--- 1/draft-ietf-bfd-mpls-mib-04.txt 2014-12-28 17:14:48.582817067 -0800 +++ 2/draft-ietf-bfd-mpls-mib-05.txt 2014-12-28 17:14:48.626818136 -0800 @@ -1,34 +1,34 @@ Network Working Group INTERNET-DRAFT Sam Aldrin Intended Status: Standards Track Huawei Technologies -Expires: December 29, 2014 M.Venkatesan +Expires: July 01, 2015 M.Venkatesan Dell Inc. Kannan KV Sampath Redeem Software Thomas D. Nadeau Brocade - June 27, 2014 + December 28, 2014 BFD Management Information Base (MIB) extensions for MPLS and MPLS-TP Networks - draft-ietf-bfd-mpls-mib-04 + draft-ietf-bfd-mpls-mib-05 Abstract This draft defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. - In particular, it extends the BFD Management Information Base BFD- - STD-MIB and describes the managed objects for modeling Bidirectional - Forwarding Detection (BFD) protocol for MPLS and MPLS-TP networks. + In particular, it extends the BFD Management Information Base and + describes the managed objects for modeling Bidirectional Forwarding + Detection (BFD) protocol for MPLS and MPLS-TP networks. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -37,21 +37,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on December 29, 2014. + This Internet-Draft will expire on July 01, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -81,57 +81,58 @@ 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 18 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 20 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 20 9.2 Informative References . . . . . . . . . . . . . . . . . . . 21 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 22 1 Introduction - The current MIB for BFD as defined by BFD-STD-MIB is used for - neighbor monitoring in IP networks. The BFD session association to - the neighbors being monitored is done using the source and - destination IP addresses of the neighbors configured using the - respective MIB objects. + The current MIB for BFD as defined by [RFC7331] is used for neighbor + monitoring in IP networks. The BFD session association to the + neighbors being monitored is done using the source and destination IP + addresses of the neighbors configured using the respective MIB + objects. To monitor MPLS/MPLS-TP paths like tunnels or Pseudowires, there is a necessity to identify or associate the BFD session to those paths. This memo defines an portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. - In particular, it extends the BFD Management Information Base BFD- - STD-MIB and describes the managed objects to configure and/or monitor - Bidirectional Forwarding Detection (BFD) protocol for MPLS [RFC5884] - and MPLS-TP networks [RFC6428]. + In particular, it extends the BFD Management Information Base + [RFC7331] and describes the managed objects to configure and/or + monitor Bidirectional Forwarding Detection (BFD) protocol for MPLS + [RFC5884] and MPLS-TP networks [RFC6428]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC2578, STD 58, RFC2579 and STD58, RFC2580. 3. Overview 3.1 Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", - "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this - document are to be interpreted as described in RFC-2119 [RFC2119]. + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + RFC-2119 [RFC2119]. 3.2 Terminology This document adopts the definitions, acronyms and mechanisms described in [BFD], [BFD-1HOP], [BFD-MH], [RFC5884], [RFC6428]. Unless otherwise stated, the mechanisms described therein will not be re-described here. 4. Acronyms @@ -153,26 +154,26 @@ OAM: Operations, Administration, and Maintenance PW: Pseudo Wire RDI: Remote Defect Indication TE: Traffic Engineering TP: Transport Profile 5. Brief description of MIB Objects The objects described in this section support the functionality described in documents [RFC5884] and [RFC6428]. The objects are - defined as an extension to the BFD base MIB defined by BFD-STD-MIB. + defined as an extension to the BFD base MIB defined by [RFC7331]. 5.1. Extensions to the BFD session table (bfdSessionTable) The BFD session table used to identify a BFD session between a pair - of nodes, as defined in BFD-STD-MIB, is extended with managed objects + of nodes, as defined in [RFC7331], is extended with managed objects to achieve the required functionality in MPLS and MPLS-TP networks as described below: 1. SessionRole - Active/Passive role specification for the BFD session configured on the node. Either end of a BFD session can be configured as Active/Passive to determine which end starts transmitting the BFD control packets. 2. SessionMode - Defines the mode in which BFD session is running, defined as below: @@ -224,21 +225,21 @@ For PW, this object points to the corresponding instance of pwEntry. For MPLS-TP paths, this object points to the corresponding instance of mplsOamIdMeEntry[MPLS-OAM-ID-STD-MIB] configured to monitor the MPLS-TP path associated with the BFD session. 6. Usage of existing object bfdSessType: Additionally existing object "bfdSessType" in the BFD base MIB - [BFD-STD-MIB] can be used with the already defined value + [RFC7331] can be used with the already defined value multiHopOutOfBandSignaling(3) to specify an OOB (Out of band) mechanism [E.g. LSP Ping] for bootstrapping the BFD session. 5.2. Example of BFD session configuration This section provides an example of BFD session configuration for an MPLS and MPLS-TP TE tunnel. This example is only meant to enable an understanding of the proposed extension and does not illustrate every permutation of the MIB. @@ -397,21 +398,21 @@ } Similarly BFD session would be configured on the tail-end of the tunnel and creating the above row will trigger the bootstrapping of the session using LSP Ping and its subsequent establishment over the path by de-multiplexing of the control packets using the BFD session discriminators. 