--- 1/draft-ietf-bfd-mib-16.txt 2014-04-14 06:14:37.071624453 -0700 +++ 2/draft-ietf-bfd-mib-17.txt 2014-04-14 06:14:37.143626223 -0700 @@ -1,20 +1,20 @@ Network Working Group T. Nadeau -Internet-Draft Juniper Networks +Internet-Draft Brocade Intended status: Standards Track Z. Ali -Expires: May 25, 2014 N. Akiya +Expires: October 16, 2014 N. Akiya Cisco Systems - November 21, 2013 + April 14, 2014 BFD Management Information Base - draft-ietf-bfd-mib-16 + draft-ietf-bfd-mib-17 Abstract This draft defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling Bidirectional Forwarding Detection (BFD) protocol. Requirements Language @@ -31,165 +31,173 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 25, 2014. + This Internet-Draft will expire on October 16, 2014. Copyright Notice - Copyright (c) 2013 IETF Trust and the persons identified as the + Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents - 1. The Internet-Standard Management Framework . . . . . . . . . 2 - 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 2. The Internet-Standard Management Framework . . . . . . . . . 2 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Brief Description of MIB Objects . . . . . . . . . . . . . . 3 4.1. General Variables . . . . . . . . . . . . . . . . . . . . 3 4.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 3 4.3. Session Performance Table (bfdSessionPerfTable) . . . . . 3 4.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 3 4.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . 3 5. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . 4 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 9.1. Normative References . . . . . . . . . . . . . . . . . . 36 9.2. Informative References . . . . . . . . . . . . . . . . . 37 -1. The Internet-Standard Management Framework +1. Introduction + + This memo defines a portion of the Management Information Base (MIB) + for use with network management protocols in the Internet community. + In particular, it describes managed objects to configure and/or + monitor Bidirectional Forwarding Detection for [RFC5880], [RFC5881], + [RFC5883] and [RFC7130], BFD versions 0 and/or 1, on devices + supporting this feature. + +2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). + Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. -2. Introduction - This memo defines an portion of the Management Information Base (MIB) - for use with network management protocols in the Internet community. - In particular, it describes managed objects to configure and/or - monitor Bi-Directional Forwarding Detection for [RFC5880], [RFC5881] - and [RFC5883], BFD versions 0 and/or 1, on devices supporting this - feature. - 3. Terminology This document adopts the definitions, acronyms and mechanisms - described in [RFC5880], [RFC5881] and [RFC5883]. Unless otherwise - stated, the mechanisms described therein will not be re-described - here. + described in [RFC5880], [RFC5881], [RFC5883] and [RFC7130]. Unless + otherwise stated, the mechanisms described therein will not be re- + described here. 4. Brief Description of MIB Objects This section describes objects pertaining to BFD. The MIB objects - are derived from [RFC5880], [RFC5881] and [RFC5883], and also include - textual conventions defined in [I-D.ietf-bfd-tc-mib]. + are derived from [RFC5880], [RFC5881], [RFC5883] and [RFC7130], and + also include textual conventions defined in [I-D.ietf-bfd-tc-mib]. 4.1. General Variables The General Variables are used to identify parameters that are global to the BFD process. 4.2. Session Table (bfdSessionTable) The session table is used to identify a BFD session between a pair of nodes. 4.3. Session Performance Table (bfdSessionPerfTable) The session performance table is used for collecting BFD performance counters on a per session basis. This table is an AUGMENT to the bfdSessionTable. 4.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) - The BFD Session Discriminator Mapping Table maps a local - discriminator value to associated BFD session's IANAbfdSessIndexTC - used in the bfdSessionTable. + The BFD Session Discriminator Mapping Table provides a mapping + between a local discriminator value to the associated BFD session + found in the bfdSessionTable. 4.5. BFD Session IP Mapping Table (bfdSessIpMapTable) + The BFD Session IP Mapping Table maps, given bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, and - bfdSessDstAddr, to an associated BFD session's IANAbfdSessIndexTC - used in the bfdSessionTable. This table SHOULD contains those BFD - sessions that are of IP type. + bfdSessDstAddr, to an associated BFD session found in the + bfdSessionTable. This table SHOULD contain those BFD sessions that + are of type IP. 5. BFD MIB Module Definitions This MIB module makes references to the following documents. - [RFC2579], [RFC2580], [RFC2863], [RFC4001], and [RFC3413]. + [RFC2578], [RFC2579], [RFC2580], [RFC2863], [RFC3289], [RFC3413], + [RFC5082] and [RFC5880]. BFD-STD-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, mib-2, Integer32, Unsigned32, Counter32, Counter64 - FROM SNMPv2-SMI + FROM SNMPv2-SMI -- [RFC2578] TruthValue, RowStatus, StorageType, TimeStamp - FROM SNMPv2-TC + FROM SNMPv2-TC -- [RFC2579] MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP - FROM SNMPv2-CONF + FROM SNMPv2-CONF -- [RFC2580] InterfaceIndexOrZero - FROM IF-MIB + FROM IF-MIB -- [RFC2863] InetAddress, InetAddressType, InetPortNumber FROM INET-ADDRESS-MIB - IANAbfdSessIndexTC, IANAbfdIntervalTC, IANAbfdMultiplierTC, + IndexIntegerNextFree + FROM DIFFSERV-MIB -- [RFC3289] + + BfdSessIndexTC, BfdIntervalTC, BfdMultiplierTC, + BfdCtrlDestPortNumberTC, BfdCtrlSourcePortNumberTC + FROM BFD-TC-STD-MIB + IANAbfdDiagTC, IANAbfdSessTypeTC, IANAbfdSessOperModeTC, - IANAbfdCtrlDestPortNumberTC, IANAbfdCtrlSourcePortNumberTC, IANAbfdSessStateTC, IANAbfdSessAuthenticationTypeTC, IANAbfdSessAuthenticationKeyTC FROM IANA-BFD-TC-STD-MIB; bfdMIB MODULE-IDENTITY - LAST-UPDATED "201311211200Z" -- 21 Nov. 2013 12:00:00 EST + LAST-UPDATED "201404131200Z" -- 13 April 2014 12:00:00 EST ORGANIZATION "IETF Bidirectional Forwarding Detection Working Group" CONTACT-INFO "Thomas D. Nadeau - Juniper Networks + Brocade Email: tnadeau@lucidvision.com Zafar Ali Cisco Systems, Inc. - Email: zali@cisco.com Nobo Akiya Cisco Systems, Inc. Email: nobo@cisco.com Comments about this document should be emailed directly to the BFD working group mailing list at rtg-bfd@ietf.org" DESCRIPTION @@ -187,21 +195,21 @@ Nobo Akiya Cisco Systems, Inc. Email: nobo@cisco.com Comments about this document should be emailed directly to the BFD working group mailing list at rtg-bfd@ietf.org" DESCRIPTION "Bidirectional Forwarding Management Information Base." - REVISION "201311211200Z" -- 21 Nov. 2013 12:00:00 EST + REVISION "201404131200Z" -- 13 April 2014 12:00:00 EST DESCRIPTION "Initial version. Published as RFC xxxx." -- RFC Ed.: RFC-editor pls fill in xxxx ::= { mib-2 XXX } -- RFC Ed.: assigned by IANA, see section 7.1 for details -- Top level components of this MIB module. bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } @@ -217,42 +225,69 @@ -- BFD Process. bfdAdminStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION - "The global administrative status of BFD in this device. - The value 'enabled' denotes that the BFD Process is - active on at least one interface; 'disabled' disables - it on all interfaces." - DEFVAL { enabled } + "The desired global administrative status of the BFD + system in this device." ::= { bfdScalarObjects 1 } + bfdOperStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2), + adminDown(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the actual operational status of the + BFD system in this device. When this value is + down(2), all entries in the bfdSessTable MUST have + their bfdSessOperStatus as down(2) as well. When + this value is adminDown(3), all entries in the + bfdSessTable MUST have their bfdSessOperStatus + as adminDown(3) as well." + ::= { bfdScalarObjects 2 } + bfdSessNotificationsEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is set to true(1), then it enables the emission of bfdSessUp and bfdSessDown notifications; otherwise these notifications are not emitted." REFERENCE "See also RFC3413 for explanation that notifications are under the ultimate control of the MIB modules in this document." DEFVAL { false } - ::= { bfdScalarObjects 2 } + ::= { bfdScalarObjects 3 } + + bfdSessIndexNext OBJECT-TYPE + SYNTAX IndexIntegerNextFree (0..4294967295) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This object contains an unused value for + bfdSessIndex that can be used when creating + entries in the table. A zero indicates that + no entries are available, but MUST NOT be used + as a valid index. " + ::= { bfdScalarObjects 4 } -- BFD Session Table -- The BFD Session Table specifies BFD session specific -- information. bfdSessTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION @@ -265,65 +300,68 @@ bfdSessEntry OBJECT-TYPE SYNTAX BfdSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session Entry describes BFD session." INDEX { bfdSessIndex } ::= { bfdSessTable 1 } BfdSessEntry ::= SEQUENCE { - bfdSessIndex IANAbfdSessIndexTC, + bfdSessIndex BfdSessIndexTC, bfdSessVersionNumber Unsigned32, bfdSessType IANAbfdSessTypeTC, bfdSessDiscriminator Unsigned32, bfdSessRemoteDiscr Unsigned32, - bfdSessDestinationUdpPort IANAbfdCtrlDestPortNumberTC, - bfdSessSourceUdpPort IANAbfdCtrlSourcePortNumberTC, + bfdSessDestinationUdpPort BfdCtrlDestPortNumberTC, + bfdSessSourceUdpPort BfdCtrlSourcePortNumberTC, bfdSessEchoSourceUdpPort InetPortNumber, bfdSessAdminStatus INTEGER, + bfdSessOperStatus INTEGER, bfdSessState IANAbfdSessStateTC, bfdSessRemoteHeardFlag TruthValue, bfdSessDiag IANAbfdDiagTC, bfdSessOperMode IANAbfdSessOperModeTC, bfdSessDemandModeDesiredFlag TruthValue, bfdSessControlPlaneIndepFlag TruthValue, bfdSessMultipointFlag TruthValue, bfdSessInterface InterfaceIndexOrZero, bfdSessSrcAddrType InetAddressType, bfdSessSrcAddr InetAddress, bfdSessDstAddrType InetAddressType, bfdSessDstAddr InetAddress, bfdSessGTSM TruthValue, bfdSessGTSMTTL Unsigned32, - bfdSessDesiredMinTxInterval IANAbfdIntervalTC, - bfdSessReqMinRxInterval IANAbfdIntervalTC, - bfdSessReqMinEchoRxInterval IANAbfdIntervalTC, - bfdSessDetectMult IANAbfdMultiplierTC, - bfdSessNegotiatedInterval IANAbfdIntervalTC, - bfdSessNegotiatedEchoInterval IANAbfdIntervalTC, - bfdSessNegotiatedDetectMult IANAbfdMultiplierTC, + bfdSessDesiredMinTxInterval BfdIntervalTC, + bfdSessReqMinRxInterval BfdIntervalTC, + bfdSessReqMinEchoRxInterval BfdIntervalTC, + bfdSessDetectMult BfdMultiplierTC, + bfdSessNegotiatedInterval BfdIntervalTC, + bfdSessNegotiatedEchoInterval BfdIntervalTC, + bfdSessNegotiatedDetectMult BfdMultiplierTC, bfdSessAuthPresFlag TruthValue, bfdSessAuthenticationType IANAbfdSessAuthenticationTypeTC, bfdSessAuthenticationKeyID Integer32, bfdSessAuthenticationKey IANAbfdSessAuthenticationKeyTC, bfdSessStorageType StorageType, bfdSessRowStatus RowStatus } bfdSessIndex OBJECT-TYPE - SYNTAX IANAbfdSessIndexTC + SYNTAX BfdSessIndexTC MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains an index used to represent a - unique BFD session on this device." + unique BFD session on this device. Managers + should obtain new values for row creation in this + table by reading bfdSessIndexNext." ::= { bfdSessEntry 1 } bfdSessVersionNumber OBJECT-TYPE SYNTAX Unsigned32 (0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "The version number of the BFD protocol that this session is running in. Write access is available for this object to provide ability to set desired version for this @@ -359,32 +397,32 @@ "This object specifies the session discriminator chosen by the remote system for this BFD session. The value may be zero(0) if the remote discriminator is not yet known or if the session is in the down or adminDown(1) state." REFERENCE "Section 6.8.6, from Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." ::= { bfdSessEntry 5 } bfdSessDestinationUdpPort OBJECT-TYPE - SYNTAX IANAbfdCtrlDestPortNumberTC + SYNTAX BfdCtrlDestPortNumberTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the destination UDP port number used for this BFD session's control packets. The value may be zero(0) if the session is in adminDown(1) state." DEFVAL { 0 } ::= { bfdSessEntry 6 } bfdSessSourceUdpPort OBJECT-TYPE - SYNTAX IANAbfdCtrlSourcePortNumberTC + SYNTAX BfdCtrlSourcePortNumberTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the source UDP port number used for this BFD session's control packets. The value may be zero(0) if the session is in adminDown(1) state. Upon creation of a new BFD session via this MIB, the value of zero(0) specified would permit the implementation to choose its own source port number." DEFVAL { 0 } @@ -400,390 +438,405 @@ if the session is not running in the echo mode, or the session is in adminDown(1) state. Upon creation of a new BFD session via this MIB, the value of zero(0) would permit the implementation to choose its own source port number." DEFVAL { 0 } ::= { bfdSessEntry 8 } bfdSessAdminStatus OBJECT-TYPE SYNTAX INTEGER { - stop(1), - start(2) + enabled(1), + disabled(2) } MAX-ACCESS read-create STATUS current DESCRIPTION - "A transition from 'stop' to 'start' will start + "Denotes the desired operational status of the BFD Session. + + A transition from disabled(2) to enabled(1) will start the BFD state machine for the session. The state - machine will have an initial state of down. - A transition from 'start' to 'stop' will cause - the BFD session to be brought down to - adminDown(1). Care should be used in providing - write access to this object without adequate - authentication." - DEFVAL { 2 } + machine will have an initial state of down(2). + A transition from enabled(1) to disabled(2) will cause + the BFD session to be brought down to adminDown(1). + + Care should be used in providing write access to this + object without adequate authentication." ::= { bfdSessEntry 9 } + bfdSessOperStatus OBJECT-TYPE + SYNTAX INTEGER { + up(1), + down(2), + adminDown(3) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Denotes the actual operational status of the BFD Session. + If the value of bfdOperStatus is down(2), this value MUST + eventually be down(2) as well. If the value of + bfdOperStatus is adminDown(3), this value MUST eventually + be adminDown(3) as well." + ::= { bfdSessEntry 10 } + bfdSessState OBJECT-TYPE SYNTAX IANAbfdSessStateTC MAX-ACCESS read-only STATUS current DESCRIPTION - "BFD session state." - DEFVAL { 2 } - ::= { bfdSessEntry 10 } + "Configured BFD session state." + ::= { bfdSessEntry 11 } bfdSessRemoteHeardFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies status of BFD packet reception from the remote system. Specifically, it is set to true(1) if the local system is actively receiving BFD packets from the remote system, and is set to false(2) if the local system has not received BFD packets recently (within the detection time) or if the local system is attempting to tear down the BFD session." REFERENCE "Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." - DEFVAL { false } - ::= { bfdSessEntry 11 } + ::= { bfdSessEntry 12 } bfdSessDiag OBJECT-TYPE SYNTAX IANAbfdDiagTC MAX-ACCESS read-only STATUS current DESCRIPTION "A diagnostic code specifying the local system's reason for the last transition of the session from up(4) to some other state." - ::= { bfdSessEntry 12 } + ::= { bfdSessEntry 13 } bfdSessOperMode OBJECT-TYPE SYNTAX IANAbfdSessOperModeTC MAX-ACCESS read-create STATUS current DESCRIPTION - "This object specifies current operating mode that BFD - session is operating in." - ::= { bfdSessEntry 13 } + "This object specifies the operational mode of this + BFD session." + ::= { bfdSessEntry 14 } bfdSessDemandModeDesiredFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates that the local system's desire to use Demand mode. Specifically, it is set to true(1) if the local system wishes to use Demand mode or false(2) if not" DEFVAL { false } - ::= { bfdSessEntry 14 } + ::= { bfdSessEntry 15 } bfdSessControlPlaneIndepFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates that the local system's ability to continue to function through a disruption of the control plane. Specifically, it is set to true(1) if the local system BFD implementation is independent of the control plane. Otherwise, the value is set to false(2)" DEFVAL { false } - ::= { bfdSessEntry 15 } + ::= { bfdSessEntry 16 } bfdSessMultipointFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the Multipoint (M) bit for this session. It is set to true(1) if Multipoint (M) bit is set to 1. Otherwise, the value is set to false(2)" DEFVAL { false } - ::= { bfdSessEntry 16 } + ::= { bfdSessEntry 17 } bfdSessInterface OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "This object contains an interface index used to indicate the interface which this BFD session is running on. This value can be zero if there is no interface associated with this BFD session." - ::= { bfdSessEntry 17 } + ::= { bfdSessEntry 18 } bfdSessSrcAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies IP address type of the source IP address of this BFD session. Only values unknown(0), ipv4(1), ipv6(2), or ipv6z(4) have to be supported. The value of unknown(0) is allowed only when the session is singleHop(1) and the source IP address of this BFD session is derived from the outgoing interface, or when the BFD session is not associated with a specific interface. If any other unsupported values are attempted in a set operation, the agent MUST return an inconsistentValue error." - ::= { bfdSessEntry 18 } + ::= { bfdSessEntry 19 } bfdSessSrcAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the source IP address of this BFD session." - ::= { bfdSessEntry 19 } + ::= { bfdSessEntry 20 } bfdSessDstAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies IP address type of the neighboring IP address which is being monitored with this BFD session. Only values unknown(0), ipv4(1), ipv6(2), or ipv6z(4) have to be supported. The value of unknown(0) is allowed only when the session is singleHop(1) and the outgoing interface is of type point-to-point, or when the BFD session is not associated with a specific interface. If any other unsupported values are attempted in a set operation, the agent MUST return an inconsistentValue error." - ::= { bfdSessEntry 20 } + ::= { bfdSessEntry 21 } bfdSessDstAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the neighboring IP address which is being monitored with this BFD session." - ::= { bfdSessEntry 21 } + ::= { bfdSessEntry 22 } bfdSessGTSM OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION - "Setting the value of this object to true(1) will enable GTSM - protection of the BFD session. GTSM MUST be enabled on a - singleHop(1) session if no authentication is in use." + "Setting the value of this object to false(2) will disable + GTSM protection of the BFD session. GTSM MUST be enabled + on a singleHop(1) session if no authentication is in use." REFERENCE "RFC5082, The Generalized TTL Security Mechanism (GTSM). RFC5881, Section 5" - DEFVAL { false } - ::= { bfdSessEntry 22 } + DEFVAL { true } + ::= { bfdSessEntry 23 } bfdSessGTSMTTL OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "This object is valid only when bfdSessGTSM protection is - enabled on the system. This object specifies the minimum - allowed TTL for received BFD control packets. For + enabled on the system. This object indicates the minimum + allowed TTL for received BFD control packets. For