比较的802 MAC地址。其802
MAC SA matches the physical address specified by this object, taking into account address wildcarding as specified by the frwk802FilterSrcAddrMask object, are potentially subject to the processing guidelines that are associated with this entry through the related action class."
MAC SA匹配此对象指定的物理地址,考虑到FRWK802FiltersRCAddressMask对象指定的地址通配符,可能受通过相关操作类与此项关联的处理准则的约束。”
::= { frwk802FilterEntry 3 }
::= { frwk802FilterEntry 3 }
frwk802FilterSrcAddrMask OBJECT-TYPE SYNTAX PhysAddress STATUS current DESCRIPTION "This object specifies the bits in a 802 MAC source address that should be considered when performing a 802 MAC SA comparison against the address specified in the frwk802FilterSrcAddr object.
FRWK802FiltersRCAddressMask对象类型语法PhysAddress STATUS current DESCRIPTION“此对象指定在与FRWK802FiltersRCAddress对象中指定的地址执行802 MAC SA比较时应考虑的802 MAC源地址中的位。
The value of this object represents a mask that is logically and'ed with the 802 MAC SA in received frames to derive the value to be compared against the frwk802FilterSrcAddr address. A zero bit in the mask thus means that the corresponding bit in the address always matches. The frwk802FilterSrcAddr value must also be masked using this value prior to any comparisons.
此对象的值表示一个掩码,该掩码在接收帧中与802 MAC SA进行逻辑运算,以导出要与frwk802FilterSrcAddr地址进行比较的值。因此,掩码中的零位意味着地址中的相应位始终匹配。在进行任何比较之前,还必须使用此值屏蔽frwk802FilterSrcAddr值。
The length of this object in octets must equal the length in octets of the frwk802FilterSrcAddr. Note that a mask with no bits set (i.e., all zeroes) effectively wildcards the frwk802FilterSrcAddr object."
此对象的长度(以八位字节为单位)必须等于frwk802FilterSrcAddr的长度(以八位字节为单位)。请注意,未设置位(即全零)的掩码有效地通配符frwk802FilterSrcAddr对象。”
::= { frwk802FilterEntry 4 }
::= { frwk802FilterEntry 4 }
frwk802FilterVlanId OBJECT-TYPE SYNTAX Integer32 (-1 | 1..4094) STATUS current DESCRIPTION "The VLAN ID (VID) that uniquely identifies a VLAN within the device. This VLAN may be known or unknown (i.e., traffic associated with this VID has not yet been seen by the device) at the time this entry is instantiated.
FRWK802FilterPlanId对象类型语法Integer32(-1 | 1..4094)STATUS current DESCRIPTION“唯一标识设备内VLAN的VLAN ID(VID)。在实例化此条目时,此VLAN可能已知或未知(即,设备尚未看到与此VID相关的流量)。
Setting the frwk802FilterVlanId object to -1 indicates that VLAN data should not be considered during traffic classification."
将FRWK802FilterPlanId对象设置为-1表示在流量分类期间不应考虑VLAN数据。”
::= { frwk802FilterEntry 5 }
::= { frwk802FilterEntry 5 }
frwk802FilterVlanTagRequired OBJECT-TYPE
SYNTAX INTEGER {
taggedOnly(1),
priorityTaggedPlus(2),
untaggedOnly(3),
ignoreTag(4)
}
STATUS current
DESCRIPTION
"This object indicates whether the presence of an
IEEE 802.1Q VLAN tag in data link layer frames must
be considered when determining if a given frame
matches this 802 filter entry.
frwk802FilterVlanTagRequired OBJECT-TYPE
SYNTAX INTEGER {
taggedOnly(1),
priorityTaggedPlus(2),
untaggedOnly(3),
ignoreTag(4)
}
STATUS current
DESCRIPTION
"This object indicates whether the presence of an
IEEE 802.1Q VLAN tag in data link layer frames must
be considered when determining if a given frame
matches this 802 filter entry.
A value of 'taggedOnly(1)' means that only frames containing a VLAN tag with a non-Null VID (i.e., a VID in the range 1..4094) will be considered a match.
“taggedOnly(1)”的值意味着只有包含具有非空VID(即,范围为1..4094的VID)的VLAN标记的帧才会被视为匹配。
A value of 'priorityTaggedPlus(2)' means that only frames containing a VLAN tag, regardless of the value of the VID, will be considered a match.
“priorityTaggedPlus(2)”的值意味着,无论VID的值如何,只有包含VLAN标记的帧才会被视为匹配。
A value of 'untaggedOnly(3)' indicates that only untagged frames will match this filter component.
值“UntagedOnly(3)”表示只有未标记的帧将匹配此筛选器组件。
The presence of a VLAN tag is not taken into consideration in terms of a match if the value is 'ignoreTag(4)'."
如果值为“ignoreTag(4)”,则在匹配方面不考虑VLAN标记的存在。”
::= { frwk802FilterEntry 6 }
::= { frwk802FilterEntry 6 }
frwk802FilterEtherType OBJECT-TYPE SYNTAX Integer32 (-1 | 0..'ffff'h) STATUS current DESCRIPTION "This object specifies the value that will be compared against the value contained in the EtherType field of an IEEE 802 frame. Example settings would include 'IP' (0x0800), 'ARP' (0x0806) and 'IPX' (0x8137).
frwk802FilterEtherType对象类型语法整数32(-1 | 0..'ffff'h)状态当前描述“此对象指定将与IEEE 802帧的EtherType字段中包含的值进行比较的值。示例设置包括'IP'(0x0800)、'ARP'(0x0806)和'IPX'(0x8137)。
Setting the frwk802FilterEtherTypeMin object to -1 indicates that EtherType data should not be considered during traffic classification.
