Internet Draft                                             Andy Bierman
                                                     Cisco Systems, Inc.
                                                           11 June 1999


                  Remote Monitoring MIB Extensions for
                Differentiated Services Enabled Networks


                    <draft-bierman-dsmon-mib-01.txt>





Status of this Memo

This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026 [RFC2026].

Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups.  Note that other groups
may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet- Drafts as reference material
or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

Distribution of this document is unlimited. Please send comments to the
author, <abierman@cisco.com>.

1.  Copyright Notice

Copyright (C) The Internet Society (1999).  All Rights Reserved.
















Internet-Draft                 DS-MON MIB                      June 1999


2.  Abstract

This memo defines an experimental portion of the Management Information
Base (MIB) for use with network management protocols in the Internet
community.  In particular, it describes managed objects used for
monitoring Differentiated Services Codepoint usage in IP packets,
utilizing the monitoring framework defined in the RMON-2 MIB [RFC2021].

3.  Table of Contents

1 Copyright Notice ................................................    1
2 Abstract ........................................................    2
3 Table of Contents ...............................................    2
4 The SNMP Network Management Framework ...........................    2
5 Overview ........................................................    3
5.1 Terms .........................................................    4
5.2 Relationship to Differentiated Services .......................    4
5.3 Relationship to the Remote Monitoring MIBs ....................    5
5.4 MIB Structure .................................................    6
5.4.1 DS Statistics Group .........................................    7
5.4.2 DS Protocol Distribution Group ..............................    7
5.4.3 DS Host Distribution Group ..................................    8
6 Definitions .....................................................    9
7 Intellectual Property ...........................................   59
8 Acknowledgements ................................................   59
9 References ......................................................   59
10 Security Considerations ........................................   62
11 Author's Address ...............................................   63
12 Full Copyright Statement .......................................   63

4.  The SNMP Network Management Framework

   The SNMP Management Framework presently consists of five major
   components:

    o   An overall architecture, described in RFC 2571 [RFC2571].

    o   Mechanisms for describing and naming objects and events for the
        purpose of management. The first version of this Structure of
        Management Information (SMI) is called SMIv1 and described in
        RFC 1155 [RFC1155], RFC 1212 [RFC1212] and RFC 1215 [RFC1215].
        The second version, called SMIv2, is described in RFC 2578
        [RFC2578], RFC 2579 [RFC2579] and RFC 2580 [RFC2580].







Expires December 1999                                           [Page 2]






Internet-Draft                 DS-MON MIB                      June 1999


    o   Message protocols for transferring management information. The
        first version of the SNMP message protocol is called SNMPv1 and
        described in RFC 1157 [RFC1157]. A second version of the SNMP
        message protocol, which is not an Internet standards track
        protocol, is called SNMPv2c and described in RFC 1901 [RFC1901]
        and RFC 1906 [RFC1906].  The third version of the message
        protocol is called SNMPv3 and described in RFC 1906 [RFC1906],
        RFC 2572 [RFC2572] and RFC 2574 [RFC2574].

    o   Protocol operations for accessing management information. The
        first set of protocol operations and associated PDU formats is
        described in RFC 1157 [RFC1157]. A second set of protocol
        operations and associated PDU formats is described in RFC 1905
        [RFC1905].

    o   A set of fundamental applications described in RFC 2573
        [RFC2573] and the view-based access control mechanism described
        in RFC 2575 [RFC2575].

   A more detailed introduction to the current SNMP Management Framework
   can be found in RFC 2570 [RFC2570].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  Objects in the MIB are
   defined using the mechanisms defined in the SMI.

   This memo specifies a MIB module that is compliant to the SMIv2. A
   MIB conforming to the SMIv1 can be produced through the appropriate
   translations. The resulting translated MIB must be semantically
   equivalent, except where objects or events are omitted because no
   translation is possible (use of Counter64). Some machine readable
   information in SMIv2 will be converted into textual descriptions in
   SMIv1 during the translation process. However, this loss of machine
   readable information is not considered to change the semantics of the
   MIB.

5.  Overview

There is a need for a standardized way of monitoring the network traffic
usage of Differentiated Services (DS) [RFC2474] codepoint values. Each
DS codepoint (DSCP) value may be given a different preference by a
forwarding device, and this affects which packets get dropped or delayed
during periods of network congestion.







Expires December 1999                                           [Page 3]






Internet-Draft                 DS-MON MIB                      June 1999


The IETF DIFFSERV working group has redefined the semantics of the Type
of Service (TOS) octet in the IP header, which is now called the 'DS
field'. The 6-bit Codepoint (DSCP) portion is contained in the DS field,
which provides for 64 different packet treatments for the implementation
of differentiated network services. The actual packet treatment, or per-
hop behavior (PHB), applied by a forwarding device, is independent of a
particular DSCP value.

By polling DSCP usage counters, an NMS can determine the network
throughput for traffic associated with different DSCPs.  This data can
then be analyzed in order to 'tune' DSCP 'allocations' within a network,
based on the Quality of Service (QoS) policies for that network.

5.1.  Terms

This document uses some terms that need introduction:

DataSource
     A source of data for monitoring purposes. This term is used exactly
     as defined in the RMON-2 MIB [RFC2021].

protocol
     A specific protocol encapsulation, as identified for monitoring
     purposes.  This term is used exactly as defined in the RMON
     Protocol Identifiers document [RFC2074].

5.2.  Relationship to Differentiated Services

The DS-MON MIB focuses only on the DSCP values used in IP packets on a
monitored dataSource. The per-hop behavior (PHB) associated with each
DSCP may be different at each DS-capable forwarding device in the
network.

This MIB does not address the following Differentiated Services issues
in any way:

  -  configuration and characterization of each PHB in each device

  -  identification of the mapping between DSCPs and PHBs in each device

  -  identification of DS capabilities of each forwarding device

  -  characterization of DSCP values or PHBs, as they relate to standard
     or proprietary QoS policy and deployment strategy.






Expires December 1999                                           [Page 4]






Internet-Draft                 DS-MON MIB                      June 1999


It is expected that such a MIB (targeted for DS-capable forwarding
devices) will be developed by the DIFFSERV working group to address
these issues.

It is also desirable to keep the monitoring of DSCP usage independent of
the DS forwarding devices, in order to keep probe placement more
flexible, which, in turn, enables better statistics aggregation by the
probe.

This document assumes the reader is somewhat familiar with the DS
Architecture [RFC2475], but the DS-MON MIB addresses only the aspects of
monitoring DSCP usage, and therefore is completely decoupled from the
larger issues of network-wide DS configuration and performance analysis.
It is expected that complex NMS applications will use the counters in
this MIB to help analyze DS-related throughput. It is expected that
other metrics, such as delay and jitter, will also be analyzed, but
support for other metrics is outside the scope of this document.

5.3.  Relationship to the Remote Monitoring MIBs

This MIB is intended to be implemented in Remote Monitoring (RMON)
probes, which implement the RMON-2 MIB [RFC2021].  Such probes may be
stand-alone devices, or may not be co-located with other networking
devices (e.g., ethernet switches and repeaters).

The DS-MON probe must be capable of parsing the DS field in IP packets
and correlating the embedded DSCP value with other statistics, as
defined in the DS-MON MIB.  The DS-MON functions are intended to be
implemented in conjunction with the associated RMON functions, but the
MIB is independent of all other RMON data tables.  For example, an agent
might wish to implement the RMON-2 protocol distribution group and the
DS-MON protocol distribution group, in order to provide the fine
granularity, 'per DSCP' statistics with the DS-MON MIB, and the 'grand
total' statistics with the RMON-2 MIB.

Several concepts and even MIB objects from the RMON MIBs are used in the
DS-MON MIB:

DataSource
     This textual convention is used to describe the identification of
     an RMON monitoring source (defined in the RMON-2 MIB [RFC2021]).
     The DataSource textual convention is used throughout the DS-MON MIB
     to identify the monitoring source for each configured collection.
     A DataSource MIB object is an OBJECT IDENTIFIER, which contains the
     particular instance of the ifIndex object associated with the





Expires December 1999                                           [Page 5]






Internet-Draft                 DS-MON MIB                      June 1999


     monitored dataSource.

Protocol Directory
     The RMON-2 MIB [RFC2021] defines the protocolDirTable, which is a
     directory of all the protocols that the RMON-2 agent is capable of
     decoding and counting.  The DS-MON MIB utilizes this directory to
     identify the protocols detected in monitored packets.

TimeFilter
     The RMON-2 TimeFilter textual convention provides a mechanism to
     retrieve only rows which have been created or modified since the
     last polling interval (for a particular NMS). The DS-MON MIB uses
     this textual convention in the large data tables, in order to
     minimize polling impact.

Zero-Based Counters
     Since counters are instantiated by management action, as in the
     RMON MIBs, the DS-MON MIB uses zero-based counters in all data
     collection tables.  Specifically, the ZeroBasedCounter32 textual
     convention from the RMON-2 MIB [RFC2021] and the ZeroBasedCounter64
     textual convention (defined in the HC-RMON MIB [HC-RMON]) are used
     to define counter objects in this MIB.

High Capacity Counters
     The DS-MON MIB uses the same 'SNMPv1 coexistence' strategy as the
     RMONMIB WG. That is, where a 64-bit counter is provided, a 32-bit
     version of the counter, and a 32-bit overflow counter are also
     provided.

TopN Reports
     The DS-MON MIB uses the same TopN reporting MIB structure as the
     RMON-2 MIB [RFC2021]. TopN reporting can greatly reduce the polling
     overhead required to analyze DSCP usage patterns.


5.4.  MIB Structure

The DS-MON MIB contains three groups of MIB objects:

  - dsStatObjects group
     Report DSCP distribution statistics for a particular RMON
     dataSource.

  - dsPdistObjects group
     Report DSCP distribution statistics for each protocol detected on a





Expires December 1999                                           [Page 6]






Internet-Draft                 DS-MON MIB                      June 1999


     particular RMON dataSource.

  - dsHostObjects group
     Report IP host address distribution statistics for each DSCP,
     detected on a particular RMON dataSource.


5.4.1.  DS Statistics Group

This group contains two tables, the dsStatsControlTable and the
dsStatsTable, and supports DSCP distribution statistics for half and
full-duplex, low and high speed interfaces.  Packet and octets
distributions (by DSCP) are maintained in the dsStatsTable for each
active control row in the dsStatsControlTable.

This group provides the lowest statistics granularity in the DS-MON MIB.
It is expected than NMS applications will analyze certain DS deployment
or performance problems by first examining the DSCP distribution for an
entire interface with this group.

5.4.2.  DS Protocol Distribution Group

This group contains two tables for statistics collection,
(dsPdistControlTable and dsPdistStatsTable), and two tables for a 'Top
N' reporting function for the collected statistics
(dsPdistTopNControlTable and dsPdistTopNTable).

The dsPdistControlTable and dsPdistStatsTable tables provide DSCP
distribution statistics for each selected protocol encapsulation in
packets monitored on a particular dataSource.  Packet and octets
distributions (per protocol per DSCP) are maintained in the
dsPdistStatsTable for each active control row in the
dsPdistControlTable.