a singleHop(1) session, if GTSM protection is enabled, - this object SHOULD be set to maximum TTL allowed for - single hop. The value of zero(0) indicates that - bfdSessGTSM is disabled." + this object SHOULD be set to maximum TTL value allowed + for single hop. + + By default, GTSM is enabled and TTL value is 255. For a + multihop session, updating of maximum TTL value allowed + is likely required." REFERENCE "RFC5082, The Generalized TTL Security Mechanism (GTSM). RFC5881, Section 5" - DEFVAL { 0 } - ::= { bfdSessEntry 23 } + DEFVAL { 255 } + ::= { bfdSessEntry 24 } bfdSessDesiredMinTxInterval OBJECT-TYPE - SYNTAX IANAbfdIntervalTC + SYNTAX BfdIntervalTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the minimum interval, in microseconds, that the local system would like to use when transmitting BFD Control packets. The value of - zero(0) is reserved, and should not be used." + zero(0) is reserved in this case, and should not be + used." REFERENCE "Section 4.1 from Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." - ::= { bfdSessEntry 24 } + ::= { bfdSessEntry 25 } bfdSessReqMinRxInterval OBJECT-TYPE - SYNTAX IANAbfdIntervalTC + SYNTAX BfdIntervalTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the minimum interval, in microseconds, between received BFD Control packets the local system is capable of supporting. The value of zero(0) can be specified when the transmitting system does not want the remote system to send any periodic BFD control packets." REFERENCE "Section 4.1 from Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." - ::= { bfdSessEntry 25 } + ::= { bfdSessEntry 26 } bfdSessReqMinEchoRxInterval OBJECT-TYPE - SYNTAX IANAbfdIntervalTC + SYNTAX BfdIntervalTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the minimum interval, in microseconds, between received BFD Echo packets that this system is capable of supporting. Value must be zero(0) if this is a multihop BFD session." - ::= { bfdSessEntry 26 } + ::= { bfdSessEntry 27 } bfdSessDetectMult OBJECT-TYPE - SYNTAX IANAbfdMultiplierTC + SYNTAX BfdMultiplierTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the Detect time multiplier." - ::= { bfdSessEntry 27 } + ::= { bfdSessEntry 28 } bfdSessNegotiatedInterval OBJECT-TYPE - SYNTAX IANAbfdIntervalTC + SYNTAX BfdIntervalTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the negotiated interval, in microseconds, that the local system is transmitting BFD Control packets." - ::= { bfdSessEntry 28 } + ::= { bfdSessEntry 29 } bfdSessNegotiatedEchoInterval OBJECT-TYPE - SYNTAX IANAbfdIntervalTC + SYNTAX BfdIntervalTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the negotiated interval, in microseconds, that the local system is transmitting BFD echo packets. Value is expected to be zero if the sessions is not running in echo mode." - ::= { bfdSessEntry 29 } + ::= { bfdSessEntry 30 } bfdSessNegotiatedDetectMult OBJECT-TYPE - SYNTAX IANAbfdMultiplierTC + SYNTAX BfdMultiplierTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Detect time multiplier." - ::= { bfdSessEntry 30 } + ::= { bfdSessEntry 31 } bfdSessAuthPresFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates that the local system's desire to use Authentication. Specifically, it is set to true(1) if the local system wishes the session to be authenticated or false(2) if not." REFERENCE "Sections 4.2 - 4.4 from Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." DEFVAL { false } - ::= { bfdSessEntry 31 } + ::= { bfdSessEntry 32 } bfdSessAuthenticationType OBJECT-TYPE SYNTAX IANAbfdSessAuthenticationTypeTC MAX-ACCESS read-create STATUS current DESCRIPTION "The Authentication Type used for this BFD session. This field is valid only when the Authentication Present bit is set. Max-access to this object as well as other authentication related objects are set to read-create in order to support management of a single key ID at a time, key rotation is not handled. Key update in practice must be done by atomic update using a set containing all affected objects in the same varBindList - or otherwise risk the session dropping. Value -1 - indicates that no authentication is in use for this - session." + or otherwise risk the session dropping." REFERENCE "Sections 4.2 - 4.4 from Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." - DEFVAL { -1 } - ::= { bfdSessEntry 32 } + DEFVAL { noAuthentication } + ::= { bfdSessEntry 33 } bfdSessAuthenticationKeyID OBJECT-TYPE SYNTAX Integer32 (-1 | 0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The authentication key ID in use for this session. This object permits multiple keys to be active simultaneously. - When bfdSessAuthPresFlag is false(2), then the value - of this object MUST be -1. The value -1 indicates that - no Authentication Key ID will be present in the optional - BFD Authentication Section." + The value -1 indicates that no Authentication Key ID will + be present in the optional BFD Authentication Section." REFERENCE "Sections 4.2 - 4.4 from Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." DEFVAL { -1 } - ::= { bfdSessEntry 33 } + ::= { bfdSessEntry 34 } bfdSessAuthenticationKey OBJECT-TYPE SYNTAX IANAbfdSessAuthenticationKeyTC MAX-ACCESS read-create STATUS current DESCRIPTION "The authentication key. When the bfdSessAuthenticationType is simplePassword(1), the value of this object is the password present in the BFD packets. When the bfdSessAuthenticationType is one of the keyed authentication types, this value is used in the computation of the key present in the BFD authentication packet." REFERENCE "Sections 4.2 - 4.4 from Katz, D. and D. Ward, Bidirectional Forwarding Detection (BFD), RFC 5880, June 2012." - ::= { bfdSessEntry 34 } + ::= { bfdSessEntry 35 } bfdSessStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This variable indicates the storage type for this object. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." - ::= { bfdSessEntry 35 } + ::= { bfdSessEntry 36 } bfdSessRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This variable is used to create, modify, and/or delete a row in this table. When a row in this table has a row in the active(1) state, no objects in this row can be modified except the bfdSessRowStatus and bfdSessStorageType." - ::= { bfdSessEntry 36 } + ::= { bfdSessEntry 37 } -- BFD Session Performance Table bfdSessPerfTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessPerfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies BFD Session performance counters." ::= { bfdObjects 3 } @@ -913,53 +966,53 @@ with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 7 } bfdSessPerfEchoPktDropLastTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which received BFD echo message for this session was - dropped. If no such up event exists, this object contains - a zero value." + dropped. If no such up event has been issued, this + object contains a zero value." ::= { bfdSessPerfEntry 8 } bfdSessUpTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which - the session came up. If no such up event exists this object - contains a zero value." + the session came up. If no such event has been issued, + this object contains a zero value." ::= { bfdSessPerfEntry 9 } bfdSessPerfLastSessDownTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which the last time communication was lost with the - neighbor. If no such down event exist this object + neighbor. If no down event has been issued this object contains a zero value." ::= { bfdSessPerfEntry 10 } bfdSessPerfLastCommLostDiag OBJECT-TYPE SYNTAX IANAbfdDiagTC MAX-ACCESS read-only STATUS current DESCRIPTION "The BFD diag code for the last time communication was lost - with the neighbor. If no such down event exists this object - contains a zero value." + with the neighbor. If such an event has not been issued + this object contains a zero value." ::= { bfdSessPerfEntry 11 } bfdSessPerfSessUpCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times this session has gone into the Up state since the system last rebooted." ::= { bfdSessPerfEntry 12 } @@ -1063,141 +1116,92 @@ -- BFD Session Discriminator Mapping Table bfdSessDiscMapTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessDiscMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session Discriminator Mapping Table maps a local discriminator value to associated BFD session's - IANAbfdSessIndexTC used in the bfdSessionTable." + bfdSessIndex found in the bfdSessionTable." ::= { bfdObjects 4 } bfdSessDiscMapEntry OBJECT-TYPE SYNTAX BfdSessDiscMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The BFD Session Discriminator Map Entry describes - BFD session that is mapped to this IANAbfdSessIndexTC." + "The BFD Session Discriminator Mapping Entry + specifies a mapping between a local discriminator + and a BFD session." INDEX { bfdSessDiscriminator } ::= { bfdSessDiscMapTable 1 } BfdSessDiscMapEntry ::= SEQUENCE { - bfdSessDiscMapIndex IANAbfdSessIndexTC, - bfdSessDiscMapStorageType StorageType, - bfdSessDiscMapRowStatus RowStatus + bfdSessDiscMapIndex BfdSessIndexTC } bfdSessDiscMapIndex OBJECT-TYPE - SYNTAX IANAbfdSessIndexTC + SYNTAX BfdSessIndexTC MAX-ACCESS read-only STATUS current DESCRIPTION - "This object specifies the IANAbfdSessIndexTC referred - to by the indices of this row. In essence, a mapping is - provided between these indexes and the BfdSessTable." + "This object specifies a mapping between a + local discriminator and a BFD Session in + the BfdSessTable." ::= { bfdSessDiscMapEntry 1 } - bfdSessDiscMapStorageType OBJECT-TYPE - SYNTAX StorageType - MAX-ACCESS read-create - STATUS current - DESCRIPTION - "This variable indicates the storage type for this - object. Conceptual rows having the value - 'permanent' need not allow write-access to any - columnar objects in the row." - ::= { bfdSessDiscMapEntry 2 } - - bfdSessDiscMapRowStatus OBJECT-TYPE - SYNTAX RowStatus - MAX-ACCESS read-create - STATUS current - DESCRIPTION - "This variable is used to create, modify, and/or - delete a row in this table. When a row in this - table has a row in the active(1) state, no - objects in this row can be modified except the - bfdSessDiscMapRowStatus and bfdSessDiscMapStorageType." - ::= { bfdSessDiscMapEntry 3 } - -- BFD Session IP Mapping Table - bfdSessIpMapTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessIpMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session IP Mapping Table maps given bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType and bfdSessDstAddr - to an associated BFD session's IANAbfdSessIndexTC - used in the bfdSessionTable." + to an associated BFD session found in the + bfdSessionTable." ::= { bfdObjects 5 } bfdSessIpMapEntry OBJECT-TYPE SYNTAX BfdSessIpMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The BFD Session IP Map Entry describes - BFD session that is mapped to this IANAbfdSessIndexTC." + "The BFD Session IP Map Entry contains a mapping + from the IP information for a session, to the session + in the bfdSessionTable." INDEX { bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, bfdSessDstAddr } ::= { bfdSessIpMapTable 1 } BfdSessIpMapEntry ::= SEQUENCE { - bfdSessIpMapIndex IANAbfdSessIndexTC, - bfdSessIpMapStorageType StorageType, - bfdSessIpMapRowStatus RowStatus + bfdSessIpMapIndex BfdSessIndexTC } bfdSessIpMapIndex OBJECT-TYPE - SYNTAX IANAbfdSessIndexTC + SYNTAX BfdSessIndexTC MAX-ACCESS read-only STATUS current DESCRIPTION - "This object specifies the IANAbfdSessIndexTC referred + "This object specifies the BfdSessIndexTC referred to by the indexes of this row. In essence, a mapping is provided between these indexes and the BfdSessTable." ::= { bfdSessIpMapEntry 1 } - bfdSessIpMapStorageType OBJECT-TYPE - SYNTAX StorageType - MAX-ACCESS read-create - STATUS current - DESCRIPTION - "This variable indicates the storage type for this - object. Conceptual rows having the value - 'permanent' need not allow write-access to any - columnar objects in the row." - ::= { bfdSessIpMapEntry 2 } - - bfdSessIpMapRowStatus OBJECT-TYPE - SYNTAX RowStatus - MAX-ACCESS read-create - STATUS current - DESCRIPTION - "This variable is used to create, modify, and/or - delete a row in this table. When a row in this - table has a row in the active(1) state, no - objects in this row can be modified except the - bfdSessIpMapRowStatus and bfdSessIpMapStorageType." - ::= { bfdSessIpMapEntry 3 } - -- Notification Configuration bfdSessUp NOTIFICATION-TYPE OBJECTS { bfdSessDiag, -- low range value bfdSessDiag -- high range value } STATUS current DESCRIPTION "This notification is generated when the @@ -1302,34 +1306,20 @@ DESCRIPTION "An implementation is only required to support unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." OBJECT bfdSessRowStatus SYNTAX RowStatus { active(1), notInService(2) } WRITE-SYNTAX RowStatus { active(1), notInService(2), createAndGo(4), destroy(6) } DESCRIPTION "Support for createAndWait and notReady is not required." - OBJECT bfdSessDiscMapRowStatus - SYNTAX RowStatus { active(1), notInService(2) } - WRITE-SYNTAX RowStatus { active(1), notInService(2), - createAndGo(4), destroy(6) } - DESCRIPTION "Support for createAndWait and notReady is not - required." - - OBJECT bfdSessIpMapRowStatus - SYNTAX RowStatus { active(1), notInService(2) } - WRITE-SYNTAX RowStatus { active(1), notInService(2), - createAndGo(4), destroy(6) } - DESCRIPTION "Support for createAndWait and notReady is not - required." - ::= { bfdCompliances 1 } bfdModuleReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance requirement for implementations that only provide read-only support for BFD-MIB. Such devices can then be monitored but cannot be configured using this MIB module." @@ -1461,78 +1451,59 @@ OBJECT bfdSessStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessRowStatus SYNTAX RowStatus { active(1) } MIN-ACCESS read-only DESCRIPTION "Write access is not required." - OBJECT bfdSessDiscMapStorageType - MIN-ACCESS read-only - DESCRIPTION "Write access is not required." - - OBJECT bfdSessDiscMapRowStatus - SYNTAX RowStatus { active(1) } - MIN-ACCESS read-only - DESCRIPTION "Write access is not required." - - OBJECT bfdSessIpMapStorageType - MIN-ACCESS read-only - DESCRIPTION "Write access is not required." - - OBJECT bfdSessIpMapRowStatus - SYNTAX RowStatus { active(1) } - MIN-ACCESS read-only - DESCRIPTION "Write access is not required." - ::= { bfdCompliances 2 } -- Units of conformance. bfdSessionGroup OBJECT-GROUP OBJECTS { bfdAdminStatus, + bfdOperStatus, bfdSessNotificationsEnable, bfdSessVersionNumber, bfdSessType, + bfdSessIndexNext, bfdSessDiscriminator, bfdSessDestinationUdpPort, bfdSessSourceUdpPort, bfdSessEchoSourceUdpPort, bfdSessAdminStatus, + bfdSessOperStatus, bfdSessOperMode, bfdSessDemandModeDesiredFlag, bfdSessControlPlaneIndepFlag, bfdSessMultipointFlag, bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, bfdSessDstAddr, bfdSessGTSM, bfdSessGTSMTTL, bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, bfdSessReqMinEchoRxInterval, bfdSessDetectMult, bfdSessAuthPresFlag, bfdSessAuthenticationType, bfdSessAuthenticationKeyID, bfdSessAuthenticationKey, bfdSessStorageType, - bfdSessRowStatus, - bfdSessDiscMapStorageType, - bfdSessDiscMapRowStatus, - bfdSessIpMapStorageType, - bfdSessIpMapRowStatus + bfdSessRowStatus } STATUS current DESCRIPTION "Collection of objects needed for BFD sessions." ::= { bfdGroups 1 } bfdSessionReadOnlyGroup OBJECT-GROUP OBJECTS { bfdSessRemoteDiscr, bfdSessState, @@ -1613,24 +1586,29 @@ There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from - start to stop, can cause significant disruption of the + enabled(1) to disabled(2), can cause significant disruption of the connectivity to those portions of the Internet reached via the applicable remote BFD peer. + o bfdSessOperStatus - Improper change of bfdSessOperStatus, from + up(1) to down(2) or up(1) to adminDown(3), can cause significant + disruption of the connectivity to those portions of the Internet + reached via the applicable remote BFD peer. + o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change of this object can cause connections to be disrupted for extremely long time periods when otherwise they would be restored in a relatively short period of time. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY @@ -1656,21 +1634,21 @@ o The bfdSessPerfTable both allows access to the performance characteristics of BFD sessions. Network administrators not wishing to show this information should consider this table sensitive. The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and bfdSessAuthenticationKey objects hold security methods and associated security keys of BFD sessions. These objects SHOULD be considered highly sensitive objects. In order for these sensitive information from being improperly accessed, implementers MAY wish to disallow - read and create access to these objects. + access to these objects. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure "for example by using IPSec", even then, there is no control as to who on the secure network is allowed to access and GET/SET "read/change/create/delete" the objects in these MIB modules. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms "for @@ -1696,22 +1674,24 @@ [RFC-Editor's Note (to be removed prior to publication): the IANA is requested to assign a value for "XXX" under the 'mib-2' subtree and to record the assignment in the SMI Numbers registry. When the assignment has been made, the RFC Editor is asked to replace "XXX" (here and in the MIB module) with the assigned value and to remove this note.] 8. Acknowledgments - Authors would like to thank David Ward, Jeffrey Haas, Reshad Rahman, - David Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara + Authors would like to thank Adrian Farrel and Jeffrey Haas for + performing thorough reviews and providing number of suggestions. + Authors would also like to thank David Ward, Reshad Rahman, David + Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara Sreenivasa for their comments and suggestions. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. @@ -1719,58 +1699,68 @@ Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. + [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C. + Pignataro, "The Generalized TTL Security Mechanism + (GTSM)", RFC 5082, October 2007. + [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, June 2010. [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June 2010. [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for Multihop Paths", RFC 5883, June 2010. + [RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and + J. Haas, "Bidirectional Forwarding Detection (BFD) on Link + Aggregation Group (LAG) Interfaces", RFC 7130, February + 2014. + [I-D.ietf-bfd-tc-mib] Nadeau, T., Ali, Z., and N. Akiya, "Definitions of Textual Conventions (TCs) for Bidirectional Forwarding Detection - (BFD) Management", draft-ietf-bfd-tc-mib-03 (work in + (BFD) Management", draft-ietf-bfd-tc-mib-04 (work in progress), November 2013. 9.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. - [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. - Schoenwaelder, "Textual Conventions for Internet Network - Addresses", RFC 4001, February 2005. - [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December 2002. + [RFC3289] Baker, F., Chan, K., and A. Smith, "Management Information + Base for the Differentiated Services Architecture", RFC + 3289, May 2002. + Authors' Addresses Thomas D. Nadeau - Juniper Networks + Brocade + + EMail: tnadeau@lucidvision.com - EMail: tnadeau@juniper.net Zafar Ali Cisco Systems EMail: zali@cisco.com Nobo Akiya Cisco Systems EMail: nobo@cisco.com