将frwk802FilterEtherTypeMin对象设置为-1表示在流量分类期间不应考虑EtherType数据。
Note that the position of the EtherType field depends on the underlying frame format. For Ethernet-II encapsulation, the EtherType field follows the 802 MAC source address. For 802.2 LLC/SNAP encapsulation, the EtherType value follows
请注意,EtherType字段的位置取决于基础帧格式。对于Ethernet II封装,EtherType字段位于802 MAC源地址之后。对于802.2 LLC/SNAP封装,EtherType值如下
the Organization Code field in the 802.2 SNAP header. The value that is tested with regard to this filter component therefore depends on the data link layer frame format being used. If this 802 filter component is active when there is no EtherType field in a frame (e.g., 802.2 LLC), a match is implied."
802.2快照标头中的组织代码字段。因此,针对该过滤器组件测试的值取决于所使用的数据链路层帧格式。如果在帧(例如802.2 LLC)中没有EtherType字段时此802筛选器组件处于活动状态,则表示匹配。”
::= { frwk802FilterEntry 7 }
::= { frwk802FilterEntry 7 }
frwk802FilterUserPriority OBJECT-TYPE
SYNTAX BITS {
matchPriority0(0),
matchPriority1(1),
matchPriority2(2),
matchPriority3(3),
matchPriority4(4),
matchPriority5(5),
matchPriority6(6),
matchPriority7(7)
}
STATUS current
DESCRIPTION
"The set of values, representing the potential range
of user priority values, against which the value contained
in the user priority field of a tagged 802.1 frame is
compared. A test for equality is performed when determining
if a match exists between the data in a data link layer
frame and the value of this 802 filter component. Multiple
values may be set at one time such that potentially several
different user priority values may match this 802 filter
component.
frwk802FilterUserPriority OBJECT-TYPE
SYNTAX BITS {
matchPriority0(0),
matchPriority1(1),
matchPriority2(2),
matchPriority3(3),
matchPriority4(4),
matchPriority5(5),
matchPriority6(6),
matchPriority7(7)
}
STATUS current
DESCRIPTION
"The set of values, representing the potential range
of user priority values, against which the value contained
in the user priority field of a tagged 802.1 frame is
compared. A test for equality is performed when determining
if a match exists between the data in a data link layer
frame and the value of this 802 filter component. Multiple
values may be set at one time such that potentially several
different user priority values may match this 802 filter
component.
Setting all of the bits that are associated with this object causes all user priority values to match this attribute. This essentially makes any comparisons with regard to user priority values unnecessary. Untagged frames are treated as an implicit match."
设置与此对象关联的所有位会导致所有用户优先级值与此属性匹配。这基本上不需要对用户优先级值进行任何比较。未标记的帧被视为隐式匹配。”
::= { frwk802FilterEntry 8 }
::= { frwk802FilterEntry 8 }
-- -- The Internal label filter extension --
----内部标签过滤器扩展--
frwkILabelFilterTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkILabelFilterEntry PIB-ACCESS install STATUS current
frwkILabelFilterTable对象类型语法序列FrwkILabelFilterEntry PIB-ACCESS安装状态当前
DESCRIPTION "Internal label filter Table. This PRC is used to achieve classification based on the internal flow label set by the PEP possibly after ingress classification to avoid re-classification at the egress interface on the same PEP."
描述“内部标签过滤表。该PRC用于根据PEP设置的内部流量标签实现分类,可能在进入分类后,以避免在同一PEP上的出口接口处重新分类。”
::= { frwkClassifierClasses 4 }
::= { frwkClassifierClasses 4 }
frwkILabelFilterEntry OBJECT-TYPE SYNTAX FrwkILabelFilterEntry STATUS current DESCRIPTION "Internal label filter entry definition."
frwkILabelFilterEntry对象类型语法frwkILabelFilterEntry状态当前描述“内部标签筛选器条目定义”
EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation,
frwkILabelFilterILabel }
EXTENDS { frwkBaseFilterEntry }
UNIQUENESS { frwkBaseFilterNegation,
frwkILabelFilterILabel }
::= { frwkILabelFilterTable 1 }
::= { frwkILabelFilterTable 1 }
FrwkILabelFilterEntry ::= SEQUENCE {
frwkILabelFilterILabel OCTET STRING
}
FrwkILabelFilterEntry ::= SEQUENCE {
frwkILabelFilterILabel OCTET STRING
}
frwkILabelFilterILabel OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"The Label that this flow uses for differentiating traffic
flows. The flow labeling is meant for network device
internal usage. A value of zero length string matches all
internal labels."
::= { frwkILabelFilterEntry 1 }
frwkILabelFilterILabel OBJECT-TYPE
SYNTAX OCTET STRING
STATUS current
DESCRIPTION
"The Label that this flow uses for differentiating traffic
flows. The flow labeling is meant for network device
internal usage. A value of zero length string matches all
internal labels."