Due the potentially large number of entries, the DS Protocol
Distribution is different from the RMON-2 protocol distribution group in
several ways:

  -  maximum desired entries parameter added to the control table

  -  inserts and deletes counters added to the control table

  -  support for LRU garbage collection in the dsPdistStatsTable







Expires December 1999                                           [Page 7]






Internet-Draft                 DS-MON MIB                      June 1999


  -  TimeFilter index added to the dsPdistStatsTable

  -  selection of protocols to count by a special 'collect mode'
     enumeration.  Rather than select individual protocols to monitor, a
     simplified configuration mechanism is provided.  Since DSCP usage
     statistics are most interesting at the network and application
     layers, the dsPdistControlCollectMode object selects protocols by
     network layer, application layer, or both.

The TopN feature requires two additional tables: the
dsPdistTopNControlTable and the dsPdistTopNTable, and supports periodic
usage reporting for the statistics maintained in the dsPdistStatsTable.
This feature allows for simple periodic retrieval of the most used
protocol/DSCP combinations.


5.4.3.  DS Host Distribution Group

This group contains two tables for statistics collection,
(dsHostControlTable and dsHostTable), and two tables for a 'Top N'
reporting function for the collected statistics (dsHostTopNControlTable
and dsHostTopNTable).

The dsHostControlTable and dsHostTables provide IP host distribution
statistics for each DSCP detected in packets monitored on a particular
dataSource.

It is expected than NMS applications will analyze certain DS deployment
or performance problems by first determining the high priority DSCP
values to examine (beyond the scope of this document) and then examining
the dsHostTable statistics to determine which IP hosts are using the
selected DSCP(s).

Packet and octets distributions (in and out, per DSCP per IP host) are
maintained in the dsHostTable for each active control row in the
dsHostControlTable.

The DS Host Distribution is different from the RMON-2 network layer host
group in two ways:

  -  there is no protocolDirLocalIndex in the dsHostTable INDEX, since
     only IPv4 and IPv6 packets contain a DS field, the protocol (IPv4
     or IPv6) is determined by the length of each dsHostAddress
     instance.






Expires December 1999                                           [Page 8]






Internet-Draft                 DS-MON MIB                      June 1999


  -  the dsHostControlTable supports limited IPv4 subnet aggregation by
     allowing the number of 'monitored address bits' in each address to
     be configured for each collection.  The agent will zero out the
     selected number of rightmost IPv4 address bits for counting
     purposes. This configuration parameter can dramatically reduce the
     number of entries which must be maintained by the agent, which
     should reduce CPU and memory resource requirements on the agent,
     and reduce polling overhead on the network and the management
     station.

The TopN feature requires two additional tables: the
dsHostTopNControlTable and the dsHostTopNTable.  and supports periodic
usage reporting for the statistics maintained in the dsHostTable.  This
feature allows for simple periodic retrieval of the most used IP-
host/DSCP combinations.


6.  Definitions

-- RMON-2 Extensions for the Monitoring of Differentiated Services
-- Enabled Networks
--
--    IP DIFFSERV DSCP statistics
--        * Per DSCP
--        * Per Protocol Per DSCP
--        * Per DSCP Per IP Host Address
--
--

DSMON-MIB DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY, OBJECT-TYPE, Integer32,
        Counter32, Gauge32, Counter64, experimental
                FROM SNMPv2-SMI
        MODULE-COMPLIANCE, OBJECT-GROUP
                FROM SNMPv2-CONF
        RowStatus, TimeStamp, TEXTUAL-CONVENTION
                FROM SNMPv2-TC
        OwnerString
                FROM IF-MIB
        protocolDirLocalIndex, LastCreateTime,
        DataSource, ZeroBasedCounter32, TimeFilter
                FROM RMON2-MIB
        ZeroBasedCounter64





Expires December 1999                                           [Page 9]






Internet-Draft                 DS-MON MIB                      June 1999


                FROM HC-RMON-MIB;

dsMonMIB MODULE-IDENTITY
        LAST-UPDATED    "9906100000Z"
        ORGANIZATION    "Cisco Systems, Inc."
        CONTACT-INFO
                "       Andy Bierman
                        Cisco Systems, Inc.
                Postal: 170 West Tasman Drive
                        San Jose, CA USA 95134
                   Tel: +1 408 527-3711
                E-mail: abierman@cisco.com"
        DESCRIPTION
            "This module defines Remote Monitoring MIB extensions for
            Differentiated Services enabled networks."
        ::= { experimental 999999 }

dsMonObjects       OBJECT IDENTIFIER ::= { dsMonMIB 1 }
dsMonNotifications OBJECT IDENTIFIER ::= { dsMonMIB 2 }
dsMonConformance   OBJECT IDENTIFIER ::= { dsMonMIB 3 }

dsStatObjects      OBJECT IDENTIFIER ::= { dsMonObjects 1 }
dsPdistObjects     OBJECT IDENTIFIER ::= { dsMonObjects 2 }
dsHostObjects      OBJECT IDENTIFIER ::= { dsMonObjects 3 }

--
-- Extensions to the RMON-2 MIB for Differentiated Services
-- Monitoring
--
-- In order to maintain the RMON 'look-and-feel', some of
-- the text from the RMON-2 and HC-RMON MIBs by
-- Steve Waldbusser have been used in this MIB.
--

--
-- Textual Convention to define a DSCP for
-- monitoring purposes
--

DSCodePoint ::= TEXTUAL-CONVENTION
    STATUS current
    DESCRIPTION
            "This TC describes an object which identifies the
            Differentiated Services Codepoint (DSCP) value in an IPv4 or
            IPv6 packet header."





Expires December 1999                                          [Page 10]






Internet-Draft                 DS-MON MIB                      June 1999


    REFERENCE
            "Definition of the Differentiated Services Field (DS Field)
            in the IPv4 and IPv6 Headers [RFC2474]."
    SYNTAX Integer32 (0..63)


-- ***********************************************************
-- *                                                         *
-- *     P E R - D A T A S O U C E   C O L L E C T I O N S   *
-- *                                                         *
-- ***********************************************************


--
-- DSCP Per-DataSource Statistics Control Table
--

dsStatsControlTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF DsStatsControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "Controls the setup of per-data source per-DSCP distribution
            statistics."
    ::= { dsStatObjects 1 }

dsStatsControlEntry OBJECT-TYPE
    SYNTAX      DsStatsControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the dsStatsControlTable.

            Entries are created and deleted from this table by
            management action only, using the dsStatsControlStatus
            RowStatus object.

            Activation of a control row in this table will cause an
            associated dsStatsTable to be created and maintained by the
            agent."
    INDEX { dsStatsControlIndex }
    ::= { dsStatsControlTable 1 }

DsStatsControlEntry ::= SEQUENCE {
    dsStatsControlIndex                Integer32,





Expires December 1999                                          [Page 11]






Internet-Draft                 DS-MON MIB                      June 1999


    dsStatsControlDataSource           DataSource,
    dsStatsControlDroppedFrames        Counter32,
    dsStatsControlCreateTime           LastCreateTime,
    dsStatsControlOwner                OwnerString,
    dsStatsControlStatus               RowStatus
}

dsStatsControlIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "An arbitrary and unique index for this
            dsStatsControlEntry."
    ::= { dsStatsControlEntry 1 }

dsStatsControlDataSource OBJECT-TYPE
    SYNTAX      DataSource
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The source of data for the this per-protocol DSCP
            distribution.

            The statistics in this group reflect all IPv4 and IPv6
            packets on the local network segment attached to the
            identified interface.

            This object may not be modified if the associated
            dsStatsControlStatus object is equal to active(1)."
    ::= { dsStatsControlEntry 2 }

dsStatsControlDroppedFrames OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The total number of frames which were received by the probe
            and therefore not accounted for in the *StatsDropEvents, but
            for which the probe chose not to count for this entry for
            whatever reason.  Most often, this event occurs when the
            probe is out of some resources and decides to shed load from
            this collection.

            This count does not include packets that were not counted





Expires December 1999                                          [Page 12]






Internet-Draft                 DS-MON MIB                      June 1999


            because they had MAC-layer errors.

            Note that, unlike the dropEvents counter, this number is the
            exact number of frames dropped."
    ::= { dsStatsControlEntry 3 }

dsStatsControlCreateTime OBJECT-TYPE
    SYNTAX     LastCreateTime
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of sysUpTime when this control entry was last
            activated. This can be used by the management station to
            ensure that the table has not been deleted and recreated
            between polls."
    ::= { dsStatsControlEntry 4 }

dsStatsControlOwner OBJECT-TYPE
    SYNTAX      OwnerString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The entity that configured this entry and is therefore
            using the resources assigned to it."
    ::= { dsStatsControlEntry 5 }

dsStatsControlStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The status of this row.

            An entry may not exist in the active state unless all
            objects in the entry have an appropriate value.

            If this object is not equal to active(1), all associated
            entries in the dsStatsTable shall be deleted."
    ::= { dsStatsControlEntry 6 }

--
-- DSCP Per-DataSource Statistics Table
--

dsStatsTable OBJECT-TYPE





Expires December 1999                                          [Page 13]






Internet-Draft                 DS-MON MIB                      June 1999


    SYNTAX      SEQUENCE OF DsStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of information on Per Protocol DSCP usage.

            The following table defines per-DSCP statistics for full
            and/or half-duplex links as well as high capacity links.

            For half-duplex links, or full-duplex-capable links
            operating in half-duplex mode, the dsStatsIn* objects shall
            be used and the dsStatsOut* objects will not increment.

            For full-duplex links, the dsOut* objects will be present.
            Whenever possible, the probe should count packets moving
            away from the closest terminating equipment as output
            packets. Failing that, the probe should count packets moving
            away from the DTE as output packets."
    ::= { dsStatObjects 2 }

dsStatsEntry OBJECT-TYPE
    SYNTAX      DsStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of information on Differentiated Services DSCP
            usage, containing inbound and outbound packet and octet
            counters for each DSCP configured for collection.

            The dsStatsControlIndex value in the index identifies the
            dsStatsControlEntry on whose behalf this entry was created.

            Only entries with non-zero statistics will be returned by
            the agent, in order to reduce the amount of polling required
            to retrieve data from this table. That is, an entry will be
            created when a packet with the indicated DSCP value is
            detected by the agent.

            Note that only protocols which are encapsulated in IPv4 or
            IPv6 packets will be counted in this table.

