--- 1/draft-ietf-mboned-msdp-mib-00.txt 2006-02-04 17:13:26.000000000 +0100 +++ 2/draft-ietf-mboned-msdp-mib-01.txt 2006-02-04 17:13:26.000000000 +0100 @@ -1,26 +1,25 @@ - MBONED Working Group Bill Fenner INTERNET-DRAFT AT&T Research -Expires: January 2005 Dave Thaler +Expires: April 2006 Dave Thaler Microsoft - July 2004 + October 2005 Multicast Source Discovery protocol MIB - + Status of this Document -By submitting this Internet-Draft, I certify that any applicable patent -or other IPR claims of which I am aware have been disclosed, or will be -disclosed, and any of which I become aware will be disclosed, in -accordance with RFC 3668. +By submitting this Internet-Draft, each author represents that any +applicable patent or other IPR claims of which he or she is aware have +been or will be disclosed, and any of which he or she becomes aware will +be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." @@ -29,61 +28,89 @@ The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This document is a product of the MBONED Working Group. Comments should be addressed to the authors, or the mailing list at mboned@lists.uoregon.edu. Copyright Notice -Copyright (C) The Internet Society (2004). All Rights Reserved. +Copyright (C) The Internet Society (2005). All Rights Reserved. Abstract This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects used for -managing Multicast Source Discovery Protocol (MSDP) [1] speakers. +managing Multicast Source Discovery Protocol (MSDP) (RFC 3618) speakers. Table of Contents -1. The The Internet-Standard Management Framework. . . . . . . . . . 2 +1. The Internet-Standard Management Framework. . . . . . . . . . . . 2 2. Revision History. . . . . . . . . . . . . . . . . . . . . . . . . 2 -3. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 -4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 -5. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 -6. Security Considerations . . . . . . . . . . . . . . . . . . . . . 27 -7. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . 28 -8. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . . 28 -9. Normative References. . . . . . . . . . . . . . . . . . . . . . . 28 - 9.1. Informative References . . . . . . . . . . . . . . . . . . . . 29 -10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 29 +3. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 +4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 +5. Security Considerations . . . . . . . . . . . . . . . . . . . . . 31 +6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . . 32 +7. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . 32 +8. Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . . 32 +9. Normative References. . . . . . . . . . . . . . . . . . . . . . . 33 + 9.1. Informative References . . . . . . . . . . . . . . . . . . . . 33 +10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 34 -1. The The Internet-Standard Management Framework +1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [7]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [4], STD 58, RFC 2579 [5] and STD 58, RFC 2580 [6]. 2. Revision History A record of changes which will be removed before publication. +20 October 2005 + + Added explicit reasoning for IPv4-only-osity and for the + unorganized organization. + + Updated Copyright and IPR statements. + + Updated Security Considerations, per RFC4181. + + Added IANA Considerations, per RFC4181. + + Added REVISION and WG mailing list to MODULE-IDENTITY, per RFC4181. + + Changed some TimeTicks to TimeStamp, on RFC4181's advice. + + Added advice on non-volatile storage, row creation and column + modification to tables with RowStatus columns, per RFC4181. + + Added msdpReadOnlyCompliance to permit implementations that don't + implement writing. + + Clarified that msdpSAStatePeriod was an accidental duplication of + msdpCacheLifetime. + + Described the epochs for TimeTicks objects, per RFC4181. Add a + note that msdpCacheLifetime would really be better as a + TimeInterval, but is TimeTicks for hysterical raisins. + 11 July 2004 Renamed to draft-ietf-mboned-msdp-mib-00. Fixed spec references and defaults for msdpPeerHoldTimeConfigured, msdpPeerKeepAliveConfigured and msdpPeerConnectRetryInterval, as pointed out by Ketan Talaulikar. Deprecated all objects related to SA-Requests and notifications, since RFC 3618 doesn't have either one. As pointed out by Ketan @@ -141,22 +168,22 @@ multiple peers to whom Requests will be sent. Note that this violates