::= { frwkILabelFilterEntry 1 }
-- -- The Marker classes group --
----标记类组--
frwkMarkerClasses
OBJECT IDENTIFIER ::= { frameworkPib 4 }
--
-- The 802 Marker Table
--
frwkMarkerClasses
OBJECT IDENTIFIER ::= { frameworkPib 4 }
--
-- The 802 Marker Table
--
frwk802MarkerTable OBJECT-TYPE SYNTAX SEQUENCE OF Frwk802MarkerEntry PIB-ACCESS install STATUS current
Frwk802MarkerEntry PIB-ACCESS安装状态当前的frwk802MarkerTable对象类型语法序列
DESCRIPTION "The 802 Marker class. An 802 packet can be marked with the specified VLAN id, priority level."
DESCRIPTION“802标记类。802数据包可以用指定的VLAN id、优先级进行标记。”
::= { frwkMarkerClasses 1 }
::= { frwkMarkerClasses 1 }
frwk802MarkerEntry OBJECT-TYPE SYNTAX Frwk802MarkerEntry STATUS current DESCRIPTION "frwk802Marker entry definition."
frwk802MarkerEntry对象类型语法frwk802MarkerEntry状态当前描述“frwk802Marker条目定义”
PIB-INDEX { frwk802MarkerPrid }
UNIQUENESS { frwk802MarkerVlanId,
frwk802MarkerPriority }
PIB-INDEX { frwk802MarkerPrid }
UNIQUENESS { frwk802MarkerVlanId,
frwk802MarkerPriority }
::= { frwk802MarkerTable 1 }
::= { frwk802MarkerTable 1 }
Frwk802MarkerEntry::= SEQUENCE {
frwk802MarkerPrid InstanceId,
frwk802MarkerVlanId Unsigned32,
frwk802MarkerPriority Unsigned32
}
Frwk802MarkerEntry::= SEQUENCE {
frwk802MarkerPrid InstanceId,
frwk802MarkerVlanId Unsigned32,
frwk802MarkerPriority Unsigned32
}
frwk802MarkerPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index to uniquely identify this 802 Marker."
FRWK802MarkerGrid对象类型语法InstanceId状态当前描述“唯一标识此802标记的整数索引。”
::= { frwk802MarkerEntry 1 }
::= { frwk802MarkerEntry 1 }
frwk802MarkerVlanId OBJECT-TYPE SYNTAX Unsigned32 (1..4094) STATUS current DESCRIPTION "The VLAN ID (VID) that uniquely identifies a VLAN within the device."
FRWK802MarkerPlanId对象类型语法Unsigned32(1..4094)状态当前描述“唯一标识设备内VLAN的VLAN ID(VID)”
::= { frwk802MarkerEntry 2 }
::= { frwk802MarkerEntry 2 }
frwk802MarkerPriority OBJECT-TYPE SYNTAX Unsigned32 (0..7) STATUS current DESCRIPTION "The user priority field of a tagged 802.1 frame."
frwk802MarkerPriority对象类型语法Unsigned32(0..7)状态当前描述“已标记802.1帧的用户优先级字段。”
::= { frwk802MarkerEntry 3 }
::= { frwk802MarkerEntry 3 }
-- -- The Internal Label Marker Table --
----内部标签标记表--
frwkILabelMarkerTable OBJECT-TYPE SYNTAX SEQUENCE OF FrwkILabelMarkerEntry PIB-ACCESS install STATUS current DESCRIPTION "The Internal Label Marker class. A flow in a PEP can be marked with an internal label using this PRC."
FRWKILABELMARKERTY PIB-ACCESS的FRWKILABELMARKERTY对象类型语法序列安装状态当前描述“内部标签标记类。PEP中的流可以使用此PRC用内部标签标记。”
::= { frwkMarkerClasses 2 }
::= { frwkMarkerClasses 2 }
frwkILabelMarkerEntry OBJECT-TYPE SYNTAX FrwkILabelMarkerEntry STATUS current DESCRIPTION "frwkILabelkMarker entry definition."
frwkILabelMarkerEntry对象类型语法frwkILabelMarkerEntry状态当前描述“FRWKILabelMarker条目定义”
PIB-INDEX { frwkILabelMarkerPrid }
UNIQUENESS { frwkILabelMarkerILabel }
PIB-INDEX { frwkILabelMarkerPrid }
UNIQUENESS { frwkILabelMarkerILabel }
::= { frwkILabelMarkerTable 1 }
::= { frwkILabelMarkerTable 1 }
FrwkILabelMarkerEntry::= SEQUENCE {
frwkILabelMarkerPrid InstanceId,
frwkILabelMarkerILabel OCTET STRING
}
FrwkILabelMarkerEntry::= SEQUENCE {
frwkILabelMarkerPrid InstanceId,
frwkILabelMarkerILabel OCTET STRING
}
frwkILabelMarkerPrid OBJECT-TYPE SYNTAX InstanceId STATUS current DESCRIPTION "An integer index to uniquely identify this Label Marker."
frwkILabelMarkerPrid对象类型语法InstanceId状态当前描述“唯一标识此标签标记的整数索引。”
::= { frwkILabelMarkerEntry 1 }
::= { frwkILabelMarkerEntry 1 }
frwkILabelMarkerILabel OBJECT-TYPE SYNTAX OCTET STRING STATUS current DESCRIPTION "This internal label is implementation specific and may be used for other policy related functions like flow accounting purposes and/or other data path treatments."
