diff options
Diffstat (limited to 'MIBS/junose/Juniper-DOS-PROTECTION-MIB')
| -rw-r--r-- | MIBS/junose/Juniper-DOS-PROTECTION-MIB | 1126 |
1 files changed, 1126 insertions, 0 deletions
diff --git a/MIBS/junose/Juniper-DOS-PROTECTION-MIB b/MIBS/junose/Juniper-DOS-PROTECTION-MIB new file mode 100644 index 0000000..a6064ef --- /dev/null +++ b/MIBS/junose/Juniper-DOS-PROTECTION-MIB @@ -0,0 +1,1126 @@ +-- ***************************************************************************** +-- Juniper-DOS-PROTECTION-MIB +-- +-- Juniper Networks Enterprise MIB +-- DOS Protection MIB +-- +-- Copyright (c) 2005-2006 Juniper Networks, Inc. +-- Copyright (c) 2008 Juniper Networks, Inc. +-- Copyright (c) 2009 Juniper Networks, Inc. +-- All Rights Reserved. +-- ***************************************************************************** + +Juniper-DOS-PROTECTION-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, + Unsigned32 + FROM SNMPv2-SMI + JuniEnable + FROM Juniper-TC + TEXTUAL-CONVENTION, TruthValue, DisplayString, RowStatus + FROM SNMPv2-TC + MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP + FROM SNMPv2-CONF + InterfaceIndex + FROM IF-MIB + juniMibs + FROM Juniper-MIBs; + +juniDosProtectionMIB MODULE-IDENTITY + LAST-UPDATED "200805060000Z" -- 06-May-2008 00:00 + ORGANIZATION "Juniper Networks, Inc." + CONTACT-INFO + " Juniper Networks, Inc. + Postal: 10 Technology Park Drive + Westford, MA 01886-3146 + USA + Tel: +1 978 589 5800 + Email: mib@Juniper.net" + DESCRIPTION + "The DOS Protection MIB for the Juniper E-Series product family. + This MIB contains managed objects for the DOS Protection + application. Management objects are provided to control and + monitor the DOS protection application." + -- Revision History + REVISION "200805060000Z" -- 06-May-2008 00:00 JUNOSe 8.1 + DESCRIPTION + "Updated JuniDosProtectionProtocolType TEXTUAL-CONVENTION " + REVISION "200607010000Z" -- 01-Jul-2006 00:00 JUNOSe 8.1 + DESCRIPTION + "Added Dos-Protection-Group support" + REVISION "200608180400Z" -- 18-Aug-2006 00:00 AM EDT - JUNOSe 8.0 + DESCRIPTION + "Added MPLS Lsp Ping support." + REVISION "200608171926Z" -- 17-Aug-2006 03:26 PM EDT - JUNOSe 7.3 + DESCRIPTION + "Added new protocol type, atmDynamicIfPppData, to manage in + JuniDosProtectionProtocolType." + REVISION "200601010500Z" -- 01-Jan-2006 00:00 AM EST - JUNOSe 7.3 + DESCRIPTION + "Initial version of this MIB module." + ::= { juniMibs 80 } + +-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Textual conventions +-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +JuniDosProtectionProtocolType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The control protocols that are supported by the DOS protection + application." + + SYNTAX INTEGER { + pppEchoRequest(0), + ppEchoReply(1), + pppEchoReplyFast(2), + pppControl(3), + atmControl(4), + atmOam(5), + atmDynamicIf(6), + atmInverseArp(7), + frameRelayControl(8), + frameRelayArp(9), + pppoeControl(10), + pppoePppConfig(11), + ethernetArpMiss(12), + ethernetArp(13), + ethernetFcBasedArp(14), + ethernetLacp(15), + ethernetOam(16), + ethernetDynamicIf(17), + ethernetPppTerminate(18), + slepSlarp(19), + slepSlarpReplyFast(20), + mplsTtlOnReceive(21), + mplsTtlOnTransmit(22), + mplsMtuExceeded(23), + itmL2tpControl(24), + flisInPayload(25), + flisInPayloadUpdateTable(26), + dhcpExternal(27), + ipOsi(28), + ipTtlExpired(29), + ipOptionsOther(30), + ipOptionsRouterAlert(31), + ipMulticastBroadcastOther(32), + ipMulticastDhcpSc(33), + ipMulticastControlSc(34), + ipMulticastControlIc(35), + ipMulticastVrrp(36), + ipMulticastCacheMiss(37), + ipMulticastCacheMissAutoReply(38), + ipMulticastWrongIf(39), + ipLocalDhcpSc(40), + ipLocalDhcpIc(41), + ipLocalIcmpEcho(42), + ipLocalIcmpOther(43), + ipLocalLDP(44), + ipLocalBgp(45), + ipLocalOspf(46), + ipLocalRsvp(47), + ipLocalPim(48), + ipLocalCops(49), + ipLocalL2tpControlSc(50), + ipLocalL2tpControlIc(51), + ipLocalOther(52), + ipLocalDemuxMiss(53), + ipRouteToSrpEthernet(54), + ipRouteNoRoute(55), + ipNormalPathMtu(56), + ipNeighborDiscovery(57), + ipNeighborDiscoveryMiss(58), + ipSearchError(59), + ipMld(60), + ipLocalPimAssert(61), + ipLocalBfd(62), + ipFastBfd(63), + ipLocalFastBfd(64), + ipIke(65), + ipReassembly(66), + ipLocalIcmpFragment(67), + ipLocalFragment(68), + ipAppClassifierHttpRedirect(69), + ipMulticastDhcpIc(70), + dhcpTesterIc(71), + atmDynamicIfPppData(72), + ipLocalLspPing(73) } + + +JuniDosProtectionPriorityType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The