--- 1/draft-ietf-bfd-mib-01.txt 2006-02-04 17:23:40.000000000 +0100 +++ 2/draft-ietf-bfd-mib-02.txt 2006-02-04 17:23:40.000000000 +0100 @@ -1,19 +1,18 @@ BFD Working Group Thomas D. Nadeau Standard Track Zafar Ali Cisco Systems, Inc. - Document: draft-ietf-bfd-mib-01.txt Expires: January 2006 July 2005 Bidirectional Forwarding Detection Management Information Base - draft-ietf-bfd-mib-01.txt + draft-ietf-bfd-mib-02.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other @@ -30,83 +29,67 @@ The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This draft defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling Bidirectional Forwarding Detection (BFD) protocol [BFD]. -Conventions used in this document - - The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL - NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in - this document are to be interpreted as described in RFC 2119 - [RFC2119]. - - SUMMARY - - This draft defines Management Information Base (MIB) for - Bidirectional Forwarding Detection (BFD) protocol [BFD]. - - RELATED REFERENCES - - Please refer to the reference section. - -Table of Contents +Contents 1. Introduction...................................................2 2. Terminology....................................................3 3. The Internet-Standard Management Framework.....................3 3. Brief Description of MIB Objects...............................3 3.1 General Variables..........................................3 3.2 Session Table (bfdSessionTable)............................3 3.3 Session Performance Table (bfdSessionPerfTable)............3 3.4 Session Mapping Table (bfdSessMapTable)....................3 4. BFD MIB Module Definitions.....................................4 5. Security Considerations.......................................21 6. Acknowledgements..............................................22 - 7. Reference.....................................................23 + 7. References....................................................23 7.1 Normative References.........................................23 7.2 Informative References.......................................23 8. Author's Addresses............................................23 9. Full Copyright Statement......................................24 10. IANA Considerations.........................................41 10.1. IANA Considerations for BFD-STD-MIB.......................41 11. Intellectual Property Statement.............................41 1. Introduction This memo defines an portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects to configure and/or monitor Bi-Directional Forwarding Detection on devices supporting this feature. This document adopts the definitions, acronyms and mechanisms - described in [BFD], [BFD-SHARED] and [BFD-LSP]. Unless otherwise + described in [BFD], [BFD-MH] and [BFD-LSP]. Unless otherwise stated, the mechanisms described therein will not be re-described here. Comments should be made directly to the BFD mailing list at rtg-bfd@ietf.org. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Terminology This document adopts the definitions, acronyms and mechanisms - described in [BFD], [BFD-SHARED] and [BFD-LSP]. Unless otherwise + described in [BFD], [BFD-MH] and [BFD-LSP]. Unless otherwise stated, the mechanisms described therein will not be re-described here. 3. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed @@ -139,62 +122,60 @@ performance counts on a per session basis. This table is an AUGMENT to the bfdSessionTable. 3.4 Session Mapping Table (bfdSessMapTable) The BFD Session Mapping Table maps the complex indexing of the BFD sessions to the flat BFDIndex used in the BfdSessionTable. 5. BFD MIB Module Definitions -BFD-DRAFT-01-MIB DEFINITIONS ::= BEGIN - -- RFC-editor pls change BFD-DRAFT-*-MIB to - -- BFD-STD-MIB - +BFD-STD-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, Counter64, NOTIFICATION-TYPE, mib-2 - FROM SNMPv2-SMI + FROM SNMPv2-SMI -- [RFC2578] - MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP - FROM SNMPv2-CONF + MODULE-COMPLIANCE, OBJECT-GROUP, + NOTIFICATION-GROUP + FROM SNMPv2-CONF -- [RFC2580] - TEXTUAL-CONVENTION, TruthValue, RowStatus, StorageType, - TimeStamp - FROM SNMPv2-TC + TEXTUAL-CONVENTION, TruthValue, + RowStatus, StorageType, TimeStamp + FROM SNMPv2-TC -- [RFC2579] InetAddress, InetAddressType, InetPortNumber - FROM INET-ADDRESS-MIB + FROM INET-ADDRESS-MIB -- [RFC3291] ; bfdMIB MODULE-IDENTITY LAST-UPDATED "200507221200Z" -- 04 July 2005 12:00:00 EST ORGANIZATION "IETF" CONTACT-INFO " Thomas D. Nadeau Cisco Systems, Inc. Email: tnadeau@cisco.com Zafar Ali Cisco Systems, Inc. Email: zali@cisco.com " DESCRIPTION "Bidirectional Forwarding Management Information Base." -- Revision history. REVISION - "200507221200Z" -- 04 July 