frwkILabelMarkerILabel对象类型语法八位字符串状态当前描述“此内部标签特定于实现,可用于其他策略相关功能,如流量记帐目的和/或其他数据路径处理。”
::= { frwkILabelMarkerEntry 2 }
::= { frwkILabelMarkerEntry 2 }
-- -- Conformance Section --
----合规部分--
frwkBasePibConformance
OBJECT IDENTIFIER ::= { frameworkPib 5 }
frwkBasePibConformance
OBJECT IDENTIFIER ::= { frameworkPib 5 }
frwkBasePibCompliances
OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 }
frwkBasePibCompliances
OBJECT IDENTIFIER ::= { frwkBasePibConformance 1 }
frwkBasePibGroups
OBJECT IDENTIFIER ::= { frwkBasePibConformance 2 }
frwkBasePibGroups
OBJECT IDENTIFIER ::= { frwkBasePibConformance 2 }
frwkBasePibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Describes the requirements for conformance to the Framework PIB."
frwkBasePibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION“描述了符合框架PIB的要求。”
MODULE -- this module MANDATORY-GROUPS { frwkPrcSupportGroup, frwkPibIncarnationGroup, frwkDeviceIdGroup, frwkCompLimitsGroup, frwkCapabilitySetGroup, frwkRoleComboGroup, frwkIfRoleComboGroup }
模块--此模块为必填组{frwkPrcSupportGroup,frwkpibincarationgroup,frwkDeviceIdGroup,frwkCompLimitsGroup,frwkCapabilitySetGroup,frwkRoleComboGroup,frwkIfRoleComboGroup}
OBJECT frwkPibIncarnationLongevity PIB-MIN-ACCESS notify DESCRIPTION "Install support is required if policy expiration is to be supported."
对象FRWKPIBINCARNATIONPIB-MIN-ACCESS通知说明“如果要支持策略过期,则需要安装支持。”
OBJECT frwkPibIncarnationTtl PIB-MIN-ACCESS notify DESCRIPTION "Install support is required if policy expiration is to be supported."
对象FRWKPIBINCARTONTTL PIB-MIN-ACCESS通知说明“如果要支持策略过期,则需要安装支持。”
OBJECT frwkPibIncarnationInCtxtSet PIB-MIN-ACCESS notify DESCRIPTION "Install support is required if configuration contexts and outsourcing contexts are both to be supported."
对象FRWKPIBINCANATIONNCTXTSET PIB-MIN-ACCESS notify DESCRIPTION“如果配置上下文和外包上下文都受支持,则需要安装支持。”
OBJECT frwkPibIncarnationFullState
对象fRwkPiBinCarationFullState
PIB-MIN-ACCESS notify DESCRIPTION "Install support is required if incremental updates to request states is to be supported."
PIB-MIN-ACCESS notify DESCRIPTION“如果要支持对请求状态的增量更新,则需要安装支持。”
GROUP frwkReferenceGroup DESCRIPTION "The frwkReferenceGroup is mandatory if referencing across PIB contexts for specific client-types is to be supported."
组frwkReferenceGroup DESCRIPTION“如果要支持跨PIB上下文引用特定客户端类型,则必须使用frwkReferenceGroup。”
GROUP frwkErrorGroup DESCRIPTION "The frwkErrorGroup is mandatory sending errors in decisions is to be supported."
组frwkErrorGroup DESCRIPTION“frwkErrorGroup是强制性的,发送决策中的错误是受支持的。”
GROUP frwkBaseFilterGroup DESCRIPTION "The frwkBaseFilterGroup is mandatory if filtering based on traffic components is to be supported."
组frwkBaseFilterGroup DESCRIPTION“如果要支持基于流量组件的过滤,则必须使用frwkBaseFilterGroup。”
GROUP frwkIpFilterGroup DESCRIPTION "The frwkIpFilterGroup is mandatory if filtering based on IP traffic components is to be supported."
组frwkIpFilterGroup DESCRIPTION“如果要支持基于IP流量组件的过滤,则必须使用frwkIpFilterGroup。”
GROUP frwk802FilterGroup DESCRIPTION "The frwk802FilterGroup is mandatory if filtering based on 802 traffic criteria is to be supported."
组frwk802FilterGroup DESCRIPTION“如果要支持基于802流量标准的过滤,则必须使用frwk802FilterGroup。”
GROUP frwkILabelFilterGroup DESCRIPTION "The frwkILabelFilterGroup is mandatory if filtering based on PEP internal label is to be supported."
组frwkILabelFilterGroup DESCRIPTION“如果要支持基于PEP内部标签的过滤,则必须使用frwkILabelFilterGroup。”
GROUP frwk802MarkerGroup DESCRIPTION "The frwk802MarkerGroup is mandatory if marking a packet with 802 traffic criteria is to be supported."
组frwk802MarkerGroup DESCRIPTION“如果要支持使用802流量标准标记数据包,则必须使用frwk802MarkerGroup。”
GROUP frwkILabelMarkerGroup DESCRIPTION "The frwkILabelMarkerGroup is mandatory if marking a flow with internal labels is to be supported."
组frwkILabelMarkerGroup DESCRIPTION“如果要支持使用内部标签标记流,则必须使用frwkILabelMarkerGroup。”
::= { frwkBasePibCompliances 1 }
::= { frwkBasePibCompliances 1 }
frwkPrcSupportGroup OBJECT-GROUP
OBJECTS {
frwkPrcSupportPrid,
frwkPrcSupportSupportedPrc,
frwkPrcSupportSupportedAttrs }
STATUS current
DESCRIPTION
"Objects from the frwkPrcSupportTable."
frwkPrcSupportGroup OBJECT-GROUP
OBJECTS {
frwkPrcSupportPrid,
frwkPrcSupportSupportedPrc,
frwkPrcSupportSupportedAttrs }
STATUS current
DESCRIPTION
"Objects from the frwkPrcSupportTable."