control priorities that are supported by the DOS protection + application." + + SYNTAX INTEGER { + hiGreenFcIc(0), + hiYellowFcIc(1), + loGreenFcIc(2), + loYellowFcIc(3), + hiGreenFcSc(4), + hiYellowFcSc(5), + loGreenFcSc(6), + loYellowFcSc(7) } + +JuniDosProtectionProtocolState ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The current state of a protocol." + + SYNTAX INTEGER { + ok(1), + inTrouble(2) } + +JuniDosProtectionScfdsTableOverflowState ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The current state of the suspicious flow table." + + SYNTAX INTEGER { + notOverflowingOrGrouping(1), + grouping(2), + overflowing(3) } + +JuniDosProtectionProtocolPriorityType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The control priorities that are supported by the DOS protection + application for each control processor" + + SYNTAX INTEGER { + hiGreen(0), + hiYellow(1), + loGreen(2), + loYellow(3), + dataPath(4) } + +JuniDosProtectionProtocolCannedType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The available canned dos-protection-groups which can be used + to set defaults into a user specified group." + + SYNTAX INTEGER { + default(0), + enetAccess(1), + atmAccess(2), + frame(3), + uplink(4) + } + +JuniDosProtectionLayerId ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The available interface types for which a profile entry + may be defined." + + SYNTAX INTEGER { + ip(0), + ppp(1), + ethernet(6), + atm1483(11), + pppoe(17), + bridge1483(19), + vlan(35), + ipv6(50) + } + +JuniDosProtectionControlProcessorDestination ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "The available control processors to which a control + protocol may be directed." + + SYNTAX INTEGER { + ic(0), + sc(1), + dataPath(2) + } + +-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Managed objects +-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +juniDosProtectionObjects OBJECT IDENTIFIER ::= { juniDosProtectionMIB 1 } +juniDosProtectionScfdsGroup OBJECT IDENTIFIER ::= { juniDosProtectionObjects 1 } +juniDosProtectionDpgGroup OBJECT IDENTIFIER ::= { juniDosProtectionObjects 2 } + +-- +-- scalars +-- +juniDosProtectionScfdsGlobalState OBJECT-TYPE + SYNTAX JuniEnable + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Controls whether the suspicious control flow detection system is + enabled or disabled. Setting the value to enable(1) enables the + suspicious control flow detection system. Setting the value to + disable(0) disables the system. + + When read this object returns the current state of the system." + DEFVAL { enable } + + ::= { juniDosProtectionScfdsGroup 1 } + +juniDosProtectionScfdsGlobalGrouping OBJECT-TYPE + SYNTAX JuniEnable + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When set to enable(1), the suspicious flow control system will + group flows when resources are unavailable to treat each + suspicious flow individually. When set to disable(0), this feature + will be inhibited and the suspicious control flow system may not + recognize all suspicious flows during a resource shortage. + + When read this object will return the current state of the object." + DEFVAL { enable } + + ::= { juniDosProtectionScfdsGroup 2 } + +juniDosProtectionScfdsGlobalClearAll OBJECT-TYPE + SYNTAX INTEGER { + ok(0), + clear(1) } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When set to clear(1), the suspicious control flow detection system + is cleared. When set to ok(0), there is no effect and the + suspicious control flow detection system is unchanged. + + By clearing the suspicious control flow detection system all flows + are removed from the suspicious flow table. + + When read, always returns a value