2005 12:00:00 EST + "200508221200Z" -- 04 August 2005 12:00:00 EST DESCRIPTION "Initial version. Published as RFC xxxx." -- RFC-editor pls fill - -- in xxx + -- in xxxx ::= { mib-2 XXX } -- assigned by IANA, see section 18.1 for details -- Top level components of this MIB module. bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } bfdObjects OBJECT IDENTIFIER ::= { bfdMIB 1 } bfdConformance OBJECT IDENTIFIER ::= { bfdMIB 3 } @@ -666,33 +647,30 @@ DESCRIPTION "The number of times this session has gone into the Up state since the router last rebooted." ::= { bfdSessPerfEntry 6 } bfdSessPerfDiscTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION - "The value of sysUpTime on the most recent occasion at which - any - one or more of the session counters suffered a - discontinuity. + "The value of sysUpTime on the most recent occasion at + which any one or more of the session counters suffered + a discontinuity. + The relevant counters are the specific instances associated with this BFD session of any Counter32 object contained in - the - BfdSessPerfTable. If no such discontinuities have occurred + the BfdSessPerfTable. If no such discontinuities have occurred since the last re-initialization of the local management - subsystem, - then this object contains a zero value." + subsystem, then this object contains a zero value." ::= { bfdSessPerfEntry 7 } - bfdSessPerfPktInHC OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This value represents the total number of BFD messages received for this BFD session. It MUST be equal to the least significant 32 bits of bfdSessPerfPktIn if bfdSessPerfPktInHC is supported according to the rules spelled out in RFC2863." @@ -976,26 +954,41 @@ 6. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. + o The bfdSessTable may be used to directly configure BFD + sessions. The bfdSessMapTable can be used indirectly + in the same way. Unauthorized access to objects in + this table could result in disruption of traffic on + the network. This is especially true if an unauthorized + user configures enough tables to invoke a denial of + service attack on the device where they are configured, + or on a remote device where the sessions terminate. + Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending - them over the network via SNMP. + them over the network via SNMP. These are the tables and objects and + their sensitivity/vulnerability: + + o The bfdSessPerfTable both allows access to the performance + characteristics of BFD sessions. Network administrators not + wishing to show this information should consider this + table sensative. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure "for example by using IPSec", even then, there is no control as to who on the secure network is allowed to access and GET/SET "read/change/create/delete" the objects in these MIB modules. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework "see [RFC3410], section 8", including full support for the SNMPv3 cryptographic mechanisms "for @@ -1006,35 +999,55 @@ enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals "users" that have legitimate rights to indeed GET or SET "change/create/delete" them. 7. Acknowledgements We would like to thank David Ward for his comments and suggestions. -8. Reference +8. References 8.1 Normative References [BFD] Katz, D., and Ward, D., "Bidirectional Forwarding Detection", draft-ietf-bfd-base-02.txt. - [BFD-SHARED] Bidirectional Forwarding Detection over Shared - Interfaces, work in progress. + [BFD-MH] Katz, D., and Ward, D., "BFD for Multihop Paths", + draft-ietf-bfd-multihop-03.txt. [BFD-LSP] Aggarwal, R., Kompella, K., T. D. Nadeau, and G. Swallow - BFD For MPLS LSPs, draft-ietf-bfd-mpls-01.txt. + BFD For MPLS LSPs, draft-ietf-bfd-mpls-02.txt. + + [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., + Rose, M. and S. Waldbusser, "Structure of Management + Information Version 2 (SMIv2)", STD 58, RFC 2578, April + 1999. + + [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., + Rose, M. and S. Waldbusser, "Textual Conventions for + SMIv2", STD 58, RFC 2579, April 1999. + + [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., + Rose, M. and S. Waldbusser, "Conformance Statements for + SMIv2", STD 58, RFC 2580, April 1999. + + [RFC3291] Daniele, M., Haberman, B., Routhier, S., and J. + Schoenwaelder, "Textual Conventions for Internet + Network Addresses", RFC 3291, May 2002. 8.2 Informative References + [RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate + Requirement Levels", RFC 2119, BCP 14, March 1997. + [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. [RFC3413] Levi, D., Meyer, P., Stewart, B., "SNMP Applications", RFC 3413, December 2002. [RFC2434] Narten, T. and H. Alvestrand., "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC