idnits 2.17.1 draft-ietf-l3vpn-mpls-vpn-mib-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 19. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1962. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1805. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1812. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1818. ** The document seems to lack an RFC 3978 Section 5.4 (updated by RFC 4748) Copyright Line. ** The document seems to lack an RFC 3978 Section 5.4 Reference to BCP 78. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 5 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: mplsL3VpnIfConfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This variable is used to create, modify, and/or delete a row in this table. Rows in this table signify that the specified interface is associated with this VRF. If the row creation operation succeeds, the interface will have been associated with the specified VRF, otherwise the agent MUST not allow the association. If the agent only allows read-only operations on this table, it MUST create entries in this table as they are created on the device. When a row in this table is in active(1) state, no objects in that row can be modified except mplsL3VpnIfConfStorageType and mplsL3VpnIfConfRowStatus." ::= { mplsL3VpnIfConfEntry 5 } -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 2005) is 6949 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2096' is defined on line 1859, but no explicit reference was found in the text == Unused Reference: 'VPNTCMIB' is defined on line 1862, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2547 (Obsoleted by RFC 4364) ** Obsolete normative reference: RFC 2096 (Obsoleted by RFC 4292) -- Possible downref: Non-RFC (?) normative reference: ref. 'VPNTCMIB' -- Possible downref: Non-RFC (?) normative reference: ref. 'RTPROTO' -- Obsolete informational reference (is this intentional?): RFC 2434 (Obsoleted by RFC 5226) Summary: 8 errors (**), 0 flaws (~~), 5 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IETF Internet Draft Thomas D. Nadeau 2 Expires: October 2005 Cisco Systems, Inc. 3 Document: draft-ietf-l3vpn-mpls-vpn-mib-07.txt 4 Harmen Van Der Linde 5 AT&T 6 Editors 8 April 2005 10 MPLS/BGP Layer 3 Virtual Private Network 11 Management Information Base 13 Status of this Memo 15 By submitting this Internet-Draft, each author represents that 16 any applicable patent or other IPR claims of which he or she is 17 aware have been or will be disclosed, and any of which he or she 18 becomes aware will be disclosed, in accordance with Section 6 of 19 BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF), its areas, and its working groups. Note that other 23 groups may also distribute working documents as Internet-Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/1id-abstracts.html 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 Abstract 38 This memo defines an portion of the Management 39 Information Base (MIB) for use with network management protocols 40 in the Internet community. In particular, it describes managed 41 objects to configure and/or monitor Multi-protocol Label 42 Switching Layer-3 Virtual Private Networks on a 43 Multi-Protocol Label Switching (MPLS) Label Switching Router 44 (LSR) supporting this feature. 46 Contents 47 1. Abstract..........................................................2 48 2. Introduction......................................................2 49 3. Terminology.......................................................3 50 4. The Internet-Standard Management Framework........................3 51 5. Assumptions and Prerequisites.....................................3 52 6. Brief Description of MIB Objects..................................4 53 6. mplsL3VpnVrfTable................................................4 54 6. mplsL3VpnIfConfTable.............................................4 55 6. mplsL3VpnVrfPerfTable............................................5 56 6. mplsL3VpnVrfRouteTable...........................................5 57 6. mplsVpnVrfRTTable................................................5 58 7. Example of MPLS L3VPN Setup.......................................5 59 8. MPLS-L3VPN-MIB Module Definition..................................6 60 9. Acknowledgements.................................................37 61 10. Intellectual Property Statement.................................37 62 11. References......................................................37 63 11.1 Normative References............................................37 64 11.2 Informative References..........................................37 65 12. Editors' Addresses..............................................40 66 13. Contributors' Addresses.........................................40 67 14. Dedication......................................................41 68 15. Full Copyright Statement........................................41 69 16. Security Considerations.........................................41 70 17. Intellectual Property Statement.................................41 71 18. IANA Considerations.............................................41 72 18.1 IANA Considerations for MPLS-L3VPN-MIB..........................41 74 2. Introduction 76 This memo defines an portion of the Management 77 Information Base (MIB) for use with network management protocols 78 in the Internet community. In particular, it describes managed 79 objects to configure and/or monitor Multi-protocol Label 80 Switching Layer-3 Virtual Private Networks on a 81 Multi-Protocol Label Switching (MPLS) Label Switching Router 82 (LSR) supporting this feature. 