::= { frwkBasePibGroups 1 }
::= { frwkBasePibGroups 1 }
frwkPibIncarnationGroup OBJECT-GROUP
OBJECTS {
frwkPibIncarnationPrid,
frwkPibIncarnationName,
frwkPibIncarnationId,
frwkPibIncarnationLongevity,
frwkPibIncarnationTtl,
frwkPibIncarnationInCtxtSet,
frwkPibIncarnationActive,
frwkPibIncarnationFullState
}
STATUS current
DESCRIPTION
"Objects from the frwkDevicePibIncarnationTable."
frwkPibIncarnationGroup OBJECT-GROUP
OBJECTS {
frwkPibIncarnationPrid,
frwkPibIncarnationName,
frwkPibIncarnationId,
frwkPibIncarnationLongevity,
frwkPibIncarnationTtl,
frwkPibIncarnationInCtxtSet,
frwkPibIncarnationActive,
frwkPibIncarnationFullState
}
STATUS current
DESCRIPTION
"Objects from the frwkDevicePibIncarnationTable."
::= { frwkBasePibGroups 2 }
::= { frwkBasePibGroups 2 }
frwkDeviceIdGroup OBJECT-GROUP
OBJECTS {
frwkDeviceIdPrid,
frwkDeviceIdDescr,
frwkDeviceIdMaxMsg,
frwkDeviceIdMaxContexts }
STATUS current
DESCRIPTION
"Objects from the frwkDeviceIdTable."
frwkDeviceIdGroup OBJECT-GROUP
OBJECTS {
frwkDeviceIdPrid,
frwkDeviceIdDescr,
frwkDeviceIdMaxMsg,
frwkDeviceIdMaxContexts }
STATUS current
DESCRIPTION
"Objects from the frwkDeviceIdTable."
::= { frwkBasePibGroups 3 }
::= { frwkBasePibGroups 3 }
frwkCompLimitsGroup OBJECT-GROUP OBJECTS { frwkCompLimitsPrid, frwkCompLimitsComponent, frwkCompLimitsAttrPos, frwkCompLimitsNegation, frwkCompLimitsType, frwkCompLimitsSubType,
frwkCompLimitsGroup对象组对象{FRWKCompLimitsId,frwkCompLimitsComponent,FRWKCompLimitsAtrPos,FRWKCompLimitsNavigation,frwkCompLimitsType,
frwkCompLimitsGuidance } STATUS current DESCRIPTION "Objects from the frwkCompLimitsTable."
frwkCompLimitsGuidance}状态当前描述“来自frwkCompLimitsTable的对象。”
::= { frwkBasePibGroups 4 }
::= { frwkBasePibGroups 4 }
frwkReferenceGroup OBJECT-GROUP
OBJECTS {
frwkReferencePrid,
frwkReferenceClientType,
frwkReferenceClientHandle,
frwkReferenceInstance }
STATUS current
DESCRIPTION
"Objects from the frwkReferenceTable."
frwkReferenceGroup OBJECT-GROUP
OBJECTS {
frwkReferencePrid,
frwkReferenceClientType,
frwkReferenceClientHandle,
frwkReferenceInstance }
STATUS current
DESCRIPTION
"Objects from the frwkReferenceTable."
::= { frwkBasePibGroups 5 }
::= { frwkBasePibGroups 5 }
frwkErrorGroup OBJECT-GROUP
OBJECTS {
frwkErrorPrid,
frwkErrorCode,
frwkErrorSubCode,
frwkErrorPrc,
frwkErrorInstance }
STATUS current
DESCRIPTION
"Objects from the frwkErrorTable."
frwkErrorGroup OBJECT-GROUP
OBJECTS {
frwkErrorPrid,
frwkErrorCode,
frwkErrorSubCode,
frwkErrorPrc,
frwkErrorInstance }
STATUS current
DESCRIPTION
"Objects from the frwkErrorTable."
::= { frwkBasePibGroups 6 }
::= { frwkBasePibGroups 6 }
frwkCapabilitySetGroup OBJECT-GROUP
OBJECTS {
frwkCapabilitySetPrid,
frwkCapabilitySetName,
frwkCapabilitySetCapability }
STATUS current
DESCRIPTION
"Objects from the frwkCapabilitySetTable."
frwkCapabilitySetGroup OBJECT-GROUP
OBJECTS {
frwkCapabilitySetPrid,
frwkCapabilitySetName,
frwkCapabilitySetCapability }
STATUS current
DESCRIPTION
"Objects from the frwkCapabilitySetTable."
::= { frwkBasePibGroups 7 }
::= { frwkBasePibGroups 7 }
frwkRoleComboGroup OBJECT-GROUP
OBJECTS {
frwkRoleComboPrid,
frwkRoleComboRoles,
frwkRoleComboCapSetName }
frwkRoleComboGroup OBJECT-GROUP
OBJECTS {
frwkRoleComboPrid,
frwkRoleComboRoles,
frwkRoleComboCapSetName }
STATUS current DESCRIPTION "Objects from the frwkRoleComboTable."
状态当前描述“frwkRoleComboTable中的对象”
::= { frwkBasePibGroups 8 }
::= { frwkBasePibGroups 8 }
frwkIfRoleComboGroup OBJECT-GROUP OBJECTS { frwkIfRoleComboIfIndex } STATUS current DESCRIPTION "Objects from the frwkIfRoleComboTable."
frwkIfRoleComboGroup对象组对象{frwkIfRoleComboIfIndex}状态当前描述“frwkIfRoleComboTable中的对象。”
::= { frwkBasePibGroups 9 }
::= { frwkBasePibGroups 9 }
frwkBaseFilterGroup OBJECT-GROUP
OBJECTS {
frwkBaseFilterPrid,
frwkBaseFilterNegation }
STATUS current
DESCRIPTION
"Objects from the frwkBaseFilterTable."
frwkBaseFilterGroup OBJECT-GROUP
OBJECTS {
frwkBaseFilterPrid,
frwkBaseFilterNegation }
STATUS current
DESCRIPTION
"Objects from the frwkBaseFilterTable."
::= { frwkBasePibGroups 10 }
::= { frwkBasePibGroups 10 }
frwkIpFilterGroup OBJECT-GROUP
OBJECTS {
frwkIpFilterAddrType,
frwkIpFilterDstAddr,
frwkIpFilterDstPrefixLength,
frwkIpFilterSrcAddr,
frwkIpFilterSrcPrefixLength,
frwkIpFilterDscp,
frwkIpFilterFlowId,
frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax }
STATUS current
DESCRIPTION
"Objects from the frwkIpFilterTable."
frwkIpFilterGroup OBJECT-GROUP
OBJECTS {
frwkIpFilterAddrType,
frwkIpFilterDstAddr,
frwkIpFilterDstPrefixLength,
frwkIpFilterSrcAddr,
frwkIpFilterSrcPrefixLength,
frwkIpFilterDscp,
frwkIpFilterFlowId,
frwkIpFilterProtocol,
frwkIpFilterDstL4PortMin,
frwkIpFilterDstL4PortMax,
frwkIpFilterSrcL4PortMin,
frwkIpFilterSrcL4PortMax }
STATUS current
DESCRIPTION
"Objects from the frwkIpFilterTable."
::= { frwkBasePibGroups 11 }
::= { frwkBasePibGroups 11 }
frwk802FilterGroup OBJECT-GROUP OBJECTS { frwk802FilterDstAddr, frwk802FilterDstAddrMask,
frwk802FilterGroup对象组对象{FRWK802FilterdStatddr,FRWK802FilterdStatddrMask,
frwk802FilterSrcAddr, frwk802FilterSrcAddrMask, frwk802FilterVlanId, frwk802FilterVlanTagRequired, frwk802FilterEtherType, frwk802FilterUserPriority } STATUS current DESCRIPTION "Objects from the frwk802FilterTable."
FRWK802FiltersRCAddress、FRWK802FiltersRCAddressMask、FRWK802FilterPlanId、FRWK802FilterPlantAgRequired、frwk802FilterEtherType、frwk802FilterUserPriority}状态当前描述“frwk802FilterTable中的对象”
::= { frwkBasePibGroups 12 }
::= { frwkBasePibGroups 12 }
frwkILabelFilterGroup OBJECT-GROUP OBJECTS { frwkILabelFilterILabel } STATUS current DESCRIPTION "Objects from the frwkILabelFilterTable."
frwkILabelFilterGroup对象组对象{FRWKILabelFilterLabel}状态当前描述“frwkILabelFilterTable中的对象”
::= { frwkBasePibGroups 13 }
::= { frwkBasePibGroups 13 }
frwk802MarkerGroup OBJECT-GROUP
OBJECTS {
frwk802MarkerPrid,
frwk802MarkerVlanId,
frwk802MarkerPriority }
STATUS current
DESCRIPTION
"Objects from the frwk802MarkerTable."
frwk802MarkerGroup OBJECT-GROUP
OBJECTS {
frwk802MarkerPrid,
frwk802MarkerVlanId,
frwk802MarkerPriority }
STATUS current
DESCRIPTION
"Objects from the frwk802MarkerTable."
::= { frwkBasePibGroups 14 }
::= { frwkBasePibGroups 14 }
frwkILabelMarkerGroup OBJECT-GROUP
OBJECTS {
frwkILabelMarkerPrid,
frwkILabelMarkerILabel }
STATUS current
DESCRIPTION
"Objects from the frwkILabelMarkerTable."
frwkILabelMarkerGroup OBJECT-GROUP
OBJECTS {
frwkILabelMarkerPrid,
frwkILabelMarkerILabel }
STATUS current
DESCRIPTION
"Objects from the frwkILabelMarkerTable."
::= { frwkBasePibGroups 15 }
::= { frwkBasePibGroups 15 }
END
终止
It is clear that this PIB is used for configuration using [COPS-PR], and anything that can be configured can be misconfigured, with a potentially disastrous effect. At this writing, no security holes have been identified beyond those that the COPS base protocol security is itself intended to address. These relate primarily to controlled access to sensitive information and the ability to configure a device - or which might result from operator error, which is beyond the scope of any security architecture.
很明显,此PIB用于使用[COPS-PR]进行配置,可以配置的任何内容都可能被错误配置,从而产生潜在的灾难性影响。在撰写本文时,除了COPS基本协议安全性本身打算解决的安全漏洞之外,还没有发现其他安全漏洞。这些主要涉及对敏感信息的受控访问和配置设备的能力,或者可能由操作员错误导致的,这超出了任何安全体系结构的范围。
There are a number of PRovisioning Classes defined in this PIB that have a PIB-ACCESS clause of install and install-notify (read-create). These are:
此PIB中定义了许多具有install和install notify(读取创建)PIB-ACCESS子句的配置类。这些是:
frwkPibIncarnationTable: Malicious access of this PRC can cause the PEP to use an incorrect context of policies.
FRWKPiBinCarationTable:恶意访问此PRC可能会导致政治公众人物使用错误的策略上下文。
frwkReferenceTable: Malicious access of this PRC can cause the PEP to interpret the installed policy in an incorrect manner.
frwkReferenceTable:恶意访问此PRC可能导致政治公众人物以错误的方式解释已安装的策略。
frwkErrorTable: Malicious access of this PRC can cause the PEP to incorrectly assume that the PDP could not process its messages.
frwkErrorTable:恶意访问此PRC可能导致政治公众人物错误地认为PDP无法处理其消息。
FrwkCapabilitySetTable, frwkRoleComboTable and frwkIfRoleComboTable: Malicious access of these PRCs can cause the PEP to apply policies to the wrong interfaces.
FrwkCapabilitySetTable、frwkRoleComboTable和frwkIfRoleComboTable:恶意访问这些PRC可导致政治公众人物将策略应用于错误的接口。
FrwkBaseFilterTable, frwkIpFilterTable, frwk802FilterTable and frwkILabelFilterTable: Malicious access of these PRCs can cause unintended classification of traffic on the PEP potentially leading to incorrect policies being applied.
FrwkBaseFilterTable、frwkIpFilterTable、frwk802FilterTable和frwkILabelFilterTable:恶意访问这些PRC可能导致PEP上的流量意外分类,从而可能导致应用不正确的策略。
frwk802MarkerTable, frwkILabelMarkerTable: Malicious access of these PRCs can cause unintended marking of traffic on the PEP potentially leading to incorrect policies being applied.
frwk802MarkerTable、frwkILabelMarkerTable:恶意访问这些PRC可能会在PEP上造成意外的流量标记,从而可能导致应用不正确的策略。
Such objects may be considered sensitive or vulnerable in some network environments. The support for "Install" or "Install-Notify" decisions sent over [COPS-PR] in a non-secure environment without proper protection can have a negative effect on network operations. There are a number of PRovisioning Classes in this PIB that may contain information that may be sensitive from a business perspective, in that they may represent a customer's service contract or the filters that the service provider chooses to apply to a customer's ingress or egress traffic. There are no PRCs that are sensitive in their own right, such as passwords or monetary amounts. It may be important to control even "Notify"(read-only) access to
在某些网络环境中,此类对象可能被视为敏感或易受攻击。在没有适当保护的非安全环境中,支持通过[COPS-PR]发送的“安装”或“安装通知”决定可能会对网络操作产生负面影响。此PIB中有许多配置类可能包含从业务角度来看可能敏感的信息,因为它们可能表示客户的服务合同或服务提供商选择应用于客户进出流量的过滤器。不存在本身敏感的PRC,例如密码或货币金额。控制甚至“通知”(只读)访问
these PRCs and possibly to even encrypt the values of these PRIs when sending them over the network via COPS-PR. The use of IPSEC between the PDP and the PEP, as described in [COPS], provides the necessary protection against security threats. However, even if the network itself is secure, there is no control as to who on the secure network is allowed to "Install/Notify" (read/change/create/delete) the PRIs in this PIB.
这些PRC甚至可能在通过COPS-PR通过网络发送时加密这些PRI的值。如[COPS]中所述,PDP和PEP之间使用IPSEC可提供必要的安全保护。但是,即使网络本身是安全的,也无法控制安全网络上的谁可以“安装/通知”(读取/更改/创建/删除)此PIB中的PRI。
It is then a customer/user responsibility to ensure that the PEP/PDP giving access to an instance of this PIB, is properly configured to give access to only the PRIs and principals (users) that have legitimate rights to indeed "Install" or "Notify" (change/create/ delete) them.
然后,客户/用户有责任确保允许访问此PIB实例的PEP/PDP正确配置为仅允许访问确实具有“安装”或“通知”(更改/创建/删除)权限的PRI和主体(用户)。
This document describes the frameworkPib and frwkTcPib Policy Information Base (PIB) modules for registration under the "pib" branch registered with IANA. The IANA has assigned PIB numbers 2 and 3, respectively.
本文档描述了在IANA注册的“PIB”分支下注册的frameworkPib和FRWKTCPIBI策略信息库(PIB)模块。IANA分别指定了PIB编号2和3。
Both these PIBs use "all" in the SUBJECT-CATEGORIES clause, i.e., they apply to all COPS client types. No new COPS client type is to be registered for these two PIB modules.
这两个PIB在SUBJECT-CATEGORIES子句中都使用“all”,即它们适用于所有COPS客户端类型。不需要为这两个PIB模块注册新的COPS客户端类型。
[COPS] Boyle, J., Cohen, R., Durham, D., Herzog, S., Rajan, R. and A. Sastry, "The COPS (Common Open Policy Service) Protocol", RFC 2748, January 2000.
[COPS]Boyle,J.,Cohen,R.,Durham,D.,Herzog,S.,Rajan,R.和A.Sastry,“COPS(公共开放政策服务)协议”,RFC 2748,2000年1月。
[COPS-PR] Chan, K., Durham, D., Gai, S., Herzog, S., McCloghrie, K., Reichmeyer, Seligson, J., Smith, A. and R. Yavatkar, "COPS Usage for Policy Provisioning", RFC 3084, March 2001.
[COPS-PR]Chan,K.,Durham,D.,Gai,S.,Herzog,S.,McCloghrie,K.,Reichmeyer,Seligson,J.,Smith,A.和R.Yavatkar,“政策制定的COPS使用”,RFC 3084,2001年3月。
[SPPI] McCloghrie, K., Fine, M., Seligson, J., Chan, K., Hahn, S., Sahita, R., Smith, A. and F. Reichmeyer, "Structure of Policy Provisioning Information", RFC 3159, August 2001.
[SPPI]McCloghrie,K.,Fine,M.,Seligson,J.,Chan,K.,Hahn,S.,Sahita,R.,Smith,A.和F.Reichmeyer,“策略供应信息的结构”,RFC 3159,2001年8月。
[SNMP-SMI] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[SNMP-SMI]McCloghrie,K.,Perkins,D.,Schoenwaeld,J.,Case,J.,Rose,M.和S.Waldbusser,“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
[INETADDR] Daniele, M., Haberman, B., Routhier, S. and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 3291, May 2002.
[INETADDR]Daniele,M.,Haberman,B.,Routhier,S.和J.Schoenwaeld,“互联网网络地址的文本约定”,RFC 3291,2002年5月。
[802] IEEE Standards for Local and Metropolitan Area Networks: Overview and Architecture, ANSI/IEEE Std 802, 1990.
[802]局域网和城域网的IEEE标准:概述和体系结构,ANSI/IEEE标准802,1990。
[SNMPFRWK] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002.
[SNMPFRWK]Harrington,D.,Presohn,R.和B.Wijnen,“描述简单网络管理协议(SNMP)管理框架的体系结构”,STD 62,RFC 3411,2002年12月。
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000.
[RFC2863]McCloghrie,K.和F.Kastenholz,“接口组MIB”,RFC 28632000年6月。
[DS-MIB] Baker, F., Chan, K. and A. Smith, "Management Information Base for the Differentiated Services Architecture", RFC 3289, May 2002.
[DS-MIB]Baker,F.,Chan,K.和A.Smith,“差异化服务体系结构的管理信息库”,RFC 3289,2002年5月。
[SNMPv2TC] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[SNMPv2TC]McCloghrie,K.,Perkins,D.,和J.Schoenwaeld,“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[RFC2279] Yergeau, F. "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998.
[RFC2279]Yergeau,F.“UTF-8,ISO 10646的转换格式”,RFC 2279,1998年1月。
[RFC2119] Bradner, S., "Key words to use in the RFCs", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中使用的关键词”,BCP 14,RFC 2119,1997年3月。
[RAP-FRAMEWORK] Yavatkar, R and D. Pendarakis, "A Framework for Policy-based Admission Control", RFC 2753, January 2000.
[RAP-FRAMEWORK]Yavatkar,R和D.Pendarakis,“基于政策的准入控制框架”,RFC 2753,2000年1月。
[POLTERM] Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J. and S. Waldbusser, "Terminology for Policy-Based Management", RFC 3198, November 2001.
[POLTERM]Westerinen,A.,Schnizlein,J.,Strassner,J.,Scherling,M.,Quinn,B.,Herzog,S.,Huynh,A.,Carlson,M.,Perry,J.和S.Waldbusser,“基于政策的管理术语”,RFC 3198,2001年11月。
Early versions of this specification were also co-authored by Michael Fine, Francis Reichmeyer, John Seligson and Andrew Smith.
本规范的早期版本也由Michael Fine、Francis Reichmeyer、John Seligson和Andrew Smith共同编写。
Special thanks to Carol Bell, David Durham and Bert Wijnen for their many significant comments.
特别感谢Carol Bell、David Durham和Bert Wijnen发表的许多重要评论。
Additional useful comments have been made by Diana Rawlins, Martin Bokaemper, Tina Iliff, Pedro Da Silva, Juergen Schoenwaelder, Noisette Yoann and Man Li.
戴安娜·罗林斯、马丁·博坎佩尔、蒂娜·伊里夫、佩德罗·达席尔瓦、于尔根·舍恩瓦埃尔德、诺塞特·尤安和曼·李发表了其他有益的评论。
Ravi Sahita Intel Labs. 2111 NE 25th Avenue Hillsboro, OR 97124 USA
拉维萨希塔英特尔实验室。美国希尔斯伯勒东北25大道2111号,邮编:97124
Phone: +1 503 712 1554
EMail: ravi.sahita@intel.com
Phone: +1 503 712 1554
EMail: ravi.sahita@intel.com
Scott Hahn Intel Corp. 2111 NE 25th Avenue Hillsboro, OR 97124 USA
斯科特·哈恩英特尔公司,美国希尔斯堡东北25大道2111号,邮编:97124
Phone: +1 503 264 8231
EMail: scott.hahn@intel.com
Phone: +1 503 264 8231
EMail: scott.hahn@intel.com
Kwok Ho Chan Nortel Networks, Inc. 600 Technology Park Drive Billerica, MA 01821 USA
郭浩灿北电网络有限公司,美国马萨诸塞州比尔里卡科技园大道600号,邮编01821
Phone: +1 978 288 8175
EMail: khchan@nortelnetworks.com
Phone: +1 978 288 8175
EMail: khchan@nortelnetworks.com
Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
Keith McCloghrie Cisco Systems,Inc.美国加利福尼亚州圣何塞西塔斯曼大道170号,邮编95134-1706
Phone: +1 408 526 5260
EMail: kzm@cisco.com
Phone: +1 408 526 5260
EMail: kzm@cisco.com
Copyright (C) The Internet Society (2003). All Rights Reserved.
版权所有(C)互联网协会(2003年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。