idnits 2.17.1 draft-ietf-vrrp-unified-mib-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (September 2011) is 4606 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2787 (Obsoleted by RFC 6527) -- Obsolete informational reference (is this intentional?): RFC 2338 (Obsoleted by RFC 3768) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group Kalyan Tata 3 Internet Draft Check Point Software 4 Document: draft-ietf-vrrp-unified-mib-10.txt September 2011 5 Obsoletes: 2787 (if approved) 6 Intended Status: Proposed Standard 7 Expires: March 2012 9 Definitions of Managed Objects for VRRPv3 10 12 Abstract 14 This specification defines a portion of the Management Information 15 Base (MIB) for use with SNMP-based network management. In 16 particular, it defines objects for configuring, monitoring, and 17 controlling routers that employ the Virtual Router Redundancy 18 Protocol Version 3 for both IPv4 and IPv6 as defined in RFC 5798. 19 This memo obsoletes RFC 2787. 21 Status of this Memo 23 This Internet-Draft is submitted to IETF in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 This document may contain material from IETF Documents or IETF 27 Contributions published or made publicly available before November 28 10, 2008. The person(s) controlling the copyright in some of this 29 material may not have granted the IETF Trust the right to allow 30 modifications of such material outside the IETF Standards Process. 31 Without obtaining an adequate license from the person(s) controlling 32 the copyright in such materials, this document may not be modified 33 outside the IETF Standards Process, and derivative works of it may 34 not be created outside the IETF Standards Process, except to format 35 it for publication as an RFC or to translate it into languages other 36 than English. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF), its areas, and its working groups. Note that 40 other groups may also distribute working documents as Internet- 41 Drafts. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 The list of current Internet-Drafts can be accessed at 49 http://www.ietf.org/ietf/1id-abstracts.txt. 51 The list of Internet-Draft Shadow Directories can be accessed at 52 http://www.ietf.org/shadow.html. 54 This Internet-Draft will expire in Oct, 2011. 56 Copyright Notice 58 Copyright (c) 2011 IETF Trust and the persons identified as the 59 document authors. All rights reserved. 61 This document is subject to BCP 78 and the IETF Trust's Legal 62 Provisions Relating to IETF Documents 63 (http://trustee.ietf.org/license-info) 64 in effect on the date of publication of this document. Please 65 review these documents carefully, as they describe your rights and 66 restrictions with respect to this document. Code Components 67 extracted from this document must include Simplified BSD License 68 text as described in Section 4.e of the Trust Legal Provisions and 69 are provided without warranty as described in the Simplified BSD 70 License. 72 Table of Contents 74 1. The Internet-Standard Management Framework.....................3 75 2. Introduction...................................................3 76 3. Terminology....................................................3 77 4. Relationship to RFC 2787.......................................3 78 5. Relation to Interface Group (IF-MIB)...........................3 79 6. Multi-Stack Implementations....................................3 80 7. Interpretation of RFC5798......................................4 81 8. VRRP MIB Structure and Design..................................4 82 9. VRRP Multistack Scenario.......................................4 83 10. Definitions...................................................7 84 11. Security Considerations......................................27 85 12. IANA Considerations..........................................28 86 13. Normative References.........................................28 87 14. Informative References.......................................29 88 15. Acknowledgments..............................................29 89 16. Author's Address.............................................29 91 1. The Internet-Standard Management Framework 93 For a detailed overview of the documents that describe the current 94 Internet-Standard Management Framework, please refer to section 7 of 95 RFC 3410 [RFC3410]. 97 Managed objects are accessed via a virtual information store, termed 98 the Management Information Base or MIB. MIB objects are generally 99 accessed through the Simple Network Management Protocol (SNMP). 100 Objects in the MIB are defined using the mechanisms defined in the 101 Structure of Management Information (SMI). This memo specifies a MIB 102 module that is compliant to the SMIv2, which is described in STD 58, 103 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 104 [RFC2580]. 106 2. Introduction 108 This specification defines a portion of the Management Information 109 Base (MIB) for use with SNMP-based network management. In 110 particular, it defines objects for configuring, monitoring, and 111 controlling routers that employ the Virtual Router Redundancy 112 Protocol Version 3 for both IPv4 and IPv6 as defined in RFC 5798 113 [RFC5798]. 115 3. Terminology 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 119 "OPTIONAL" in this document are to be interpreted as described in 120 RFC 2119 [RFC2119]. 122 4. Relationship to RFC 2787 124 This document obsoletes RFC2787 [RFC2787]. The major changes in this 125 document reflect changes in VRRP protocol between RFC 2338 [RFC2338] 126 and RFC 5798 [RFC5798]. This document is also updated to conform to 127 current MIB conventions. 