Network Working Group S. De Cnodder Internet-Draft Alcatel Intended status: Standards Track M. Morgenstern Expires: April 12, 2007 ECI Telecom Ltd. October 9, 2006 Access Node ANCP MIB draft-decnodder-ancp-mib-an-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 12, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing access nodes as described in [ANCPFW] that are using the Access Node Control Protocol (ANCP) defined in [ANCPPR]. De Cnodder & Morgenstern Expires April 12, 2007 [Page 1] Internet-Draft Access Node ANCP MIB October 2006 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 5.1. Textual Conventions . . . . . . . . . . . . . . . . . . . 4 5.2. The ANCP Subtree for the Access Node . . . . . . . . . . . 4 5.3. The Notifications Subtree . . . . . . . . . . . . . . . . 5 5.4. Relationship to Other MIB Modules . . . . . . . . . . . . 5 6. ANCP MIB Definitions for the Access Node . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 20 8. IANA considerations . . . . . . . . . . . . . . . . . . . . . 24 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24 10.1. Normative References . . . . . . . . . . . . . . . . . . . 24 10.2. Informative References . . . . . . . . . . . . . . . . . . 25 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25 Intellectual Property and Copyright Statements . . . . . . . . . . 26 De Cnodder & Morgenstern Expires April 12, 2007 [Page 2] Internet-Draft Access Node ANCP MIB October 2006 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing access nodes as described in [ANCPFW] that are using the Access Node Control Protocol defined in [ANCPPR]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 4. Overview In [ANCPFW], the framework for the Access Node Control Protocol (ANCP) is described. It defines 2 network entities, the Access Node (AN) and the Network Access Server (NAS), between which ANCP sessions are established. The detailed protocol specification of ANCP is described in [ANCPPR]. This document specifies a MIB for an AN that supports ANCP. Note: the current MIB definition is specific for [ANCPPR]. If [ANCPPR] gets updated later, then the MIB definition in this document will also follow these changes. 5. Structure of the MIB Module The ANCP MIB module for the AN has 2 parts. A first table, De Cnodder & Morgenstern Expires April 12, 2007 [Page 3] Internet-Draft Access Node ANCP MIB October 2006 ancpAnSessionConfigTable, is used to configure ANCP sessions at the AN towards a specific NAS. The NAS is identified by a number of attributes in this table (ancpAnSessionConfigNasIpAddressType and ancpAnSessionConfigNasIpAddress). The other attributes in this table can be used to configure properties that are specific for that particular ANCP session. A second table, ancpAnCurrentSessionTable, shows the operational state of a particular ANCP session. Each session configured in ancpAnSessionConfigTable has a corresponding row in ancpAnCurrentSessionTable. When a session is configured or deleted in the ancpAnSessionConfigTable, then the corresponding row of that session in the ancpAnCurrentSessionTable is, respectively, automatically created or deleted. Three groups are defined: o ancpAnConfigGroup This group contains all objects of the ancpAnSessionConfigTable in which the ANCP sessions are configured in the access node. o ancpAnCurrentGroup This group contains all objects of the ancpAnCurrentSessionTable where the operational state and other information of the ANCP sessions are shown. o ancpAnNotificationsGroup This group contains the notifications that indicate state changes of ANCP sessions. 5.1. Textual Conventions Two new textual convention, GsmpSubVersion and AnSessionCapabilities, are defined in this MIB module. The ANCP specification in [ANCPPR] is re-using the GSMP specification in [GSMP] where the GSMP subversion is introduced. These textual convention complement the textual conventions defined in [RFC3295], GsmpVersion, GsmpNameType, and GsmpPartitionIdType, which are also used in this MIB module. These textual conventions are used for the convenience of humans reading the MIB. 5.2. The ANCP Subtree for the Access Node TBD De Cnodder & Morgenstern Expires April 12, 2007 [Page 4] Internet-Draft Access Node ANCP MIB October 2006 5.3. The Notifications Subtree Notifications are defined to inform the management station about state changes of ANCP sessions, whenever an ANCP session changes state. Two notifications are defined for this purpose. The notification ancpSessionUp is to inform the management station when the session comes up, and the notification ancpSessionDown is to inform when the ANCP session is down again after it was up before. 