of ok(0)." + + ::= { juniDosProtectionScfdsGroup 3 } + +juniDosProtectionScfdsGlobalDiscontinuityTime OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The sysUpTime at which the counters were last re-initialized on + any slot due to a restart." + + ::= { juniDosProtectionScfdsGroup 4 } + +juniDosProtectionScfdsGlobalTableOverflowState OBJECT-TYPE + SYNTAX JuniDosProtectionScfdsTableOverflowState + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates whether any module in the system is in under a resource + shortage situation. A value of notOverflowingOrGrouping(1) indicates + that there is no resource shortage on any module. A value of + grouping(2) or overflowing(3) indicates that at least one module + is suffering from a resource shortage, and has acted according to the + state of the juniDosProtectionScfdsGlobalGrouping object." + + ::= { juniDosProtectionScfdsGroup 5 } + +-- +-- global counters +-- + +juniDosProtectionScfdsGlobalCurrentSuspiciousFlows OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of flows currently marked as suspicious." + + ::= { juniDosProtectionScfdsGroup 6 } + +juniDosProtectionScfdsGlobalNumberSuspiciousFlows OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of suspicious flows seen since system restart." + + ::= { juniDosProtectionScfdsGroup 7 } + +juniDosProtectionScfdsGlobalCurrentSuspiciousFlowGroups OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of flow groups currently marked as suspicious." + + ::= { juniDosProtectionScfdsGroup 8 } + +juniDosProtectionScfdsGlobalNumberSuspiciousFlowGroups OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of suspicius flow groups seen since system restart." + + ::= { juniDosProtectionScfdsGroup 9 } + + +juniDosProtectionScfdsGlobalCurrentFalseNegativeFlows OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of flows currently falsely considered suspicious. + A false negative indicates that the flow was seen as possibly + suspicious, but did not pass all the tests to be considered + suspicious. This is a normal condition of the system." + + ::= { juniDosProtectionScfdsGroup 10 } + +juniDosProtectionScfdsGlobalNumberFalseNegativeFlows OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of flows falsely considered possibly suspicious + seen since system restart." + + ::= { juniDosProtectionScfdsGroup 11 } + +juniDosProtectionScfdsGlobalNumberTableOverflows OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total number of times the system had a table overflow on any slot." + + ::= { juniDosProtectionScfdsGroup 12 } + + +-- +-- protocol table +-- + +juniDosProtectionScfdsProtocolTable OBJECT-TYPE + SYNTAX SEQUENCE OF JuniDosProtectionScfdsProtocolEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for the DOS protection control protocols." + + ::= { juniDosProtectionScfdsGroup 13 } + +juniDosProtectionScfdsProtocolEntry OBJECT-TYPE + SYNTAX JuniDosProtectionScfdsProtocolEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for an individual DOS protection control + protocol." + + INDEX { juniDosProtectionScfdsProtocolIndex } + + ::= { juniDosProtectionScfdsProtocolTable 1 } + +JuniDosProtectionScfdsProtocolEntry ::= SEQUENCE { + juniDosProtectionScfdsProtocolIndex JuniDosProtectionProtocolType, + juniDosProtectionScfdsProtocolThreshold Unsigned32, + juniDosProtectionScfdsProtocolLowThreshold Unsigned32, + juniDosProtectionScfdsProtocolBackoffTime Unsigned32, + juniDosProtectionScfdsProtocolState JuniDosProtectionProtocolState, + juniDosProtectionScfdsProtocolTransitions Counter32} + +juniDosProtectionScfdsProtocolIndex OBJECT-TYPE + SYNTAX JuniDosProtectionProtocolType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The control protocol value for this entry." + + ::= { juniDosProtectionScfdsProtocolEntry 1 } + +juniDosProtectionScfdsProtocolThreshold OBJECT-TYPE + SYNTAX Unsigned32(0|3..