129 5. Relation to Interface Group (IF-MIB) 131 Since a router can be participating in VRRP on one or more 132 interfaces, "ifIndex" is used as an index into the tables defined in 133 the VRRP MIB. This MIB module imports ifIndex from the IF-MIB. At 134 this time, the latest version of IF-MIB is from RFC2863 [RFC2863]. 136 6. Multi-Stack Implementations 138 This MIB module is designed to support Multi-Stack implementations 139 that run VRRP over IPv4 and IPv6. IP version, VRID and ifIndex are 140 used to uniquely identify rows in a multi stack implementation. 142 7. Interpretation of RFC5798 144 During the review of this document, It emerged that there are 145 different possible interpretations of [RFC5798]. The Authors of that 146 document and the VRRP working group were unable to reach consensus on 147 which interpretation is correct. This document makes the following 148 assumption. 150 IPv4 and IPv6 virtual routers are treated as two separate logical 151 entities and represented as two separate entries in the 152 vrrpv3OperationsTable. This is required due to the undefined behavior 153 of the protocol in [RFC5798] in a Multi-Stack scenario. 155 8. VRRP MIB Structure and Design 157 This MIB module contains three tables: 158 (1) The vrrpv3OperationsTable, which contains objects that define 159 the operational characteristics of a VRRP router. Rows in this 160 table correspond to instances of virtual routers. 162 (2) The vrrpv3StatisticsTable which contains the operating 163 statistics for a VRRP router. 165 (3) The vrrpv3AssociatedIpAddrTable, contains the addresses of the 166 virtual router(s) that a given VRRP router is backing up. 168 Tables are indexed on ifIndex, VRID and the IP version to uniquely 169 identify a VRRP router. 171 Notifications in this MIB module are controlled using the mechanisms 172 defined in [RFC3413]. 174 9. VRRP Multistack Scenario 176 The following section provides examples of how some of the objects in 177 this MIB are instantiated. 179 KEY: 180 ---- 181 The labels in the following tables and diagrams correspond to the 182 actual MIB objects as follows: 184 if = IfIndex 185 AddrType= vrrpv3OperationsInetAddrType 186 VrId = vrrpv3OperationsVrId 187 State = vrrpv3OperationsStatus 188 Prior = vrrpOpeartionsPriority 189 IpAddr = vrrpv3OperationsMasterIpAddr 191 The following figure shows a hypothetical network with two VRRP 192 routers VR1 & VR2, configured with two virtual routers. Addresses in 193 '()' indicate the address of the default gateway for a given host, H1 194 to H4 are IPv4 hosts and H5 to H8 are IPv6 hosts. A, B and C are IPv4 195 addresses and X, Y and Z are IPv6 addresses. In the diagram, 196 "Interface" is used in the context defined in IF-MIB. 198 +------+ +------+ 199 | VR1 | | VR2 | 200 | | | | 201 +------+ +------+ 202 | | 203 Intf = I1 Intf = I2 204 IP A | IP X IP B | IP Y 205 IP C | | IP Z 206 VRID = 1 | VRID=2 VRID=2 | VRID = 1 207 | | 208 ----+------+------+-+-------+--------+--------++------+--------+--- 209 ^ ^ ^ ^ ^ ^ ^ ^ 210 | | | | | | | | 211 (IP A) (IP A) (IP B) (IP B) (IP X) (IP X) (IP Y) (IP Y) 212 | | | | | | | | 213 +----+ +----+ +----+ +----+ +----+ +----+ +----+ +----+ 214 | H1 | | H2 | | H3 | | H4 | | H5 | | H6 | | H7 | | H8 | 215 +----+ +----+ +----+ +----+ +----+ +----+ +----+ +----+ 217 ----- MIB Tables For VRRP Router "VR1": ----- 219 vrrpv3OperationsTable 220 ------------------- 221 | if | VrId |AddrType| State | Prior |IpAddr| | 222 +----+------+--------+-------+-------+------+--(..)--+ 223 | I1 | 01 | 1 | M | 255 | A | | 224 +----+------+--------+-------+-------+------+--(..)--+ 225 | I1 | 01 | 2 | B | 1-254 | Y | | 226 +----+------+--------+-------+-------+------+--(..)--+ 227 | I1 | 02 | 1 | B | 1-254 | B | | 228 +----+------+--------+-------+-------+------+--(..)--+ 229 | I1 | 02 | 2 | M | 255 | X | | 230 +----+------+--------+-------+-------+------+--------+ 232 vrrpv3AssociatedIpAddrTable 233 ------------------------- 235 | if | VrId | AddrType | IP | RowStat | 236 +----+------+----------+------+---------+ 237 | I1 | 01 | 1 | A | active | 238 +----+------+----------+------+---------+ 239 | I1 | 01 | 1 | C | active | 240 +----+------+----------+------+---------+ 241 | I1 | 01 | 2 | Y | active | 242 +----+------+----------+------+---------+ 243 | I1 | 01 | 2 | Z | active | 244 +----+------+----------+------+---------+ 245 | I1 | 02 | 1 | B | active | 246 +----+------+----------+------+---------+ 247 | I1 | 02 | 2 | X | active | 248 +----+------+----------+------+---------+ 250 ----- MIB Tables For VRRP Router "VR2": ----- 252 vrrpv3OperationsTable 253 ------------------- 255 | if | VrId |AddrType| State | Prior |IpAddr| | 256 +----+------+--------+-------+-------+------+--(..)--+ 257 | I2 | 01 | 1 | B | 1-254 | A | | 258 +----+------+--------+-------+-------|------+--(..)--+ 259 | I2 | 01 | 2 | M | 255 | Y | | 260 +----+------+--------+-------+-------+------+--(..)--+ 261 | I2 | 02 | 1 | M | 255 | B | | 262 +----+------+--------+-------+-------+------+--(..)--+ 263 | I2 | 02 | 2 | B | 1-254 | X | | 264 +----+------+--------+-------+-------+------+--------+ 266 vrrpv3AssociatedIpAddrTable 267 ------------------------- 268 | if | VrId |AddrType| IP | RowStat | 269 +----+------+--------+------+---------+ 270 | I2 | 01 | 1 | A | active | 271 +----+------+--------+------+---------+ 272 | I2 | 01 | 1 | C | active | 273 +----+------+--------+------+---------+ 274 | I2 | 01 | 2 | Y | active | 275 +----+------+--------+------+---------+ 276 | I2 | 01 | 2 | Z | active | 277 +----+------+--------+------+---------+ 278 | I2 | 02 | 1 | B | active | 279 +----+------+--------+------+---------+ 280 | I2 | 02 | 2 | X | active | 281 +----+------+--------+------+---------+ 283 NOTES: 285 1) For "State": M = Master; B = Backup. 