-- ***************************************************************************** -- Juniper-DOS-PROTECTION-MIB -- -- Juniper Networks Enterprise MIB -- DOS Protection MIB -- -- Copyright (c) 2005-2006 Juniper Networks, Inc. -- Copyright (c) 2008 Juniper Networks, Inc. -- Copyright (c) 2009 Juniper Networks, Inc. -- All Rights Reserved. -- ***************************************************************************** Juniper-DOS-PROTECTION-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Unsigned32 FROM SNMPv2-SMI JuniEnable FROM Juniper-TC TEXTUAL-CONVENTION, TruthValue, DisplayString, RowStatus FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF InterfaceIndex FROM IF-MIB juniMibs FROM Juniper-MIBs; juniDosProtectionMIB MODULE-IDENTITY LAST-UPDATED "200805060000Z" -- 06-May-2008 00:00 ORGANIZATION "Juniper Networks, Inc." CONTACT-INFO " Juniper Networks, Inc. Postal: 10 Technology Park Drive Westford, MA 01886-3146 USA Tel: +1 978 589 5800 Email: mib@Juniper.net" DESCRIPTION "The DOS Protection MIB for the Juniper E-Series product family. This MIB contains managed objects for the DOS Protection application. Management objects are provided to control and monitor the DOS protection application." -- Revision History REVISION "200805060000Z" -- 06-May-2008 00:00 JUNOSe 8.1 DESCRIPTION "Updated JuniDosProtectionProtocolType TEXTUAL-CONVENTION " REVISION "200607010000Z" -- 01-Jul-2006 00:00 JUNOSe 8.1 DESCRIPTION "Added Dos-Protection-Group support" REVISION "200608180400Z" -- 18-Aug-2006 00:00 AM EDT - JUNOSe 8.0 DESCRIPTION "Added MPLS Lsp Ping support." REVISION "200608171926Z" -- 17-Aug-2006 03:26 PM EDT - JUNOSe 7.3 DESCRIPTION "Added new protocol type, atmDynamicIfPppData, to manage in JuniDosProtectionProtocolType." REVISION "200601010500Z" -- 01-Jan-2006 00:00 AM EST - JUNOSe 7.3 DESCRIPTION "Initial version of this MIB module." ::= { juniMibs 80 } -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Textual conventions -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ JuniDosProtectionProtocolType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The control protocols that are supported by the DOS protection application." SYNTAX INTEGER { pppEchoRequest(0), ppEchoReply(1), pppEchoReplyFast(2), pppControl(3), atmControl(4), atmOam(5), atmDynamicIf(6), atmInverseArp(7), frameRelayControl(8), frameRelayArp(9), pppoeControl(10), pppoePppConfig(11), ethernetArpMiss(12), ethernetArp(13), ethernetFcBasedArp(14), ethernetLacp(15), ethernetOam(16), ethernetDynamicIf(17), ethernetPppTerminate(18), slepSlarp(19), slepSlarpReplyFast(20), mplsTtlOnReceive(21), mplsTtlOnTransmit(22), mplsMtuExceeded(23), itmL2tpControl(24), flisInPayload(25), flisInPayloadUpdateTable(26), dhcpExternal(27), ipOsi(28), ipTtlExpired(29), ipOptionsOther(30), ipOptionsRouterAlert(31), ipMulticastBroadcastOther(32), ipMulticastDhcpSc(33), ipMulticastControlSc(34), ipMulticastControlIc(35), ipMulticastVrrp(36), ipMulticastCacheMiss(37), ipMulticastCacheMissAutoReply(38), ipMulticastWrongIf(39), ipLocalDhcpSc(40), ipLocalDhcpIc(41), ipLocalIcmpEcho(42), ipLocalIcmpOther(43), ipLocalLDP(44), ipLocalBgp(45), ipLocalOspf(46), ipLocalRsvp(47), ipLocalPim(48), ipLocalCops(49), ipLocalL2tpControlSc(50), ipLocalL2tpControlIc(51), ipLocalOther(52), ipLocalDemuxMiss(53), ipRouteToSrpEthernet(54), ipRouteNoRoute(55), ipNormalPathMtu(56), ipNeighborDiscovery(57), ipNeighborDiscoveryMiss(58), ipSearchError(59), ipMld(60), ipLocalPimAssert(61), ipLocalBfd(62), ipFastBfd(63), ipLocalFastBfd(64), ipIke(65), ipReassembly(66), ipLocalIcmpFragment(67), ipLocalFragment(68), ipAppClassifierHttpRedirect(69), ipMulticastDhcpIc(70), dhcpTesterIc(71), atmDynamicIfPppData(72), ipLocalLspPing(73) } JuniDosProtectionPriorityType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The control priorities that are