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The threshold in packets per second for this control protocol. + This is the rate at which a flow for this protocol is considered + suspicious. Setting this object to zero will have the affect of + excusing this protocol from suspicious control flow detection." + + ::= { juniDosProtectionScfdsProtocolEntry 2 } + +juniDosProtectionScfdsProtocolLowThreshold OBJECT-TYPE + SYNTAX Unsigned32(0|1..32767) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The low threshold in packets per second for this control protocol . + This is the rate at which a flow must fall below to in order return + to the normal state, after having been marked suspicious. A + low threshold of zero disables this functionality." + + ::= { juniDosProtectionScfdsProtocolEntry 3 } + +juniDosProtectionScfdsProtocolBackoffTime OBJECT-TYPE + SYNTAX Unsigned32(0|10..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The backoff time in seconds. A flow which is considered suspicious will + be returned to normal after this amount of time regardless of the current + rate of the flow. A backoff time of 0 disables this functionality." + DEFVAL { 300 } + + ::= { juniDosProtectionScfdsProtocolEntry 4 } + +juniDosProtectionScfdsProtocolState OBJECT-TYPE + SYNTAX JuniDosProtectionProtocolState + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The current state of the protocol. This object will return inTrouble(2) + if any module in the system has reported that the protocol is currently + being watched for suspicious flows. If no module reports that this protocol + is being watched this object will return ok(1). + + A protocol is in trouble on a module when the sum of the rate for all + flows for the protocol is over the limit for that protocol." + + ::= { juniDosProtectionScfdsProtocolEntry 5 } + +juniDosProtectionScfdsProtocolTransitions OBJECT-TYPE + SYNTAX Counter32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of transitions to 'inTrouble' that this control protocol + has made." + + ::= { juniDosProtectionScfdsProtocolEntry 6 } + +-- +-- dos protection groups +-- + +juniDosProtectionDpgTable OBJECT-TYPE + SYNTAX SEQUENCE OF JuniDosProtectionDpgEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for a dos-protection-group. A + dos-protection-group defines a set of parameters that + manage the handling of control protocols on the + router." + + ::= { juniDosProtectionDpgGroup 1 } + +juniDosProtectionDpgEntry OBJECT-TYPE + SYNTAX JuniDosProtectionDpgEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for an individual dos-protection-group." + + INDEX { juniDosProtectionDpgIndex } + + ::= { juniDosProtectionDpgTable 1 } + +JuniDosProtectionDpgEntry ::= SEQUENCE { + juniDosProtectionDpgIndex DisplayString, + juniDosProtectionDpgRowStatus RowStatus, + juniDosProtectionDpgCanned + JuniDosProtectionProtocolCannedType, + juniDosProtectionDpgRevert INTEGER, + juniDosProtectionDpgModified TruthValue, + juniDosProtectionDpgReferences INTEGER} + +juniDosProtectionDpgIndex OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The dos-protection-group-name for this entry." + + ::= { juniDosProtectionDpgEntry 1 } + +juniDosProtectionDpgRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls creation/deletion of entries in this table. + Only the values 'createAndGo' and 'destroy' may be SET. + When read this always returns a value of active" + + ::= { juniDosProtectionDpgEntry 2 } + +juniDosProtectionDpgCanned OBJECT-TYPE + SYNTAX JuniDosProtectionProtocolCannedType + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Sets the default values based for the dos-protection-group + based on the values from the canned group. Can only be used + to set a different group. Using the current group will result + in no changes to the dos-protection-group." + DEFVAL { default } + + ::= { juniDosProtectionDpgEntry 3 } + +juniDosProtectionDpgRevert OBJECT-TYPE + SYNTAX INTEGER { + no-revert(0), + revert(1) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Revert this dos-protection-group to the canned values of the + associated canned group by setting this object to + revert(1). Reading this object will always return a value + of no-revert(1)" + + ::= { juniDosProtectionDpgEntry 4 } + +juniDosProtectionDpgModified OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When