286 In the vrrpv3OperationsTable, a "priority" of 255 indicates that the 287 respective router owns the IP address, e.g., this IP address is 288 native to the router (i.e., "the IP Address Owner"). 290 10. Definitions 292 This MIB module makes reference to the following documents [RFC2578], 293 [RFC2579], [RFC2580], [RFC2863], and [RFC4001]. 295 VRRPV3-MIB DEFINITIONS ::= BEGIN 297 IMPORTS 298 MODULE-IDENTITY, OBJECT-TYPE, 299 NOTIFICATION-TYPE, Counter32, 300 Integer32, mib-2, Unsigned32, 301 Counter64, TimeTicks 302 FROM SNMPv2-SMI -- RFC2578 304 TEXTUAL-CONVENTION, RowStatus, 305 MacAddress, TruthValue, TimeStamp, 306 TimeInterval 307 FROM SNMPv2-TC -- RFC2579 309 MODULE-COMPLIANCE, OBJECT-GROUP, 310 NOTIFICATION-GROUP 311 FROM SNMPv2-CONF -- RFC2580 312 ifIndex 313 FROM IF-MIB -- RFC2863 314 InetAddressType, InetAddress 315 FROM INET-ADDRESS-MIB; -- RFC4001 317 vrrpv3MIB MODULE-IDENTITY 318 LAST-UPDATED "201104220000Z" -- Apr 22, 2011 319 ORGANIZATION "IETF VRRP Working Group" 320 CONTACT-INFO 321 "WG E-Mail: vrrp@ietf.org 323 Editor: Kalyan Tata 324 Check Point Software 325 800 Bridge Park Way, 326 Redwood City, CA 94065 327 Tata_kalyan@yahoo.com" 329 DESCRIPTION 330 "This MIB describes objects used for managing Virtual 331 Router Redundancy Protocol version 3 (VRRPv3). 333 Copyright (C) The Internet Society (2011). 334 This version of MIB module is part of RFC YYYY. 335 Please see the RFC for full legal notices." 337 REVISION "201104220000Z" -- Apr 22, 2011 338 DESCRIPTION "Initial version as published in RFC YYYY." 340 -- EdNote: Please replace YYYY with actual RFC number for 341 -- this draft and remove this note. 343 ::= { mib-2 ZZZ } 345 -- EdNote: Please replace ZZZ with IANA assigned number 346 -- and remove this note. 348 -- Textual Conventions 350 Vrrpv3VrIdTC ::= TEXTUAL-CONVENTION 351 DISPLAY-HINT "d" 352 STATUS current 353 DESCRIPTION 354 "The value of the virtual router identifier noted as 355 (VRID) in RFC5798. This along with interface index 356 (ifIndex) and IP version, serves to uniquely identify a 357 virtual router on a given VRRP router." 358 REFERENCE " RFC 5798 (Sections 3 and 5.2.3)" 359 SYNTAX Integer32 (1..255) 361 -- VRRPv3 MIB Groups 363 vrrpv3Notifications OBJECT IDENTIFIER ::= { vrrpv3MIB 0 } 364 vrrpv3Objects OBJECT IDENTIFIER ::= { vrrpv3MIB 1 } 365 vrrpv3Conformance OBJECT IDENTIFIER ::= { vrrpv3MIB 2 } 367 -- VRRPv3 MIB Objects 369 vrrpv3Operations OBJECT IDENTIFIER ::= { vrrpv3Objects 1 } 370 vrrpv3Statistics OBJECT IDENTIFIER ::= { vrrpv3Objects 2 } 372 -- VRRPv3 Operations Table 374 vrrpv3OperationsTable OBJECT-TYPE 375 SYNTAX SEQUENCE OF Vrrpv3OperationsEntry 376 MAX-ACCESS not-accessible 377 STATUS current 378 DESCRIPTION 379 "Unified Operations table for a VRRP router which 380 consists of a sequence (i.e., one or more conceptual 381 rows) of 'vrrpv3OperationsEntry' items each of which 382 describe the operational characteristics of a virtual 383 router." 385 ::= { vrrpv3Operations 1 } 387 vrrpv3OperationsEntry OBJECT-TYPE 388 SYNTAX Vrrpv3OperationsEntry 389 MAX-ACCESS not-accessible 390 STATUS current 391 DESCRIPTION 392 "An entry in the vrrpv3OperationsTable containing the 393 operational characteristics of a virtual router. On a 394 VRRP router, a given virtual router is identified by a 395 combination of ifIndex, VRID and the IP version. 396 ifIndex represents a interface of the router. 398 A row must be created with vrrpv3OperationsStatus 399 set to initialize(1) and cannot transition to 400 backup(2) or master(3) until vrrpv3OperationsRowStatus 401 is transitioned to active(1). 403 The information in this table is persistent and when 404 written the entity SHOULD save the change to non- 405 volatile storage." 407 INDEX { ifIndex, vrrpv3OperationsVrId, 408 vrrpv3OperationsInetAddrType 409 } 410 ::= { vrrpv3OperationsTable 1 } 412 Vrrpv3OperationsEntry ::= 414 SEQUENCE { 415 vrrpv3OperationsVrId 416 Vrrpv3VrIdTC, 417 vrrpv3OperationsInetAddrType 418 InetAddressType, 419 vrrpv3OperationsMasterIpAddr 420 InetAddress, 421 vrrpv3OperationsPrimaryIpAddr 422 InetAddress, 423 vrrpv3OperationsVirtualMacAddr 424 MacAddress, 425 vrrpv3OperationsStatus 426 INTEGER, 427 vrrpv3OperationsPriority 428 Unsigned32, 429 vrrpv3OperationsAddrCount 430 Integer32, 431 vrrpv3OperationsAdvInterval 432 TimeInterval, 433 vrrpv3OperationsPreemptMode 434 TruthValue, 435 vrrpv3OperationsAcceptMode 436 TruthValue, 437 vrrpv3OperationsUpTime 438 TimeTicks, 439 vrrpv3OperationsRowStatus 440 RowStatus 441 } 442 vrrpv3OperationsVrId OBJECT-TYPE 443 SYNTAX Vrrpv3VrIdTC 444 MAX-ACCESS not-accessible 445 STATUS current 446 DESCRIPTION 447 "This object contains the Virtual Router Identifier 448 (VRID)." 449 REFERENCE "RFC 4001" 450 ::= { vrrpv3OperationsEntry 1 } 452 vrrpv3OperationsInetAddrType OBJECT-TYPE 453 SYNTAX InetAddressType 454 MAX-ACCESS not-accessible 455 STATUS current 456 DESCRIPTION 457 "The IP address type of Vrrpv3OperationsEntry and 458 Vrrpv3AssociatedIpAddrEntry. This value determines 459 the type for vrrpv3OperationsMasterIpAddr, 460 vrrpv3OperationsPrimaryIpAddr and 461 vrrpv3AssociatedIpAddrAddress. 463 ipv4(1) and ipv6(2) are the only two values supported 464 in this MIB module." 465 REFERENCE "RFC 4001" 466 ::= { vrrpv3OperationsEntry 2 } 468 vrrpv3OperationsMasterIpAddr OBJECT-TYPE 469 SYNTAX InetAddress 470 MAX-ACCESS read-only 471 STATUS current 472 DESCRIPTION 473 "The master router's real IP address. Master router 474 would set this address to vrrpv3OperationsPrimaryIpAddr 475 while transitioning to master state. For backup 476 routers, this is the IP address listed as the source in 477 VRRP advertisement last received by this virtual 478 router." 