supported by the DOS protection application." SYNTAX INTEGER { hiGreenFcIc(0), hiYellowFcIc(1), loGreenFcIc(2), loYellowFcIc(3), hiGreenFcSc(4), hiYellowFcSc(5), loGreenFcSc(6), loYellowFcSc(7) } JuniDosProtectionProtocolState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The current state of a protocol." SYNTAX INTEGER { ok(1), inTrouble(2) } JuniDosProtectionScfdsTableOverflowState ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The current state of the suspicious flow table." SYNTAX INTEGER { notOverflowingOrGrouping(1), grouping(2), overflowing(3) } JuniDosProtectionProtocolPriorityType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The control priorities that are supported by the DOS protection application for each control processor" SYNTAX INTEGER { hiGreen(0), hiYellow(1), loGreen(2), loYellow(3), dataPath(4) } JuniDosProtectionProtocolCannedType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The available canned dos-protection-groups which can be used to set defaults into a user specified group." SYNTAX INTEGER { default(0), enetAccess(1), atmAccess(2), frame(3), uplink(4) } JuniDosProtectionLayerId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The available interface types for which a profile entry may be defined." SYNTAX INTEGER { ip(0), ppp(1), ethernet(6), atm1483(11), pppoe(17), bridge1483(19), vlan(35), ipv6(50) } JuniDosProtectionControlProcessorDestination ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The available control processors to which a control protocol may be directed." SYNTAX INTEGER { ic(0), sc(1), dataPath(2) } -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Managed objects -- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ juniDosProtectionObjects OBJECT IDENTIFIER ::= { juniDosProtectionMIB 1 } juniDosProtectionScfdsGroup OBJECT IDENTIFIER ::= { juniDosProtectionObjects 1 } juniDosProtectionDpgGroup OBJECT IDENTIFIER ::= { juniDosProtectionObjects 2 } -- -- scalars -- juniDosProtectionScfdsGlobalState OBJECT-TYPE SYNTAX JuniEnable MAX-ACCESS read-write STATUS current DESCRIPTION "Controls whether the suspicious control flow detection system is enabled or disabled. Setting the value to enable(1) enables the suspicious control flow detection system. Setting the value to disable(0) disables the system. When read this object returns the current state of the system." DEFVAL { enable } ::= { juniDosProtectionScfdsGroup 1 } juniDosProtectionScfdsGlobalGrouping OBJECT-TYPE SYNTAX JuniEnable MAX-ACCESS read-write STATUS current DESCRIPTION "When set to enable(1), the suspicious flow control system will group flows when resources are unavailable to treat each suspicious flow individually. When set to disable(0), this feature will be inhibited and the suspicious control flow system may not recognize all suspicious flows during a resource shortage. When read this object will return the current state of the object." DEFVAL { enable } ::= { juniDosProtectionScfdsGroup 2 } juniDosProtectionScfdsGlobalClearAll OBJECT-TYPE SYNTAX INTEGER { ok(0), clear(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "When set to clear(1), the suspicious control flow detection system is cleared. When set to ok(0), there is no effect and the suspicious control flow detection system is unchanged. By clearing the suspicious control flow detection system all flows are removed from the suspicious flow table. When read, always returns a value of ok(0)." ::= { juniDosProtectionScfdsGroup 3 } juniDosProtectionScfdsGlobalDiscontinuityTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime at which the counters were last re-initialized on any slot due to a restart." ::= { juniDosProtectionScfdsGroup 4 } juniDosProtectionScfdsGlobalTableOverflowState OBJECT-TYPE SYNTAX JuniDosProtectionScfdsTableOverflowState MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates whether any module in the system is in under a resource shortage situation. A value of notOverflowingOrGrouping(1) indicates that there is no resource shortage on any module. A value of grouping(2) or overflowing(3) indicates that at least one module is suffering from a resource shortage, and has acted according to the state of the juniDosProtectionScfdsGlobalGrouping object." ::= { juniDosProtectionScfdsGroup 5 } -- -- global counters -- juniDosProtectionScfdsGlobalCurrentSuspiciousFlows OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of flows currently marked as suspicious." ::= { juniDosProtectionScfdsGroup 6 } juniDosProtectionScfdsGlobalNumberSuspiciousFlows OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of suspicious flows seen since system restart." ::= { juniDosProtectionScfdsGroup 7 } juniDosProtectionScfdsGlobalCurrentSuspiciousFlowGroups OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of flow groups currently marked as suspicious." ::= { juniDosProtectionScfdsGroup 8 } juniDosProtectionScfdsGlobalNumberSuspiciousFlowGroups OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of suspicius flow groups seen since system restart." ::= { juniDosProtectionScfdsGroup 9 } juniDosProtectionScfdsGlobalCurrentFalseNegativeFlows OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of flows currently falsely considered suspicious. A false negative indicates that the flow was seen as possibly suspicious, but did not pass all the tests to be considered suspicious. This is a normal condition of the system." ::= { juniDosProtectionScfdsGroup 10 } juniDosProtectionScfdsGlobalNumberFalseNegativeFlows OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of flows falsely considered possibly suspicious seen since system restart." ::= { juniDosProtectionScfdsGroup 11 } juniDosProtectionScfdsGlobalNumberTableOverflows OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times the system had a table overflow on any slot." ::= { juniDosProtectionScfdsGroup 12 } -- -- protocol table -- juniDosProtectionScfdsProtocolTable OBJECT-TYPE SYNTAX SEQUENCE OF JuniDosProtectionScfdsProtocolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for the DOS protection control protocols." ::= { juniDosProtectionScfdsGroup 13 } juniDosProtectionScfdsProtocolEntry OBJECT-TYPE SYNTAX JuniDosProtectionScfdsProtocolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an individual DOS protection control protocol." INDEX { juniDosProtectionScfdsProtocolIndex } ::= { juniDosProtectionScfdsProtocolTable 1 } JuniDosProtectionScfdsProtocolEntry ::= SEQUENCE { juniDosProtectionScfdsProtocolIndex JuniDosProtectionProtocolType, juniDosProtectionScfdsProtocolThreshold Unsigned32, juniDosProtectionScfdsProtocolLowThreshold Unsigned32, juniDosProtectionScfdsProtocolBackoffTime Unsigned32, juniDosProtectionScfdsProtocolState JuniDosProtectionProtocolState, juniDosProtectionScfdsProtocolTransitions Counter32} juniDosProtectionScfdsProtocolIndex OBJECT-TYPE SYNTAX JuniDosProtectionProtocolType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The control protocol value for this entry." ::= { juniDosProtectionScfdsProtocolEntry 1 } juniDosProtectionScfdsProtocolThreshold OBJECT-TYPE SYNTAX Unsigned32(0|3..