draft-ietf-bfd-mib-17.txt   draft-ietf-bfd-mib-18.txt 
Network Working Group T. Nadeau Network Working Group T. Nadeau
Internet-Draft Brocade Internet-Draft Brocade
Intended status: Standards Track Z. Ali Intended status: Standards Track Z. Ali
Expires: October 16, 2014 N. Akiya Expires: October 30, 2014 N. Akiya
Cisco Systems Cisco Systems
April 14, 2014 April 28, 2014
BFD Management Information Base BFD Management Information Base
draft-ietf-bfd-mib-17 draft-ietf-bfd-mib-18
Abstract Abstract
This draft defines a portion of the Management Information Base (MIB) This draft defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it describes managed objects for modeling In particular, it describes managed objects for modeling
Bidirectional Forwarding Detection (BFD) protocol. Bidirectional Forwarding Detection (BFD) protocol.
Requirements Language Requirements Language
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 16, 2014. This Internet-Draft will expire on October 30, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 26
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Internet-Standard Management Framework . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . 2
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Brief Description of MIB Objects . . . . . . . . . . . . . . 3 4. Brief Description of MIB Objects . . . . . . . . . . . . . . 3
4.1. General Variables . . . . . . . . . . . . . . . . . . . . 3 4.1. General Variables . . . . . . . . . . . . . . . . . . . . 3
4.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 3 4.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 3
4.3. Session Performance Table (bfdSessionPerfTable) . . . . . 3 4.3. Session Performance Table (bfdSessionPerfTable) . . . . . 3
4.4. BFD Session Discriminator Mapping Table 4.4. BFD Session Discriminator Mapping Table
(bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 3 (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 3
4.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . 3 4.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . 4
5. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . 4 5. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 37
9.1. Normative References . . . . . . . . . . . . . . . . . . 36 9.1. Normative References . . . . . . . . . . . . . . . . . . 37
9.2. Informative References . . . . . . . . . . . . . . . . . 37 9.2. Informative References . . . . . . . . . . . . . . . . . 38
1. Introduction 1. Introduction
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it describes managed objects to configure and/or In particular, it describes managed objects to configure and/or
monitor Bidirectional Forwarding Detection for [RFC5880], [RFC5881], monitor Bidirectional Forwarding Detection for [RFC5880], [RFC5881],
[RFC5883] and [RFC7130], BFD versions 0 and/or 1, on devices [RFC5883] and [RFC7130], BFD versions 0 and/or 1, on devices
supporting this feature. supporting this feature.
This memo does not define a compliance requirement for a system that
only implements BFD version 0. This is a reflection of a considered
and deliberate decision by the BFD WG.
2. The Internet-Standard Management Framework 2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410]. RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58, module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580]. [RFC2580].
3. Terminology 3. Terminology
This document adopts the definitions, acronyms and mechanisms This document adopts the definitions, acronyms and mechanisms
described in [RFC5880], [RFC5881], [RFC5883] and [RFC7130]. Unless described in [RFC5880], [RFC5881], [RFC5883] and [RFC7130]. Unless
skipping to change at page 6, line 20 skipping to change at page 6, line 28
DESCRIPTION DESCRIPTION
"Indicates the actual operational status of the "Indicates the actual operational status of the
BFD system in this device. When this value is BFD system in this device. When this value is
down(2), all entries in the bfdSessTable MUST have down(2), all entries in the bfdSessTable MUST have
their bfdSessOperStatus as down(2) as well. When their bfdSessOperStatus as down(2) as well. When
this value is adminDown(3), all entries in the this value is adminDown(3), all entries in the
bfdSessTable MUST have their bfdSessOperStatus bfdSessTable MUST have their bfdSessOperStatus
as adminDown(3) as well." as adminDown(3) as well."
::= { bfdScalarObjects 2 } ::= { bfdScalarObjects 2 }
bfdSessNotificationsEnable OBJECT-TYPE bfdNotificationsEnable OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If this object is set to true(1), then it enables "If this object is set to true(1), then it enables
the emission of bfdSessUp and bfdSessDown the emission of bfdSessUp and bfdSessDown
notifications; otherwise these notifications are not notifications; otherwise these notifications are not
emitted." emitted."
REFERENCE REFERENCE
"See also RFC3413 for explanation that "See also RFC3413 for explanation that
skipping to change at page 31, line 31 skipping to change at page 31, line 41
DESCRIPTION "Write access is not required." DESCRIPTION "Write access is not required."
::= { bfdCompliances 2 } ::= { bfdCompliances 2 }
-- Units of conformance. -- Units of conformance.
bfdSessionGroup OBJECT-GROUP bfdSessionGroup OBJECT-GROUP
OBJECTS { OBJECTS {
bfdAdminStatus, bfdAdminStatus,
bfdOperStatus, bfdOperStatus,
bfdSessNotificationsEnable, bfdNotificationsEnable,
bfdSessVersionNumber, bfdSessVersionNumber,
bfdSessType, bfdSessType,
bfdSessIndexNext, bfdSessIndexNext,
bfdSessDiscriminator, bfdSessDiscriminator,
bfdSessDestinationUdpPort, bfdSessDestinationUdpPort,
bfdSessSourceUdpPort, bfdSessSourceUdpPort,
bfdSessEchoSourceUdpPort, bfdSessEchoSourceUdpPort,
bfdSessAdminStatus, bfdSessAdminStatus,
bfdSessOperStatus, bfdSessOperStatus,
bfdSessOperMode, bfdSessOperMode,
skipping to change at page 34, line 13 skipping to change at page 34, line 23
users. users.
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their network operations. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
o bfdAdminStatus - Improper change of bfdAdminStatus, from
enabled(1) to disabled(2), can cause significant disruption of the
connectivity to those portions of the Internet reached via all the
applicable remote BFD peers.
o bfdOperStatus - Improper change of bfdOperStatus, from up(1) to
down(2) or up(1) to adminDown(3), can cause significant disruption
of the connectivity to those portions of the Internet reached via
all the applicable remote BFD peers.
o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from
enabled(1) to disabled(2), can cause significant disruption of the enabled(1) to disabled(2), can cause significant disruption of the
connectivity to those portions of the Internet reached via the connectivity to those portions of the Internet reached via the
applicable remote BFD peer. applicable remote BFD peer.
o bfdSessOperStatus - Improper change of bfdSessOperStatus, from o bfdSessOperStatus - Improper change of bfdSessOperStatus, from
up(1) to down(2) or up(1) to adminDown(3), can cause significant up(1) to down(2) or up(1) to adminDown(3), can cause significant
disruption of the connectivity to those portions of the Internet disruption of the connectivity to those portions of the Internet
reached via the applicable remote BFD peer. reached via the applicable remote BFD peer.
o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval,
bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change
of this object can cause connections to be disrupted for extremely of this object can cause connections to be disrupted for extremely
long time periods when otherwise they would be restored in a long time periods when otherwise they would be restored in a
relatively short period of time. relatively short period of time.
o Some management objects define the BFD session whilst other
management objects define the parameter of the BFD session. It is
particularly important to control the support for SET access to
those management objects that define the BFD session, as changes
to them can be disruptive. Implementation SHOULD NOT allow
changes to following management objects when bfdSessState is
up(4):
* bfdSessVersionNumber
* bfdSessType
* bfdSessDestinationUdpPort
* bfdSessMultipointFlag
* bfdSessInterface
* bfdSessSrcAddrType
* bfdSessSrcAddr
* bfdSessDstAddrType
* bfdSessDstAddr
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. It is thus important to control even GET and/or NOTIFY environments. It is thus important to control even GET and/or NOTIFY
access to these objects and possibly to even encrypt the values of access to these objects and possibly to even encrypt the values of
these objects when sending them over the network via SNMP. these objects when sending them over the network via SNMP.
o The bfdSessTable may be used to directly configure BFD sessions. o The bfdSessTable may be used to directly configure BFD sessions.