479 REFERENCE " RFC 5798" 480 ::= { vrrpv3OperationsEntry 3 } 482 vrrpv3OperationsPrimaryIpAddr OBJECT-TYPE 483 SYNTAX InetAddress 484 MAX-ACCESS read-create 485 STATUS current 486 DESCRIPTION 487 "In the case where there is more than one IP 488 Address (associated IP addresses) for a given 489 `ifIndex', this object is used to specify the IP 490 address that will become the 491 vrrpv3OperationsMasterIpAddr', should the virtual 492 router transition from backup state to master." 493 ::= { vrrpv3OperationsEntry 4 } 495 vrrpv3OperationsVirtualMacAddr OBJECT-TYPE 496 SYNTAX MacAddress 497 MAX-ACCESS read-only 498 STATUS current 499 DESCRIPTION 500 "The virtual MAC address of the virtual router. 501 Although this object can be derived from the 502 'vrrpv3OperationsVrId' object, it is defined so that it 503 is easily obtainable by a management application and 504 can be included in VRRP-related SNMP notifications." 505 ::= { vrrpv3OperationsEntry 5 } 507 vrrpv3OperationsStatus OBJECT-TYPE 508 SYNTAX INTEGER { 509 initialize(1), 510 backup(2), 511 master(3) 512 } 513 MAX-ACCESS read-only 514 STATUS current 516 DESCRIPTION 517 "The current state of the virtual router. This object 518 has three defined values: 520 - `initialize', which indicates that the 521 virtual router is waiting for a startup event. 523 - `backup', which indicates the virtual router is 524 monitoring the availability of the master router. 526 - `master', which indicates that the virtual router 527 is forwarding packets for IP addresses that are 528 associated with this router." 529 REFERENCE " RFC 5798" 530 ::= { vrrpv3OperationsEntry 6 } 532 vrrpv3OperationsPriority OBJECT-TYPE 533 SYNTAX Unsigned32 (0..255) 534 MAX-ACCESS read-create 535 STATUS current 536 DESCRIPTION 537 "This object specifies the priority to be used for the 538 virtual router master election process. Higher values 539 imply higher priority. 541 A priority of '0', although not settable, is sent by 542 the master router to indicate that this router has 543 ceased to participate in VRRP and a backup virtual 544 router should transition to become a new master. 546 A priority of 255 is used for the router that owns the 547 associated IP address(es) for VRRP over IPv4 and hence 548 not settable. 550 A 'badValue(3)' should be returned when a user tries to 551 set 0 or 255 for this object. " 552 REFERENCE " RFC 5798 section 6.1" 553 DEFVAL { 100 } 554 ::= { vrrpv3OperationsEntry 7 } 556 vrrpv3OperationsAddrCount OBJECT-TYPE 557 SYNTAX Integer32 (0..255) 558 MAX-ACCESS read-only 559 STATUS current 560 DESCRIPTION 561 "The number of IP addresses that are associated with 562 this virtual router. This number is equal to the 563 number of rows in the vrrpv3AssociatedAddrTable that 564 correspond to a given ifIndex/VRID/IP version." 565 REFERENCE "RFC 5798 Section 6.1" 566 ::= { vrrpv3OperationsEntry 8 } 568 vrrpv3OperationsAdvInterval OBJECT-TYPE 569 SYNTAX TimeInterval (1..4095) 570 UNITS "centiseconds" 571 MAX-ACCESS read-create 572 STATUS current 573 DESCRIPTION 574 "The time interval, in centiseconds, between sending 575 advertisement messages. Only the master router sends 576 VRRP advertisements." 577 REFERENCE " RFC 5798 section 6.1" 578 DEFVAL { 100} 579 ::= { vrrpv3OperationsEntry 9 } 581 vrrpv3OperationsPreemptMode OBJECT-TYPE 582 SYNTAX TruthValue 583 MAX-ACCESS read-create 584 STATUS current 585 DESCRIPTION 586 "Controls whether a higher priority virtual router will 587 preempt a lower priority master." 588 REFERENCE " RFC 5798 section 6.1" 589 DEFVAL { true } 590 ::= { vrrpv3OperationsEntry 10 } 592 vrrpv3OperationsAcceptMode OBJECT-TYPE 593 SYNTAX TruthValue 594 MAX-ACCESS read-create 595 STATUS current 596 DESCRIPTION 597 "Controls whether a virtual router in Master state 598 will accept packets addressed to the address owner's 599 IPv6 address as its own if it is not the IPv6 address 600 owner. Default is false(2). 601 This object is not relevant for rows representing VRRP 602 over IPv4 and should be set to false(2)." 603 DEFVAL { false } 604 ::= { vrrpv3OperationsEntry 11 } 606 vrrpv3OperationsUpTime OBJECT-TYPE 607 SYNTAX TimeTicks 608 MAX-ACCESS read-only 609 STATUS current 610 DESCRIPTION 611 "This value represents the amount of time, in 612 TimeTicks (hundredth of a second), since this virtual 613 router (i.e., the ` vrrpv3OperationsStatus') 614 transitioned out of `initialize'." 615 REFERENCE " RFC 5798 section 6.1" 616 ::= { vrrpv3OperationsEntry 12 } 618 vrrpv3OperationsRowStatus OBJECT-TYPE 619 SYNTAX RowStatus 620 MAX-ACCESS read-create 621 STATUS current 622 DESCRIPTION 623 "The RowStatus variable should be used in accordance to 624 installation and removal conventions for conceptual 625 rows. 627 To create a row in this table, a manager sets this 628 object to either createAndGo(4) or createAndWait(5). 629 Until instances of all corresponding columns are 630 appropriately configured, the value of the 631 Corresponding instance of the 632 `vrrpv3OperationsRowStatus' column will be read as 633 notReady(3). 634 In particular, a newly created row cannot be made 635 active(1) until (minimally) the corresponding instance 636 of vrrpv3OperationsInetAddrType, vrrpv3OperationsVrId 637 and vrrpv3OperationsPrimaryIpAddr has been set and 638 there is at least one active row in the 639 `vrrpv3AssociatedIpAddrTable' defining an associated 640 IP address. 642 notInService(2) should be used to administratively 643 bring the row down. 645 A typical order of operation to add a row is: 646 1. Create a row in vrrpv3OperationsTable with 647 createAndWait(5). 648 2. Create one or more corresponding rows in 649 vrrpv3AssociatedIpAddrTable. 650 3. Populate the vrrpv3OperationsEntry. 651 4. set vrrpv3OperationsRowStatus to active(1). 653 A typical order of operation to delete an entry is: 655 1. Set vrrpv3OperationsRowStatus to notInService(2). 