true is returned, some protocol or priority associated + with this dos-protection-group, has been modified from the + canned values associated with the group. When false is returned + all settings associated with this dos-protection-group are + at the defaults for the associated canned group." + + ::= { juniDosProtectionDpgEntry 5 } + +juniDosProtectionDpgReferences OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of references for this dos-protection-group. + References include the number of interfaces currently + associated with the group, as well as the number of profile + references." + + ::= { juniDosProtectionDpgEntry 6 } +-- +-- dpg protocol information +-- + +juniDosProtectionDpgProtocolTable OBJECT-TYPE + SYNTAX SEQUENCE OF JuniDosProtectionDpgProtocolEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for the dos-protection-group control protocol + table." + + ::= { juniDosProtectionDpgGroup 2 } + +juniDosProtectionDpgProtocolEntry OBJECT-TYPE + SYNTAX JuniDosProtectionDpgProtocolEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for an individual dos-protection-group control + protocol entry." + + INDEX { juniDosProtectionDpgProtocolName, + juniDosProtectionDpgProtocolProtocol } + + ::= { juniDosProtectionDpgProtocolTable 1 } + +JuniDosProtectionDpgProtocolEntry ::= SEQUENCE { + juniDosProtectionDpgProtocolName DisplayString, + juniDosProtectionDpgProtocolProtocol JuniDosProtectionProtocolType, + juniDosProtectionDpgProtocolBurst Unsigned32, + juniDosProtectionDpgProtocolDropProbability Unsigned32, + juniDosProtectionDpgProtocolRate Unsigned32, + juniDosProtectionDpgProtocolSkipPriorityRateLimiter + JuniEnable, + juniDosProtectionDpgProtocolWeight Unsigned32, + juniDosProtectionDpgProtocolPriority + JuniDosProtectionProtocolPriorityType, + juniDosProtectionDpgProtocolModified TruthValue, + juniDosProtectionDpgProtocolDestination + JuniDosProtectionControlProcessorDestination} + + +juniDosProtectionDpgProtocolName OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The dos-protection-group name for this entry." + + ::= { juniDosProtectionDpgProtocolEntry 1 } + +juniDosProtectionDpgProtocolProtocol OBJECT-TYPE + SYNTAX JuniDosProtectionProtocolType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The dos-protection-group control protocol for this entry." + + ::= { juniDosProtectionDpgProtocolEntry 2 } + +juniDosProtectionDpgProtocolBurst OBJECT-TYPE + SYNTAX Unsigned32(0|32..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The burst in packets for this control protocol in this + dos-protection-group." + + ::= { juniDosProtectionDpgProtocolEntry 3 } + +juniDosProtectionDpgProtocolDropProbability OBJECT-TYPE + SYNTAX Unsigned32(10..100) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The drop probability for suspect packets for this + control protocol in this dos-protection-group. This is + probability that a packet belonging to a suspicious + flow will be dropped. A drop probability of less than + 100 indicates that the user wishes to have some + packets from a suspect flow reach the control + processor." + + ::= { juniDosProtectionDpgProtocolEntry 4 } + +juniDosProtectionDpgProtocolRate OBJECT-TYPE + SYNTAX Unsigned32(0|64..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The rate in packets per second for this control protocol in + this dos-protection-group." + + ::= { juniDosProtectionDpgProtocolEntry 5 } + +juniDosProtectionDpgProtocolSkipPriorityRateLimiter OBJECT-TYPE + SYNTAX JuniEnable + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "When set to enable, this control protocol in this + dos-protection-group will skip the priority rate limiter. + When set to disable, the protocol will not skip the priority + rate-limiter." + + ::= { juniDosProtectionDpgProtocolEntry 6 } + +juniDosProtectionDpgProtocolWeight OBJECT-TYPE + SYNTAX Unsigned32(100..500) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The weight of this control protocol against others of the + same priority in this dos-protection-group. The weight + is used to determine the minimum rate and burst + for the protocol within the priority group." + DEFVAL { 100 } + + ::= { juniDosProtectionDpgProtocolEntry 7 } + +juniDosProtectionDpgProtocolPriority OBJECT-TYPE + SYNTAX JuniDosProtectionProtocolPriorityType + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The priority for the control protocol. Packets of this control + protocol on interfaces referencing this dos-protection-group will + be categorized into the priority indicated." + + ::= { juniDosProtectionDpgProtocolEntry 8 } + +juniDosProtectionDpgProtocolModified OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When true is returned, the values for this control protocol + in this dos-protection-group have been modified from the + canned values associated with the group. When false is returned + all settings associated with this control protocol in this + dos-protection-group are at the defaults for the associated + canned group." + + ::= { juniDosProtectionDpgProtocolEntry 9 } + +juniDosProtectionDpgProtocolDestination OBJECT-TYPE + SYNTAX JuniDosProtectionControlProcessorDestination + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The destination processor for packets of this control protocol." + + ::= { juniDosProtectionDpgProtocolEntry 10 } + +-- +-- dpg priority information +-- + +juniDosProtectionDpgPriorityTable OBJECT-TYPE + SYNTAX SEQUENCE OF JuniDosProtectionDpgPriorityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for a dos-protection-group priority table." + + ::= { juniDosProtectionDpgGroup 3 } + +juniDosProtectionDpgPriorityEntry OBJECT-TYPE + SYNTAX JuniDosProtectionDpgPriorityEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for an individual dos-protection-group priority + table" + + INDEX { juniDosProtectionDpgPriorityName, + juniDosProtectionDpgPriorityPriority } + + ::= { juniDosProtectionDpgPriorityTable 1 } + +JuniDosProtectionDpgPriorityEntry ::= SEQUENCE { + juniDosProtectionDpgPriorityName DisplayString, + juniDosProtectionDpgPriorityPriority JuniDosProtectionPriorityType, + juniDosProtectionDpgPriorityBurst Unsigned32, + juniDosProtectionDpgPriorityOverSubscriptionFactor + Unsigned32, + juniDosProtectionDpgPriorityRate Unsigned32, + juniDosProtectionDpgPriorityModified TruthValue} + + +juniDosProtectionDpgPriorityName OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The dos-proteciton-group name for this entry." + + ::= { juniDosProtectionDpgPriorityEntry 1 } + +juniDosProtectionDpgPriorityPriority OBJECT-TYPE + SYNTAX JuniDosProtectionPriorityType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The priority for this entry." + + ::= { juniDosProtectionDpgPriorityEntry 2 } + +juniDosProtectionDpgPriorityBurst OBJECT-TYPE + SYNTAX Unsigned32(0|32..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The burst in packets for this priority in this + dos-protection-group." + + ::= { juniDosProtectionDpgPriorityEntry 3 } + +juniDosProtectionDpgPriorityOverSubscriptionFactor OBJECT-TYPE + SYNTAX Unsigned32(100..1000) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The over-subscription factor for this priority in this + dos-protection-group. This is used when calculating + the minimum rates for control protocols that use this priority." + + ::= { juniDosProtectionDpgPriorityEntry 4 } + +juniDosProtectionDpgPriorityRate OBJECT-TYPE + SYNTAX Unsigned32(0|64..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "The rate in packets per second for this priority in + this dos-protection-group." + + ::= { juniDosProtectionDpgPriorityEntry 5 } + +juniDosProtectionDpgPriorityModified OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When true is returned, the values for this priority + in this dos-protection-group have been modified from the + canned values associated with the group. When false is returned + all settings associated with this priority in this + dos-protection-group are at the defaults for the associated + canned group." + + ::= { juniDosProtectionDpgPriorityEntry 6 } + + +-- +-- attachment table +-- + +juniDosProtectionDpgAttachTable OBJECT-TYPE + SYNTAX SEQUENCE OF JuniDosProtectionDpgAttachEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for the DOS protection attachment table." + + ::= { juniDosProtectionDpgGroup 4 } + +juniDosProtectionDpgAttachEntry OBJECT-TYPE + SYNTAX JuniDosProtectionDpgAttachEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for an individual DOS protection attachment entry." + + INDEX { juniDosProtectionDpgAttachIndex } + + ::= { juniDosProtectionDpgAttachTable 1 } + +JuniDosProtectionDpgAttachEntry ::= SEQUENCE { + juniDosProtectionDpgAttachIndex InterfaceIndex, + juniDosProtectionDpgAttachRowStatus RowStatus, + juniDosProtectionDpgAttachName DisplayString, + juniDosProtectionDpgAttachConfigured TruthValue} + +juniDosProtectionDpgAttachIndex OBJECT-TYPE + SYNTAX InterfaceIndex + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The interface index for the attachment." + + ::= { juniDosProtectionDpgAttachEntry 1 } + +juniDosProtectionDpgAttachRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls creation/deletion of entries in this table. Only the + values 'createAndGo' and 'destroy' may be SET. + When read this always returns a value of active" + + ::= { juniDosProtectionDpgAttachEntry 2 } + +juniDosProtectionDpgAttachName OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The dos-protection-group for this entry. This is the + dos-protection-group that is use by the interface." + + ::= { juniDosProtectionDpgAttachEntry 3 } + +juniDosProtectionDpgAttachConfigured OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Indicates the configured status of the attachment. This object + returns true when the attachment was statically + configured, and returns false when the attachment + was made via a profile attachment." + + ::= { juniDosProtectionDpgAttachEntry 4 } +-- +-- profile table +-- +juniDosProtectionDpgProfileTable OBJECT-TYPE + SYNTAX SEQUENCE OF JuniDosProtectionDpgProfileEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for the DOS protection profile table." + + ::= { juniDosProtectionDpgGroup 5 } + +juniDosProtectionDpgProfileEntry OBJECT-TYPE + SYNTAX JuniDosProtectionDpgProfileEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The information for an individual DOS protection profile entry." + + INDEX { juniDosProtectionDpgProfileProfileId, + juniDosProtectionDpgProfileLayerId} + + ::= { juniDosProtectionDpgProfileTable 1 } + + +JuniDosProtectionDpgProfileEntry ::= SEQUENCE { + juniDosProtectionDpgProfileProfileId Unsigned32, + juniDosProtectionDpgProfileLayerId JuniDosProtectionLayerId, + juniDosProtectionDpgProfileRowStatus RowStatus, + juniDosProtectionDpgProfileName DisplayString } + +juniDosProtectionDpgProfileProfileId OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The profile ID for the profile entry. The profile ID + identifies which profile is being accessed. A value for this + identifier is determined by locating or creating a profile name + in the juniProfileNameTable" + + ::= { juniDosProtectionDpgProfileEntry 1 } + +juniDosProtectionDpgProfileLayerId OBJECT-TYPE + SYNTAX JuniDosProtectionLayerId + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "The layer ID for the profile entry. The layer ID indicates + which interface type is being accessed." + + ::= { juniDosProtectionDpgProfileEntry 2 } + +juniDosProtectionDpgProfileRowStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Controls creation/deletion of entries in this table. Only the + values 'createAndGo' and 'destroy' may be SET. When read this + always returns a value of active" + + ::= { juniDosProtectionDpgProfileEntry 3 } + +juniDosProtectionDpgProfileName OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "The dos-protection-group that is associated with this + profile/interface-type. This profile will be attached + when dynamic instances of the interface type are + created that reference the specific profile." + + ::= { juniDosProtectionDpgProfileEntry 4 } + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Notifications +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +--juniDosProtectionTraps OBJECT IDENTIFIER ::= { juniDosProtectionMIB 0 } +--juniDosProtectionTrapControl