draft-ietf-manet-rfc6779bis-06.txt   draft-ietf-manet-rfc6779bis-07.txt 
Network Working Group U. Herberg Network Working Group U. Herberg
Internet-Draft Internet-Draft
Obsoletes: 6779 (if approved) R. Cole Obsoletes: 6779 (if approved) R. Cole
Intended status: Standards Track US Army CERDEC Intended status: Standards Track US Army CERDEC
Expires: November 24, 2016 I. Chakeres Expires: December 4, 2016 I. Chakeres
Delvin Delvin
T. Clausen T. Clausen
Ecole Polytechnique Ecole Polytechnique
May 23, 2016 June 2, 2016
Definition of Managed Objects for the Neighborhood Discovery Protocol Definition of Managed Objects for the Neighborhood Discovery Protocol
draft-ietf-manet-rfc6779bis-06 draft-ietf-manet-rfc6779bis-07
Abstract Abstract
This document revises, extends, and replaces RFC 6779. It defines a This document revises, extends, and replaces RFC 6779. It defines a
portion of the Management Information Base (MIB) for use with network portion of the Management Information Base (MIB) for use with network
management protocols in the Internet community. In particular, it management protocols in the Internet community. In particular, it
describes objects for configuring parameters of the Neighborhood describes objects for configuring parameters of the Neighborhood
Discovery Protocol (NHDP) process on a router. The extensions Discovery Protocol (NHDP) process on a router. The extensions
described in this document add objects and values to support the NHDP described in this document add objects and values to support the NHDP
optimization specified in RFC 7466. The MIB module defined in this optimization specified in RFC 7466. The MIB module defined in this
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 24, 2016. This Internet-Draft will expire on December 4, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 21 skipping to change at page 3, line 21
Discovery Protocol (NHDP) [RFC6130] process on a router. The MIB Discovery Protocol (NHDP) [RFC6130] process on a router. The MIB
module defined in this document, denoted NHDP-MIB, also reports module defined in this document, denoted NHDP-MIB, also reports
state, performance information, and notifications about NHDP. This state, performance information, and notifications about NHDP. This
additional state and performance information is useful to additional state and performance information is useful to
troubleshoot problems and performance issues during neighbor troubleshoot problems and performance issues during neighbor
discovery. discovery.
1.1. Difference from RFC 6779 1.1. Difference from RFC 6779
This document obsoletes [RFC6779], replacing that document as the This document obsoletes [RFC6779], replacing that document as the
specification of the MIB module for [RFC6130]. specification of the MIB module for [RFC6130]. This revision to
[RFC6779] is necessitated by the update to [RFC6130] specified in
[RFC7466].
The MIB module for [RFC6130], specified in this document, captures The MIB module for [RFC6130], specified in this document, captures
the new information and states for each symmetric 2-hop neighbor, the new information and states for each symmetric 2-hop neighbor,
recorded in the Neighbor Information Base of a router and to be recorded in the Neighbor Information Base of a router and to be
reflected in the appropriate tables, introduced by [RFC7466], reflected in the appropriate tables, introduced by [RFC7466],
specifically: specifically:
o Addition of objects nhdpIib2HopSetN2Lost and o Addition of objects nhdpIib2HopSetN2Lost and
nhdpIfPerfCounterDiscontinuityTime. nhdpIfPerfCounterDiscontinuityTime.