656 2. Set the corresponding rows in 657 vrrpv3AssociatedIpAddrTable to destroy(6) to delete the 658 entry. 659 3. set vrrpv3OperationsRowStatus to destroy(6) to 660 delete the entry." 661 ::= { vrrpv3OperationsEntry 13 } 663 -- VRRP Associated Address Table 665 vrrpv3AssociatedIpAddrTable OBJECT-TYPE 666 SYNTAX SEQUENCE OF Vrrpv3AssociatedIpAddrEntry 667 MAX-ACCESS not-accessible 668 STATUS current 669 DESCRIPTION 670 "The table of addresses associated with each virtual 671 router." 672 ::= { vrrpv3Operations 2 } 674 vrrpv3AssociatedIpAddrEntry OBJECT-TYPE 675 SYNTAX Vrrpv3AssociatedIpAddrEntry 676 MAX-ACCESS not-accessible 677 STATUS current 678 DESCRIPTION 679 "An entry in the table contains an IP address that is 680 associated with a virtual router. The number of rows 681 for a given IP version, VrID and ifIndex will equal the 682 number of IP addresses associated (e.g., backed up) by 683 the virtual router (equivalent to 684 'vrrpv3OperationsIpAddrCount'). 686 Rows in the table cannot be modified unless the value 687 of `vrrpv3OperationsStatus' for the corresponding entry 688 in the vrrpv3OperationsTable has transitioned to 689 initialize(1). 691 The information in this table is persistent and when 692 written the entity SHOULD save the change to non- 693 volatile storage." 695 INDEX { ifIndex, vrrpv3OperationsVrId, 696 vrrpv3OperationsInetAddrType, 697 vrrpv3AssociatedIpAddrAddress } 699 ::= { vrrpv3AssociatedIpAddrTable 1 } 701 Vrrpv3AssociatedIpAddrEntry ::= 702 SEQUENCE { 703 vrrpv3AssociatedIpAddrAddress 704 InetAddress, 705 vrrpv3AssociatedIpAddrRowStatus 706 RowStatus 707 } 709 vrrpv3AssociatedIpAddrAddress OBJECT-TYPE 710 SYNTAX InetAddress (SIZE (0|4|16)) 711 MAX-ACCESS not-accessible 712 STATUS current 713 DESCRIPTION 714 "The assigned IP addresses that a virtual router is 715 responsible for backing up. 717 The IP address type is determined by the value of 718 vrrpv3OperationsInetAddrType in the index of this 719 row" 720 REFERENCE " RFC 5798 " 721 ::= { vrrpv3AssociatedIpAddrEntry 1 } 723 vrrpv3AssociatedIpAddrRowStatus OBJECT-TYPE 724 SYNTAX RowStatus 725 MAX-ACCESS read-create 726 STATUS current 727 DESCRIPTION 728 "The row status variable, used according to 729 installation and removal conventions for conceptual 730 rows. To create a row in this table, a manager sets 731 this object to either createAndGo(4) or 732 createAndWait(5). Setting this object to active(1) 733 results in the addition of an associated address for a 734 virtual router. Setting this object to notInService(2) 735 results in administratively bringing down the row. 737 Destroying the entry or setting it to destroy(6) 738 removes the associated address from the virtual router. 739 The use of other values is implementation-dependent. 741 Implementations should not allow deletion of the last 742 row corresponding to an active row in 743 vrrpv3OperationsTable. 745 Refer to description of vrrpv3OperationsRowStatus for a 746 typical row creation and deletion scenarios." 747 ::= { vrrpv3AssociatedIpAddrEntry 2 } 749 -- VRRP Router Statistics 751 vrrpv3RouterChecksumErrors OBJECT-TYPE 752 SYNTAX Counter64 753 MAX-ACCESS read-only 754 STATUS current 755 DESCRIPTION 756 "The total number of VRRP packets received with an 757 invalid VRRP checksum value. 759 Discontinuities in the value of this counter can occur 760 at re-initialization of the management system, and at 761 other times as indicated by the value of 762 vrrpv3GlobalStatisticsDiscontinuityTime." 764 REFERENCE " RFC 5798 Section 5.2.8" 765 ::= { vrrpv3Statistics 1 } 767 vrrpv3RouterVersionErrors OBJECT-TYPE 768 SYNTAX Counter64 769 MAX-ACCESS read-only 770 STATUS current 771 DESCRIPTION 772 "The total number of VRRP packets received with an 773 unknown or unsupported version number. 775 Discontinuities in the value of this counter can occur 776 at re-initialization of the management system, and at 777 other times as indicated by the value of 778 vrrpv3GlobalStatisticsDiscontinuityTime." 780 REFERENCE " RFC 5798 Section 5.2.1" 781 ::= { vrrpv3Statistics 2 } 783 vrrpv3RouterVrIdErrors OBJECT-TYPE 784 SYNTAX Counter64 785 MAX-ACCESS read-only 786 STATUS current 787 DESCRIPTION 788 "The total number of VRRP packets received with a 789 VRID that is not valid for any virtual router on this 790 router. 792 Discontinuities in the value of this counter can occur 793 at re-initialization of the management system, and at 794 other times as indicated by the value of 795 vrrpv3GlobalStatisticsDiscontinuityTime." 797 REFERENCE " RFC 5798 Section 5.2.3" 798 ::= { vrrpv3Statistics 3 } 800 vrrpv3GlobalStatisticsDiscontinuityTime OBJECT-TYPE 801 SYNTAX TimeStamp 802 MAX-ACCESS read-only 803 STATUS current 804 DESCRIPTION 805 "The value of sysUpTime on the most recent occasion at 806 which one of vrrpv3RouterChecksumErrors, 807 vrrpv3RouterVersionErrors and vrrpv3RouterVrIdErrors 808 suffered a discontinuity. 810 If no such discontinuities have occurred since the last 811 re-initialization of the local management subsystem, 812 then this object contains a zero value." 814 ::= { vrrpv3Statistics 4 } 816 -- VRRP Router Statistics Table 818 vrrpv3StatisticsTable OBJECT-TYPE 819 SYNTAX SEQUENCE OF Vrrpv3StatisticsEntry 820 MAX-ACCESS not-accessible 821 STATUS current 822 DESCRIPTION 823 "Table of virtual router statistics." 824 ::= { vrrpv3Statistics 5 } 826 vrrpv3StatisticsEntry OBJECT-TYPE 827 SYNTAX Vrrpv3StatisticsEntry 828 MAX-ACCESS not-accessible 829 STATUS current 830 DESCRIPTION 831 "An entry in the table, containing statistics 832 information about a given virtual router." 