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The threshold in packets per second for this control protocol. This is the rate at which a flow for this protocol is considered suspicious. Setting this object to zero will have the affect of excusing this protocol from suspicious control flow detection." ::= { juniDosProtectionScfdsProtocolEntry 2 } juniDosProtectionScfdsProtocolLowThreshold OBJECT-TYPE SYNTAX Unsigned32(0|1..32767) MAX-ACCESS read-write STATUS current DESCRIPTION "The low threshold in packets per second for this control protocol . This is the rate at which a flow must fall below to in order return to the normal state, after having been marked suspicious. A low threshold of zero disables this functionality." ::= { juniDosProtectionScfdsProtocolEntry 3 } juniDosProtectionScfdsProtocolBackoffTime OBJECT-TYPE SYNTAX Unsigned32(0|10..1000) MAX-ACCESS read-write STATUS current DESCRIPTION "The backoff time in seconds. A flow which is considered suspicious will be returned to normal after this amount of time regardless of the current rate of the flow. A backoff time of 0 disables this functionality." DEFVAL { 300 } ::= { juniDosProtectionScfdsProtocolEntry 4 } juniDosProtectionScfdsProtocolState OBJECT-TYPE SYNTAX JuniDosProtectionProtocolState MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the protocol. This object will return inTrouble(2) if any module in the system has reported that the protocol is currently being watched for suspicious flows. If no module reports that this protocol is being watched this object will return ok(1). A protocol is in trouble on a module when the sum of the rate for all flows for the protocol is over the limit for that protocol." ::= { juniDosProtectionScfdsProtocolEntry 5 } juniDosProtectionScfdsProtocolTransitions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of transitions to 'inTrouble' that this control protocol has made." ::= { juniDosProtectionScfdsProtocolEntry 6 } -- -- dos protection groups -- juniDosProtectionDpgTable OBJECT-TYPE SYNTAX SEQUENCE OF JuniDosProtectionDpgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for a dos-protection-group. A dos-protection-group defines a set of parameters that manage the handling of control protocols on the router." ::= { juniDosProtectionDpgGroup 1 } juniDosProtectionDpgEntry OBJECT-TYPE SYNTAX JuniDosProtectionDpgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an individual dos-protection-group." INDEX { juniDosProtectionDpgIndex } ::= { juniDosProtectionDpgTable 1 } JuniDosProtectionDpgEntry ::= SEQUENCE { juniDosProtectionDpgIndex DisplayString, juniDosProtectionDpgRowStatus RowStatus, juniDosProtectionDpgCanned JuniDosProtectionProtocolCannedType, juniDosProtectionDpgRevert INTEGER, juniDosProtectionDpgModified TruthValue, juniDosProtectionDpgReferences INTEGER} juniDosProtectionDpgIndex OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The dos-protection-group-name for this entry." ::= { juniDosProtectionDpgEntry 1 } juniDosProtectionDpgRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls creation/deletion of entries in this table. Only the values 'createAndGo' and 'destroy' may be SET. When read this always returns a value of active" ::= { juniDosProtectionDpgEntry 2 } juniDosProtectionDpgCanned OBJECT-TYPE SYNTAX JuniDosProtectionProtocolCannedType MAX-ACCESS read-create STATUS current DESCRIPTION "Sets the default values based for the dos-protection-group based on the values from the canned group. Can only be used to set a different group. Using the current group will result in no changes to the dos-protection-group." DEFVAL { default } ::= { juniDosProtectionDpgEntry 3 } juniDosProtectionDpgRevert OBJECT-TYPE SYNTAX INTEGER { no-revert(0), revert(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "Revert this dos-protection-group to the canned values of the associated canned group by setting this object to revert(1). Reading this object will always return a value of no-revert(1)" ::= { juniDosProtectionDpgEntry 4 } juniDosProtectionDpgModified OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When true is returned, some protocol or priority associated with this dos-protection-group, has been modified from the canned values associated with the group. When false is returned all settings associated with this dos-protection-group are at the defaults for the associated canned