draft-ietf-ospf-ospfv3-mib-15.txt   draft-ietf-ospf-ospfv3-mib-16.txt 
Network Working Group D. Joyal (Editor) Network Working Group D. Joyal (Editor)
Internet Draft Nortel Internet Draft Nortel
Intended status: Standards Track V. Manral (Editor) Intended status: Standards Track V. Manral (Editor)
Expires: December 25, 2009 IP Infusion Expires: January 17, 2010 IP Infusion
June 23, 2009 July 16, 2009
Management Information Base for OSPFv3 Management Information Base for OSPFv3
draft-ietf-ospf-ospfv3-mib-15.txt draft-ietf-ospf-ospfv3-mib-16.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79. the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 33 skipping to change at page 1, line 33
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 25, 2009. This Internet-Draft will expire on January 17, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license- publication of this document (http://trustee.ietf.org/license-
info). Please review these documents carefully, as they describe info). Please review these documents carefully, as they describe
skipping to change at page 8, line 39 skipping to change at page 8, line 39
InterfaceIndex InterfaceIndex
FROM IF-MIB FROM IF-MIB
InetAddressType, InetAddress, InetAddressPrefixLength, InetAddressType, InetAddress, InetAddressPrefixLength,
InetAddressIPv6 InetAddressIPv6
FROM INET-ADDRESS-MIB FROM INET-ADDRESS-MIB
Metric, BigMetric, Status, Metric, BigMetric, Status,
HelloRange, DesignatedRouterPriority HelloRange, DesignatedRouterPriority
FROM OSPF-MIB; FROM OSPF-MIB;
ospfv3MIB MODULE-IDENTITY ospfv3MIB MODULE-IDENTITY
LAST-UPDATED "200906231200Z" LAST-UPDATED "200907161200Z"
ORGANIZATION "IETF OSPF Working Group" ORGANIZATION "IETF OSPF Working Group"
CONTACT-INFO CONTACT-INFO
"WG E-Mail: ospf@ietf.org "WG E-Mail: ospf@ietf.org
WG Chairs: Acee Lindem WG Chairs: Acee Lindem
acee@redback.com acee@redback.com
Abhay Roy Abhay Roy
akr@cisco.com akr@cisco.com
Editors: Dan Joyal Editors: Dan Joyal
skipping to change at page 9, line 18 skipping to change at page 9, line 18
vishwas@ipinfusion.com" vishwas@ipinfusion.com"
DESCRIPTION DESCRIPTION
"The MIB module for OSPF version 3. "The MIB module for OSPF version 3.
Copyright (C) The IETF Trust (2009). Copyright (C) The IETF Trust (2009).
This version of this MIB module is part of This version of this MIB module is part of
RFC xxxx; see the RFC itself for full legal RFC xxxx; see the RFC itself for full legal
notices." notices."
REVISION "200906231200Z" REVISION "200907161200Z"
DESCRIPTION -- RFC Editor assigns RFC xxxx DESCRIPTION -- RFC Editor assigns RFC xxxx
"Initial version, published as RFC xxxx" "Initial version, published as RFC xxxx"
-- RFC Ed.: replace xxxx with actual RFC number & remove this note -- RFC Ed.: replace xxxx with actual RFC number & remove this note
::= { mib-2 YYY } ::= { mib-2 YYY }
-- RFC Ed.: replace YYY with IANA-assigned number & remove this note -- RFC Ed.: replace YYY with IANA-assigned number & remove this note
-- Textual conventions -- Textual conventions
Ospfv3UpToRefreshIntervalTC ::= TEXTUAL-CONVENTION Ospfv3UpToRefreshIntervalTC ::= TEXTUAL-CONVENTION
skipping to change at page 82, line 54 skipping to change at page 82, line 54
END END
6. Security Considerations 6. Security Considerations
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. Improper manipulation of the objects represented network operations. Improper manipulation of the objects represented
by this MIB may result in disruption of network connectivity by by this MIB module may result in disruption of network connectivity
administratively disabling the entire OSPFv3 entity or individual by administratively disabling the entire OSPFv3 entity or individual
interfaces, by deleting configured neighbors, by reducing the limit interfaces, by deleting configured neighbors, by reducing the limit
on External LSAs, by changing ASBR status, by manipulating route on External LSAs, by changing ASBR status, by manipulating route
aggregation, by manipulating interface and route metrics, by changing aggregation, by manipulating interface and route metrics, by changing
hello interval or dead interval, or by changing interface type. hello interval or dead interval, or by changing interface type.
Remote monitoring can be defeated by disabling of SNMP notifications. Remote monitoring can be defeated by disabling of SNMP notifications.
Performance can be impacted by increasing the limit on External LSAs Performance can be impacted by increasing the limit on External LSAs
or changing DR/BDR priority. or changing DR/BDR priority.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. Unauthorized access to readable objects in this the network via SNMP. Unauthorized access to readable objects in this
MIB allows the discovery of the network topology and operating MIB module allows the discovery of the network topology and operating
parameters which can be used to target further attacks on the network parameters which can be used to target further attacks on the network
or to gain a competitive business advantage. or to gain a competitive business advantage.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec), Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module. in this MIB module.
It is RECOMMENDED that implementers consider the security features as It is RECOMMENDED that implementers consider the security features as
skipping to change at page 85, line 16 skipping to change at page 85, line 16
[RFC3411] Harrington, D., Presuhn, R., Wijnen, B., [RFC3411] Harrington, D., Presuhn, R., Wijnen, B.,
"An Architecture for Describing Simple Network Management "An Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", RFC 3411, Protocol (SNMP) Management Frameworks", RFC 3411,
December 2002. December 2002.
[RFC3413] Levi, D., Meyer, P., Stewart, B., [RFC3413] Levi, D., Meyer, P., Stewart, B.,
"Simple Network Management Protocol (SNMP) Applications", "Simple Network Management Protocol (SNMP) Applications",
RFC 3413, December 2002. RFC 3413, December 2002.
[RFC3414] Blumenthal, U., Wijnen, B., "User-based Security Model
(USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", RFC 3414, December 2002.
[RFC3415] Wijnen, B., Presuhn, R., McCloghrie, K.,
"View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)", RFC 3415,
December 2002.
11. Contributors' Addresses 11. Contributors' Addresses
Jacek Kwiatkowski Jacek Kwiatkowski
Intel Technology Poland Intel Technology Poland
ul. Slowackiego 173 ul. Slowackiego 173
80-298 Gdansk, Poland 80-298 Gdansk, Poland
Email: jacek.kwiatkowski@intel.com Email: jacek.kwiatkowski@intel.com
Sebastian Zwolinski Sebastian Zwolinski
Intel Technology Poland Intel Technology Poland
 End of changes. 8 change blocks. 
18 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/