833 AUGMENTS { vrrpv3OperationsEntry } 834 ::= { vrrpv3StatisticsTable 1 } 836 Vrrpv3StatisticsEntry ::= 837 SEQUENCE { 838 vrrpv3StatisticsMasterTransitions 839 Counter32, 840 vrrpv3StatisticsNewMasterReason 841 INTEGER, 842 vrrpv3StatisticsRcvdAdvertisements 843 Counter64, 844 vrrpv3StatisticsAdvIntervalErrors 845 Counter64, 846 vrrpv3StatisticsIpTtlErrors 847 Counter64, 848 vrrpv3StatisticsProtoErrReason 849 INTEGER, 851 vrrpv3StatisticsRcvdPriZeroPackets 852 Counter64, 853 vrrpv3StatisticsSentPriZeroPackets 854 Counter64, 855 vrrpv3StatisticsRcvdInvalidTypePackets 856 Counter64, 857 vrrpv3StatisticsAddressListErrors 858 Counter64, 859 vrrpv3StatisticsPacketLengthErrors 860 Counter64, 861 vrrpv3StatisticsRowDiscontinuityTime 862 TimeStamp, 863 vrrpv3StatisticsRefreshRate 864 Unsigned32 865 } 867 vrrpv3StatisticsMasterTransitions OBJECT-TYPE 868 SYNTAX Counter32 869 MAX-ACCESS read-only 870 STATUS current 871 DESCRIPTION 872 "The total number of times that this virtual router's 873 state has transitioned to MASTER. 875 Discontinuities in the value of this counter can occur 876 at re-initialization of the management system, and at 877 other times as indicated by the value of 878 vrrpv3StatisticsRowDiscontinuityTime." 880 ::= { vrrpv3StatisticsEntry 1 } 882 vrrpv3StatisticsNewMasterReason OBJECT-TYPE 883 SYNTAX INTEGER { 884 notMaster (0), 885 priority (1), 886 preempted (2), 887 masterNoResponse (3) 888 } 889 MAX-ACCESS read-only 890 STATUS current 891 DESCRIPTION 892 "This indicates the reason for the virtual router to 893 transition to MASTER state. If the virtual router never 894 transitioned to master state, this SHOULD be set to 895 notmaster(0). Otherwise this indicates the reason this 896 virtual router transitioned to master state the last 897 time. Used by vrrpv3NewMaster notification." 898 ::= { vrrpv3StatisticsEntry 2 } 900 vrrpv3StatisticsRcvdAdvertisements OBJECT-TYPE 901 SYNTAX Counter64 902 MAX-ACCESS read-only 903 STATUS current 904 DESCRIPTION 905 "The total number of VRRP advertisements received by 906 this virtual router. 908 Discontinuities in the value of this counter can occur 909 at re-initialization of the management system, and at 910 other times as indicated by the value of 911 vrrpv3StatisticsRowDiscontinuityTime." 913 ::= { vrrpv3StatisticsEntry 3 } 915 vrrpv3StatisticsAdvIntervalErrors OBJECT-TYPE 916 SYNTAX Counter64 917 MAX-ACCESS read-only 918 STATUS current 919 DESCRIPTION 920 "The total number of VRRP advertisement packets 921 received for which the advertisement interval is 922 different from the vrrpv3OperationsAdvInterval 923 configured on this virtual router. 925 Discontinuities in the value of this counter can occur 926 at re-initialization of the management system, and at 927 other times as indicated by the value of 928 vrrpv3StatisticsRowDiscontinuityTime." 930 ::= { vrrpv3StatisticsEntry 4 } 932 vrrpv3StatisticsIpTtlErrors OBJECT-TYPE 933 SYNTAX Counter64 934 MAX-ACCESS read-only 935 STATUS current 936 DESCRIPTION 937 "The total number of VRRP packets received by the 938 Virtual router with IPv4 TTL (for VRRP over IPv4) or 939 IPv6 Hop Limit (for VRRP over IPv6) not equal to 255. 941 Discontinuities in the value of this counter can occur 942 at re-initialization of the management system, and at 943 other times as indicated by the value of 944 vrrpv3StatisticsRowDiscontinuityTime." 945 REFERENCE "RFC 5798 Section 5.1.1.3" 946 ::= { vrrpv3StatisticsEntry 5 } 948 vrrpv3StatisticsProtoErrReason OBJECT-TYPE 949 SYNTAX INTEGER { 950 noError (0), 951 ipTtlError (1), 952 versionError (2), 953 checksumError (3), 954 vrIdError(4) 955 } 956 MAX-ACCESS read-only 957 STATUS current 958 DESCRIPTION 959 "This indicates the reason for the last protocol error. 960 This SHOULD be set to noError(0) when no protocol 961 errors are encountered. Used by vrrpv3ProtoError 962 notification." 963 ::= { vrrpv3StatisticsEntry 6 } 965 vrrpv3StatisticsRcvdPriZeroPackets OBJECT-TYPE 966 SYNTAX Counter64 967 MAX-ACCESS read-only 968 STATUS current 969 DESCRIPTION 970 "The total number of VRRP packets received by the 971 virtual router with a priority of '0'. 973 Discontinuities in the value of this counter can occur 974 at re-initialization of the management system, and at 975 other times as indicated by the value of 976 vrrpv3StatisticsRowDiscontinuityTime." 977 REFERENCE "RFC 5798 Section 5.2.4" 978 ::= { vrrpv3StatisticsEntry 7 } 980 vrrpv3StatisticsSentPriZeroPackets OBJECT-TYPE 981 SYNTAX Counter64 982 MAX-ACCESS read-only 983 STATUS current 984 DESCRIPTION 985 "The total number of VRRP packets sent by the virtual 986 router with a priority of '0'. 988 Discontinuities in the value of this counter can occur 989 at re-initialization of the management system, and at 990 other times as indicated by the value of 991 vrrpv3StatisticsRowDiscontinuityTime." 992 REFERENCE "RFC 5798 Section 5.3.4" 993 ::= { vrrpv3StatisticsEntry 8 } 995 vrrpv3StatisticsRcvdInvalidTypePackets OBJECT-TYPE 996 SYNTAX Counter64 997 MAX-ACCESS read-only 999 STATUS current 1000 DESCRIPTION 1001 "The number of VRRP packets received by the virtual 1002 router with an invalid value in the 'type' field. 1004 Discontinuities in the value of this counter can occur 1005 at re-initialization of the management system, and at 1006 other times as indicated by the value of 1007 vrrpv3StatisticsRowDiscontinuityTime." 1008 ::= { vrrpv3StatisticsEntry 9 } 1010 vrrpv3StatisticsAddressListErrors OBJECT-TYPE 1011 SYNTAX Counter64 1012 MAX-ACCESS read-only 1013 STATUS current 1014 DESCRIPTION 1015 "The total number of packets received for which the 1016 address list does not match the locally configured list 1017 for the virtual router. 1019 Discontinuities in the value of this counter can occur 1020 at re-initialization of the management system, and at 1021 other times as indicated by the value of 1022 vrrpv3StatisticsRowDiscontinuityTime." 