RFC2578's rules about MIB evolution, so take extra care when implementing this change. Removed DEFVAL on scalars, since it should only be needed for table row creation. Removed msdpPeerSAAdvPeriod, since the spec changed to say its value MUST be 60. - Added none(0) to msdpPeerEncapsulationType enumeration XXX is this - OK? should it be 4? + Added none(0) to msdpPeerEncapsulationType enumeration (is this OK? + should it be 4?) Removed msdpPeerEncapsulationState since the encapsulation "negotiation" was removed from the spec. Added msdpRPAddress to specify the RP address to use when sourcing SA messages. Added msdpSACacheSourcePrefix to msdpSACacheTable, and added it to the INDEX. Note that this violates RFC2578's rules about MIB evolution, so take extra care when implementing this change. @@ -209,120 +236,165 @@ Renumbered msdpSACacheInDataPackets and further items in msdpSACacheTable, to eliminate duplicate OIDs 20 April 1999 initial version. 3. Overview -XXX This needs to be updated. +This MIB module contains four scalars and four tables, one deprecated. +The tables are: -This MIB module contains three scalars and three tables. The tables -are: +o the deprecated Requests Table, containing the longest-match table + used to determine the peer to send SA-Requests to for a given + group. This table is deprecated because Requests were removed from + MSDP before it became an RFC; -o the Requests Table, containing the longest-match table used to - determine the peer to send SA-Requests to for a given group; +o the Peer Table, containing information on the system's peers; -o the Peer Table, containing information on the peers; and +o the Source-Active Cache Table, containing the SA cache entries; and -o the Source-Active Cache Table, containing the SA cache entries. +o the Mesh Group Table, containing the list of MSDP mesh groups to + which this system belongs. + +This MIB module uses the IpAddress SYNTAX, making it only suitable for +IPv4 systems. Although the desired direction for MIBs is to use +InetAddressType/InetAddress pairs to allow both IPv4 and IPv6 (and +future formats as well), the MSDP protocol itself is IPv4-only, and the +MSDP working group made an explicit decision to not create an IPv6 +version of the protocol. + +This MIB module is somewhat disorganized, with scalars before and after +tables, holes in the OID space, tables with the RowStatus in the middle, +and so on. This is because objects were added and removed as necessary +as the MSDP protocol evolved, and the plan was to renumber the whole MIB +when moving to the standard mib-2 tree. The MSDP Working Group then +changed direction, publishing the MSDP protcol as Experimental. Since +there were existing implementations using the strange object order under +the experimental OID, the WG decided not to renumber the MIB and to +publish it as experimental, keeping the experimental OID. 4. Definitions -- -- DRAFT-MSDP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, experimental, Counter32, Gauge32, TimeTicks, Integer32, IpAddress FROM SNMPv2-SMI RowStatus, TruthValue, TimeStamp, DisplayString FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF; msdpMIB MODULE-IDENTITY - LAST-UPDATED "200407120000Z" + LAST-UPDATED "200510210000Z" ORGANIZATION "IETF MBONED Working Group" CONTACT-INFO "Bill Fenner 75 Willow Road Menlo Park, CA 94025 Phone: +1 650 867 6073 E-mail: fenner@research.att.com Dave Thaler One Microsoft Way Redmond, WA 98052 Phone: +1 425 703 8835 - Email: dthaler@microsoft.com" + Email: dthaler@microsoft.com + + MBONED Working Group: mboned@lists.uoregon.edu" DESCRIPTION - "An experimental MIB module for MSDP Management. + "An experimental MIB module for MSDP Management and + Monitoring. - Copyright (C) The Internet Society 2004. This version of + Copyright (C) The Internet Society 2005. This version of this MIB module is part of RFC XXXX; see the RFC itself for full legal notices." + REVISION "200510210000Z" + DESCRIPTION + "Initial version, published as RFC XXXX." ::= { experimental 92 } +-- RFC Ed.: replace XXXX with actual RFC number & remove this note msdpMIBobjects OBJECT IDENTIFIER ::= { msdpMIB 1 } msdp OBJECT IDENTIFIER ::= { msdpMIBobjects 1 } msdpEnabled OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The state of MSDP on this MSDP speaker - globally enabled or - disabled." + disabled. + + Changes to this object should be stored to non-volatile + memory." ::= { msdp 1 } msdpCacheLifetime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-write