            An example of the indexing of this entry is
            dsStatsOutPkts.1.16"
     INDEX { dsStatsControlIndex, dsStatsDsCodept }
    ::= { dsStatsTable 1 }





Expires December 1999                                          [Page 14]






Internet-Draft                 DS-MON MIB                      June 1999


DsStatsEntry ::= SEQUENCE {
    dsStatsDsCodept          DSCodePoint,
    dsStatsInPkts            ZeroBasedCounter32,
    dsStatsInOctets          ZeroBasedCounter32,
    dsStatsInOvflPkts        ZeroBasedCounter32,
    dsStatsInOvflOctets      ZeroBasedCounter32,
    dsStatsInHCPkts          ZeroBasedCounter64,
    dsStatsInHCOctets        ZeroBasedCounter64,
    dsStatsOutPkts           ZeroBasedCounter32,
    dsStatsOutOctets         ZeroBasedCounter32,
    dsStatsOutOvflPkts       ZeroBasedCounter32,
    dsStatsOutOvflOctets     ZeroBasedCounter32,
    dsStatsOutHCPkts         ZeroBasedCounter64,
    dsStatsOutHCOctets       ZeroBasedCounter64
}

dsStatsDsCodept OBJECT-TYPE
    SYNTAX      DSCodePoint
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "The DSCP value associated with the aggregated statistics
            for a particular data source."
    ::= { dsStatsEntry 1 }

dsStatsInPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of packets using a particular DSCP value,
            received on a half-duplex link or on the inbound connection
            of a full-duplex link."
    ::= { dsStatsEntry 2 }

dsStatsInOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of octets in packets, using a particular DSCP
            value, received on a half-duplex link or on the inbound
            connection of a full-duplex link."
    ::= { dsStatsEntry 3 }






Expires December 1999                                          [Page 15]






Internet-Draft                 DS-MON MIB                      June 1999


dsStatsInOvflPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsStatsInPkts counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsStatsInHCPkts object is
            also instantiated for a particular dataSource."
    ::= { dsStatsEntry 4 }

dsStatsInOvflOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsStatsInOctets counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsStatsInHCOctets object is
            also instantiated for a particular dataSource."
    ::= { dsStatsEntry 5 }

dsStatsInHCPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsStatsInPkts object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsStatsEntry 6 }

dsStatsInHCOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsStatsInOctets object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsStatsEntry 7 }





Expires December 1999                                          [Page 16]






Internet-Draft                 DS-MON MIB                      June 1999


dsStatsOutPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of packets using a particular DSCP value,
            received on a full-duplex link in the direction of the
            network."
    ::= { dsStatsEntry 8 }

dsStatsOutOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of octets in packets, using a particular DSCP
            value, received on a full-duplex link in the direction of
            the network."
    ::= { dsStatsEntry 9 }

dsStatsOutOvflPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsStatsOutPkts counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsStatsOutHCPkts object is
            also instantiated for a particular dataSource."
    ::= { dsStatsEntry 10 }

dsStatsOutOvflOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsStatsOutOctets counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsStatsOutHCOctets object is
            also instantiated for a particular dataSource."
    ::= { dsStatsEntry 11 }

dsStatsOutHCPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only





Expires December 1999                                          [Page 17]






Internet-Draft                 DS-MON MIB                      June 1999


    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsStatsOutPkts object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsStatsEntry 12 }

dsStatsOutHCOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsStatsOutOctets object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsStatsEntry 13 }


-- ***********************************************************
-- *                                                         *
-- *     P E R - P R O T O C O L    C O L L E C T I O N S    *
-- *                                                         *
-- ***********************************************************

--
-- DSCP Per-Protocol Statistics Control Table
--

dsPdistControlTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF DsPdistControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "Controls the setup of per-protocol per-DSCP distribution
            statistics."
    ::= { dsPdistObjects 1 }

dsPdistControlEntry OBJECT-TYPE
    SYNTAX      DsPdistControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current





Expires December 1999                                          [Page 18]






Internet-Draft                 DS-MON MIB                      June 1999


    DESCRIPTION
            "A conceptual row in the dsPdistControlTable.

            Entries are created and deleted from this table by
            management action only, using the dsPdistControlStatus
            RowStatus object.

            Activation of a control row in this table will cause an
            associated dsPdistStatsTable to be created and maintained by
            the agent."
    INDEX { dsPdistControlIndex }
    ::= { dsPdistControlTable 1 }

DsPdistControlEntry ::= SEQUENCE {
    dsPdistControlIndex                Integer32,
    dsPdistControlDataSource           DataSource,
    dsPdistControlMaxDesiredEntries    Integer32,
    dsPdistControlCollectMode          INTEGER,
    dsPdistControlDroppedFrames        Counter32,
    dsPdistControlInserts              Counter32,
    dsPdistControlDeletes              Counter32,
    dsPdistControlCreateTime           LastCreateTime,
    dsPdistControlOwner                OwnerString,
    dsPdistControlStatus               RowStatus
}

dsPdistControlIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "An arbitrary and unique index for this
            dsPdistControlEntry."
    ::= { dsPdistControlEntry 1 }

dsPdistControlDataSource OBJECT-TYPE
    SYNTAX      DataSource
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The source of data for the this per-protocol DSCP
            distribution.

            The statistics in this group reflect all IPv4 and IPv6
            packets on the local network segment attached to the





Expires December 1999                                          [Page 19]






Internet-Draft                 DS-MON MIB                      June 1999


            identified interface.

            This object may not be modified if the associated
            dsPdistControlStatus object is equal to active(1)."
    ::= { dsPdistControlEntry 2 }

dsPdistControlMaxDesiredEntries OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 1..2147483647)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The maximum number of entries that are desired in the
            dsPdistStatsTable on behalf of this control entry. The probe
            will not create more than this number of associated entries
            in the table, but may choose to create fewer entries in this
            table for any reason including the lack of resources.

            If this value is set to -1, the probe may create any number
            of entries in this table.

            This object may not be modified if the associated
            dsPdistControlStatus object is equal to active(1)."
    ::= { dsPdistControlEntry 3 }

dsPdistControlCollectMode OBJECT-TYPE
    SYNTAX INTEGER {
            netLayer(1),         -- count L3 protocols
            appLayer(2),         -- count application protocols
            netAndAppLayers(3)   -- count L3 and app protocols
    }
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The packet layer(s) at which the agent should process DSCP
            information, for each monitored packet.

            If this object has a value of 'netLayer(1)', then the agent
            will include only network layer protocols in the associated
            dsPdistStatsTable.

            If this object has a value of 'appLayer(2)', then the agent
            will include only application layer protocols in the
            associated dsPdistStatsTable. Any 'terminal' protocol is
            considered to be an application protocol.






Expires December 1999                                          [Page 20]






Internet-Draft                 DS-MON MIB                      June 1999


            If this object has a value of 'netAndAppLayers(3)', then the
            agent will include only network and application layer
            protocols in the associated dsPdistStatsTable. Note that
            entries for transport layer protocols (e.g., TCP) will not
            be created by the agent, even if detected by the agent.

            This object may not be modified if the associated
            dsPdistControlStatus object is equal to active(1)."
    ::= { dsPdistControlEntry 4 }

dsPdistControlDroppedFrames OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The total number of frames which were received by the probe
            and therefore not accounted for in the *StatsDropEvents, but
            for which the probe chose not to count for this entry for
            whatever reason.  Most often, this event occurs when the
            probe is out of some resources and decides to shed load from
            this collection.

            This count does not include packets that were not counted
            because they had MAC-layer errors.

            Note that, unlike the dropEvents counter, this number is the
            exact number of frames dropped."
    ::= { dsPdistControlEntry 5 }

dsPdistControlInserts OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The number of times a dsPdist entry has been inserted into
            the dsPdistTable.  If an entry is inserted, then deleted,
            and then inserted, this counter will be incremented by 2.

            To allow for efficient implementation strategies, agents may
            delay updating this object for short periods of time.  For
            example, an implementation strategy may allow internal data
            structures to differ from those visible via SNMP for short
            periods of time.  This counter may reflect the internal data
            structures for those short periods of time.






Expires December 1999                                          [Page 21]






Internet-Draft                 DS-MON MIB                      June 1999


            Note that the table size can be determined by subtracting
            dsPdistControlDeletes from dsPdistControlInserts."
    ::= { dsPdistControlEntry 6 }

dsPdistControlDeletes OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The number of times a dsPdist entry has been deleted from
            the dsPdist table (for any reason).  If an entry is deleted,
            then inserted, and then deleted, this counter will be
            incremented by 2.

            To allow for efficient implementation strategies, agents may
            delay updating this object for short periods of time.  For
            example, an implementation strategy may allow internal data
            structures to differ from those visible via SNMP for short
            periods of time.  This counter may reflect the internal data
            structures for those short periods of time.

            Note that the table size can be determined by subtracting
            dsPdistControlDeletes from dsPdistControlInserts."
    ::= { dsPdistControlEntry 7 }

dsPdistControlCreateTime OBJECT-TYPE
    SYNTAX     LastCreateTime
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of sysUpTime when this control entry was last
            activated. This can be used by the management station to
            ensure that the table has not been deleted and recreated
            between polls."
    ::= { dsPdistControlEntry 8 }

dsPdistControlOwner OBJECT-TYPE
    SYNTAX      OwnerString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The entity that configured this entry and is therefore
            using the resources assigned to it."
    ::= { dsPdistControlEntry 9 }






Expires December 1999                                          [Page 22]






Internet-Draft                 DS-MON MIB                      June 1999


dsPdistControlStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The status of this row.

            An entry may not exist in the active state unless all
            objects in the entry have an appropriate value.

            If this object is not equal to active(1), all associated
            entries in the dsPdistStatsTable shall be deleted."
    ::= { dsPdistControlEntry 10 }

--
-- Per-Protocol Statistics Table
--

dsPdistStatsTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF DsPdistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of information on Per Protocol DSCP usage."
    ::= { dsPdistObjects 2 }

dsPdistStatsEntry OBJECT-TYPE
    SYNTAX      DsPdistStatsEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of information on Differentiated Services DSCP
            usage, containing packet and octet counters for each DSCP
            configured for collection, and each protocol (as identified
            by the protocolDirLocalIndex for the protocol) identified in
            each monitored packet.

            The dsPdistControlIndex value in the index identifies the
            dsPdistControlEntry on whose behalf this entry was created.

            Only entries with non-zero statistics will be returned by
            the agent, in order to reduce the amount of polling required
            to retrieve data from this table. That is, an entry will be
            created when a packet of that type and DSCP value is
            detected by the agent.





Expires December 1999                                          [Page 23]






Internet-Draft                 DS-MON MIB                      June 1999


            Note that only protocols which are encapsulated in IPv4 or
            IPv6 packets will be counted in this table, as indicated by
            the protocolDirTable configuration.

            An example of the indexing of this entry is
            dsPdistStatsPkts.9.29943.42.16."
     INDEX { dsPdistControlIndex,
             dsPdistTimeMark,
             protocolDirLocalIndex,
             dsPdistDsCodept }
    ::= { dsPdistStatsTable 1 }

DsPdistStatsEntry ::= SEQUENCE {
    dsPdistTimeMark             TimeFilter,
    dsPdistDsCodept             DSCodePoint,
    dsPdistStatsPkts            ZeroBasedCounter32,
    dsPdistStatsOctets          ZeroBasedCounter32,
    dsPdistStatsOvflPkts        ZeroBasedCounter32,
    dsPdistStatsOvflOctets      ZeroBasedCounter32,
    dsPdistStatsHCPkts          ZeroBasedCounter64,
    dsPdistStatsHCOctets        ZeroBasedCounter64,
    dsPdistStatsCreateTime      LastCreateTime
}

dsPdistTimeMark OBJECT-TYPE
    SYNTAX      TimeFilter
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "The Time Filter index for this table. This object may be
            used by a management station to retrieve only rows which
            have been created or modified since a particular time.  Note
            that the current value for a row are always returned and the
            TimeFilter is not a historical data archiving mechanism.
            Refer to RFC 2021 [RFC2021] for a detailed description of
            TimeFilter operation."
    ::= { dsPdistStatsEntry 1 }

dsPdistDsCodept OBJECT-TYPE
    SYNTAX      DSCodePoint
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "The DSCP value associated with the aggregated statistics
            for a particular protocol."