1023 ::= { vrrpv3StatisticsEntry 10 } 1025 vrrpv3StatisticsPacketLengthErrors OBJECT-TYPE 1026 SYNTAX Counter64 1027 MAX-ACCESS read-only 1028 STATUS current 1029 DESCRIPTION 1030 "The total number of packets received with a packet 1031 length less than the length of the VRRP header. 1033 Discontinuities in the value of this counter can occur 1034 at re-initialization of the management system, and at 1035 other times as indicated by the value of 1036 vrrpv3StatisticsRowDiscontinuityTime." 1038 ::= { vrrpv3StatisticsEntry 11 } 1040 vrrpv3StatisticsRowDiscontinuityTime OBJECT-TYPE 1041 SYNTAX TimeStamp 1042 MAX-ACCESS read-only 1043 STATUS current 1044 DESCRIPTION 1045 "The value of sysUpTime on the most recent occasion at 1046 which any one or more of this entry's counters suffered 1047 a discontinuity. 1049 If no such discontinuities have occurred since the last 1050 re-initialization of the local management subsystem, 1051 then this object contains a zero value." 1053 ::= { vrrpv3StatisticsEntry 12 } 1055 vrrpv3StatisticsRefreshRate OBJECT-TYPE 1056 SYNTAX Unsigned32 1057 UNITS "milli-seconds" 1058 MAX-ACCESS read-only 1059 STATUS current 1060 DESCRIPTION 1061 "The minimum reasonable polling interval for this entry. 1062 This object provides an indication of the minimum 1063 Amount of time required to update the counters in this 1064 entry." 1066 ::= { vrrpv3StatisticsEntry 13 } 1068 -- Notification Definitions 1069 -- Notifications may be controlled using SNMP-NOTIFICATION-MIB 1071 vrrpv3NewMaster NOTIFICATION-TYPE 1072 OBJECTS { 1073 vrrpv3OperationsMasterIpAddr, 1074 vrrpv3StatisticsNewMasterReason 1075 } 1076 STATUS current 1077 DESCRIPTION 1078 "The newMaster notification indicates that the sending 1079 agent has transitioned to 'Master' state." 1080 ::= { vrrpv3Notifications 1 } 1082 vrrpv3ProtoError NOTIFICATION-TYPE 1083 OBJECTS { 1084 vrrpv3StatisticsProtoErrReason 1085 } 1086 STATUS current 1087 DESCRIPTION 1088 "The notification indicates that the sending agent has 1089 encountered the protocol error indicated by 1090 vrrpv3StatisticsProtoErrReason." 1091 ::= { vrrpv3Notifications 2 } 1093 -- Conformance Information 1095 vrrpv3Compliances OBJECT IDENTIFIER ::= { vrrpv3Conformance 1 } 1096 vrrpv3Groups OBJECT IDENTIFIER ::= { vrrpv3Conformance 2 } 1098 -- Compliance Statements 1100 vrrpv3FullCompliance MODULE-COMPLIANCE 1101 STATUS current 1102 DESCRIPTION 1103 "The compliance statement" 1104 MODULE -- this module 1105 MANDATORY-GROUPS { 1106 vrrpv3OperationsGroup, 1107 vrrpv3StatisticsGroup, 1108 vrrpv3InfoGroup, 1109 vrrpv3NotificationsGroup 1110 } 1111 OBJECT vrrpv3OperationsPriority 1112 WRITE-SYNTAX Unsigned32 (1..254) 1113 DESCRIPTION "Setable values are from 1 to 254." 1114 ::= { vrrpv3Compliances 1 } 1116 vrrpv3ReadOnlyCompliance MODULE-COMPLIANCE 1117 STATUS current 1118 DESCRIPTION 1119 "When this MIB module is implemented without support for 1120 read-create (i.e. in read-only mode), then such an 1121 implementation can claim read-only compliance. Such a 1122 device can then be monitored but can not be configured 1123 with this MIB." 1125 MODULE -- this module 1126 MANDATORY-GROUPS { 1127 vrrpv3OperationsGroup, 1128 vrrpv3StatisticsGroup, 1129 vrrpv3StatisticsDiscontinuityGroup, 1130 vrrpv3InfoGroup, 1131 vrrpv3NotificationsGroup 1132 } 1134 OBJECT vrrpv3OperationsPriority 1135 MIN-ACCESS read-only 1136 DESCRIPTION "Write access is not required." 1138 OBJECT vrrpv3OperationsPrimaryIpAddr 1139 MIN-ACCESS read-only 1140 DESCRIPTION "Write access is not required." 1142 OBJECT vrrpv3OperationsAdvInterval 1143 MIN-ACCESS read-only 1144 DESCRIPTION "Write access is not required." 1146 OBJECT vrrpv3OperationsPreemptMode 1147 MIN-ACCESS read-only 1148 DESCRIPTION "Write access is not required." 1150 OBJECT vrrpv3OperationsAcceptMode 1151 MIN-ACCESS read-only 1152 DESCRIPTION "Write access is not required." 1154 OBJECT vrrpv3OperationsRowStatus 1155 MIN-ACCESS read-only 1156 DESCRIPTION "Write access is not required." 1158 OBJECT vrrpv3AssociatedIpAddrRowStatus 1159 MIN-ACCESS read-only 1160 DESCRIPTION "Write access is not required." 1162 ::= { vrrpv3Compliances 2 } 1164 -- Conformance Groups 1166 vrrpv3OperationsGroup OBJECT-GROUP 1167 OBJECTS { 1168 vrrpv3OperationsVirtualMacAddr, 1169 vrrpv3OperationsStatus, 1170 vrrpv3OperationsPriority, 1171 vrrpv3OperationsMasterIpAddr, 1172 vrrpv3OperationsAdvInterval, 1173 vrrpv3OperationsPreemptMode, 1174 vrrpv3OperationsAcceptMode, 1175 vrrpv3OperationsUpTime, 1176 vrrpv3OperationsRowStatus, 1177 vrrpv3OperationsAddrCount, 1178 vrrpv3OperationsPrimaryIpAddr, 1179 vrrpv3AssociatedIpAddrRowStatus 1180 } 1181 STATUS current 1182 DESCRIPTION 1183 "Conformance group for VRRPv3 operations." 1184 ::= { vrrpv3Groups 1 } 1186 vrrpv3StatisticsGroup OBJECT-GROUP 1187 OBJECTS { 1188 vrrpv3RouterChecksumErrors, 1189 vrrpv3RouterVersionErrors, 1190 vrrpv3RouterVrIdErrors, 1191 vrrpv3StatisticsMasterTransitions, 1192 vrrpv3StatisticsNewMasterReason, 1193 vrrpv3StatisticsRcvdAdvertisements, 1194 vrrpv3StatisticsAdvIntervalErrors, 1195 vrrpv3StatisticsRcvdPriZeroPackets, 1196 vrrpv3StatisticsSentPriZeroPackets, 1197 vrrpv3StatisticsRcvdInvalidTypePackets, 1198 vrrpv3StatisticsIpTtlErrors, 1199 vrrpv3StatisticsProtoErrReason, 1200 vrrpv3StatisticsAddressListErrors, 1201 vrrpv3StatisticsPacketLengthErrors, 1202 vrrpv3StatisticsRowDiscontinuityTime, 1203 vrrpv3StatisticsRefreshRate 1204 } 1205 STATUS current 1206 DESCRIPTION 1207 "Conformance group for VRRPv3 statistics." 1208 ::= { vrrpv3Groups 2 } 1210 vrrpv3StatisticsDiscontinuityGroup OBJECT-GROUP 1211 OBJECTS { 1212 vrrpv3GlobalStatisticsDiscontinuityTime 1213 } 1214 STATUS current 1215 DESCRIPTION 1216 "Objects providing information statistics counter 1217 discontinuities." 