STATUS current DESCRIPTION "The lifetime given to SA cache entries when created or refreshed. This is the [SG-State-Period] in the MSDP spec. A value of 0 means no SA caching is done by this MSDP - speaker." + speaker. + + Changes to this object should be stored to non-volatile + memory. + + This object does not measure time per se; instead, it is the + delta from the time at which an SA message is received at + which it should be expired if not refreshed. (i.e., it is + the value of msdpSACacheExpiryTime immediately after + receiving an SA message applying to that row.) As such, + TimeInterval would be a more appropriate SYNTAX; it remains + TimeTicks for backwards compatability." REFERENCE "RFC 3618 section 5.3" ::= { msdp 2 } msdpNumSACacheEntries OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of entries in the SA Cache table." ::= { msdp 3 } -- -- The spec doesn't define SA-Hold-Down-Period any more. -- msdpSAHoldDownPeriod OBJECT-TYPE -- ::= { msdp 9 } --- It's not clear what this was supposed to refer to. +-- This object was introduced in error, with a similar definition +-- to msdpCacheLifetime. -- msdpSAStatePeriod OBJECT-TYPE -- ::= { msdp 10 } msdpRPAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-write STATUS current DESCRIPTION "The RP address used when sourcing MSDP SA messages. May be - 0.0.0.0 on non-RP's." + 0.0.0.0 on non-RP's. + + Changes to this object should be stored to non-volatile + memory." ::= { msdp 11 } -- -- The MSDP Requests table -- SA Requests were removed from the MSDP spec, so this entire table -- is deprecated. msdpRequestsTable OBJECT-TYPE SYNTAX SEQUENCE OF MsdpRequestsEntry MAX-ACCESS not-accessible @@ -418,41 +490,45 @@ STATUS current DESCRIPTION "The (conceptual) table listing the MSDP speaker's peers." ::= { msdp 5 } msdpPeerEntry OBJECT-TYPE SYNTAX MsdpPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION - "An entry (conceptual row) representing an MSDP peer." + "An entry (conceptual row) representing an MSDP peer. + + If row creation is supported, dynamically added rows are + added to the system's stable configuration (corresponding to + a StorageType value of nonVolatile). " INDEX { msdpPeerRemoteAddress } ::= { msdpPeerTable 1 } MsdpPeerEntry ::= SEQUENCE { msdpPeerRemoteAddress IpAddress, msdpPeerState INTEGER, msdpPeerRPFFailures Counter32, msdpPeerInSAs Counter32, msdpPeerOutSAs Counter32, msdpPeerInSARequests Counter32, msdpPeerOutSARequests Counter32, msdpPeerInSAResponses Counter32, msdpPeerOutSAResponses Counter32, msdpPeerInControlMessages Counter32, msdpPeerOutControlMessages Counter32, msdpPeerInDataPackets Counter32, msdpPeerOutDataPackets Counter32, msdpPeerFsmEstablishedTransitions Counter32, - msdpPeerFsmEstablishedTime TimeTicks, - msdpPeerInMessageTime TimeTicks, + msdpPeerFsmEstablishedTime TimeStamp, + msdpPeerInMessageTime TimeStamp, msdpPeerLocalAddress IpAddress, msdpPeerConnectRetryInterval Integer32, msdpPeerHoldTimeConfigured Integer32, msdpPeerKeepAliveConfigured Integer32, msdpPeerDataTtl Integer32, msdpPeerProcessRequestsFrom TruthValue, msdpPeerStatus RowStatus, msdpPeerRemotePort Integer32, msdpPeerLocalPort Integer32, msdpPeerEncapsulationType INTEGER, @@ -552,66 +628,66 @@ Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of msdpPeerDiscontinuityTime." ::= { msdpPeerEntry 8 } msdpPeerInSAResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only - STATUS current + STATUS deprecated DESCRIPTION "The number of MSDP SA-Response messages received on this connection. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of msdpPeerDiscontinuityTime." ::= { msdpPeerEntry 9 } msdpPeerOutSAResponses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only - STATUS current + STATUS deprecated DESCRIPTION "The number of MSDP SA Response messages transmitted on this TCP connection. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of msdpPeerDiscontinuityTime." ::= { msdpPeerEntry 10 } msdpPeerInControlMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION - "The total number of MSDP messages received on this TCP - connection. + "The total number of MSDP messages, excluding encapsulated + data packets, received on this TCP connection. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of msdpPeerDiscontinuityTime." ::= { msdpPeerEntry 11 } msdpPeerOutControlMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION - "The total number of MSDP messages transmitted on this TCP - connection. + "The total number of MSDP messages, excluding encapsulated + data packets, transmitted on this TCP connection. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of msdpPeerDiscontinuityTime." ::= { msdpPeerEntry 12 } msdpPeerInDataPackets OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only @@ -639,52 +715,56 @@ times as indicated by the value of msdpPeerDiscontinuityTime." ::= { msdpPeerEntry 14 } msdpPeerFsmEstablishedTransitions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times the MSDP FSM transitioned into the - established state." + ESTABLISHED state." + REFERENCE "RFC 3618 section 11" ::= { msdpPeerEntry 15 } msdpPeerFsmEstablishedTime OBJECT-TYPE - SYNTAX TimeTicks + SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This timestamp is set to the value of sysUpTime when a peer - transitions into or out of the Established state. It is set + transitions into or out of the ESTABLISHED state. It is set to zero when the MSDP speaker is booted." + REFERENCE "RFC 3618 section 11" ::= { msdpPeerEntry 16 } msdpPeerInMessageTime OBJECT-TYPE - SYNTAX TimeTicks + SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The sysUpTime value when the last MSDP message was received from the peer. It is set to zero when the MSDP speaker is booted." ::= { msdpPeerEntry 17 } msdpPeerLocalAddress OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-create STATUS current DESCRIPTION - "The local IP address of this entry's MSDP connection." + "The local IP address used for this entry's MSDP TCP + connection." ::= { msdpPeerEntry 18 } -- msdpPeerSAAdvPeriod ([SA-Advertisement-Timer]) has been removed. +-- ::= { msdpPeerEntry 19 } -- RFC 3618 section 5.1 says it MUST be 60 seconds. msdpPeerConnectRetryInterval OBJECT-TYPE SYNTAX Integer32 (1..65535) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "Time interval in seconds for the [ConnectRetry-period] for this peer." @@ -722,20 +802,21 @@ DEFVAL { 60 } ::= { msdpPeerEntry 22 } msdpPeerDataTtl OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The minimum TTL a packet is required to have before it may be forwarded using SA encapsulation to this peer." + DEFVAL { 1 } ::= { msdpPeerEntry 23 } msdpPeerProcessRequestsFrom OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS deprecated DESCRIPTION "This object indicates whether or not to process MSDP SA Request messages from this peer. If True(1), MSDP SA Request messages from this peer are processed and replied to @@ -747,68 +828,81 @@ This object is deprecated because MSDP SA Requests were removed from the MSDP specification." ::= { msdpPeerEntry 24 } msdpPeerStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The RowStatus object by which peers can be added and - deleted. A transition to 'active' will cause the MSDP Start - Event to be generated. A transition out of the 'active' - state will cause the MSDP Stop Event to be generated. Care + deleted. A transition to 'active' will cause the MSDP + 'Enable MSDP peering with P' Event to be generated. A + transition out of the 'active' state will cause the MSDP + 'Disable MSDP peering with P' Event to be generated. Care should be used in providing write access to this object - without adequate authentication." + without adequate authentication. + + msdpPeerRemoteAddress is the only variable that must be set + to a valid value before the row can be activated. Since + this is the table's INDEX, a row can be activated by simply + setting the msdpPeerStatus variable. + + It is possible to modify other columns in the same + conceptual row when the status value is active(1)." + REFERENCE "RFC 3618 section 11.1" ::= { msdpPeerEntry 25 } msdpPeerRemotePort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The remote port for the TCP connection between the MSDP peers." + DEFVAL { 639 } ::= { msdpPeerEntry 26 } msdpPeerLocalPort OBJECT-TYPE SYNTAX Integer32 (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The local port for the TCP connection between the MSDP peers." + DEFVAL { 639 } ::= { msdpPeerEntry 27 } -- msdpPeerEncapsulationState has been removed -- because there is no longer an encapsulation -- state machine. +-- ::= { msdpPeerEntry 28 } msdpPeerEncapsulationType OBJECT-TYPE SYNTAX INTEGER { none(0), tcp(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "The encapsulation in use when encapsulating data in SA messages to this peer." ::= { msdpPeerEntry 29 } msdpPeerConnectionAttempts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times the state machine has transitioned from - inactive to connecting." + INACTIVE to CONNECTING." ::= { msdpPeerEntry 30 } msdpPeerInNotifications OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The number of MSDP Notification messages received from this peer. @@ -875,21 +969,24 @@ msdpSACacheEntry OBJECT-TYPE SYNTAX MsdpSACacheEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) representing an MSDP SA advertisement. The INDEX to this table includes msdpSACacheOriginRP for diagnosing incorrect MSDP advertisements; normally a Group and Source pair would be - unique." + unique. + + Row creation is not permitted; msdpSACacheStatus may only be + used to delete rows from this table." INDEX { msdpSACacheGroupAddr, msdpSACacheSourceAddr, msdpSACacheOriginRP } ::= { msdpSACacheTable 1 } MsdpSACacheEntry ::= SEQUENCE { msdpSACacheGroupAddr IpAddress, msdpSACacheSourceAddr IpAddress, msdpSACacheOriginRP IpAddress, msdpSACachePeerLearnedFrom IpAddress, msdpSACacheRPFPeer IpAddress, @@ -969,41 +1066,52 @@ "The number of MSDP encapsulated data packets received relevant to this cache entry. This object must be initialized to zero when creating a cache entry." ::= { msdpSACacheEntry 7 } msdpSACacheUpTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION - "The time since this entry was placed in the SA cache." + "The time since this entry was first placed in the SA cache. + + The first epoch is the time that the entry was first placed + in the SA cache, and the second epoch is the current time." ::= { msdpSACacheEntry 8 } msdpSACacheExpiryTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The time remaining before this entry will expire from the SA - cache." + cache. + + The first epoch is now, and the second epoch is the time + that the entry will expire." ::= { msdpSACacheEntry 9 } msdpSACacheStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-write STATUS current DESCRIPTION "The status of this row in the table. The only allowable actions are to retrieve the status, which will be `active', or to set the status to `destroy' in order to remove this - entry from the cache." + entry from the cache. + + Row creation is not permitted. + + No columnar objects are writable, so there are none that may + be changed while the status value is active(1). " ::= { msdpSACacheEntry 10 } -- -- MSDP Mesh Group Membership table -- msdpMeshGroupTable OBJECT-TYPE SYNTAX SEQUENCE OF MsdpMeshGroupEntry MAX-ACCESS not-accessible STATUS current @@ -1011,21 +1119,25 @@ "The (conceptual) table listing MSDP Mesh Group configuration." ::= { msdp 12 } msdpMeshGroupEntry OBJECT-TYPE SYNTAX MsdpMeshGroupEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry (conceptual row) repesenting a peer in an MSDP Mesh - Group." + Group. + + If row creation is supported, dynamically added rows are + added to the system's stable configuration (corresponding to + a StorageType value of nonVolatile). " INDEX { msdpMeshGroupName, msdpMeshGroupPeerAddress } ::= { msdpMeshGroupTable 1 } MsdpMeshGroupEntry ::= SEQUENCE { msdpMeshGroupName DisplayString, msdpMeshGroupPeerAddress IpAddress, msdpMeshGroupStatus RowStatus } msdpMeshGroupName OBJECT-TYPE @@ -1045,21 +1157,32 @@ msdpMeshGroupName. The msdpMeshGroupPeerAddress must match a row in the msdpPeerTable." ::= { msdpMeshGroupEntry 2 } msdpMeshGroupStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This entry's status, by which new entries may be added to - the table and old entries deleted." + the table and old entries deleted. + + msdpMeshGroupName and msdpMeshGroupPeerAddress must be set + to valid values before the row can be activated. Since + these are the table's INDEX, a row can be activated by + simply setting the msdpMeshGroupStatus variable. + + It is not possible to modify other columns in the same + conceptual row when the status value is active(1), because + there only other objects in the row are part of the INDEX. + Changing one of these changes the row, so an old row must be + deleted and a new one created. " ::= { msdpMeshGroupEntry 3 } -- Traps msdpTraps OBJECT IDENTIFIER ::= { msdp 0 } msdpEstablished NOTIFICATION-TYPE OBJECTS { msdpPeerFsmEstablishedTransitions } STATUS current DESCRIPTION @@ -1080,25 +1203,28 @@ msdpMIBConformance OBJECT IDENTIFIER ::= { msdp 8 } msdpMIBCompliances OBJECT IDENTIFIER ::= { msdpMIBConformance 1 } msdpMIBGroups OBJECT IDENTIFIER ::= { msdpMIBConformance 2 } -- compliance statements msdpMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION - "The compliance statement for entities which implement the - MSDP MIB." + "The compliance statement for entities which implement a pre- + RFC version of MSDP. This statement is deprecated because + it includes objects used for managing/monitoring aspects of + MSDP that were removed before it was published as an RFC." MODULE -- this module MANDATORY-GROUPS { msdpMIBGlobalsGroup, msdpMIBPeerGroup, msdpMIBNotificationGroup } + GROUP msdpMIBEncapsulationGroup DESCRIPTION "This group is mandatory if MSDP encapsulation interfaces are not given their own interface index numbers." GROUP msdpMIBSACacheGroup DESCRIPTION "This group is mandatory if the MSDP speaker has the ability to cache SA messages." GROUP msdpMIBRequestsGroup DESCRIPTION @@ -1106,41 +1232,107 @@ to send SA-Request messages and parse SA-Response messages." GROUP msdpMIBRPGroup DESCRIPTION "This group is mandatory if the MSDP speaker sources (as opposed to forwards) MSDP messages." GROUP msdpMIBMeshGroupGroup DESCRIPTION "This group is mandatory if the MSDP speaker can participate in MSDP Mesh Groups." - ::= { msdpMIBCompliances 1 } -msdpMIBCompliance2 MODULE-COMPLIANCE - STATUS deprecated +msdpMIBFullCompliance MODULE-COMPLIANCE + STATUS current DESCRIPTION - "The compliance statement for entities which implement the - MSDP MIB." + "The compliance statement for entities which implement MSDP + (RFC3618)." MODULE -- this module MANDATORY-GROUPS { msdpMIBGlobalsGroup, msdpMIBPeerGroup2, msdpMIBSACacheGroup, msdpMIBEncapsulationGroup } GROUP msdpMIBRPGroup DESCRIPTION "This group is mandatory if the MSDP speaker sources (as opposed to forwards) MSDP messages." GROUP msdpMIBMeshGroupGroup DESCRIPTION "This group is mandatory if the MSDP speaker can participate in MSDP Mesh Groups." ::= { msdpMIBCompliances 2 } +msdpMIBReadOnlyCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION + "The compliance statement for entities which implement MSDP + (RFC3618), but do not permit configuration (or only permit + partial configuration) via SNMP." + MODULE -- this module + MANDATORY-GROUPS { msdpMIBGlobalsGroup, msdpMIBPeerGroup2, + msdpMIBSACacheGroup, msdpMIBEncapsulationGroup } + GROUP msdpMIBRPGroup + DESCRIPTION + "This group is mandatory if the MSDP speaker sources (as + opposed to forwards) MSDP messages." + GROUP msdpMIBMeshGroupGroup + DESCRIPTION + "This group is mandatory if the MSDP speaker can participate + in MSDP Mesh Groups." + OBJECT msdpEnabled + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpCacheLifetime + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpPeerLocalAddress + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpPeerConnectRetryInterval + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpPeerHoldTimeConfigured + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpPeerKeepAliveConfigured + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpPeerDataTtl + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpPeerStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpPeerEncapsulationType + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpSACacheStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpRPAddress + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + OBJECT msdpMeshGroupStatus + MIN-ACCESS read-only + DESCRIPTION + "Write access is not required." + ::= { msdpMIBCompliances 3 } + -- units of conformance msdpMIBGlobalsGroup OBJECT-GROUP OBJECTS { msdpEnabled } STATUS current DESCRIPTION "A collection of objects providing information on global MSDP state." ::= { msdpMIBGroups 1 } @@ -1160,21 +1352,24 @@ msdpPeerKeepAliveConfigured, msdpPeerInMessageTime, msdpPeerProcessRequestsFrom, msdpPeerConnectionAttempts, msdpPeerLastError, msdpPeerStatus, msdpPeerDiscontinuityTime } STATUS deprecated DESCRIPTION - "A collection of objects for managing MSDP peers." + "A collection of objects for managing MSDP peers. This group + is deprecated in favor of msdpMIBPeerGroup2 because it + contains objects for managing aspects of MSDP that were + removed before it was published as an RFC." ::= { msdpMIBGroups 2 } msdpMIBEncapsulationGroup OBJECT-GROUP OBJECTS { msdpPeerInDataPackets, msdpPeerOutDataPackets, msdpPeerDataTtl, msdpPeerEncapsulationType } STATUS current DESCRIPTION "A collection of objects for managing encapsulations if the @@ -1201,21 +1396,22 @@ DESCRIPTION "A collection of notifications for signaling changes in MSDP peer relationships." ::= { msdpMIBGroups 5 } msdpMIBRequestsGroup OBJECT-GROUP OBJECTS { msdpRequestsPeer, msdpRequestsStatus } STATUS deprecated DESCRIPTION "A collection of objects for managing MSDP Request - transmission." + transmission. This group is deprecated because Requests + were removed from MSDP before its publication as RFC." ::= { msdpMIBGroups 6 } msdpMIBRPGroup OBJECT-GROUP OBJECTS { msdpRPAddress } STATUS current DESCRIPTION "A collection of objects for MSDP speakers that source MSDP messages." ::= { msdpMIBGroups 7 } @@ -1224,69 +1420,63 @@ STATUS current DESCRIPTION "A collection of objects for MSDP speakers that can participate in MSDP mesh groups." ::= { msdpMIBGroups 8 } msdpMIBPeerGroup2 OBJECT-GROUP OBJECTS { msdpPeerRPFFailures, msdpPeerState, msdpPeerInSAs, msdpPeerOutSAs, msdpPeerInSARequests, msdpPeerOutSARequests, - msdpPeerInSAResponses, msdpPeerOutSAResponses, msdpPeerInControlMessages, msdpPeerOutControlMessages, msdpPeerFsmEstablishedTransitions, msdpPeerFsmEstablishedTime, msdpPeerLocalAddress, msdpPeerRemotePort, msdpPeerLocalPort, msdpPeerConnectRetryInterval, msdpPeerHoldTimeConfigured, msdpPeerKeepAliveConfigured, msdpPeerInMessageTime, msdpPeerConnectionAttempts, msdpPeerStatus, msdpPeerDiscontinuityTime } STATUS current DESCRIPTION "A collection of objects for managing MSDP peers." ::= { msdpMIBGroups 9 } END -5. Open Issues - -The Backwards Transition notification won't trigger on established -> -disabled. Is that desired? - -Is the RowStatus object in the SACache appropriate? (e.g. used to flush -potentially bad state) - -Are there any other variables appropriate for configuring/managing mesh -groups? - -Is the msdpRPAddress useful? Per-peer? Remove it completely? - -Should we use IpAddress (since RFC 3618 is v4-only) or -InetAddressType/InetAddress? - -6. Security Considerations +5. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. There are a number of managed objects in this MIB that may contain sensitive information. These are: - -- XXX fill this in +o The entire msdpPeerTable. Peer information can result in + discovering internal topology, which many want to keep secret. + +o msdpNumSACacheEntries. The size of the SA Cache could reveal + whether this system has MSDP entries for public and/or private + groups. + +o The entire msdpSACacheTable. The active sources and groups in a + network could be private. + +o The entire msdpMeshGroupTable. This information can also lead to + internal topology information. It is thus important to control even GET access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. @@ -1294,25 +1484,38 @@ It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User- based Security Model RFC 3414 [2] and the View-based Access Control Model RFC 3415 [3] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. +6. IANA Considerations + +Since this MIB is for an experimental protocol, it uses an experimental +OID. + +Decimal Name Description References +------- ---- ----------- ---------- + 92 MSDP-MIB Multicast Source Discovery MIB [Fenner] + +The IANA is requested to change the Reference for this entry to point to +this document. + 7. Acknowledgements Tom Pusateri and Billy Ng both provided valuable input on early versions of this draft. It was completed based upon feedback from Mike Davison -and Ketan Talaulikar. +and Ketan Talaulikar. Lucy Lynch provided a desperately-needed reminder +to finish this document. 8. Authors' Addresses Bill Fenner 75 Willow Road Menlo Park, CA 94025 Phone: +1 650 867 6073 EMail: fenner@research.att.com Dave Thaler @@ -1348,24 +1551,32 @@ 2580, April 1999. 9.1. Informative References [7] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. 10. Full Copyright Statement -Copyright (C) The Internet Society (2004). This document is subject to +Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. +This document and the information contained herein are provided on an +"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR +IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET +ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, +INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any @@ -1373,18 +1584,10 @@ made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. - -This document and the information contained herein are provided on an -"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR -IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET -ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, -INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE -INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED -WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.