group." ::= { juniDosProtectionDpgEntry 5 } juniDosProtectionDpgReferences OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-only STATUS current DESCRIPTION "The number of references for this dos-protection-group. References include the number of interfaces currently associated with the group, as well as the number of profile references." ::= { juniDosProtectionDpgEntry 6 } -- -- dpg protocol information -- juniDosProtectionDpgProtocolTable OBJECT-TYPE SYNTAX SEQUENCE OF JuniDosProtectionDpgProtocolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for the dos-protection-group control protocol table." ::= { juniDosProtectionDpgGroup 2 } juniDosProtectionDpgProtocolEntry OBJECT-TYPE SYNTAX JuniDosProtectionDpgProtocolEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an individual dos-protection-group control protocol entry." INDEX { juniDosProtectionDpgProtocolName, juniDosProtectionDpgProtocolProtocol } ::= { juniDosProtectionDpgProtocolTable 1 } JuniDosProtectionDpgProtocolEntry ::= SEQUENCE { juniDosProtectionDpgProtocolName DisplayString, juniDosProtectionDpgProtocolProtocol JuniDosProtectionProtocolType, juniDosProtectionDpgProtocolBurst Unsigned32, juniDosProtectionDpgProtocolDropProbability Unsigned32, juniDosProtectionDpgProtocolRate Unsigned32, juniDosProtectionDpgProtocolSkipPriorityRateLimiter JuniEnable, juniDosProtectionDpgProtocolWeight Unsigned32, juniDosProtectionDpgProtocolPriority JuniDosProtectionProtocolPriorityType, juniDosProtectionDpgProtocolModified TruthValue, juniDosProtectionDpgProtocolDestination JuniDosProtectionControlProcessorDestination} juniDosProtectionDpgProtocolName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The dos-protection-group name for this entry." ::= { juniDosProtectionDpgProtocolEntry 1 } juniDosProtectionDpgProtocolProtocol OBJECT-TYPE SYNTAX JuniDosProtectionProtocolType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The dos-protection-group control protocol for this entry." ::= { juniDosProtectionDpgProtocolEntry 2 } juniDosProtectionDpgProtocolBurst OBJECT-TYPE SYNTAX Unsigned32(0|32..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The burst in packets for this control protocol in this dos-protection-group." ::= { juniDosProtectionDpgProtocolEntry 3 } juniDosProtectionDpgProtocolDropProbability OBJECT-TYPE SYNTAX Unsigned32(10..100) MAX-ACCESS read-write STATUS current DESCRIPTION "The drop probability for suspect packets for this control protocol in this dos-protection-group. This is probability that a packet belonging to a suspicious flow will be dropped. A drop probability of less than 100 indicates that the user wishes to have some packets from a suspect flow reach the control processor." ::= { juniDosProtectionDpgProtocolEntry 4 } juniDosProtectionDpgProtocolRate OBJECT-TYPE SYNTAX Unsigned32(0|64..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The rate in packets per second for this control protocol in this dos-protection-group." ::= { juniDosProtectionDpgProtocolEntry 5 } juniDosProtectionDpgProtocolSkipPriorityRateLimiter OBJECT-TYPE SYNTAX JuniEnable MAX-ACCESS read-write STATUS current DESCRIPTION "When set to enable, this control protocol in this dos-protection-group will skip the priority rate limiter. When set to disable, the protocol will not skip the priority rate-limiter." ::= { juniDosProtectionDpgProtocolEntry 6 } juniDosProtectionDpgProtocolWeight OBJECT-TYPE SYNTAX Unsigned32(100..500) MAX-ACCESS read-write STATUS current DESCRIPTION "The weight of this control protocol against others of the same priority in this dos-protection-group. The weight is used to determine the minimum rate and burst for the protocol within the priority group." DEFVAL { 100 } ::= { juniDosProtectionDpgProtocolEntry 7 } juniDosProtectionDpgProtocolPriority OBJECT-TYPE SYNTAX JuniDosProtectionProtocolPriorityType