OBJECT IDENTIFIER ::= { juniDosProtectionMIB 2 } +--juniDosProtectionScfdsTraps OBJECT IDENTIFIER ::= { juniDosProtectionTraps 0 } + + + + + +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +-- Conformance information +-- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +juniDosProtectionMIBConformance OBJECT IDENTIFIER ::= { juniDosProtectionMIB 4 } +juniDosProtectionMIBCompliances OBJECT IDENTIFIER ::= { juniDosProtectionMIBConformance 1 } +juniDosProtectionMIBGroups OBJECT IDENTIFIER ::= { juniDosProtectionMIBConformance 2 } + + +juniDosProtectionCompliance MODULE-COMPLIANCE + STATUS obsolete + DESCRIPTION + "The compliance statement for entities which implement the Juniper + Dos Protection MIB. This was made obsolete with the addition of + dos-protection-groups." + MODULE -- this module + MANDATORY-GROUPS { + juniDosProtectionGroup } + ::= { juniDosProtectionMIBCompliances 1 } + +juniDosProtectionCompliance2 MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement the Juniper + Dos Protection MIB." + MODULE -- this module + MANDATORY-GROUPS { + juniDosProtectionGroup2 } + ::= { juniDosProtectionMIBCompliances 2 } -- Junos x.y + +-- +-- units of conformance +-- +juniDosProtectionGroup OBJECT-GROUP + OBJECTS {juniDosProtectionScfdsGlobalState, + juniDosProtectionScfdsGlobalGrouping, + juniDosProtectionScfdsGlobalClearAll, + juniDosProtectionScfdsGlobalDiscontinuityTime, + juniDosProtectionScfdsGlobalTableOverflowState, + juniDosProtectionScfdsGlobalCurrentSuspiciousFlows, + juniDosProtectionScfdsGlobalNumberSuspiciousFlows, + juniDosProtectionScfdsGlobalCurrentSuspiciousFlowGroups, + juniDosProtectionScfdsGlobalNumberSuspiciousFlowGroups, + juniDosProtectionScfdsGlobalCurrentFalseNegativeFlows, + juniDosProtectionScfdsGlobalNumberFalseNegativeFlows, + juniDosProtectionScfdsGlobalNumberTableOverflows, + juniDosProtectionScfdsProtocolThreshold, + juniDosProtectionScfdsProtocolLowThreshold, + juniDosProtectionScfdsProtocolBackoffTime, + juniDosProtectionScfdsProtocolState, + juniDosProtectionScfdsProtocolTransitions } + STATUS obsolete + DESCRIPTION + "A collection of objects providing management of DOS protection + application in a Juniper product. This object became obsolete + with the addition of dos-protection-groups." + + ::= { juniDosProtectionMIBGroups 1 } + +juniDosProtectionGroup2 OBJECT-GROUP + OBJECTS {juniDosProtectionScfdsGlobalState, + juniDosProtectionScfdsGlobalGrouping, + juniDosProtectionScfdsGlobalClearAll, + juniDosProtectionScfdsGlobalDiscontinuityTime, + juniDosProtectionScfdsGlobalTableOverflowState, + juniDosProtectionScfdsGlobalCurrentSuspiciousFlows, + juniDosProtectionScfdsGlobalNumberSuspiciousFlows, + juniDosProtectionScfdsGlobalCurrentSuspiciousFlowGroups, + juniDosProtectionScfdsGlobalNumberSuspiciousFlowGroups, + juniDosProtectionScfdsGlobalCurrentFalseNegativeFlows, + juniDosProtectionScfdsGlobalNumberFalseNegativeFlows, + juniDosProtectionScfdsGlobalNumberTableOverflows, + juniDosProtectionScfdsProtocolThreshold, + juniDosProtectionScfdsProtocolLowThreshold, + juniDosProtectionScfdsProtocolBackoffTime, + juniDosProtectionScfdsProtocolState, + juniDosProtectionScfdsProtocolTransitions, + juniDosProtectionDpgRowStatus, + juniDosProtectionDpgCanned, + juniDosProtectionDpgRevert, + juniDosProtectionDpgModified, + juniDosProtectionDpgReferences, + juniDosProtectionDpgProtocolBurst, + juniDosProtectionDpgProtocolDropProbability, + juniDosProtectionDpgProtocolRate, + juniDosProtectionDpgProtocolSkipPriorityRateLimiter, + juniDosProtectionDpgProtocolWeight, + juniDosProtectionDpgProtocolModified, + juniDosProtectionDpgPriorityBurst, + juniDosProtectionDpgPriorityOverSubscriptionFactor, + juniDosProtectionDpgPriorityRate, + juniDosProtectionDpgPriorityModified, + juniDosProtectionDpgAttachRowStatus, + juniDosProtectionDpgAttachName, + juniDosProtectionDpgProfileRowStatus, + juniDosProtectionDpgProfileName } + STATUS current + DESCRIPTION + "A collection of objects providing management of DOS protection + application in a Juniper product." + + ::= { juniDosProtectionMIBGroups 2 } +END |