The bfdSessMapTable can be used indirectly in the same way. The bfdSessMapTable can be used indirectly in the same way.
Unauthorized access to objects in this table could result in Unauthorized access to objects in this table could result in
skipping to change at page 35, line 13 skipping to change at page 36, line 10
sensitivity/vulnerability: sensitivity/vulnerability:
o The bfdSessPerfTable both allows access to the performance o The bfdSessPerfTable both allows access to the performance
characteristics of BFD sessions. Network administrators not characteristics of BFD sessions. Network administrators not
wishing to show this information should consider this table wishing to show this information should consider this table
sensitive. sensitive.
The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and
bfdSessAuthenticationKey objects hold security methods and associated bfdSessAuthenticationKey objects hold security methods and associated
security keys of BFD sessions. These objects SHOULD be considered security keys of BFD sessions. These objects SHOULD be considered
highly sensitive objects. In order for these sensitive information highly sensitive objects. In order to prevent this sensitive
from being improperly accessed, implementers MAY wish to disallow information from being improperly accessed, implementers MAY disallow
access to these objects. access to these objects.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure "for example by using IPSec", Even if the network itself is secure "for example by using IPSec",
even then, there is no control as to who on the secure network is even then, there is no control as to who on the secure network is
allowed to access and GET/SET "read/change/create/delete" the objects allowed to access and GET/SET "read/change/create/delete" the objects
in these MIB modules. in these MIB modules.
It is RECOMMENDED that implementers consider the security features as It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8), provided by the SNMPv3 framework (see [RFC3410], section 8),
skipping to change at page 36, line 10 skipping to change at page 37, line 10
to record the assignment in the SMI Numbers registry. When the to record the assignment in the SMI Numbers registry. When the
assignment has been made, the RFC Editor is asked to replace "XXX" assignment has been made, the RFC Editor is asked to replace "XXX"
(here and in the MIB module) with the assigned value and to remove (here and in the MIB module) with the assigned value and to remove
this note.] this note.]
8. Acknowledgments 8. Acknowledgments
Authors would like to thank Adrian Farrel and Jeffrey Haas for Authors would like to thank Adrian Farrel and Jeffrey Haas for
performing thorough reviews and providing number of suggestions. performing thorough reviews and providing number of suggestions.
Authors would also like to thank David Ward, Reshad Rahman, David Authors would also like to thank David Ward, Reshad Rahman, David
Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara Toscano, Sylvain Masse, Mark Tooker, Kiran Koushik Agrahara
Sreenivasa for their comments and suggestions. Sreenivasa and David Black for their comments and suggestions.
9. References 9. References
9.1. Normative References 9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information Schoenwaelder, Ed., "Structure of Management Information
skipping to change at page 37, line 8 skipping to change at page 38, line 8
(BFD) for Multihop Paths", RFC 5883, June 2010. (BFD) for Multihop Paths", RFC 5883, June 2010.
[RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and [RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and
J. Haas, "Bidirectional Forwarding Detection (BFD) on Link J. Haas, "Bidirectional Forwarding Detection (BFD) on Link
Aggregation Group (LAG) Interfaces", RFC 7130, February Aggregation Group (LAG) Interfaces", RFC 7130, February
2014. 2014.
[I-D.ietf-bfd-tc-mib] [I-D.ietf-bfd-tc-mib]
Nadeau, T., Ali, Z., and N. Akiya, "Definitions of Textual Nadeau, T., Ali, Z., and N. Akiya, "Definitions of Textual
Conventions (TCs) for Bidirectional Forwarding Detection Conventions (TCs) for Bidirectional Forwarding Detection
(BFD) Management", draft-ietf-bfd-tc-mib-04 (work in (BFD) Management", draft-ietf-bfd-tc-mib-05 (work in
progress), November 2013. progress), April 2014.
9.2. Informative References 9.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, June 2000. MIB", RFC 2863, June 2000.
 End of changes. 15 change blocks. 
20 lines changed or deleted 59 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/