MAX-ACCESS read-write STATUS current DESCRIPTION "The priority for the control protocol. Packets of this control protocol on interfaces referencing this dos-protection-group will be categorized into the priority indicated." ::= { juniDosProtectionDpgProtocolEntry 8 } juniDosProtectionDpgProtocolModified OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When true is returned, the values for this control protocol in this dos-protection-group have been modified from the canned values associated with the group. When false is returned all settings associated with this control protocol in this dos-protection-group are at the defaults for the associated canned group." ::= { juniDosProtectionDpgProtocolEntry 9 } juniDosProtectionDpgProtocolDestination OBJECT-TYPE SYNTAX JuniDosProtectionControlProcessorDestination MAX-ACCESS read-only STATUS current DESCRIPTION "The destination processor for packets of this control protocol." ::= { juniDosProtectionDpgProtocolEntry 10 } -- -- dpg priority information -- juniDosProtectionDpgPriorityTable OBJECT-TYPE SYNTAX SEQUENCE OF JuniDosProtectionDpgPriorityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for a dos-protection-group priority table." ::= { juniDosProtectionDpgGroup 3 } juniDosProtectionDpgPriorityEntry OBJECT-TYPE SYNTAX JuniDosProtectionDpgPriorityEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an individual dos-protection-group priority table" INDEX { juniDosProtectionDpgPriorityName, juniDosProtectionDpgPriorityPriority } ::= { juniDosProtectionDpgPriorityTable 1 } JuniDosProtectionDpgPriorityEntry ::= SEQUENCE { juniDosProtectionDpgPriorityName DisplayString, juniDosProtectionDpgPriorityPriority JuniDosProtectionPriorityType, juniDosProtectionDpgPriorityBurst Unsigned32, juniDosProtectionDpgPriorityOverSubscriptionFactor Unsigned32, juniDosProtectionDpgPriorityRate Unsigned32, juniDosProtectionDpgPriorityModified TruthValue} juniDosProtectionDpgPriorityName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The dos-proteciton-group name for this entry." ::= { juniDosProtectionDpgPriorityEntry 1 } juniDosProtectionDpgPriorityPriority OBJECT-TYPE SYNTAX JuniDosProtectionPriorityType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The priority for this entry." ::= { juniDosProtectionDpgPriorityEntry 2 } juniDosProtectionDpgPriorityBurst OBJECT-TYPE SYNTAX Unsigned32(0|32..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The burst in packets for this priority in this dos-protection-group." ::= { juniDosProtectionDpgPriorityEntry 3 } juniDosProtectionDpgPriorityOverSubscriptionFactor OBJECT-TYPE SYNTAX Unsigned32(100..1000) MAX-ACCESS read-write STATUS current DESCRIPTION "The over-subscription factor for this priority in this dos-protection-group. This is used when calculating the minimum rates for control protocols that use this priority." ::= { juniDosProtectionDpgPriorityEntry 4 } juniDosProtectionDpgPriorityRate OBJECT-TYPE SYNTAX Unsigned32(0|64..65535) MAX-ACCESS read-write STATUS current DESCRIPTION "The rate in packets per second for this priority in this dos-protection-group." ::= { juniDosProtectionDpgPriorityEntry 5 } juniDosProtectionDpgPriorityModified OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "When true is returned, the values for this priority in this dos-protection-group have been modified from the canned values associated with the group. When false is returned all settings associated with this priority in this dos-protection-group are at the defaults for the associated canned group." ::= { juniDosProtectionDpgPriorityEntry 6 } -- -- attachment table -- juniDosProtectionDpgAttachTable OBJECT-TYPE SYNTAX SEQUENCE OF JuniDosProtectionDpgAttachEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for the DOS protection attachment table." ::= { juniDosProtectionDpgGroup 4 } juniDosProtectionDpgAttachEntry OBJECT-TYPE SYNTAX JuniDosProtectionDpgAttachEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an individual DOS protection attachment entry." INDEX { juniDosProtectionDpgAttachIndex } ::= { juniDosProtectionDpgAttachTable 1 } JuniDosProtectionDpgAttachEntry ::= SEQUENCE { juniDosProtectionDpgAttachIndex InterfaceIndex, juniDosProtectionDpgAttachRowStatus RowStatus, juniDosProtectionDpgAttachName DisplayString, juniDosProtectionDpgAttachConfigured TruthValue} juniDosProtectionDpgAttachIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The interface index for the attachment." ::= { juniDosProtectionDpgAttachEntry 1 } juniDosProtectionDpgAttachRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls creation/deletion of entries in this table. Only the values 'createAndGo' and 'destroy' may be SET. When read this always returns a value of active" ::= { juniDosProtectionDpgAttachEntry 2 } juniDosProtectionDpgAttachName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The dos-protection-group for this entry. This is the dos-protection-group that is use by the interface." ::= { juniDosProtectionDpgAttachEntry 3 } juniDosProtectionDpgAttachConfigured OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Indicates the configured status of the attachment. This object returns true when the attachment was statically configured, and returns false when the attachment was made via a profile attachment." ::= { juniDosProtectionDpgAttachEntry 4 } -- -- profile table -- juniDosProtectionDpgProfileTable OBJECT-TYPE SYNTAX SEQUENCE OF JuniDosProtectionDpgProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for the DOS protection profile table." ::= { juniDosProtectionDpgGroup 5 } juniDosProtectionDpgProfileEntry OBJECT-TYPE SYNTAX JuniDosProtectionDpgProfileEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The information for an individual DOS protection profile entry." INDEX { juniDosProtectionDpgProfileProfileId, juniDosProtectionDpgProfileLayerId} ::= { juniDosProtectionDpgProfileTable 1 } JuniDosProtectionDpgProfileEntry ::= SEQUENCE { juniDosProtectionDpgProfileProfileId Unsigned32, juniDosProtectionDpgProfileLayerId JuniDosProtectionLayerId, juniDosProtectionDpgProfileRowStatus RowStatus, juniDosProtectionDpgProfileName DisplayString } juniDosProtectionDpgProfileProfileId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The profile ID for the profile entry. The profile ID identifies which profile is being accessed. A value for this identifier is determined by locating or creating a profile name in the juniProfileNameTable" ::= { juniDosProtectionDpgProfileEntry 1 } juniDosProtectionDpgProfileLayerId OBJECT-TYPE SYNTAX JuniDosProtectionLayerId MAX-ACCESS not-accessible STATUS current DESCRIPTION "The layer ID for the profile entry. The layer ID indicates which interface type is being accessed." ::= { juniDosProtectionDpgProfileEntry 2 } juniDosProtectionDpgProfileRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls creation/deletion of entries in this table. Only the values 'createAndGo' and 'destroy' may be SET. When read this always returns a value of active" ::= { juniDosProtectionDpgProfileEntry 3 } juniDosProtectionDpgProfileName OBJECT-TYPE SYNTAX DisplayString (SIZE(1..32)) MAX-ACCESS read-create STATUS current DESCRIPTION "The dos-protection-group that is associated with this profile/interface-type. This profile will be attached when dynamic instances of the interface type are created that reference the specific profile." ::= { juniDosProtectionDpgProfileEntry 4 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Notifications -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ --juniDosProtectionTraps OBJECT IDENTIFIER ::= { juniDosProtectionMIB 0 } --juniDosProtectionTrapControl OBJECT IDENTIFIER ::= { juniDosProtectionMIB 