1218 ::= { vrrpv3Groups 3 } 1220 vrrpv3InfoGroup OBJECT-GROUP 1221 OBJECTS { 1222 vrrpv3StatisticsProtoErrReason, 1223 vrrpv3StatisticsNewMasterReason 1224 } 1225 STATUS current 1226 DESCRIPTION 1227 "Conformance group for objects contained in VRRPv3 1228 notifications." 1229 ::= { vrrpv3Groups 4 } 1231 vrrpv3NotificationsGroup NOTIFICATION-GROUP 1232 NOTIFICATIONS { 1233 vrrpv3NewMaster, 1234 vrrpv3ProtoError 1235 } 1236 STATUS current 1237 DESCRIPTION 1238 "The VRRP MIB Notification Group." 1239 ::= { vrrpv3Groups 5 } 1241 END 1243 11. Security Considerations 1245 There are a number of management objects defined in this MIB module 1246 with a MAX-ACCESS clause of read-write and/or read-create. Such 1247 objects may be considered sensitive or vulnerable in some network 1248 environments. The support for SET operations in a non-secure 1249 environment without proper protection can have a negative effect on 1250 network operations. These are the tables and objects and their 1251 sensitivity/vulnerability: 1253 The objects vrrpv3OperationsPriority, vrrpv3OperationsPrimaryIpAddr, 1254 vrrpv3OperationsAdvInterval, vrrpv3OperationsPreemptMode, 1255 vrrpv3OperationsAcceptMode, vrrpv3OperationsRowStatus and 1256 vrrpv3AssociatedIpAddrRowStatus possess the read-create attribute. 1257 Manipulation of these objects is capable of affecting the operation 1258 of a virtual router. 1260 Specific examples of this include, but are not limited to: 1262 o The vrrpv3OperationsRowStatus object which could be used to disable 1263 a virtual router. While there are other columns that, if changed, 1264 could disrupt operations, they can not be changed without first 1265 changing the RowStatus object. 1267 SNMP versions prior to SNMPv3 did not include adequate security. 1268 Even if the network itself is secure (for example by using IPSec), 1269 even then, there is no control as to who on the secure network is 1270 allowed to access and GET/SET (read/change/create/delete) the 1271 objects in this MIB module. 1273 It is RECOMMENDED that implementers consider the security features 1274 as provided by the SNMPv3 framework (see [RFC3410], section 8), 1275 including full support for the SNMPv3 cryptographic mechanisms (for 1276 authentication and privacy). 1278 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1279 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1280 enable cryptographic security. It is then a customer/operator 1281 responsibility to ensure that the SNMP entity giving access to an 1282 instance of this MIB module is properly configured to give access to 1283 the objects only to those principals (users) that have legitimate 1284 rights to indeed GET or SET (change/create/delete) them. 1286 12. IANA Considerations 1288 The MIB module in this document uses the following IANA-assigned 1289 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1291 Descriptor OBJECT IDENTIFIER value 1292 ---------- ----------------------- 1294 vrrpv3MIB { mib-2 ZZZ } 1296 [Editor's Note (to be removed prior to publication): The IANA is 1297 requested to assign a value for "ZZZ" under the 'mib-2' subtree 1298 and to record the assignment in the SMI Numbers registry. When 1299 the assignment has been made, the RFC Editor is asked to replace 1300 "ZZZ" (here and in the MIB module) with the assigned value. 1302 This document obsoletes RFC 2787 and the IANA is requested to 1303 deprecate the value 68 under 'mib-2' assigned to VRRP-MIB.] 1305 13. Normative References 1307 [RFC2119] Bradner S., "Key words for use in RFCs to Indicate 1308 Requirement Levels", RFC 2119, March 1997. 1309 [RFC2578] McCloghrie, K., D. Perkins, J. Schoenwaelder, J. Case, M. 1310 Rose, S. Waldbusser, "Structure of Management Information 1311 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1312 [RFC2579] McCloghrie, K., D. Perkins, J. Schoenwaelder, J. Case, M. 1313 Rose, S. Waldbusser, "Textual Conventions for SMIv2", STD 1314 58, RFC 2579, April 1999. 1315 [RFC2580] McCloghrie, K., D. Perkins, J. Schoenwaelder, J. Case, M. 1316 Rose, S. Waldbusser, "Conformance Statements for SMIv2", 1317 STD 58, RFC 2580, April 1999. 1318 [RFC5798] S. Nadas, Ed., "Virtual Router Redundancy Protocol 1319 Version 3 for IPv4 and IPv6 ", RFC 5798, Mar 2010. 1320 [RFC2787] Jewell, B., D. Chuang, "Definitions of Managed Objects for 1321 the Virtual Router Redundancy Protocol", RFC 2787, March 1322 2000. 1323 [RFC2863] McCloghrie, K., Kastenholz, F., "The Interfaces Group 1324 MIB" RFC2863, June 2000. 1325 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1326 Schoenwaelder, "Textual Conventions for Internet 1327 Network Addresses", RFC 4001, February 2005. 1329 [RFC3413] Levi, D., Meyer, P., Stewart, B., "SNMP Applications", 1330 RFC 3413, December 2002. 1332 14. Informative References 1334 [RFC3410] Case, J., R. Mundy, D. Partain, B. Stewart, "Introduction 1335 and Applicability Statements for Internet-Standard 1336 Management Framework", RFC 3410, December 2002. 1337 [RFC2338] S.Knight, D.Weaver, D.Whipple, R.Hinden, D.Mitzel, P.Hunt, 1338 P.Higginson, M.Shand, A.Lindem, "Virtual Router Redundancy 1339 Protocol", RFC 2338, April 1998. 1341 15. Acknowledgments 1343 Kripakaran Karlekar and Brain Jewell helped in design and initial 1344 drafts of this specification. This specification is based on RFC 1345 2787. The authors of RFC2787 are Brian Jewell and David Chuang. The 1346 author would also like to thank Bert Wijnen, Dave Thaler, Joan 1347 Cucchiara, Mukesh Gupta, Steve Bates, Adrian Farrel, Ben Campbell and 1348 Joel M. Halpern for taking time to review the document and provide 1349 valuable guidance. 1351 16. Author's Address 1353 Srinivas Kalyan Tata 1354 Check Point Software 1355 800 Bridge Parkway 1356 Redwood City, CA 94065 1357 Phone: +1-408-505-0542 1358 EMail: tata_kalyan@yahoo.com