Expires December 1999                                          [Page 24]






Internet-Draft                 DS-MON MIB                      June 1999


    ::= { dsPdistStatsEntry 2 }

dsPdistStatsPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of packets, monitored by this agent, and
            identified to be using a particular DSCP value in the DS
            header, on behalf of the protocol identified by the
            associated protocolDirLocalIndex value."
    ::= { dsPdistStatsEntry 3 }

dsPdistStatsOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of octets in packets, monitored by this agent
            and identified to be using a particular DSCP value in the DS
            header, on behalf of the protocol identified by the
            associated protocolDirLocalIndex value.

            Note that this object doesn't count just those octets in the
            particular protocol frames, but includes the entire packet
            that contained the protocol."
    ::= { dsPdistStatsEntry 4 }

dsPdistStatsOvflPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsPdistStatsPkts counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsPdistStatsHCPkts object is
            also instantiated for a particular dataSource."
    ::= { dsPdistStatsEntry 5 }

dsPdistStatsOvflOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsPdistStatsOctets





Expires December 1999                                          [Page 25]






Internet-Draft                 DS-MON MIB                      June 1999


            counter has overflowed.  Note that this object will only be
            instantiated if the associated dsPdistStatsHCOctets object
            is also instantiated for a particular dataSource."
    ::= { dsPdistStatsEntry 6 }

dsPdistStatsHCPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsPdistStatsPkts object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsPdistStatsEntry 7 }

dsPdistStatsHCOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsPdistStatsOctets object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsPdistStatsEntry 8 }

dsPdistStatsCreateTime OBJECT-TYPE
    SYNTAX     LastCreateTime
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of sysUpTime when this dsPdistStats entry was
            last instantiated by the agent. This can be used by the
            management station to ensure that the entry has not been
            deleted and recreated between polls."
    ::= { dsPdistStatsEntry 9 }


--
-- Per-Protocol Statistics TopN Control Table
--






Expires December 1999                                          [Page 26]






Internet-Draft                 DS-MON MIB                      June 1999


dsPdistTopNControlTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF DsPdistTopNControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A set of parameters that control the creation of a report
            of the top N dsPdist entries according to a selected
            metric."
    ::= { dsPdistObjects 3 }

dsPdistTopNControlEntry OBJECT-TYPE
    SYNTAX      DsPdistTopNControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the dsPdistTopNControlTable.

            Entries are created and deleted from this table by
            management action only, using the dsPdistTopNControlStatus
            RowStatus object.

            Activation of a control row in this table will cause an
            associated dsPdistTopNTable to be created and maintained by
            the agent."
    INDEX { dsPdistTopNControlIndex }
    ::= { dsPdistTopNControlTable 1 }

DsPdistTopNControlEntry ::= SEQUENCE {
    dsPdistTopNControlIndex            Integer32,
    dsPdistTopNControlPdistIndex       Integer32,
    dsPdistTopNControlRateBase         INTEGER,
    dsPdistTopNControlTimeRemaining    Integer32,
    dsPdistTopNControlGeneratedReports Counter32,
    dsPdistTopNControlDuration         Integer32,
    dsPdistTopNControlRequestedSize    Integer32,
    dsPdistTopNControlGrantedSize      Integer32,
    dsPdistTopNControlStartTime        TimeStamp,
    dsPdistTopNControlOwner            OwnerString,
    dsPdistTopNControlStatus           RowStatus
}

dsPdistTopNControlIndex OBJECT-TYPE
    SYNTAX     Integer32 (1..65535)
    MAX-ACCESS not-accessible
    STATUS     current





Expires December 1999                                          [Page 27]






Internet-Draft                 DS-MON MIB                      June 1999


    DESCRIPTION
            "An index that uniquely identifies an entry in the
            dsPdistTopNControlTable.  Each such entry defines one Top N
            report prepared for one RMON dataSource."
    ::= { dsPdistTopNControlEntry 1 }

dsPdistTopNControlPdistIndex OBJECT-TYPE
    SYNTAX     Integer32 (1..65535)
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The dsPdistTable for which a top N report will be prepared
            on behalf of this entry.  The dsPdistTable is identified by
            the value of the dsPdistControlIndex for that table - that
            value is used here to identify the particular table.

            This object may not be modified if the associated
            dsPdistTopNControlStatus object is equal to active(1)."
    ::= { dsPdistTopNControlEntry 2 }

dsPdistTopNControlRateBase OBJECT-TYPE
    SYNTAX     INTEGER {
                  dsPdistTopNPkts(1),
                  dsPdistTopNOctets(2),
                  dsPdistTopNHCPkts(3),
                  dsPdistTopNHCOctets(4)
               }
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The variable for each dsPdist that the dsPdistTopNRate and
            dsPdistTopNHCRate variables are based upon.  Each
            dsPdistTopN report generated on behalf of this control entry
            will be ranked in descending order, based on the associated
            dsPdistStatsTable counter, identified by this object.

            The following table identifies the dsPdistTable counter
            associated with each enumeration:

            Enumeration              RateBase MIB Object
            -----------              -------------------
            dsPdistTopNPkts          dsPdistStatsPkts
            dsPdistTopNOctets        dsPdistStatsOctets
            dsPdistTopNHCPkts        dsPdistStatsHCPkts
            dsPdistTopNHCOctets      dsPdistStatsHCOctets





Expires December 1999                                          [Page 28]






Internet-Draft                 DS-MON MIB                      June 1999


            Note that the dsPdistTopNHCPkts and dsPdistTopNHCOctets
            enumerations are only available if the agent supports High
            Capacity RMON collection.

            This object may not be modified if the associated
            dsPdistTopNControlStatus object is equal to active(1)."
    ::= { dsPdistTopNControlEntry 3 }

dsPdistTopNControlTimeRemaining OBJECT-TYPE
    SYNTAX     Integer32 (0..2147483647)
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The number of seconds left in the report currently being
            collected.  When this object is modified by the management
            station, a new collection is started, possibly aborting a
            currently running report.  The new value is used as the
            requested duration of this report, and is immediately loaded
            into the associated dsPdistTopNControlDuration object.

            When the report finishes, the probe will automatically start
            another collection with the same initial value of
            dsPdistTopNControlTimeRemaining.  Thus the management
            station may simply read the resulting reports repeatedly,
            checking the startTime and duration each time to ensure that
            a report was not missed or that the report parameters were
            not changed.

            While the value of this object is non-zero, it decrements by
            one per second until it reaches zero.  At the time that this
            object decrements to zero, the report is made accessible in
            the dsPdistTopNTable, overwriting any report that may be
            there.

            When this object is modified by the management station, any
            associated entries in the dsPdistTopNTable shall be
            deleted."
    DEFVAL { 1800 }
    ::= { dsPdistTopNControlEntry 4 }

dsPdistTopNControlGeneratedReports OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION





Expires December 1999                                          [Page 29]






Internet-Draft                 DS-MON MIB                      June 1999


            "The number of reports that have been generated by this
            entry."
    ::= { dsPdistTopNControlEntry 5 }

dsPdistTopNControlDuration OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The number of seconds that this report has collected during
            the last sampling interval.

            When the associated dsPdistTopNControlTimeRemaining object
            is set, this object shall be set by the probe to the same
            value and shall not be modified until the next time the
            dsPdistTopNControlTimeRemaining is set.

            This value shall be zero if no reports have been requested
            for this dsPdistTopNControlEntry."
    ::= { dsPdistTopNControlEntry 6 }

dsPdistTopNControlRequestedSize OBJECT-TYPE
    SYNTAX     Integer32 (0..2147483647)
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The maximum number of dsPdist entries requested for this
            report.

            When this object is created or modified, the probe should
            set dsPdistTopNControlGrantedSize as closely to this object
            as is possible for the particular probe implementation and
            available resources."
    DEFVAL { 150 }
    ::= { dsPdistTopNControlEntry 7 }

dsPdistTopNControlGrantedSize OBJECT-TYPE
    SYNTAX     Integer32 (0..2147483647)
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The maximum number of dsPdist entries in this report.

            When the associated dsPdistTopNControlRequestedSize object
            is created or modified, the probe should set this object as





Expires December 1999                                          [Page 30]






Internet-Draft                 DS-MON MIB                      June 1999


            closely to the requested value as is possible for the
            particular implementation and available resources. The probe
            must not lower this value except as a result of a set to the
            associated dsPdistTopNControlRequestedSize object.

            When the associated dsPdistTopNControlRequestedSize object
            is created or modified, the probe should set this object as
            closely to the requested value as is possible for the
            particular implementation and available resources. The probe
            must not lower this value except as a result of a set to the
            associated dsPdistTopNControlRequestedSize object.

            Protocol entries with the highest value of dsPdistTopNRate
            or dsPdistTopNHCRate (depending on the value of the
            associated dsPdistTopNControlRateBase object) shall be
            placed in this table in decreasing order of this rate until
            there is no more room or until there are no more dsPdist
            entries."
    ::= { dsPdistTopNControlEntry 8 }

dsPdistTopNControlStartTime OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of sysUpTime when this top N report was last
            started.  In other words, this is the time that the
            associated dsPdistTopNControlTimeRemaining object was
            modified to start the requested report or the time the
            report was last automatically (re)started.

            This object may be used by the management station to
            determine if a report was missed or not."
    ::= { dsPdistTopNControlEntry 9 }

dsPdistTopNControlOwner OBJECT-TYPE
    SYNTAX     OwnerString
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The entity that configured this entry and is therefore
            using the resources assigned to it."
    ::= { dsPdistTopNControlEntry 10 }

dsPdistTopNControlStatus OBJECT-TYPE





Expires December 1999                                          [Page 31]






Internet-Draft                 DS-MON MIB                      June 1999


    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The status of this dsPdistTopNControlEntry.

            An entry may not exist in the active state unless all
            objects in the entry have an appropriate value.

            If this object is not equal to active(1), all associated
            entries in the dsPdistTopNTable shall be deleted by the
            agent."
    ::= { dsPdistTopNControlEntry 11 }

--
-- dsPdist TopN Table
--

dsPdistTopNTable OBJECT-TYPE
    SYNTAX     SEQUENCE OF DsPdistTopNEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "A set of statistics for those protocol distribution entries
            that have counted the highest number of octets or packets.

            Note that dsPdist entries which did not increment at all
            during the report interval are not included in dsPdistTopN
            reports."
    ::= { dsPdistObjects 4 }

dsPdistTopNEntry OBJECT-TYPE
    SYNTAX     DsPdistTopNEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "A conceptual row in the dsPdistTopNTable.