5.4. Relationship to Other MIB Modules There are no dependencies with other MIB modules with the exception of some textual conventions that are re-used from other MIB Modules. 6. ANCP MIB Definitions for the Access Node ANCP-AN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Counter32, Unsigned32, mib-2, TimeTicks, NOTIFICATION-TYPE FROM SNMPv2-SMI -- [RFC2578] InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB -- [RFC4001] MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF -- [RFC2580] GsmpVersion, GsmpNameType, GsmpPartitionIdType FROM GSMP-MIB -- [RFC3295] RowStatus, TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579] ancpAnMIB MODULE-IDENTITY LAST-UPDATED "200610030000Z" -- 3 October 2006 ORGANIZATION "IETF ANCP Working Group" CONTACT-INFO " Editors: Stefaan De Cnodder Alcatel Postal: Copernicuslaan 50 B-2018 Antwerp Belgium EMail: stefaan.de_cnodder@alcatel.be Phone: +32 3 240 85 15 De Cnodder & Morgenstern Expires April 12, 2007 [Page 5] Internet-Draft Access Node ANCP MIB October 2006 Moti Morgenstern ECI Telecom Ltd. Postal: 30 Hasivim St. Petach Tikva 49517, Israel. Email: moti.morgenstern@ecitele.com Phone: +972 3 926 6258 " DESCRIPTION "The MIB module for entities implementing the access node side of the Access Node Control Protocol (ANCP). Copyright (C) The Internet Society (2006). Initial version as published in RFC yyyy; for full legal notices see the RFC itself." -- RFC Ed.: replace yyyy with actual RFC number & remove this note REVISION "200610030000Z" -- 3 October 2006 DESCRIPTION "Initial version as published in RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this note ::= { mib-2 xxx } -- The value xxx to be assigned by IANA. ancpNotifications OBJECT IDENTIFIER ::= { ancpAnMIB 0 } ancpAnObjects OBJECT IDENTIFIER ::= { ancpAnMIB 1 } ancpAnConformance OBJECT IDENTIFIER ::= { ancpAnMIB 2 } GsmpSubVersion ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The subversion numbers defined for the GSMP protocol." SYNTAX Unsigned32 AnSessionCapabilities ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "ANCP capabilities supported by the DSLAM. The following capabilities are available: topologyDiscovery (0)- Access Topology Discovery lineConfig (1) - Line Configuration multicast (2) - Multicast l2Oam (3) - Layer 2 OAM A bit set means the associated capability is supported." SYNTAX BITS { topologyDiscovery (0), lineConfig (1), multicast (2), l2Oam (3) De Cnodder & Morgenstern Expires April 12, 2007 [Page 6] Internet-Draft Access Node ANCP MIB October 2006 } ancpAnNextSessionId OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The object reports the next index (potential value of ancpAnSessionConfigSessionId) which is available for creating a new row in ancpAnSessionConfigTable. If no such value is available (e.g., the table is full or any other reason) the object reports '0' (zero). An available value V becomes unavailable when a row is actually created with ancpAnSessionConfigSessionId=V and until then consecutive GET commands with this object may return the same value V. Note that eventually only one row creation with the value I can succeed. An unavailable value V becomes available again when a row with ancpAnSessionConfigSessionId=V in ancpAnSessionConfigTable is deleted." ::= { ancpAnObjects 1 } ancpAnSessionConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpAnSessionConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents the ANCP sessions in the access node. An entry in this table needs to be configured (created) before an ANCP session might be started." ::= { ancpAnObjects 2 } ancpAnSessionConfigEntry OBJECT-TYPE SYNTAX AncpAnSessionConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table showing the data for a specific actual or yet to be established session. If partitions are used, one session corresponds to one specific access node partition." INDEX { ancpAnSessionConfigSessionId } ::= { ancpAnSessionConfigTable 1 } AncpAnSessionConfigEntry ::= SEQUENCE { ancpAnSessionConfigSessionId Unsigned32, ancpAnSessionConfigRowStatus RowStatus, ancpAnSessionConfigGsmpVersion GsmpVersion, De Cnodder & Morgenstern Expires April 12, 2007 [Page 7] Internet-Draft Access Node ANCP MIB October 2006 ancpAnSessionConfigGsmpSubVersion GsmpSubVersion, ancpAnSessionConfigEncapsulationType INTEGER, ancpAnSessionConfigCapabilities AnSessionCapabilities, ancpAnSessionConfigAliveTimer Unsigned32, ancpAnSessionConfigPortReportShaper Unsigned32, ancpAnSessionConfigAggregateReportShaper Unsigned32, ancpAnSessionConfigTransportRetryTimer Unsigned32, ancpAnSessionConfigGsmpRetryTimer Unsigned32, ancpAnSessionConfigAnName GsmpNameType, ancpAnSessionConfigPartitionId GsmpPartitionIdType, ancpAnSessionConfigWindowSize Unsigned32, ancpAnSessionConfigNasIpAddressType InetAddressType, ancpAnSessionConfigNasIpAddress InetAddress, ancpAnSessionConfigEncapPortNumber InetPortNumber } ancpAnSessionConfigSessionId OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A system generated index to distinguish between different sessions. Session may be actually established or just potential." ::= { ancpAnSessionConfigEntry 1 } ancpAnSessionConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "An object that allows entries in this table to be created and deleted using the RowStatus convention." ::= { ancpAnSessionConfigEntry 2 } ancpAnSessionConfigGsmpVersion OBJECT-TYPE SYNTAX GsmpVersion MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum version number of the GSMP protocol that may be used in this session. The value of this object is persistent." DEFVAL { 3 } ::= { ancpAnSessionConfigEntry 3 } ancpAnSessionConfigGsmpSubVersion OBJECT-TYPE SYNTAX GsmpSubVersion De Cnodder & Morgenstern Expires April 12, 2007 [Page 8] Internet-Draft Access Node ANCP MIB October 2006 MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum subversion number of the GSMP protocol that may be used in this session. The value of this object is persistent." DEFVAL { 1 } ::= { ancpAnSessionConfigEntry 4 } ancpAnSessionConfigEncapsulationType OBJECT-TYPE SYNTAX INTEGER { tcp(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "Required encapsulation for this session. The value of this object is persistent." DEFVAL { tcp } ::= { ancpAnSessionConfigEntry 5 } ancpAnSessionConfigCapabilities OBJECT-TYPE SYNTAX AnSessionCapabilities MAX-ACCESS read-create STATUS current DESCRIPTION "ANCP capabilities supported by the DSLAM in this session. A zero value means no capabilities are supported. The value of this object is persistent." DEFVAL { { topologyDiscovery, l2Oam } } ::= { ancpAnSessionConfigEntry 6 } ancpAnSessionConfigAliveTimer OBJECT-TYPE SYNTAX Unsigned32(1..255) UNITS "tenths of a second" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between periodic adjacency protocol messages generated by the access node. It is a constant for the duration of a GSMP session. The timer is specified in units of 100ms. The value of this object is persistent." DEFVAL { 100 } ::= { ancpAnSessionConfigEntry 7 } ancpAnSessionConfigPortReportShaper OBJECT-TYPE SYNTAX Unsigned32(1..255) De Cnodder & Morgenstern Expires April 12, 2007 [Page 9] Internet-Draft Access Node ANCP MIB October 2006 UNITS "tenths of a second" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 EventReport messages related to the same port. It is a constant for the duration of a GSMP session. The timer is specified in units of 100ms. The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 8 } ancpAnSessionConfigAggregateReportShaper OBJECT-TYPE SYNTAX Unsigned32(1..2550) UNITS "hundredths of a second" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 EventReport messages related to any port. It is a constant for the duration of a GSMP session. The timer is specified in units of 10ms. The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 9 } ancpAnSessionConfigTransportRetryTimer OBJECT-TYPE SYNTAX Unsigned32(0..255) UNITS "tenths of a second" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 transport connection setup attempts done by the access node. The transport protocol is specified in ancpAnSessionConfigEncapsulationType. The timer is specified in units of 100ms. A value 0 means that the access