skipping to change at page 12, line 13 skipping to change at page 12, line 13
FROM INET-ADDRESS-MIB -- RFC 4001 FROM INET-ADDRESS-MIB -- RFC 4001
InterfaceIndex InterfaceIndex
FROM IF-MIB -- RFC 2863 FROM IF-MIB -- RFC 2863
Float32TC Float32TC
FROM FLOAT-TC-MIB -- RFC 6340 FROM FLOAT-TC-MIB -- RFC 6340
; ;
nhdpMIB MODULE-IDENTITY nhdpMIB MODULE-IDENTITY
LAST-UPDATED "201605231100Z" -- 23 May 2016 LAST-UPDATED "201606021100Z" -- 02 June 2016
ORGANIZATION "IETF MANET Working Group" ORGANIZATION "IETF MANET Working Group"
CONTACT-INFO CONTACT-INFO
"WG E-Mail: manet@ietf.org "WG E-Mail: manet@ietf.org
WG web page: https://datatracker.ietf.org/wg/manet WG web page: https://datatracker.ietf.org/wg/manet
Editors: Ulrich Herberg Editors: Ulrich Herberg
USA USA
ulrich@herberg.name ulrich@herberg.name
http://www.herberg.name/ http://www.herberg.name/
skipping to change at page 13, line 22 skipping to change at page 13, line 22
or without modification, is permitted pursuant to, and or without modification, is permitted pursuant to, and
subject to the license terms contained in, the Simplified subject to the license terms contained in, the Simplified
BSD License set forth in Section 4.c of the IETF Trust's BSD License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC xxxx; see This version of this MIB module is part of RFC xxxx; see
the RFC itself for full legal notices." the RFC itself for full legal notices."
-- revision -- revision
REVISION "201605231100Z" -- 23 May 2016 REVISION "201606021100Z" -- 02 June 2016
DESCRIPTION DESCRIPTION
"Updated version of this MIB module, "Updated version of this MIB module,
including updates made to NHDP by including updates made to NHDP by
RFC 7466, published as RFC xxxx." RFC 7466, published as RFC xxxx."
REVISION "201210221000Z" -- 22 October 2012 REVISION "201210221000Z" -- 22 October 2012
DESCRIPTION DESCRIPTION
"Initial version of this MIB module, "Initial version of this MIB module,
published as RFC 6779." published as RFC 6779."
::= { mib-2 213 } ::= { mib-2 213 }
skipping to change at page 66, line 20 skipping to change at page 66, line 20
HELLO messages. The information acquired by NHDP may be used by HELLO messages. The information acquired by NHDP may be used by
routing protocols. The neighborhood information, exchanged between routing protocols. The neighborhood information, exchanged between
routers using NHDP, serves these routing protocols as a baseline for routers using NHDP, serves these routing protocols as a baseline for
calculating paths to all destinations in the MANET, relay set calculating paths to all destinations in the MANET, relay set
selection for network-wide transmissions, etc. selection for network-wide transmissions, etc.
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection opens devices to attack. These
network operations. These are the tables and objects and their are the tables and objects and their sensitivity/vulnerability:
sensitivity/vulnerability:
o nhdpIfStatus - This writable object turns on or off the NHDP o nhdpIfStatus - This writable object turns on or off the NHDP
process for the specified interface. If disabled, higher-level process for the specified interface. If disabled, higher-level
protocol functions, e.g., routing, would fail, causing network- protocol functions, e.g., routing, would fail, causing network-
wide disruptions. wide disruptions.
o nhdpHelloInterval, nhdpHelloMinInterval, and nhdpRefreshInterval - o nhdpHelloInterval, nhdpHelloMinInterval, and nhdpRefreshInterval -
These writable objects control the rate at which HELLO messages These writable objects control the rate at which HELLO messages
are sent on an interface. If set at too high a rate, this could are sent on an interface. If set at too high a rate, this could
represent a form of denial-of-service (DoS) attack by overloading represent a form of denial-of-service (DoS) attack by overloading
skipping to change at page 67, line 33 skipping to change at page 67, line 32
related to its operation. Therefore, it is RECOMMENDED to provide related to its operation. Therefore, it is RECOMMENDED to provide
support for the Transport Security Model (TSM) [RFC5591] in support for the Transport Security Model (TSM) [RFC5591] in
combination with TLS/DTLS [RFC6353]. combination with TLS/DTLS [RFC6353].
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec), Even if the network itself is secure (for example by using IPsec),
there is no control as to who on the secure network is allowed to there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this access and GET/SET (read/change/create/delete) the objects in this
MIB module. MIB module.
Implementations MUST provide the security features described by the Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), including full support for SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM) authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM) MAY also provide support for the Transport Security Model (TSM)
[RFC5591] in combination with a secure transport such as SSH [RFC5591] in combination with a secure transport such as SSH
[RFC5592] or TLS/DTLS [RFC6353]. [RFC5592] or TLS/DTLS [RFC6353].
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
 End of changes. 9 change blocks. 
12 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/