2 } --juniDosProtectionScfdsTraps OBJECT IDENTIFIER ::= { juniDosProtectionTraps 0 } -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -- Conformance information -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ juniDosProtectionMIBConformance OBJECT IDENTIFIER ::= { juniDosProtectionMIB 4 } juniDosProtectionMIBCompliances OBJECT IDENTIFIER ::= { juniDosProtectionMIBConformance 1 } juniDosProtectionMIBGroups OBJECT IDENTIFIER ::= { juniDosProtectionMIBConformance 2 } juniDosProtectionCompliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "The compliance statement for entities which implement the Juniper Dos Protection MIB. This was made obsolete with the addition of dos-protection-groups." MODULE -- this module MANDATORY-GROUPS { juniDosProtectionGroup } ::= { juniDosProtectionMIBCompliances 1 } juniDosProtectionCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the Juniper Dos Protection MIB." MODULE -- this module MANDATORY-GROUPS { juniDosProtectionGroup2 } ::= { juniDosProtectionMIBCompliances 2 } -- Junos x.y -- -- units of conformance -- juniDosProtectionGroup OBJECT-GROUP OBJECTS {juniDosProtectionScfdsGlobalState, juniDosProtectionScfdsGlobalGrouping, juniDosProtectionScfdsGlobalClearAll, juniDosProtectionScfdsGlobalDiscontinuityTime, juniDosProtectionScfdsGlobalTableOverflowState, juniDosProtectionScfdsGlobalCurrentSuspiciousFlows, juniDosProtectionScfdsGlobalNumberSuspiciousFlows, juniDosProtectionScfdsGlobalCurrentSuspiciousFlowGroups, juniDosProtectionScfdsGlobalNumberSuspiciousFlowGroups, juniDosProtectionScfdsGlobalCurrentFalseNegativeFlows, juniDosProtectionScfdsGlobalNumberFalseNegativeFlows, juniDosProtectionScfdsGlobalNumberTableOverflows, juniDosProtectionScfdsProtocolThreshold, juniDosProtectionScfdsProtocolLowThreshold, juniDosProtectionScfdsProtocolBackoffTime, juniDosProtectionScfdsProtocolState, juniDosProtectionScfdsProtocolTransitions } STATUS obsolete DESCRIPTION "A collection of objects providing management of DOS protection application in a Juniper product. This object became obsolete with the addition of dos-protection-groups." ::= { juniDosProtectionMIBGroups 1 } juniDosProtectionGroup2 OBJECT-GROUP OBJECTS {juniDosProtectionScfdsGlobalState, juniDosProtectionScfdsGlobalGrouping, juniDosProtectionScfdsGlobalClearAll, juniDosProtectionScfdsGlobalDiscontinuityTime, juniDosProtectionScfdsGlobalTableOverflowState, juniDosProtectionScfdsGlobalCurrentSuspiciousFlows, juniDosProtectionScfdsGlobalNumberSuspiciousFlows, juniDosProtectionScfdsGlobalCurrentSuspiciousFlowGroups, juniDosProtectionScfdsGlobalNumberSuspiciousFlowGroups, juniDosProtectionScfdsGlobalCurrentFalseNegativeFlows, juniDosProtectionScfdsGlobalNumberFalseNegativeFlows, juniDosProtectionScfdsGlobalNumberTableOverflows, juniDosProtectionScfdsProtocolThreshold, juniDosProtectionScfdsProtocolLowThreshold, juniDosProtectionScfdsProtocolBackoffTime, juniDosProtectionScfdsProtocolState, juniDosProtectionScfdsProtocolTransitions, juniDosProtectionDpgRowStatus, juniDosProtectionDpgCanned, juniDosProtectionDpgRevert, juniDosProtectionDpgModified, juniDosProtectionDpgReferences, juniDosProtectionDpgProtocolBurst, juniDosProtectionDpgProtocolDropProbability, juniDosProtectionDpgProtocolRate, juniDosProtectionDpgProtocolSkipPriorityRateLimiter, juniDosProtectionDpgProtocolWeight, juniDosProtectionDpgProtocolModified, juniDosProtectionDpgPriorityBurst, juniDosProtectionDpgPriorityOverSubscriptionFactor, juniDosProtectionDpgPriorityRate, juniDosProtectionDpgPriorityModified, juniDosProtectionDpgAttachRowStatus, juniDosProtectionDpgAttachName, juniDosProtectionDpgProfileRowStatus, juniDosProtectionDpgProfileName } STATUS current DESCRIPTION "A collection of objects providing management of DOS protection application in a Juniper product." ::= { juniDosProtectionMIBGroups 2 } END