node will NOT initiate nor setup the transport connection. The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 10 } ancpAnSessionConfigGsmpRetryTimer OBJECT-TYPE SYNTAX Unsigned32(0..255) UNITS "tenths of a second" MAX-ACCESS read-create STATUS current De Cnodder & Morgenstern Expires April 12, 2007 [Page 10] Internet-Draft Access Node ANCP MIB October 2006 DESCRIPTION "The timer specifies the nominal time between 2 ANCP connection setup attempts. The timer is specified in units of 100ms. A value 0 means that the access node will NOT spontaneously trigger an ANCP session. Whatever the setting of this timer, the access node shall always listen for ANCP session setup. The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 11 } ancpAnSessionConfigAnName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the access node. The first three octets must be an Organizationally Unique Identifier (OUI) that identifies the manufacturer of the access node. This can be (one of) the MAC address(es) of the access node on the network side. It may not change during the ANCP session. When set to zero, the access node shall autonomously decide on using the most appropriate MAC address of the access node. Then the actually used access node name can be read from ancpAnCurrentSessionAnName. The value of this object is persistent." DEFVAL { "0" } ::= { ancpAnSessionConfigEntry 12 } ancpAnSessionConfigPartitionId OBJECT-TYPE SYNTAX GsmpPartitionIdType MAX-ACCESS read-create STATUS current DESCRIPTION "The Id for this session's specific access node partition. If partitions are not used, this object is 0. The value of this object is persistent." ::= { ancpAnSessionConfigEntry 13 } ancpAnSessionConfigWindowSize OBJECT-TYPE SYNTAX Unsigned32(1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum number of unacknowledged request messages that may be transmitted by the controller without the De Cnodder & Morgenstern Expires April 12, 2007 [Page 11] Internet-Draft Access Node ANCP MIB October 2006 possibility of loss. This field is used to prevent request messages from being lost in the access node because of overflow in the receive buffer. The field is a hint to the controller. The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 14 } ancpAnSessionConfigNasIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of address in ancpAnSessionConfigNasIpAddress. The value of this object is persistent." DEFVAL { ipv4 } ::= { ancpAnSessionConfigEntry 15 } ancpAnSessionConfigNasIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address used for the ANCP session peer (NAS). The value of this object is persistent." ::= { ancpAnSessionConfigEntry 16 } ancpAnSessionConfigEncapPortNumber OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "The port number used for the transport protocol establishment to the ANCP peer. The value of this object is persistent." DEFVAL { 6068 } ::= { ancpAnSessionConfigEntry 17 } ancpAnCurrentSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpAnCurrentSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table gives actual information of the sessions in the access node. A row in this table is created when the corresponding row in the ancpAnSessionConfigTable is activated. A row in this table is deleted when the corresponding row De Cnodder & Morgenstern Expires April 12, 2007 [Page 12] Internet-Draft Access Node ANCP MIB October 2006 in the ancpAnSessionConfigTable is deleted." ::= { ancpAnObjects 3 } ancpAnCurrentSessionEntry OBJECT-TYPE SYNTAX AncpAnCurrentSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table showing the data for a specific actual session." INDEX { ancpAnSessionConfigSessionId } ::= { ancpAnCurrentSessionTable 1 } AncpAnCurrentSessionEntry ::= SEQUENCE { ancpAnCurrentSessionState INTEGER, ancpAnCurrentSessionGsmpVersion GsmpVersion, ancpAnCurrentSessionGsmpSubVersion GsmpSubVersion, ancpAnCurrentSessionAnName GsmpNameType, ancpAnCurrentSessionAnPartitionId GsmpPartitionIdType, ancpAnCurrentSessionNasName GsmpNameType, ancpAnCurrentSessionAnIpAddressType InetAddressType, ancpAnCurrentSessionAnIpAddress InetAddress, ancpAnCurrentSessionNasIpAddressType InetAddressType, ancpAnCurrentSessionNasIpAddress InetAddress, ancpAnCurrentSessionAnInstance Unsigned32, ancpAnCurrentSessionNasInstance