Network Working Group Vijayabhaskar A K INTERNET-DRAFT Senthil Kumar B Category: Standards Track Hewlett Packard Dynamic Host Configuration Protocol (DHCP) Relay Agent MIB for IPv4 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or made obsolete by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C), 2004, The Internet Society. All Rights Reserved. Abstract This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in the Internet Community. In particular, it defines objects used for the management of Dynamic Host Configuration Protocol Relay Agent for IPv4 and Bootstrap Protocol (BOOTP) Relay Agent. 1. Introduction This memo is a product of the DHCP Working Group and defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes a set of extensions that DHCPv4 Relay and Bootstrap Protocol (BOOTP) Relay Agent Vijay, Senthil Expires August 2004 [Page 1] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 implement. Many implementations support both DHCP and BOOTP within a single server and hence this memo describes the relay agent MIB for both the protocol. This memo is based on the Internet-standard Network Management Framework as defined by documents [RFC2578, RFC2579, RFC2580]. Objects defined in this MIB allow access to and control of DHCP Relay Software. The key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD," "SHOULD NOT," "RECOMMENDED," "MAY," and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410], Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. 3. Overview In the tradition of the Simple Network Management Protocol (SNMP), the minimum number of objects possible is defined in this MIB, while still providing as rich a set of management information as possible. An object is left out of this MIB when it can be derived from other objects that are provided. Further to the tradition of the SNMP, computationally intense operations are left to the domain of the management station. Thus, this MIB provides a set of objects from which other management information may be derived. 3.1. Relationship to Other MIBs 3.1.1. DHCP MIB Extensions The DHCP MIB extensions will be the "dhcp" branch of the standard MIB-2 tree, as illustrated by the following diagram: Vijay, Senthil Expires August 2004 [Page 2] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 +-------+ | MIB-2 | +---+---+ | | +---+---+ | dhcp | +---+---+ | | +--------------+---------------+----------------+ | | | | +-----+-----+ +-----+----+ +-------+-------+ +-----+-----+ | dhcp-v4 | | dhcp-v4 | | dhcp-v4 | |dhcp-v6 MIB| |Server MIB | |Client MIB| |Relay Agent MIB| |Extensions | |(Work in | | | | | | | | Progress) | | (future) | | (this memo) | | (future) | +-----------+ +----------+ +---------------+ +-----------+ 4. Definitions DHCP-V4-RELAY-MIB DEFINITIONS ::= BEGIN IMPORTS Counter64, Counter32, Gauge32, Unsigned32, MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, NOTIFICATION-TYPE, mib-2 FROM SNMPv2-SMI TEXTUAL-CONVENTION, DateAndTime FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddressIPv4 FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF; dhcpv4Relay MODULE-IDENTITY LAST-UPDATED "200402091510Z" ORGANIZATION "IETF DHC Working Group General Discussion: dhcwg@ietf.org Subscribe: http://www1.ietf.org/mailman/listinfo/dhcwg Archive: http://www1.ietf.org/mailman/listinfo/dhcwg Chair: Ralph Droms, rdroms@cisco.com" CONTACT-INFO " Senthil Kumar Balasubramanian Hewlett Packard Company, Postal: 29 Cunnigham Road, Bangalore, India 560 052 Tel: +91-(80)-205-3103 Vijay, Senthil Expires August 2004 [Page 3] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 Fax: +91-(80)-235-2364 E-mail: ksenthil@india.hp.com Vijayabhaskar Annamalai Kalusivalingam, Postal: Hewlett Packard Company, 29 Cunnigham Road, Bangalore, India 560 052 Tel: +91-(80)-205-3085 Fax: +91-(80)-235-2364 E-mail: vijayak@india.hp.com" DESCRIPTION "The MIB module for entities implementing the Relay Agent part of the Bootstrap Protocol (BOOTP) and the Dynamic Host Configuration protocol (DHCP) for Internet Protocol version 4(IPv4). Copyright (C) The Internet Society (2004). This version of this MIB module is part of RFC xxxx; see the RFC itself for full legal notices." -- RFC Editor assigns xxxx and removes this comment REVISION "200402091510Z" -- 09 February 2004 DESCRIPTION "Initial Version, published as RFC xxxx." -- RFC Editor assigns xxxx and removes this comment ::= { dhcp 3 } -- Work in Progress -- declare top-level MIB objects dhcpv4RelayObjects OBJECT-IDENTITY STATUS current DESCRIPTION "DHCP Relay MIB identification objects are all defined in this branch." ::= { dhcpv4Relay 1 } dhcpv4RelaySystem OBJECT-IDENTITY STATUS current DESCRIPTION "Group of objects that are related to the overall system." ::= { dhcpv4RelayObjects 1 } relayCounters OBJECT-IDENTITY STATUS current DESCRIPTION "Group of objects that count various BOOTP Relay events." ::= { dhcpv4RelayObjects 2 } dhcpv4RAIFObjects OBJECT-IDENTITY STATUS current DESCRIPTION "Objects that are associated with Relay Agent Information Option" REFERENCE "RFC-3046 and its descendents." ::= { dhcpv4RelayObjects 3 } --RFC 3046 and its decesndents. Vijay, Senthil Expires August 2004 [Page 4] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 -- dhcpv4RelaySystem Group dhcpv4RelaySystemDescr OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "A textual description of the relay. This value should have the FQDN name." ::= { dhcpv4RelaySystem 1 } dhcpv4RelaySystemObjectID OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor's authoritative identification of the network management subsystem contained in this entity. This value is allocated within the SMI enterprise subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining what kind of relay is being managed. For example, if vendor Ohso Soft, Inc. is assigned the subtree 1.3.6.1.4.1.4242, it may assign the identifier 1.3.6.1.4.1.4242.1.1 to its Ursa DHCP Relay." ::= { dhcpv4RelaySystem 2 } maxHopCountAllowed OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum hop count that a DHCP/BOOTP packet can have to pass through the relay" ::= { dhcpv4RelaySystem 3 } dhcpv4RelayandServer OBJECT-TYPE SYNTAX INTEGER { relayOnly(1), relayandServer(2), } MAX-ACCESS read-write STATUS current DESCRIPTION "The type of the Relay. The types are: (1) Acts only as DHCP Relay. (2) Acts as both as DHCP Relay and Server for independent networks" ::= { dhcpv4RelaySystem 4 } seconds OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current Vijay, Senthil Expires August 2004 [Page 5] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 DESCRIPTION "The time interval for which the relay chooses a server. In the subsequent "seconds" interval the relay chooses the next server in the list for relaying the packets from the clients." ::= { dhcpv4RelaySystem 5 } relaySubnettoServerMapTable OBJECT-TYPE SYNTAX SEQUENCE Of relaySubnettoServerMapEntry MAX-ACCESS read-write STATUS current DESCRIPTION "The list of subnets that the relay manages. This table maps the subnets with a list of servers serving them along with the maximum seconds value the BOOTP/DHCP packet can have to make the relay to choose a server, beyond which the relay chooses the next server in the list. The server list will be an ordered list of preference." ::= { dhcpv4RelaySystem 6 } relaySubnettoServerMapEntry OBJECT-TYPE SYNTAX relaySubnettoServerMapEntry MAX-ACCESS read-write STATUS current DESCRIPTION "A logical row in the relaySubnettoServerMapEntry." INDEX { clientSubnetID } ::= { relaySubnettoServerMapTable 1} relaySubnettoServerMapEntry ::= SEQUENCE { clientSubnetID InetAddressIPv4, serverAddress InetAddressIPv4, relayNetToSerMapStatus RowStatus } clientSubnetID OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-write STATUS current DESCRIPTION "The subnet address of the link on which the client resides" ::= { relaySubnettoServerMapEntry 1 } serverAddress OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-write STATUS current DESCRIPTION "The address of the DHCP/BOOTP server." ::= { relaySubnettoServerMapEntry 2 } relayNetToSerMapStatus OBJECT-TYPE SYNTAX RowStatus Vijay, Senthil Expires August 2004 [Page 6] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 MAX-ACCESS read-create STATUS current DESCRIPTION "The status column used for creating, modifying, and deleting instances of the columnar objects in the relaySubnettoServerMapEntry table." DEFVAL { active } ::= { relaySubnettoServerMapEntry 3 } -- dhcpv4RAIFObjects Group Starts. dhcpv4RAIFOption OBJECT-TYPE SYNTAX INTEGER { enable(1), disable(2), } MAX-ACCESS read-only STATUS current DESCRIPTION "Enables/Disables addition of RAIF Option by the Relay. The values are: (1) Enables addition of RAIF Option by the Relay. (2) Disables addition of RAIF Option by the Relay." REFERENCE "RFC-3046." ::= { dhcpv4RAIFObjects 1 } maxPktSizeWithRAIFOption OBJECT-TYPE SYNTAX INTEGER MAX-ACCESS read-write STATUS current DESCRIPTION "Maximux size of a DHCP packet after including RAIF Option that is allowed to pass through the Relay" REFERENCE "RFC-3046." ::= { dhcpv4RAIFObjects 2 } dhcpv4RAIFCounterObject OBJECT IDENTIFIER ::= { dhcpv4RAIFObjects 3 } sizeWithRAIFExceedLimitCount SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DHCP packets exceeded the maximum size after including RAIF Option." REFERENCE "RFC-2131." ::= { dhcpv4RAIFCounterObject 1 } relayOptionAddedCount SYNTAX Counter32 MAX-ACCESS read-only Vijay, Senthil Expires August 2004 [Page 7] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 STATUS current DESCRIPTION "Number of RAIF Option added by the relay while forwarding to the servers" REFERENCE "RFC-3046." ::= { dhcpv4RAIFCounterObject 2 } relayOptionRemovedCount SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of