            The dsPdistTopNControlIndex value in the index identifies
            the dsPdistTopNControlEntry on whose behalf this entry was
            created."
    INDEX { dsPdistTopNControlIndex, dsPdistTopNIndex }
    ::= { dsPdistTopNTable 1 }

DsPdistTopNEntry ::= SEQUENCE {





Expires December 1999                                          [Page 32]






Internet-Draft                 DS-MON MIB                      June 1999


    dsPdistTopNIndex                      Integer32,
    dsPdistTopNProtocolDirLocalIndex      Integer32,
    dsPdistTopNDsCodept                   DSCodePoint,
    dsPdistTopNRate                       Gauge32,
    dsPdistTopNRateOvfl                   Gauge32,
    dsPdistTopNHCRate                     Counter64 -- Gauge64
  }

dsPdistTopNIndex OBJECT-TYPE
    SYNTAX     Integer32 (1..65535)
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An index that uniquely identifies an entry in the
            dsPdistTopNTable among those in the same report.  This index
            is between 1 and N, where N is the number of entries in this
            report."
    ::= { dsPdistTopNEntry 1 }

dsPdistTopNProtocolDirLocalIndex OBJECT-TYPE
    SYNTAX     Integer32 (1..2147483647)
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The protocolDirLocalIndex value which identifies the
            protocol associated with this entry."
    ::= { dsPdistTopNEntry 2 }

dsPdistTopNDsCodept OBJECT-TYPE
    SYNTAX      DSCodePoint
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The DSCP value associated with protocol identified in this
            entry."
    ::= { dsPdistTopNEntry 3 }

dsPdistTopNRate OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The amount of change in the selected variable during this
            sampling interval.  The selected variable is this protocol's
            instance of the object selected by





Expires December 1999                                          [Page 33]






Internet-Draft                 DS-MON MIB                      June 1999


            dsPdistTopNControlRateBase.

            If the associated dsPdistTopNControlRateBase is equal to
            'dsPdistTopNHCPkts' or 'dsPdistTopNHCOctets', then this
            object will contain the the least significant 32 bits of the
            associated dsPdistTopNHCRate object."
    ::= { dsPdistTopNEntry 4 }

dsPdistTopNRateOvfl OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The most significant 32 bits of the associated
            dsPdistTopNHCRate object.

            If the associated dsPdistTopNControlRateBase is equal to
            'dsPdistTopNHCPkts' or 'dsPdistTopNHCOctets', then this
            object will contain the upper 32 bits of the associated
            dsPdistTopNHCRate object.

            If the associated dsPdistTopNControlRateBase is equal to
            'dsPdistTopNPkts' or 'dsPdistTopNOctets', then this object
            will contain the value zero.

            The agent may choose not to instantiate this object if High
            Capacity RMON collection is not supported."
    ::= { dsPdistTopNEntry 5 }

dsPdistTopNHCRate OBJECT-TYPE
    SYNTAX     Counter64   -- Gauge64
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The amount of change in the selected variable during this
            sampling interval.  The selected variable is this protocol's
            instance of the object selected by
            dsPdistTopNControlRateBase.

            If the associated dsPdistTopNControlRateBase is equal to
            'dsPdistTopNPkts' or 'dsPdistTopNOctets', then this object
            will contain the value zero, and the associated
            dsPdistTopNRate object will contain the change in the
            selected variable during the sampling interval.






Expires December 1999                                          [Page 34]






Internet-Draft                 DS-MON MIB                      June 1999


            The agent may choose not to instantiate this object if High
            Capacity RMON collection is not supported."
    ::= { dsPdistTopNEntry 6 }


-- ***********************************************************
-- *                                                         *
-- *      P E R  -  H O S T       C O L L E C T I O N S      *
-- *                                                         *
-- ***********************************************************


--
-- IP Host Statistics Control Table
--

dsHostControlTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF DsHostControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "Controls setup of per DSCP, per IP host distribution
            statistics."
    ::= { dsHostObjects 1 }

dsHostControlEntry OBJECT-TYPE
    SYNTAX      DsHostControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the dsHostControlTable.

            Entries are created and deleted from this table by
            management action only, using the dsHostControlStatus
            RowStatus object.

            Activation of a control row in this table will cause an
            associated dsHostTable to be created and maintained by the
            agent."
    INDEX { dsHostControlIndex }
    ::= { dsHostControlTable 1 }

DsHostControlEntry ::= SEQUENCE {
    dsHostControlIndex                Integer32,
    dsHostControlDataSource           DataSource,





Expires December 1999                                          [Page 35]






Internet-Draft                 DS-MON MIB                      June 1999


    dsHostControlMaxDesiredEntries    Integer32,
    dsHostControlNumAddrBits          Integer32,
    dsHostControlDroppedFrames        Counter32,
    dsHostControlInserts              Counter32,
    dsHostControlDeletes              Counter32,
    dsHostControlCreateTime           LastCreateTime,
    dsHostControlOwner                OwnerString,
    dsHostControlStatus               RowStatus
}

dsHostControlIndex OBJECT-TYPE
    SYNTAX      Integer32 (1..65535)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "An arbitrary and unique index for this dsHostControlEntry."
    ::= { dsHostControlEntry 1 }

dsHostControlDataSource OBJECT-TYPE
    SYNTAX      DataSource
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The source of data for the associated dsHostTable.

            The statistics in this group reflect all IPv4 and IPv6
            packets on the local network segment attached to the
            identified interface.

            This object may not be modified if the associated
            dsHostControlStatus object is equal to active(1)."
    ::= { dsHostControlEntry 2 }

dsHostControlMaxDesiredEntries OBJECT-TYPE
    SYNTAX      Integer32 (-1 | 1..2147483647)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The maximum number of entries that are desired in the
            dsHostTable on behalf of this control entry. The probe will
            not create more than this number of associated entries in
            the table, but may choose to create fewer entries in this
            table for any reason including the lack of resources.

            If this value is set to -1, the probe may create any number





Expires December 1999                                          [Page 36]






Internet-Draft                 DS-MON MIB                      June 1999


            of entries in this table.

            This object may not be modified if the associated
            dsHostControlStatus object is equal to active(1)."
    ::= { dsHostControlEntry 3 }

dsHostControlNumAddrBits OBJECT-TYPE
    SYNTAX      Integer32 (8..32)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The number of 'leftmost' contiguous bits in the IPv4 host
            address (as identified by the dsHostAddress object) that
            should be maintained in this collection.

            If this object has a value less than '32', then 'm'
            rightmost bits, where 'm' is equal to '32 -
            dsHostControlNumAddrBits', will be cleared to zero for
            counting purposes only.  The 'leftmost' bit is the most
            significant bit of the first network-byte-order octet of the
            address.

            Note that this object only affects IPv4 host entries in the
            associated dsHostTable. IPv6 entries are not affected by
            this object.

            This object may not be modified if the associated
            dsHostControlStatus object is equal to active(1)."
    DEFVAL { 32 }
    ::= { dsHostControlEntry 4 }

dsHostControlDroppedFrames OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The total number of frames which were received by the probe
            and therefore not accounted for in the *StatsDropEvents, but
            for which the probe chose not to count for the associated
            dsHost entries for whatever reason.  Most often, this event
            occurs when the probe is out of some resources and decides
            to shed load from this collection.

            This count does not include packets that were not counted
            because they had MAC-layer errors.





Expires December 1999                                          [Page 37]






Internet-Draft                 DS-MON MIB                      June 1999


            Note that if the dsHostTable is inactive because no
            appropriate protocols are enabled in the protocol directory,
            this value should be 0.

            Note that, unlike the dropEvents counter, this number is the
            exact number of frames dropped."
    ::= { dsHostControlEntry 5 }

dsHostControlInserts OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The number of times a dsHost entry has been inserted into
            the dsHost table.  If an entry is inserted, then deleted,
            and then inserted, this counter will be incremented by 2.

            To allow for efficient implementation strategies, agents may
            delay updating this object for short periods of time.  For
            example, an implementation strategy may allow internal data
            structures to differ from those visible via SNMP for short
            periods of time.  This counter may reflect the internal data
            structures for those short periods of time.

            Note that the table size can be determined by subtracting
            dsHostControlDeletes from dsHostControlInserts."
    ::= { dsHostControlEntry 6 }

dsHostControlDeletes OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The number of times a dsHost entry has been deleted from
            the dsHost table (for any reason).  If an entry is deleted,
            then inserted, and then deleted, this counter will be
            incremented by 2.

            To allow for efficient implementation strategies, agents may
            delay updating this object for short periods of time.  For
            example, an implementation strategy may allow internal data
            structures to differ from those visible via SNMP for short
            periods of time.  This counter may reflect the internal data
            structures for those short periods of time.






Expires December 1999                                          [Page 38]






Internet-Draft                 DS-MON MIB                      June 1999


            Note that the table size can be determined by subtracting
            dsHostControlDeletes from dsHostControlInserts."
    ::= { dsHostControlEntry 7 }

dsHostControlCreateTime OBJECT-TYPE
    SYNTAX     LastCreateTime
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of sysUpTime when this control entry was last
            activated. This can be used by the management station to
            ensure that the table has not been deleted and recreated
            between polls."
    ::= { dsHostControlEntry 8 }

dsHostControlOwner OBJECT-TYPE
    SYNTAX      OwnerString
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The entity that configured this entry and is therefore
            using the resources assigned to it."
    ::= { dsHostControlEntry 9 }

dsHostControlStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The status of this dsHostControlEntry.

            An entry may not exist in the active state unless all
            objects in the entry have an appropriate value.

            If this object is not equal to active(1), all associated
            entries in the dsHostTable shall be deleted."
    ::= { dsHostControlEntry 10 }

--
-- IP Host Statistics Table
--

dsHostTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF DsHostEntry
    MAX-ACCESS  not-accessible





Expires December 1999                                          [Page 39]






Internet-Draft                 DS-MON MIB                      June 1999


    STATUS      current
    DESCRIPTION
            "A collection of statistics for a particular IPv4 or IPv6
            address that has been discovered on a particular dataSource.

            The probe will add to this table all IP addresses seen as
            the source or destination address in all packets with no MAC
            errors, and will increment octet and packet counts in the
            table for all packets with no MAC errors."
    ::= { dsHostObjects 2 }

dsHostEntry OBJECT-TYPE
    SYNTAX      DsHostEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of information on Differentiated Services DSCP
            usage, containing packet and octet counters for each DSCP
            configured for collection per host address, as identified in
            each monitored packet.

            The dsHostControlIndex value in the index identifies the
            dsHostControlEntry on whose behalf this entry was created.
            The length of the dsHostAddress field identifies the network
            layer protocol as either IPv4 or IPv6.

            Only entries with non-zero statistics will be returned by
            the agent, in order to reduce the amount of polling required
            to retrieve data from this table.  An entry will be created
            when a packet of that type, IP address, and DSCP value is
            detected by the agent.