5.3. BFD objects for session performance counters - BFD-STD-MIB defines BFD Session Performance Table + [RFC7331] defines BFD Session Performance Table (bfdSessionPerfTable), for collecting per-session BFD performance counters, as an extension to the bfdSessionTable. The bfdSessionPerfTable is extended with the performance counters to collect Mis-connectivity Defect, Loss of Continuity Defect and RDI (Remote Defect Indication) counters. 1. bfdMplsSessPerfMisDefCount - Mis-connectivity defect count for this BFD session. 2. bfdMplsSessPerfLocDefCount - Loss of continuity defect count for @@ -882,38 +883,43 @@ this information should consider this table sensitive. The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and bfdSessAuthenticationKey objects hold security methods and associated security keys of BFD sessions for MPLS paths. These objects SHOULD be considered highly sensitive objects. In order for these sensitive information from being improperly accessed, implementers MAY wish to disallow read and create access to these objects. - SNMP versions prior to SNMPv3 did not include adequate security. - Even if the network itself is secure "for example by using IPSec", - even then, there is no control as to who on the secure network is - allowed to access and GET/SET "read/change/create/delete" the objects - in these MIB modules. + SNMP versions prior to SNMPv3 did not include adequate security. Even + if the network itself is secure (for example by using IPsec), there + is no control as to who on the secure network is allowed to access + and GET/SET (read/change/create/delete) the objects in this MIB + module. - It is RECOMMENDED that implementers consider the security features as - provided by the SNMPv3 framework (see [RFC3410], section 8), - including full support for the SNMPv3 cryptographic mechanisms "for - authentication and privacy". + Implementations SHOULD provide the security features described by the + SNMPv3 framework (see [RFC3410]), and implementations claiming + compliance to the SNMPv3 standard MUST include full support for + authentication and privacy via the User-based Security Model (USM) - Further, deployment of SNMP versions prior to SNMPv3 is not - recommended. Instead, it is RECOMMENDED to deploy SNMPv3 and to + [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations + MAY also provide support for the Transport Security Model (TSM) + [RFC5591] in combination with a secure transport such as SSH + [RFC5592] or TLS/DTLS [RFC6353]. + + Further, deployment of SNMP versions prior to SNMPv3 is NOT + RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an - instance of this MIB module, is properly configured to give access to - the objects only to those principals "users" that have legitimate - rights to indeed GET or SET "change/create/delete" them. + instance of this MIB module is properly configured to give access to + the objects only to those principals (users) that have legitimate + rights to indeed GET or SET (change/create/delete) them. 8. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- bfdMplsMib { mib-2 XXX } @@ -963,45 +969,66 @@ [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. 9.2 Informative References [RFC3410] J. Case, R. Mundy, D. pertain, B.Stewart, "Introduction and Applicability Statement for Internet Standard Management Framework", RFC 3410, December 2002. + [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security + Model(USM) for version 3 of the Simple Network + Management Protocol (SNMPv3)", STD 62, RFC 3414, + December 2002. + [RFC3812] Srinivasan, C., Viswanathan, A., and T. Nadeau, "Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB)", RFC 3812, June 2004. [RFC3813] Srinivasan, C., Viswanathan, A., and T. Nadeau, "Multiprotocol Label Switching (MPLS) Label Switching (LSR) Router Management Information Base (MIB)", RFC 3813, June 2004. + [RFC3826] Blumenthal, U., F. Maino and K. McCloghrie, "The + Advanced Encryption Standard (AES) Cipher Algorithm in + the SNMP User-based Security Model", RFC 3826, June + 2004. + + [RFC5591] Harrington, D. and W. Hardaker, "Transport Security + Model for the Simple Network Management Protocol + (SNMP)",RFC 5591, June 2009. + + [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure + Shell Transport Model for the Simple Network Management + Protocol (SNMP)", RFC 5592, June 2009. + [RFC5601] T. Nadeau, Ed., D. Zelig, Ed., "Pseudowire (PW) Management Information Base (MIB)", RFC 5601, - July 2009 + July 2009. - [BFD-STD-MIB] T. Nadeau, Z. Ali, N. Akiya "BFD Management - Information Base", ID draft-ietf-bfd-mib-22, - June 2014. + [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport + Model for the Simple Network Management Protocol + (SNMP)", STD 78, RFC 6353, July 2011. + + [RFC7331] T. Nadeau, Z. Ali, N. Akiya "BFD Management + Information Base", RFC 7331, August 2014. [MPLS-OAM-ID-STD-MIB] Sam Aldrin, M.Venkatesan, Kannan KV Sampath, Thomas D. Nadeau, Sami Boutros, Ping Pan, "MPLS-TP Operations, Administration, and Management (OAM) Identifiers Management Information Base (MIB)", ID - draft-ietf-mpls-tp-oam-id-mib-05, - June 2014. + draft-ietf-mpls-tp-oam-id-mib-06, + December 2014. 10. Acknowledgments The authors would like to thank Jeffrey Haas, Mukund Mani, Lavanya Srivatsa, Muly Ilan and John Salloway for their valuable comments. 11. Authors' Addresses Sam Aldrin