RAIF Option removed by the relay while forwarding to the clients" REFERENCE "RFC-3046." ::= { dhcpv4RAIFCounterObject 3 } incorrectRAIFOptionCount SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of incorrect RAIF Option in DHCP packet received by the relay" REFERENCE "RFC-3046." ::= { dhcpv4RAIFCounterObject 4 } docsisDCISubOptionAddedCount SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DOCSIS-DCI SubOption added by the relay while forwarding to the servers" REFERENCE "RFC-3256." ::= { dhcpv4RAIFCounterObject 5 } docsisDCISubOptionRemoved SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of DOCSIS-DCI SubOption removed by the relay while forwarding to the servers" REFERENCE "RFC-3256." ::= { dhcpv4RAIFCounterObject 6 } linkSelSubOptionAddedCount SYNTAX Counter32 MAX-ACCESS read-only Vijay, Senthil Expires August 2004 [Page 8] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 STATUS current DESCRIPTION "Number of Link Selection SubOption added by the relay while forwarding to the servers" REFERENCE "RFC-3527." ::= { dhcpv4RAIFCounterObject 7 } linkSelSubOptionRemovedCount SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Number of Link Selection SubOption removed by the relay while forwarding to the servers" REFERENCE "RFC-3527." ::= { dhcpv4RAIFCounterObject 8 } -- relayCounters Group relayToServerCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BOOTREQUEST packets that are relayed to the servers." REFERENCE "RFC-2131." ::= { relayCounters 1 } relayToClientCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BOOTREPLY packets that are relayed back to the clients" REFERENCE "RFC-2131." ::= { relayCounters 2 } relayCountInvalids OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BOOTP packets dropped by the relay without forwarding (e.g., hop count exceeded the limit)." ::= { relayCounters 3 } giaddrSpoofCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION Vijay, Senthil Expires August 2004 [Page 9] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 "Number of DHCP packets arrived with giaddr spoofed the relay's address" ::= { relayCounters 4 } END 5. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 6. IANA Considerations IANA must fill in the value of the RFC number when it is assigned to this memo. It is represented as "xxxx" in the DESCRIPTION section of MODULE-IDENTITY. 7. Security Considerations This MIB includes few objects that have MAX-ACCESS clause of read-write or read-create. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. It is thus important to control SET access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET Vijay, Senthil Expires August 2004 [Page 10] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. Normative References [RFC2131] Droms, R., "Dynamic Host Configuration Protocol," RFC 2131, March 1997. [RFC2132] Alexander, S. and Droms, R., "DHCP Options and BOOTP Vendor Extensions," RFC 2132, March 1997. [RFC2578] Case, J., McCloghrie, K., Perkins, D., Rose, M., Schoenwaelder, J., and S. Waldbusser, "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)," RFC 2578, April 1999. [RFC2579] Case, J., McCloghrie, K., Rose, M., Schoenwaelder, J., and S. Waldbusser, "Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)," RFC 2579, April 1999. [RFC2580] Case, J., McCloghrie, K., Rose, M., Schoenwaelder, J., and S. Waldbusser, "Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)," RFC 2580, April 1999. [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 9. Informative References [RFC1123] R. Braden, "Requirements for Internet Hosts -- Application and Support," RFC 1123, October 1989. [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. [RFC 3046] Patrick, M., "DHCP Relay Agent Information Option", RFC 3046, January 2001. [RFC 3256] D. Jones., R. Woundy., The DOCSIS Class DHCP Relay Agent Information Sub-option, RFC 3256, April 2002 Vijay, Senthil Expires August 2004 [Page 11] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 [RFC 3527] K. Kinnear., M. Stapp., R. Johnson., J. Kumarasamy., Link Selection sub-option for the Relay Agent Information Option for DHCPv4, RFC 3527, April 2003 10. Editors' Addresses Senthil Kumar Balasubramanian Hewlett Packard Company, 29 Cunnigham Road, Bangalore, 560 052 India Phone: +91-(80)-2205-3103 Fax: +91-(80)-2235-2364 Email: ksenthil@india.hp.com Vijayabhaskar Annamalai Kalusivalingam Hewlett Packard Company, 29 Cunnigham Road, Bangalore, 560 052 India Phone: +91-(80)-2205-3085 Fax: +91-(80)-2235-2364 Email: vijayak@india.hp.com 11. Full Copyright Statement Copyright (C), 2004, The Internet Society. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION Vijay, Senthil Expires August 2004 [Page 12] Internet-Draft DHCP Relay Agent MIB for IPv4 Feb 2004 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Vijay, Senthil Expires August 2004 [Page 13]