            An example of the indexing of this entry is
            dsHostOutPkts.1.24873.32.4.171.69.120.0"
    INDEX { dsHostControlIndex,
            dsHostTimeMark,
            dsHostDsCodept,
            dsHostAddress }
    ::= { dsHostTable 1 }

DsHostEntry ::= SEQUENCE {
    dsHostTimeMark              TimeFilter,
    dsHostDsCodept              DSCodePoint,
    dsHostAddress               OCTET STRING,
    dsHostInPkts                ZeroBasedCounter32,





Expires December 1999                                          [Page 40]






Internet-Draft                 DS-MON MIB                      June 1999


    dsHostInOctets              ZeroBasedCounter32,
    dsHostInOvflPkts            ZeroBasedCounter32,
    dsHostInOvflOctets          ZeroBasedCounter32,
    dsHostInHCPkts              ZeroBasedCounter64,
    dsHostInHCOctets            ZeroBasedCounter64,
    dsHostOutPkts               ZeroBasedCounter32,
    dsHostOutOctets             ZeroBasedCounter32,
    dsHostOutOvflPkts           ZeroBasedCounter32,
    dsHostOutOvflOctets         ZeroBasedCounter32,
    dsHostOutHCPkts             ZeroBasedCounter64,
    dsHostOutHCOctets           ZeroBasedCounter64,
    dsHostCreateTime            LastCreateTime
}

dsHostTimeMark OBJECT-TYPE
    SYNTAX      TimeFilter
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "The Time Filter index for this table. This object may be
            used by a management station to retrieve only rows which
            have been created or modified since a particular time.  Note
            that the current value for a row are always returned and the
            TimeFilter is not a historical data archiving mechanism.
            Refer to RFC 2021 [RFC2021] for a detailed description of
            TimeFilter operation."
    ::= { dsHostEntry 1 }

dsHostDsCodept OBJECT-TYPE
    SYNTAX      DSCodePoint
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "The DSCP value associated with the aggregated statistics
            for a particular IP host."
    ::= { dsHostEntry 2 }

dsHostAddress OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE (4 | 16))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "The network address for this dsHostEntry.

            The length of the address string is used to determine if





Expires December 1999                                          [Page 41]






Internet-Draft                 DS-MON MIB                      June 1999


            this entry represents an IPv4 or IPv6 address.  For example,
            if the length of this object is '4', then this object is
            encoded as an IPv4 address in network byte order.

            Note that IPv4 addresses may have some 'rightmost' bits
            cleared to zero for counting purposes, as specified by the
            associated dsHostControlNumHostBits object."
    ::= { dsHostEntry 3 }

dsHostInPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of packets without errors, using the identified
            DSCP and transmitted to this address, since it was added to
            the dsHostTable.  Note that this is the number of link-layer
            packets, so if a single network-layer packet is fragmented
            into several link-layer frames, this counter is incremented
            several times."
    ::= { dsHostEntry 4 }

dsHostInOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of octets, transmitted to this address and using
            the identified DSCP, since it was added to the dsHostTable
            (excluding framing bits but including FCS octets), excluding
            those octets in packets that contained errors.

            Note this doesn't count just those octets in the particular
            protocol frames, but includes the entire packet that
            contained the protocol."
    ::= { dsHostEntry 5 }

dsHostInOvflPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsHostInPkts counter has
            overflowed.  Note that this object will only be instantiated
            if the associated dsHostInHCPkts object is also instantiated





Expires December 1999                                          [Page 42]






Internet-Draft                 DS-MON MIB                      June 1999


            for a particular dataSource."
    ::= { dsHostEntry 6 }

dsHostInOvflOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsHostInOctets counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsHostInHCOctets object is
            also instantiated for a particular dataSource."
    ::= { dsHostEntry 7 }

dsHostInHCPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsHostInPkts object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsHostEntry 8 }

dsHostInHCOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsHostInOctets object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsHostEntry 9 }

dsHostOutPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of packets without errors, using the identified
            DSCP and transmitted by this address, since it was added to





Expires December 1999                                          [Page 43]






Internet-Draft                 DS-MON MIB                      June 1999


            the dsHostTable.  Note that this is the number of link-layer
            packets, so if a single network-layer packet is fragmented
            into several link-layer frames, this counter is incremented
            several times."
    ::= { dsHostEntry 10 }

dsHostOutOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of octets, transmitted by this address and using
            the identified DSCP, since it was added to the dsHostTable
            (excluding framing bits but including FCS octets), excluding
            those octets in packets that contained errors.

            Note this doesn't count just those octets in the particular
            protocol frames, but includes the entire packet that
            contained the protocol."
    ::= { dsHostEntry 11 }

dsHostOutOvflPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsHostOutPkts counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsHostOutHCPkts object is
            also instantiated for a particular dataSource."
    ::= { dsHostEntry 12 }

dsHostOutOvflOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The number of times the associated dsHostOutOctets counter
            has overflowed.  Note that this object will only be
            instantiated if the associated dsHostOutHCOctets object is
            also instantiated for a particular dataSource."
    ::= { dsHostEntry 13 }

dsHostOutHCPkts OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64





Expires December 1999                                          [Page 44]






Internet-Draft                 DS-MON MIB                      June 1999


    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsHostOutPkts object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsHostEntry 14 }

dsHostOutHCOctets OBJECT-TYPE
    SYNTAX      ZeroBasedCounter64
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The 64-bit version of the dsHostOutOctets object.

            Note that this object will only be instantiated if the RMON
            agent supports High Capacity RMON for a particular
            dataSource."
    ::= { dsHostEntry 15 }

dsHostCreateTime OBJECT-TYPE
    SYNTAX     LastCreateTime
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of sysUpTime when this dsHost entry was last
            instantiated by the agent. This can be used by the
            management station to ensure that the entry has not been
            deleted and recreated between polls."
    ::= { dsHostEntry 16 }


--
-- DSCP Per-Protocol Per-Host Statistics TopN Control Table
--

dsHostTopNControlTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF DsHostTopNControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A set of parameters that control the creation of a report
            of the top N dsHost entries according to a selected metric."





Expires December 1999                                          [Page 45]






Internet-Draft                 DS-MON MIB                      June 1999


    ::= { dsHostObjects 3 }

dsHostTopNControlEntry OBJECT-TYPE
    SYNTAX      DsHostTopNControlEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the dsHostTopNControlTable.

            Entries are created and deleted from this table by
            management action only, using the dsHostTopNControlStatus
            RowStatus object.

            Activation of a control row in this table will cause an
            associated dsHostTopNTable to be created and maintained by
            the agent."
    INDEX { dsHostTopNControlIndex }
    ::= { dsHostTopNControlTable 1 }

DsHostTopNControlEntry ::= SEQUENCE {
    dsHostTopNControlIndex            Integer32,
    dsHostTopNControlHostIndex        Integer32,
    dsHostTopNControlRateBase         INTEGER,
    dsHostTopNControlTimeRemaining    Integer32,
    dsHostTopNControlGeneratedReports Counter32,
    dsHostTopNControlDuration         Integer32,
    dsHostTopNControlRequestedSize    Integer32,
    dsHostTopNControlGrantedSize      Integer32,
    dsHostTopNControlStartTime        TimeStamp,
    dsHostTopNControlOwner            OwnerString,
    dsHostTopNControlStatus           RowStatus
}

dsHostTopNControlIndex OBJECT-TYPE
    SYNTAX     Integer32 (1..65535)
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An index that uniquely identifies an entry in the
            dsHostTopNControlTable.  Each such entry defines one Top N
            report prepared for one RMON dataSource."
    ::= { dsHostTopNControlEntry 1 }

dsHostTopNControlHostIndex OBJECT-TYPE
    SYNTAX     Integer32 (1..65535)





Expires December 1999                                          [Page 46]






Internet-Draft                 DS-MON MIB                      June 1999


    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The dsHostTable for which a top N report will be prepared
            on behalf of this entry.  The dsHostTable is identified by
            the value of the dsHostControlIndex for that table - that
            value is used here to identify the particular table.

            This object may not be modified if the associated
            dsHostTopNControlStatus object is equal to active(1)."
    ::= { dsHostTopNControlEntry 2 }

dsHostTopNControlRateBase OBJECT-TYPE
    SYNTAX     INTEGER {
                  dsHostTopNInPkts(1),
                  dsHostTopNInOctets(2),
                  dsHostTopNOutPkts(3),
                  dsHostTopNOutOctets(4),
                  dsHostTopNTotalPkts(5),
                  dsHostTopNTotalOctets(6),
                  dsHostTopNInHCPkts(7),
                  dsHostTopNInHCOctets(8),
                  dsHostTopNOutHCPkts(9),
                  dsHostTopNOutHCOctets(10),
                  dsHostTopNTotalHCPkts(11),
                  dsHostTopNTotalHCOctets(12)
               }
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The variable(s) for each dsHost that the dsHostTopNRate and
            dsHostTopNHCRate variables are based upon.  Each dsHostTopN
            report generated on behalf of this control entry will be
            ranked in descending order, based on the associated
            dsHostTable counter(s), identified by this object.

            The following table identifies the dsHostTable counters
            associated with each enumeration:

            Enumeration              RateBase MIB Objects
            -----------              --------------------
            dsHostTopNInPkts         dsHostInPkts
            dsHostTopNInOctets       dsHostInOctets
            dsHostTopNOutPkts        dsHostOutPkts
            dsHostTopNOutOctets      dsHostOutOctets





Expires December 1999                                          [Page 47]






Internet-Draft                 DS-MON MIB                      June 1999


            dsHostTopNTotalPkts      dsHostInPkts +
                                       dsHostOutPkts
            dsHostTopNTotalOctets    dsHostInOctets +
                                       dsHostOutOctets
            dsHostTopNInHCPkts       dsHostInHCPkts
            dsHostTopNInHCOctets     dsHostInHCOctets
            dsHostTopNOutHCPkts      dsHostOutHCPkts
            dsHostTopNOutHCOctets    dsHostOutHCPkts
            dsHostTopNTotalHCPkts    dsHostInHCPkts +
                                       dsHostOutHCPkts
            dsHostTopNTotalHCOctets  dsHostInHCOctets +
                                       dsHostOutHCOctets

            The following enumerations are only available if the agent
            supports High Capacity RMON collection:

            dsHostTopNInHCPkts
            dsHostTopNInHCOctets
            dsHostTopNOutHCPkts
            dsHostTopNOutHCOctets
            dsHostTopNTotalHCPkts
            dsHostTopNTotalHCOctets

            It is an implementation-specific matter whether an agent can
            detect an overflow condition resulting from the addition of
            two counter delta values for the following enumerations:

            dsHostTopNTotalPkts
            dsHostTopNTotalOctets
            dsHostTopNTotalHCPkts
            dsHostTopNTotalHCOctets

            In the event such an overflow condition can be detected by
            the agent, the associated dsHostTopNRate,
            dsHostTopNRateOvfl, and/or dsHostTopNHCRate objects should
            be set to their maximum value.

            This object may not be modified if the associated
            dsHostTopNControlStatus object is equal to active(1)."
    ::= { dsHostTopNControlEntry 3 }

dsHostTopNControlTimeRemaining OBJECT-TYPE
    SYNTAX     Integer32 (0..2147483647)
    MAX-ACCESS read-create
    STATUS     current





Expires December 1999                                          [Page 48]






Internet-Draft                 DS-MON MIB                      June 1999


    DESCRIPTION
            "The number of seconds left in the report currently being
            collected.  When this object is modified by the management
            station, a new collection is started, possibly aborting a
            currently running report.  The new value is used as the
            requested duration of this report, and is immediately loaded
            into the associated dsHostTopNControlDuration object.