Unsigned32, ancpAnCurrentSessionCapabilities AnSessionCapabilities, ancpAnCurrentSessionStartUptime TimeTicks, ancpAnCurrentSessionStatSentMessages Counter32, ancpAnCurrentSessionStatReceivedValidMessages Counter32, ancpAnCurrentSessionStatDiscardedMessages Counter32 } ancpAnCurrentSessionState OBJECT-TYPE SYNTAX INTEGER { null(1), synsent(2), synrcvd(3), estab(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of this session. The null (1) state is returned if the proper encapsulation data is not yet configured, if the row is not in active status or if the session is in NULL state De Cnodder & Morgenstern Expires April 12, 2007 [Page 13] Internet-Draft Access Node ANCP MIB October 2006 as defined in the GSMP specification." ::= { ancpAnCurrentSessionEntry 1 } ancpAnCurrentSessionGsmpVersion OBJECT-TYPE SYNTAX GsmpVersion MAX-ACCESS read-only STATUS current DESCRIPTION "The actual version number of the GSMP protocol that is used in this session. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 2 } ancpAnCurrentSessionGsmpSubVersion OBJECT-TYPE SYNTAX GsmpSubVersion MAX-ACCESS read-only STATUS current DESCRIPTION "The actual subversion number of the GSMP protocol that may be used in this session. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 3 } ancpAnCurrentSessionAnName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the access node used in this session. It should be the same as ancpAnSessionConfigAnName." ::= { ancpAnCurrentSessionEntry 4 } ancpAnCurrentSessionAnPartitionId OBJECT-TYPE SYNTAX GsmpPartitionIdType MAX-ACCESS read-only STATUS current DESCRIPTION "The Id for this session's specific access node partition. It should be the same as ancpAnSessionConfigPartitionId." ::= { ancpAnCurrentSessionEntry 5 } ancpAnCurrentSessionNasName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-only STATUS current DESCRIPTION De Cnodder & Morgenstern Expires April 12, 2007 [Page 14] Internet-Draft Access Node ANCP MIB October 2006 "The name of the NAS as advertised in the adjacency message. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 6 } ancpAnCurrentSessionAnIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address in ancpAnCurrentSessionAnIpAddress." ::= { ancpAnCurrentSessionEntry 7 } ancpAnCurrentSessionAnIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address used for the access node." ::= { ancpAnCurrentSessionEntry 8 } ancpAnCurrentSessionNasIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address in ancpAnCurrentSessionNasIpAddress." ::= { ancpAnCurrentSessionEntry 9 } ancpAnCurrentSessionNasIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address used for the ANCP session peer (NAS). It should be the same as ancpAnSessionConfigNasIpAddress." ::= { ancpAnCurrentSessionEntry 10 } ancpAnCurrentSessionAnInstance OBJECT-TYPE SYNTAX Unsigned32(0..16777215) MAX-ACCESS read-only STATUS current DESCRIPTION "The instance number used by the access node during this session. The Instance number is a 24-bit number that should be guaranteed to be unique within the recent past and to change when the link De Cnodder & Morgenstern Expires April 12, 2007 [Page 15] Internet-Draft Access Node ANCP MIB October 2006 or node comes back up after going down. Zero is not a valid instance number. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 11 } ancpAnCurrentSessionNasInstance OBJECT-TYPE SYNTAX Unsigned32(0..16777215) MAX-ACCESS read-only STATUS current DESCRIPTION "The instance number used by the NAS during this session. The Instance number is a 24-bit number that should be guaranteed to be unique within the recent past and to change when the link or node comes back up after going down. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 12 } ancpAnCurrentSessionCapabilities OBJECT-TYPE SYNTAX AnSessionCapabilities MAX-ACCESS read-only STATUS current DESCRIPTION "The common ANCP capabilities supported by the DSLAM and NAS in this session. The object has the value 0 if no capabilities are supported or if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 13 } ancpAnCurrentSessionStartUptime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the session came to established state. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 14 } ancpAnCurrentSessionStatSentMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION De Cnodder & Morgenstern Expires April 12, 2007 [Page 16] Internet-Draft Access Node ANCP MIB October 2006 "The number of messages that have been sent in this session by the access node. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. The counter shall be reset when the session restarts." ::= { ancpAnCurrentSessionEntry 15 } ancpAnCurrentSessionStatReceivedValidMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that have been received and processed in this session by the access node. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. The counter shall be reset when the session restarts." ::= { ancpAnCurrentSessionEntry 16 } ancpAnCurrentSessionStatDiscardedMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that in this session have been received and discarded for whatever reason by the access node. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. The counter shall be reset when the session restarts." ::= { ancpAnCurrentSessionEntry 17 } -- -- Notifications -- ancpSessionDown NOTIFICATION-TYPE OBJECTS { ancpAnCurrentSessionAnIpAddressType, ancpAnCurrentSessionAnIpAddress, De Cnodder & Morgenstern Expires April 12, 2007 [Page 17] Internet-Draft Access Node ANCP MIB October 2006 ancpAnCurrentSessionNasIpAddressType, ancpAnCurrentSessionNasIpAddress, ancpAnCurrentSessionAnInstance, ancpAnCurrentSessionNasInstance, ancpAnCurrentSessionStartUptime, ancpAnCurrentSessionStatSentMessages, ancpAnCurrentSessionStatReceivedValidMessages, ancpAnCurrentSessionStatDiscardedMessages } STATUS current DESCRIPTION "This notification is generated whenever an ANCP session goes down. A session can go down for several reasons: 1) The ANCP session can be deleted by a manager from the ancpAnSessionConfigTable, and hence it will also be removed from the ancpAnCurrentSessionTable. 2) The session can go operational down due to some malfunction in the network, the AN, or the NAS. In this case, the ANCP session will be still in the ancpAnSessionConfigTable and ancpAnCurrentSessionTable, but the ancpAnCurrentSessionState moves from the estab state to another state." ::= { ancpNotifications 1 } ancpSessionUp NOTIFICATION-TYPE OBJECTS { ancpAnCurrentSessionAnInstance } STATUS current DESCRIPTION "This notification is generated when an ANCP session enters the estab state as given by ancpAnCurrentSessionState. Since ancpAnCurrentSessionAnInstance identifies the ANCP session uniquely the other attributes can be derived from this attribute." ::= { ancpNotifications 2 } -- -- ANCP AN Compliance -- ancpAnGroups OBJECT IDENTIFIER ::= { ancpAnConformance 1 } ancpAnCompliances OBJECT IDENTIFIER ::= { ancpAnConformance 2 } ancpAnModuleCompliance MODULE-COMPLIANCE STATUS current De Cnodder & Morgenstern Expires April 12, 2007 [Page 18] Internet-Draft Access Node ANCP MIB October 2006 DESCRIPTION "The compliance statement for agents that support the ANCP MIB for access nodes." MODULE -- this module MANDATORY-GROUPS { ancpAnConfigGroup, ancpAnCurrentGroup, ancpAnNotificationsGroup } ::= { ancpAnCompliances 1 } -- units of conformance ancpAnConfigGroup OBJECT-GROUP OBJECTS { ancpAnNextSessionId, ancpAnSessionConfigRowStatus, ancpAnSessionConfigGsmpVersion, ancpAnSessionConfigGsmpSubVersion, ancpAnSessionConfigEncapsulationType, ancpAnSessionConfigCapabilities, ancpAnSessionConfigAliveTimer, ancpAnSessionConfigPortReportShaper, ancpAnSessionConfigAggregateReportShaper, ancpAnSessionConfigTransportRetryTimer, ancpAnSessionConfigGsmpRetryTimer, ancpAnSessionConfigAnName, ancpAnSessionConfigPartitionId, ancpAnSessionConfigWindowSize, ancpAnSessionConfigNasIpAddressType, ancpAnSessionConfigNasIpAddress, ancpAnSessionConfigEncapPortNumber } STATUS current DESCRIPTION "These objects apply to the configuration of ANCP sessions in access nodes." ::= { ancpAnGroups 1 } ancpAnCurrentGroup OBJECT-GROUP OBJECTS { ancpAnCurrentSessionState, ancpAnCurrentSessionGsmpVersion, ancpAnCurrentSessionGsmpSubVersion, ancpAnCurrentSessionAnName, ancpAnCurrentSessionAnPartitionId, ancpAnCurrentSessionNasName, ancpAnCurrentSessionAnIpAddressType, De Cnodder & Morgenstern Expires April 12, 2007 [Page 19] Internet-Draft Access Node ANCP MIB October 2006 ancpAnCurrentSessionAnIpAddress, ancpAnCurrentSessionNasIpAddressType, ancpAnCurrentSessionNasIpAddress, ancpAnCurrentSessionAnInstance, ancpAnCurrentSessionNasInstance, ancpAnCurrentSessionCapabilities, ancpAnCurrentSessionStartUptime, ancpAnCurrentSessionStatSentMessages, ancpAnCurrentSessionStatReceivedValidMessages, ancpAnCurrentSessionStatDiscardedMessages } STATUS current DESCRIPTION "These objects show the operational state of all ANCP sessions configured in the access node." ::= { ancpAnGroups 2 } ancpAnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { ancpSessionDown, ancpSessionUp } STATUS current DESCRIPTION "These notifications informs management stations about changes in the state of ANCP sessions." ::= { ancpAnGroups 3 } END 7. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. This is the table and these are the objects and their sensitivity/vulnerability: o ancpAnSessionConfigTable The table consists of the following objects that support SET operations: De Cnodder & Morgenstern Expires April 12, 2007 [Page 20] Internet-Draft Access Node ANCP MIB October 2006 * ancpAnSessionConfigRowStatus * ancpAnSessionConfigGsmpVersion * ancpAnSessionConfigGsmpSubVersion * ancpAnSessionConfigEncapsulationType * ancpAnSessionConfigCapabilities * ancpAnSessionConfigAliveTimer * ancpAnSessionConfigPortReportShaper * ancpAnSessionConfigAggregateReportShaper * ancpAnSessionConfigTransportRetryTimer * ancpAnSessionConfigGsmpRetryTimer * ancpAnSessionConfigDslamName * ancpAnSessionConfigPartitionId * ancpAnSessionConfigWindowSize * ancpAnSessionConfigNasIpAddressType * ancpAnSessionConfigNasIpAddress * ancpAnSessionConfigEncapPortNumber Unauthorized changes to ancpAnSessionConfigRowStatus could result in session being created or brought into service prematurely; or could result in session being inadvertently deleted or taken out of service. Unauthorized changes to ancpAnSessionConfigGsmpVersion or ancpAnSessionConfigGsmpSubVersion could have an adverse operational effect by limiting the GSMP version to be used in the context of this session or enabling a GSMP version number that is actually unsupported by the access node. Unauthorized changes to ancpAnSessionConfigEncapsulationType could have an adverse operational effect by configuring the session to use an undesired or even unsupported protocol. Unauthorized changes to ancpAnSessionConfigCapabilities could have an adverse operational effect by disabling certain ANCP capabilities that the operator assumed that are enabled, or enable a capability that the operator would not like to activate. Unauthorized changes to ancpAnSessionConfigAliveTimer could have an adverse operational effect by increasing the frequency of adjacency protocol messages generated by the access node and leading to an overload of such messages. Decreasing the frequency of such messages may harm the synchronization between the access node and the NAS. Unauthorized changes to ancpAnSessionConfigPortReportShaper or ancpAnSessionConfigAggregateReportShaper could have an adverse operational effect by increasing the frequency of Event Report messages generated by the access node and leading to an overload De Cnodder & Morgenstern Expires April 12, 2007 [Page 21] Internet-Draft Access Node ANCP MIB October 2006 of such messages. Decreasing the frequency of such messages may delay the responsivness of the system to events associated with one or more ports . Unauthorized changes to ancpAnSessionConfigTransportRetryTimer could have an adverse operational effect by increasing the frequency of transport onnection setup attempts initiated by the access node or even unexpectedly enabling the access node to initiate the transport connection setup when that supposed to be disabled. Alternatively, when the operator basically planned transport connection setup attempts by the access node unauthorized changes to the attribute may cause unexpected low frequency of such attepts or unexpectedly disable those attempts. Unauthorized changes to ancpAnSessionConfigGsmpRetryTimer could have an adverse operational effect by increasing the frequency of ANCP onnection setup attempts initiated by the access node or even unexpectedly enabling the access node to initiate the ANCP connection setup when that supposed to be disabled. Alternatively, when the operator basically planned ANCP connection setup attempts by the access node unauthorized changes to the attribute may cause unexpected low frequency of such attepts or unexpectedly disable those attempts. Unauthorized changes to ancpAnSessionConfigAnName could confuse the NAS, e.g., by detecting the same name from multiple access nodes. This may also override the operator's will to allow/avoid the access node to autonomously determine its name. Unauthorized changes to ancpAnSessionConfigPartitionId could mean that partitions are used when actually they are not, or vice versa. It could also al least specify a different partition ID than the one actually associated with the session. Unauthorized changes to ancpAnSessionConfigWindowSize are not directly harmfull. However, if the controller adopts the suggested wrong window size it may either cause the controller to send too many messages in a window or unnecessarily limit itself and that could reduce the system performance. Unauthorized changes to ancpAnSessionConfigNasIpAddressType and/or ancpAnSessionConfigNasIpAddress and/or ancpAnSessionConfigEncapPortNumber could produce a wrong address type (interpretation) and/or IP address for the NAS and/or specify a wrong transport protocol port number for the session, respectively. De Cnodder & Morgenstern Expires April 12, 2007 [Page 22] Internet-Draft Access Node ANCP MIB October 2006 Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. This is the table and these are the objects and their sensitivity/vulnerability: o ancpAnCurrentSessionTable Access to these objects would allow an intruder to obtain information about which vendor's equipment is in use on the network. Further, such information is considered sensitive in many environments for competitive reasons. * ancpAnCurrentSessionState * ancpAnCurrentSessionGsmpVersion * ancpAnCurrentSessionGsmpSubVersion * ancpAnCurrentSessionAnName * ancpAnCurrentSessionAnPartitionId * ancpAnCurrentSessionNasName * ancpAnCurrentSessionAnIpAddressType * ancpAnCurrentSessionAnIpAddress * ancpAnCurrentSessionNasIpAddressType * ancpAnCurrentSessionNasIpAddress * ancpAnCurrentSessionAnInstance * ancpAnCurrentSessionNasInstance * ancpAnCurrentSessionCapabilities * ancpAnCurrentSessionStartUptime * ancpAnCurrentSessionStatSentMessages * ancpAnCurrentSessionStatReceivedValidMessages * ancpAnCurrentSessionStatDiscardedMessages SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], Section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an De Cnodder & Morgenstern Expires April 12, 2007 [Page 23] Internet-Draft Access Node ANCP MIB October 2006 instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. IANA considerations IANA is requested to assign an OID xxx under mib-2. 9. Acknowledgements The authors would like to thank Paul Reynders for his feedback. 10. References 10.1. Normative References [ANCPFW] Ooghe, S., Voigt, N., Platnic, M., Haag, T., and S. Wadhwa, "Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks", draft-ooghe-ancp-framework-00.txt, work in progress, May 2006. [ANCPPR] Wadhwa, S., Moisand, J., Subramanian, S., Haag, T., and N. Voigt, "GSMP extensions for layer2 control (L2C) Topology Discovery and Line Configuration", draft-wadhwa-gsmp-l2control- configuration-01.txt, work in progress, March 2006. [GSMP] Doria, A., "GSMPv3 Base Specification", draft-ietf-gsmp-v3-base-spec-08.txt, work in progress, March 2006. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, De Cnodder & Morgenstern Expires April 12, 2007 [Page 24] Internet-Draft Access Node ANCP MIB October 2006 April 1999. [RFC3295] Sjostrand, H., Buerkle, J., and B. Srinivasan, "Definitions of Managed Objects for the General Switch Management Protocol (GSMP)", RFC 3295, June 2002. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. 10.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. Authors' Addresses Stefaan De Cnodder Alcatel Copernicuslaan 50 B-2018 Antwerp Belgium Phone: +32 3 240 85 15 Email: stefaan.de_cnodder@alcatel.be Moti Morgenstern ECI Telecom Ltd. 30 Hasivim St. Petach Tikva 49517 Israel Phone: +972 3 926 6258 Fax: +972 3 928 7342 Email: moti.Morgenstern@ecitele.com De Cnodder & Morgenstern Expires April 12, 2007 [Page 25] Internet-Draft Access Node ANCP MIB October 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). De Cnodder & Morgenstern Expires April 12, 2007 [Page 26]