draft-ietf-ospf-ospfv3-mib-14.txt   draft-ietf-ospf-ospfv3-mib-15.txt 
Network Working Group D. Joyal (Editor) Network Working Group D. Joyal (Editor)
Internet Draft Nortel Internet Draft Nortel
Intended status: Standards Track V. Manral (Editor) Intended status: Standards Track V. Manral (Editor)
Expires: September 27, 2009 IP Infusion Expires: December 25, 2009 IP Infusion
March 26, 2009 June 23, 2009
Management Information Base for OSPFv3 Management Information Base for OSPFv3
draft-ietf-ospf-ospfv3-mib-14.txt draft-ietf-ospf-ospfv3-mib-15.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79. the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 33 skipping to change at page 1, line 33
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 27, 2009. This Internet-Draft will expire on December 25, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license- publication of this document (http://trustee.ietf.org/license-
info). Please review these documents carefully, as they describe info). Please review these documents carefully, as they describe
skipping to change at page 8, line 39 skipping to change at page 8, line 39
InterfaceIndex InterfaceIndex
FROM IF-MIB FROM IF-MIB
InetAddressType, InetAddress, InetAddressPrefixLength, InetAddressType, InetAddress, InetAddressPrefixLength,
InetAddressIPv6 InetAddressIPv6
FROM INET-ADDRESS-MIB FROM INET-ADDRESS-MIB
Metric, BigMetric, Status, Metric, BigMetric, Status,
HelloRange, DesignatedRouterPriority HelloRange, DesignatedRouterPriority
FROM OSPF-MIB; FROM OSPF-MIB;
ospfv3MIB MODULE-IDENTITY ospfv3MIB MODULE-IDENTITY
LAST-UPDATED "200903261200Z" LAST-UPDATED "200906231200Z"
ORGANIZATION "IETF OSPF Working Group" ORGANIZATION "IETF OSPF Working Group"
CONTACT-INFO CONTACT-INFO
"WG E-Mail: ospf@ietf.org "WG E-Mail: ospf@ietf.org
WG Chairs: Acee Lindem WG Chairs: Acee Lindem
acee@redback.com acee@redback.com
Abhay Roy Abhay Roy
akr@cisco.com akr@cisco.com
Editors: Dan Joyal Editors: Dan Joyal
skipping to change at page 9, line 18 skipping to change at page 9, line 18
vishwas@ipinfusion.com" vishwas@ipinfusion.com"
DESCRIPTION DESCRIPTION
"The MIB module for OSPF version 3. "The MIB module for OSPF version 3.
Copyright (C) The IETF Trust (2009). Copyright (C) The IETF Trust (2009).
This version of this MIB module is part of This version of this MIB module is part of
RFC xxxx; see the RFC itself for full legal RFC xxxx; see the RFC itself for full legal
notices." notices."
REVISION "200903261200Z" REVISION "200906231200Z"
DESCRIPTION -- RFC Editor assigns RFC xxxx DESCRIPTION -- RFC Editor assigns RFC xxxx
"Initial version, published as RFC xxxx" "Initial version, published as RFC xxxx"
-- RFC Ed.: replace xxxx with actual RFC number & remove this note -- RFC Ed.: replace xxxx with actual RFC number & remove this note
::= { mib-2 YYY } ::= { mib-2 YYY }
-- RFC Ed.: replace YYY with IANA-assigned number & remove this note -- RFC Ed.: replace YYY with IANA-assigned number & remove this note
-- Textual conventions -- Textual conventions
Ospfv3UpToRefreshIntervalTC ::= TEXTUAL-CONVENTION Ospfv3UpToRefreshIntervalTC ::= TEXTUAL-CONVENTION
skipping to change at page 82, line 48 skipping to change at page 82, line 48
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This group is used for OSPFv3 notifications" "This group is used for OSPFv3 notifications"
::= { ospfv3Groups 15 } ::= { ospfv3Groups 15 }
END END
6. Security Considerations 6. Security Considerations
There are a number of management objects defined in this MIB that There are a number of management objects defined in this MIB module
have a MAX-ACCESS clause of read-write and/or read-create. Such with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. network operations. Improper manipulation of the objects represented
by this MIB may result in disruption of network connectivity by
administratively disabling the entire OSPFv3 entity or individual
interfaces, by deleting configured neighbors, by reducing the limit
on External LSAs, by changing ASBR status, by manipulating route
aggregation, by manipulating interface and route metrics, by changing
hello interval or dead interval, or by changing interface type.
Remote monitoring can be defeated by disabling of SNMP notifications.
Performance can be impacted by increasing the limit on External LSAs
or changing DR/BDR priority.
It is recommended that attention be specifically given to Some of the readable objects in this MIB module (i.e., objects with a
implementing the MAX-ACCESS clause in objects in scenarios MAX-ACCESS other than not-accessible) may be considered sensitive or
that DO NOT use SNMPv3 strong security (i.e. authentication and vulnerable in some network environments. It is thus important to
encryption). Extreme caution must be used to minimize the risk of control even GET and/or NOTIFY access to these objects and possibly
cascading security vulnerabilities when SNMPv3 strong security is to even encrypt the values of these objects when sending them over
not used. When SNMPv3 strong security is not used, these objects the network via SNMP. Unauthorized access to readable objects in this
should have access of read-only, not read-create. MIB allows the discovery of the network topology and operating
parameters which can be used to target further attacks on the network
or to gain a competitive business advantage.
SNMPv1 by itself is not a secure environment. Even if the network SNMP versions prior to SNMPv3 did not include adequate security.
itself is secure (for example by using IPsec), even then, there is Even if the network itself is secure (for example by using IPsec),
no control as to who on the secure network is allowed to access and even then, there is no control as to who on the secure network is
GET/SET (read/change/create/delete) the objects in this MIB. allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is recommended that the implementers consider the security It is RECOMMENDED that implementers consider the security features as
features as provided by the SNMPv3 framework. Specifically, the use provided by the SNMPv3 framework (see [RFC3410], section 8),
of the User-based Security Model RFC 3414 [RFC3414] and the including full support for the SNMPv3 cryptographic mechanisms (for
View-based Access Control Model RFC 3415 [RFC3415] is recommended. authentication and privacy).
It is then a customer/user responsibility to ensure that the SNMP Further, deployment of SNMP versions prior to SNMPv3 is NOT
entity giving access to an instance of this MIB, is properly RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
configured to give access to the objects only to those principals enable cryptographic security. It is then a customer/operator
(users) that have legitimate rights to indeed GET or SET responsibility to ensure that the SNMP entity giving access to an
(change/create/delete) them. instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
7. IANA Considerations 7. IANA Considerations
The MIB module in this document uses the following IANA-assigned The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value Descriptor OBJECT IDENTIFIER value
---------- ----------------------- ---------- -----------------------
ospfv3MIB { mib-2 YYY } ospfv3MIB { mib-2 YYY }
 End of changes. 11 change blocks. 
29 lines changed or deleted 43 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/