            When the report finishes, the probe will automatically start
            another collection with the same initial value of
            dsHostTopNControlTimeRemaining.  Thus the management station
            may simply read the resulting reports repeatedly, checking
            the startTime and duration each time to ensure that a report
            was not missed or that the report parameters were not
            changed.

            While the value of this object is non-zero, it decrements by
            one per second until it reaches zero.  At the time that this
            object decrements to zero, the report is made accessible in
            the dsHostTopNTable, overwriting any report that may be
            there.

            When this object is modified by the management station, any
            associated entries in the dsHostTopNTable shall be deleted."
    DEFVAL { 1800 }
    ::= { dsHostTopNControlEntry 4 }

dsHostTopNControlGeneratedReports OBJECT-TYPE
    SYNTAX     Counter32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The number of reports that have been generated by this
            entry."
    ::= { dsHostTopNControlEntry 5 }

dsHostTopNControlDuration OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The number of seconds that this report has collected during
            the last sampling interval.

            When the associated dsHostTopNControlTimeRemaining object is





Expires December 1999                                          [Page 49]






Internet-Draft                 DS-MON MIB                      June 1999


            set, this object shall be set by the probe to the same value
            and shall not be modified until the next time the
            dsHostTopNControlTimeRemaining is set.

            This value shall be zero if no reports have been requested
            for this dsHostTopNControlEntry."
    ::= { dsHostTopNControlEntry 6 }

dsHostTopNControlRequestedSize OBJECT-TYPE
    SYNTAX     Integer32 (0..2147483647)
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The maximum number of dsHost entries requested for this
            report.

            When this object is created or modified, the probe should
            set dsHostTopNControlGrantedSize as closely to this object
            as is possible for the particular probe implementation and
            available resources."
    DEFVAL { 150 }
    ::= { dsHostTopNControlEntry 7 }

dsHostTopNControlGrantedSize OBJECT-TYPE
    SYNTAX     Integer32 (0..2147483647)
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The maximum number of dsHost entries in this report.

            When the associated dsHostTopNControlRequestedSize object is
            created or modified, the probe should set this object as
            closely to the requested value as is possible for the
            particular implementation and available resources. The probe
            must not lower this value except as a result of a set to the
            associated dsHostTopNControlRequestedSize object.

            When the associated dsHostTopNControlRequestedSize object is
            created or modified, the probe should set this object as
            closely to the requested value as is possible for the
            particular implementation and available resources. The probe
            must not lower this value except as a result of a set to the
            associated dsHostTopNControlRequestedSize object.

            Protocol entries with the highest value of dsHostTopNRate or





Expires December 1999                                          [Page 50]






Internet-Draft                 DS-MON MIB                      June 1999


            dsHostTopNHCRate (depending on the value of the associated
            dsHostTopNControlRateBase object) shall be placed in this
            table in decreasing order of this rate until there is no
            more room or until there are no more dsHost entries."
    ::= { dsHostTopNControlEntry 8 }

dsHostTopNControlStartTime OBJECT-TYPE
    SYNTAX     TimeStamp
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of sysUpTime when this top N report was last
            started.  In other words, this is the time that the
            associated dsHostTopNControlTimeRemaining object was
            modified to start the requested report or the time the
            report was last automatically (re)started.

            This object may be used by the management station to
            determine if a report was missed or not."
    ::= { dsHostTopNControlEntry 9 }

dsHostTopNControlOwner OBJECT-TYPE
    SYNTAX     OwnerString
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The entity that configured this entry and is therefore
            using the resources assigned to it."
    ::= { dsHostTopNControlEntry 10 }

dsHostTopNControlStatus OBJECT-TYPE
    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The status of this dsHostTopNControlEntry.

            An entry may not exist in the active state unless all
            objects in the entry have an appropriate value.

            If this object is not equal to active(1), all associated
            entries in the dsHostTopNTable shall be deleted by the
            agent."
    ::= { dsHostTopNControlEntry 11 }






Expires December 1999                                          [Page 51]






Internet-Draft                 DS-MON MIB                      June 1999


--
-- dsHost TopN Table
--

dsHostTopNTable OBJECT-TYPE
    SYNTAX     SEQUENCE OF DsHostTopNEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "A set of statistics for those dsHost entries that have
            counted the highest number of octets or packets.

            Note that dsHost entries which did not increment at all
            during the report interval are not included in dsHostTopN
            reports."
    ::= { dsHostObjects 4 }

dsHostTopNEntry OBJECT-TYPE
    SYNTAX     DsHostTopNEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "A conceptual row in the dsHostTopNTable.

            The dsHostTopNControlIndex value in the index identifies the
            dsHostTopNControlEntry on whose behalf this entry was
            created."
    INDEX { dsHostTopNControlIndex, dsHostTopNIndex }
    ::= { dsHostTopNTable 1 }

DsHostTopNEntry ::= SEQUENCE {
    dsHostTopNIndex                Integer32,
    dsHostTopNAddress              OCTET STRING,
    dsHostTopNDsCodept             DSCodePoint,
    dsHostTopNRate                 Gauge32,
    dsHostTopNRateOvfl             Gauge32,
    dsHostTopNHCRate               Counter64 -- Gauge64
  }

dsHostTopNIndex OBJECT-TYPE
    SYNTAX     Integer32 (1..65535)
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An index that uniquely identifies an entry in the





Expires December 1999                                          [Page 52]






Internet-Draft                 DS-MON MIB                      June 1999


            dsHostTopNTable among those in the same report.  This index
            is between 1 and N, where N is the number of entries in this
            report."
    ::= { dsHostTopNEntry 1 }

dsHostTopNAddress OBJECT-TYPE
    SYNTAX     OCTET STRING (SIZE (4 | 16))
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The network address of the IP host identified in this
            entry.  The length of this field identifies the network
            layer protocol as either IPv4 or IPv6.  Addresses are
            encoded in network byte order."
    ::= { dsHostTopNEntry 2 }

dsHostTopNDsCodept OBJECT-TYPE
    SYNTAX      DSCodePoint
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
            "The DSCP value associated with host identified in this
            entry."
    ::= { dsHostTopNEntry 3 }

dsHostTopNRate OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The amount of change in the selected variable during this
            sampling interval.  The selected variable is this host's
            instance of the object selected by
            dsHostTopNControlRateBase.

            If the associated dsHostTopNControlRateBase indicates a High
            Capacity RMON enumeration, (e.g. 'dsHostTopNInHCPkts'), then
            this object will contain the the least significant 32 bits
            of the associated dsHostTopNHCRate object."
    ::= { dsHostTopNEntry 4 }

dsHostTopNRateOvfl OBJECT-TYPE
    SYNTAX     Gauge32
    MAX-ACCESS read-only
    STATUS     current





Expires December 1999                                          [Page 53]






Internet-Draft                 DS-MON MIB                      June 1999


    DESCRIPTION
            "The most significant 32 bits of the associated
            dsHostTopNHCRate object.

            If the associated dsHostTopNControlRateBase is equal to any
            of the High Capacity RMON enumerations (e.g.
            'dsHostTopNInHCPkts'), then this object will contain the
            upper 32 bits of the associated dsHostTopNHCRate object.

            If the associated dsHostTopNControlRateBase is not equal to
            any of High Capacity RMON enumerations, then this object
            will contain the value zero.

            The agent may choose not to instantiate this object if High
            Capacity RMON collection is not supported."
    ::= { dsHostTopNEntry 5 }

dsHostTopNHCRate OBJECT-TYPE
    SYNTAX     Counter64   -- Gauge64
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The amount of change in the selected variable during this
            sampling interval.  The selected variable is this host's
            instance of the object selected by
            dsHostTopNControlRateBase.

            If the associated dsHostTopNControlRateBase is not equal to
            any of the High Capacity RMON enumerations (e.g.,
            'dsHostTopNInPkts'), then this object will contain the value
            zero, and the associated dsHostTopNRate object will contain
            the change in the selected variable during the sampling
            interval.

            The agent may choose not to instantiate this object if High
            Capacity RMON collection is not supported."
    ::= { dsHostTopNEntry 6 }


--
-- Notifications Section
-- (none defined)
--

--





Expires December 1999                                          [Page 54]






Internet-Draft                 DS-MON MIB                      June 1999


-- Conformance Section
--

dsMonCompliances OBJECT IDENTIFIER ::= { dsMonConformance 1 }
dsMonGroups      OBJECT IDENTIFIER ::= { dsMonConformance 2 }

dsMonCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
            "Describes the requirements for conformance to the
            Differentiated Services Monitoring MIB."
    MODULE  -- this module
        MANDATORY-GROUPS { dsStatsGroup, dsHostGroup }
        GROUP   dsStatsHCGroup
        DESCRIPTION
            "The dsStatsHCGroup is mandatory for systems which implement
            the dsStatsGroup and also implement High Capacity RMON
            monitoring."
        GROUP   dsPdistGroup
        DESCRIPTION
            "The dsPdistGroup is mandatory for systems which implement
            DSCP monitoring and the protocolDirTable from the RMON-2 MIB
            [RFC2021]."
        GROUP   dsPdistHCGroup
        DESCRIPTION
            "The dsPdistHCGroup is mandatory for systems which implement
            the dsPdistGroup and also implement High Capacity RMON
            monitoring."
        GROUP   dsHostHCGroup
        DESCRIPTION
            "The dsHostHCGroup is mandatory for systems which implement
            the dsHostGroup and also implement High Capacity RMON
            monitoring."
    ::= { dsMonCompliances 1 }

dsStatsGroup OBJECT-GROUP
    OBJECTS {
             dsStatsControlDataSource,
             dsStatsControlDroppedFrames,
             dsStatsControlCreateTime,
             dsStatsControlOwner,
             dsStatsControlStatus,
             dsStatsInPkts,
             dsStatsInOctets,
             dsStatsOutPkts,





Expires December 1999                                          [Page 55]






Internet-Draft                 DS-MON MIB                      June 1999


             dsStatsOutOctets
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects providing per DSCP statistics."
    ::= { dsMonGroups 1 }

dsStatsHCGroup OBJECT-GROUP
    OBJECTS {
            dsStatsInOvflPkts,
            dsStatsInOvflOctets,
            dsStatsInHCPkts,
            dsStatsInHCOctets,
            dsStatsOutOvflPkts,
            dsStatsOutOvflOctets,
            dsStatsOutHCPkts,
            dsStatsOutHCOctets
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects providing per DSCP statistics for
            high capacity data sources."
    ::= { dsMonGroups 2 }

dsPdistGroup OBJECT-GROUP
    OBJECTS {
            dsPdistControlDataSource,
            dsPdistControlMaxDesiredEntries,
            dsPdistControlCollectMode,
            dsPdistControlDroppedFrames,
            dsPdistControlInserts,
            dsPdistControlDeletes,
            dsPdistControlCreateTime,
            dsPdistControlOwner,
            dsPdistControlStatus,
            dsPdistStatsPkts,
            dsPdistStatsOctets,
            dsPdistStatsCreateTime,
            dsPdistTopNControlPdistIndex,
            dsPdistTopNControlRateBase,
            dsPdistTopNControlTimeRemaining,
            dsPdistTopNControlGeneratedReports,
            dsPdistTopNControlDuration,
            dsPdistTopNControlRequestedSize,
            dsPdistTopNControlGrantedSize,





Expires December 1999                                          [Page 56]






Internet-Draft                 DS-MON MIB                      June 1999


            dsPdistTopNControlStartTime,
            dsPdistTopNControlOwner,
            dsPdistTopNControlStatus,
            dsPdistTopNProtocolDirLocalIndex,
            dsPdistTopNDsCodept,
            dsPdistTopNRate
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects providing per protocol DSCP
            monitoring extensions to the RMON-2 MIB."
    ::= { dsMonGroups 3 }

dsPdistHCGroup OBJECT-GROUP
    OBJECTS {
            dsPdistStatsOvflPkts,
            dsPdistStatsOvflOctets,
            dsPdistStatsHCPkts,
            dsPdistStatsHCOctets,
            dsPdistTopNRateOvfl,
            dsPdistTopNHCRate
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects providing per protocol DSCP
            monitoring extensions to the RMON-2 MIB for High Capacicy
            networks."
    ::= { dsMonGroups 4 }

dsHostGroup OBJECT-GROUP
    OBJECTS {
            dsHostControlDataSource,
            dsHostControlMaxDesiredEntries,
            dsHostControlNumAddrBits,
            dsHostControlDroppedFrames,
            dsHostControlInserts,
            dsHostControlDeletes,
            dsHostControlCreateTime,
            dsHostControlOwner,
            dsHostControlStatus,
            dsHostInPkts,
            dsHostInOctets,
            dsHostOutPkts,
            dsHostOutOctets,
            dsHostCreateTime,





Expires December 1999                                          [Page 57]






Internet-Draft                 DS-MON MIB                      June 1999


            dsHostTopNControlHostIndex,
            dsHostTopNControlRateBase,
            dsHostTopNControlTimeRemaining,
            dsHostTopNControlGeneratedReports,
            dsHostTopNControlDuration,
            dsHostTopNControlRequestedSize,
            dsHostTopNControlGrantedSize,
            dsHostTopNControlStartTime,
            dsHostTopNControlOwner,
            dsHostTopNControlStatus,
            dsHostTopNAddress,
            dsHostTopNDsCodept,
            dsHostTopNRate
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects providing per IP Host DSCP
            monitoring functions."
    ::= { dsMonGroups 5 }

dsHostHCGroup OBJECT-GROUP
    OBJECTS {
            dsHostInOvflPkts,
            dsHostInOvflOctets,
            dsHostInHCPkts,
            dsHostInHCOctets,
            dsHostOutOvflPkts,
            dsHostOutOvflOctets,
            dsHostOutHCPkts,
            dsHostOutHCOctets,
            dsHostTopNRateOvfl,
            dsHostTopNHCRate
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects providing per IP Host DSCP
            monitoring functions for High Capacity networks."
    ::= { dsMonGroups 6 }

END










Expires December 1999                                          [Page 58]






Internet-Draft                 DS-MON MIB                      June 1999


7.  Intellectual Property

The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to  pertain
to the implementation or use of the technology described in this
document or the extent to which any license under such rights might or
might not be available; neither does it represent that it has made any
effort to identify any such rights.  Information on the IETF's
procedures with respect to rights in standards-track and standards-
related documentation can be found in BCP-11.  Copies of claims of
rights made available for publication and any assurances of licenses to
be made available, or the result of an attempt made to obtain a general
license or permission for the use of such proprietary rights by
implementors or users of this specification can be obtained from the
IETF Secretariat."

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary rights
which may cover technology that may be required to practice this
standard.  Please address the information to the IETF Executive
Director.

8.  Acknowledgements

This memo has been produced with a great deal of assistance from Keith
McCloghrie and Bijendra Jain.

9.  References

[HC-RMON]
     S. Waldbusser, "Remote Network Monitoring Management Information
     Base for High Capacity Networks", draft-ietf-rmonmib-hcrmon-05.txt,
     International Network Services, February 1999.

[RFC1155]
     Rose, M., and K. McCloghrie, "Structure and Identification of
     Management Information for TCP/IP-based Internets", RFC 1155,
     Performance Systems International, Hughes LAN Systems, May 1990.

[RFC1157]
     Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network
     Management Protocol", RFC 1157, SNMP Research, Performance Systems
     International, Performance Systems International, MIT Laboratory
     for Computer Science, May 1990.






Expires December 1999                                          [Page 59]






Internet-Draft                 DS-MON MIB                      June 1999


[RFC1212]
     Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212,
     Performance Systems International, Hughes LAN Systems, March 1991.

[RFC1215]
     M. Rose, "A Convention for Defining Traps for use with the SNMP",
     RFC 1215, Performance Systems International, March 1991.

[RFC1901]
     SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
     Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901,
     SNMP Research, Inc., Cisco Systems, Inc., Dover Beach Consulting,
     Inc., International Network Services, January 1996.

[RFC1905]
     SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
     Waldbusser, "Protocol Operations for Version 2 of the Simple
     Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research,
     Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
     International Network Services, January 1996.

[RFC1906]
     SNMPv2 Working Group, Case, J., McCloghrie, K., Rose, M., and S.
     Waldbusser, "Transport Mappings for Version 2 of the Simple Network
     Management Protocol (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco
     Systems, Inc., Dover Beach Consulting, Inc., International Network
     Services, January 1996.

[RFC2021]
     S. Waldbusser, "Remote Network Monitoring MIB (RMON-2)", RFC 2021,
     International Network Services, January 1997.

[RFC2026]
     Bradner, S., "The Internet Standards Process -- Revision 3", RFC
     2026, Harvard University, October, 1996.

[RFC2074]
     Bierman, A., and R. Iddon, "Remote Network Monitoring MIB Protocol
     Identifiers", RFC 2074, Cisco Systems, AXON Networks, Inc., January
     1997.

[RFC2474]
     Nichols, K., Blake, S., Baker, F., and D. L. Black, "Definition of
     the Differentiated Services Field (DS Field) in the IPv4 and IPv6
     Headers", RFC 2474, Cisco Systems, Torrent Networking Technologies,





Expires December 1999                                          [Page 60]






Internet-Draft                 DS-MON MIB                      June 1999


     EMC Corporation, December, 1998.

[RFC2475]
     Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., and W.
     Weiss, "An Architecture for Differentiated Services", RFC 2475,
     Torrent Networking Technologies, EMC Corporation, Sun Microsystems,
     Nortel UK, Bell Labs Lucent Technologies, Lucent Technologies,
     December, 1998.

[RFC2570]
     Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to
     Version 3 of the Internet-standard Network Management Framework",
     RFC 2570, SNMP Research, Inc., TIS Labs at Network Associates,
     Inc., Ericsson, Cisco Systems, April 1999.

[RFC2571]
     Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for
     Describing SNMP Management Frameworks", RFC 2571, Cabletron
     Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, April
     1999.

[RFC2572]
     Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message
     Processing and Dispatching for the Simple Network Management
     Protocol (SNMP)", RFC 2572, SNMP Research, Inc., Cabletron Systems,
     Inc., BMC Software, Inc., IBM T. J. Watson Research, April 1999.

[RFC2573]
     Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC
     2573, SNMP Research, Inc., Secure Computing Corporation, Cisco
     Systems, April 1999.

[RFC2574]
     Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for
     version 3 of the Simple Network Management Protocol (SNMPv3)", RFC
     2574, IBM T. J. Watson Research, April 1999.

[RFC2575]
     Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access
     Control Model (VACM) for the Simple Network Management Protocol
     (SNMP)", RFC 2575, IBM T. J. Watson Research, BMC Software, Inc.,
     Cisco Systems, Inc., April 1999.

[RFC2578]
     McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,





Expires December 1999                                          [Page 61]






Internet-Draft                 DS-MON MIB                      June 1999


     and S. Waldbusser, "Structure of Management Information Version 2
     (SMIv2)", RFC 2578, STD 58, Cisco Systems, SNMPinfo, TU
     Braunschweig, SNMP Research, First Virtual Holdings, International
     Network Services, April 1999.

[RFC2579]
     McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
     and S. Waldbusser, "Textual Conventions for SMIv2", RFC 2579, STD
     58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research, First
     Virtual Holdings, International Network Services, April 1999.

[RFC2580]
     McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
     and S. Waldbusser, "Conformance Statements for SMIv2", RFC 2580,
     STD 58, Cisco Systems, SNMPinfo, TU Braunschweig, SNMP Research,
     First Virtual Holdings, International Network Services, April 1999.


10.  Security Considerations

There are a number of management objects defined in this MIB that have a
MAX-ACCESS clause of read-write and/or read-create.  Such objects may be
considered sensitive or vulnerable in some network environments.  The
support for SET operations in a non-secure environment without proper
protection can have a negative effect on network operations.

There are a number of managed objects in this MIB that may contain
sensitive information. These are:

     dsPdistStatsPkts
     dsPdistStatsOctets
     dsPdistStatsHCPkts
     dsPdistStatsHCOctets

These objects expose some basic statistics about the DCSP distribution
for each protocol detected on a particular network interface.

     dsHostInPkts
     dsHostInOctets
     dsHostInHCPkts
     dsHostInHCOctets
     dsHostOutPkts
     dsHostOutOctets
     dsHostOutHCPkts
     dsHostOutHCOctets





Expires December 1999                                          [Page 62]






Internet-Draft                 DS-MON MIB                      June 1999


These objects expose some basic statistics about the DCSP distribution
for each IP host detected on a particular network interface.

It is thus important to control even GET access to these objects and
possibly to even encrypt the values of these object when sending them
over the network via SNMP.  Not all versions of SNMP provide features
for such a secure environment.

SNMPv1 by itself is not a secure environment.  Even if the network
itself is secure (for example by using IPSec), even then, there is no
control as to who on the secure network is allowed to access and GET/SET
(read/change/create/delete) the objects in this MIB.

It is recommended that the implementers consider the security features
as provided by the SNMPv3 framework.  Specifically, the use of the User-
based Security Model RFC 2574 [RFC2574] and the View-based Access
Control Model RFC 2575 [RFC2575] is recommended.

It is then a customer/user responsibility to ensure that the SNMP entity
giving access to an instance of this MIB, is properly configured to give
access to the objects only to those principals (users) that have
legitimate rights to indeed GET or SET (change/create/delete) them.

11.  Author's Address

     Andy Bierman
     Cisco Systems, Inc.
     170 West Tasman Drive
     San Jose, CA USA 95134
     Phone: +1 408-527-3711
     Email: abierman@cisco.com

12.  Full Copyright Statement

Copyright (C) The Internet Society (1999).  All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included
on all such copies and derivative works.  However, this document itself
may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in





Expires December 1999                                          [Page 63]






Internet-Draft                 DS-MON MIB                      June 1999


which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into
languages other than English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE."





































Expires December 1999                                          [Page 64]