84 This document adopts the definitions, acronyms and mechanisms 85 described in [RFC2547bis]. Unless otherwise stated, the mechanisms of 86 [RFC2547bis] apply and will not be re-described here. 88 Comments should be made directly to the MPLS mailing list at 89 mpls@uu.net and the Layer-3 VPN (L3VPN) WG at l3vpn@ietf.org. 91 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 92 NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 93 "OPTIONAL" in this document are to be interpreted as described in 94 [RFC2119]. 96 3. Terminology 98 This document uses terminology from the document describing the MPLS 99 architecture [RFC3031] and from the document describing MPLS Layer-3 100 VPNs (L3VPN) [RFC2547bis], as well as the MPLS architecture 101 [RFC3031]. 103 Throughout this document, the use of the terms "Provider Edge (PE) 104 and Customer Edge (CE) or PE/CE" will be replaced by PE in all cases 105 except when a network device is a CE when used in the carrier of 106 carriers model. 108 4. The Internet-Standard Management Framework 110 For a detailed overview of the documents that describe the current 111 Internet-Standard Management Framework, please refer to section 7 of 112 RFC 3410 [RFC3410]. 114 Managed objects are accessed via a virtual information store, termed 115 the Management Information Base or MIB. MIB objects are generally 116 accessed through the Simple Network Management Protocol (SNMP). 117 Objects in the MIB are defined using the mechanisms defined in the 118 Structure of Management Information (SMI). This memo specifies a MIB 119 module that is compliant to the SMIv2, which is described in STD 58, 120 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 121 [RFC2580]. 123 5. Assumptions and Prerequisites 125 It is assumed that certain things are configured and operational in 126 order for the tables and objects described in this MIB to function 127 correctly. These things are outlined below: 129 - MPLS in general, must be configured and operational. 131 - LDP paths or traffic engineered tunnels [RFC3812] should be 132 configured between PEs and CEs. 134 6. Brief Description of MIB Objects 136 The following subsections describe the purpose of each of the objects 137 contained in the MPLS-L3VPN-STD-MIB. 139 6.1 mplsL3VpnVrfTable 141 This table represents the MPLS L3VPNs that are configured. 142 A Network Management System (NMS) or SNMP agent creates an 143 entry in this table for every MPLS L3VPN configured on 144 the LSR being examined. The VRF that is configured at 145 a particular device represents an instance of some VPN, but 146 not the entire VPN (unless it is the only VRF, of course). 147 The collective set of VRF instances comprises the actual 148 VPN. This information is typically only known in its entirety 149 at the NMS. That is, specific devices generally only know 150 of their local VRF information, but not that of other LSRs' 151 VRFs. 153 6.2 mplsL3VpnIfConfTable 155 This table represents the MPLS L3VPN-enabled interfaces 156 that are associated with a specific VRF as represented in 157 the aforementioned mplsL3VpnVrfTable. Each entry in this table 158 corresponds to an entry in the Interfaces MIB. In addition, 159 each entry extends its corresponding entry in the Interface 160 MIB to contain specific MPLS L3VPN information. Due to this 161 correspondence, certain objects such as traffic counters 162 are not found in this MIB to avoid overlap, but instead 163 are found in the Interfaces MIB [RFC2863]. 165 6.3 mplsL3VpnVrfPerfTable 167 This table contains objects to measure the performance of 168 MPLS L3VPNs and augments the mplsL3VpnVrfTable. High 169 capacity counters are provided for objects that are likely 170 to wrap around quickly on objects such as high-speed interface 171 counters. 173 6.4 mplsL3VpnVrfRouteTable 175 The table contains the objects necessary to configure and monitor 176 routes used by a particular VRF. This includes a cross-connect 177 pointer into the MPLS-LSR-STD-MIB's mplsXCTable, which may be 178 used to refer that entry to its label stack used to label 179 switch that entry. 181 6.5 MplsVpnVrfRTTable 183 The table contains the objects necessary to configure and monitor 184 route targets for a particular VRF. 186 7. Example of MPLS L3VPN Setup 188 In this section, we provide a brief example of using the MIB 189 objects described in the following section. While this example 190 is not meant to illustrate every nuance of the MIB, it is intended 191 as an aid to understanding some of the key concepts. It is our 192 intent that it is read only after the reader has gone through 193 the MIB itself. 195 This configuration is under the assumption that 1) MPLS has been 196 pre-configured in the network, through enabling LDP or RSVP-TE. 197 2) OSPF or ISIS has been pre-configured. 3) BGP sessions have been 198 established between PEs. 200 Defining the VRF, the route target and route distinguisher: 202 In mplsL3VpnVrfTable: 203 { 204 mplsL3VpnVrfName = "RED", 205 mplsL3VpnVrfDescription = "Intranet of Company ABC", 206 mplsL3VpnVrfRD = "100:1", -- octet string 207 mplsL3VpnVrfRowStatus = createAndGo(4) 208 } 210 In mplsL3VpnVrfRouteTable: 211 { 212 mplsL3VpnVrfRTRowStatus."Red"."100:1".import = createAndGo, 213 mplsL3VpnVrfRTRowStatus."Red"."100:1".export = createAndGo 214 } 216 8. MPLS-L3VPN-STD-MIB Module Definition 218 MPLS-L3VPN-STD-MIB DEFINITIONS ::= BEGIN 219 IMPORTS 220 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 221 Integer32, Counter32, Unsigned32, Gauge32 222 FROM SNMPv2-SMI -- [RFC2578] 223 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 224 FROM SNMPv2-CONF -- [RFC2580] 225 TEXTUAL-CONVENTION, TruthValue, RowStatus, 226 TimeStamp, StorageType 227 FROM SNMPv2-TC -- [RFC2579] 228 InterfaceIndex, InterfaceIndexOrZero 229 FROM IF-MIB -- [RFC2863] 230 VPNIdOrZero 231 FROM VPN-TC-STD-MIB 232 SnmpAdminString 233 FROM SNMP-FRAMEWORK-MIB -- [RFC3411] 234 IANAipRouteProtocol 235 FROM IANA-RTPROTO-MIB -- [RTPROTO] 236 InetAddress, InetAddressType, 237 InetAddressPrefixLength, 238 InetAutonomousSystemNumber 239 FROM INET-ADDRESS-MIB -- [RFC4001] 240 mplsStdMIB 241 FROM MPLS-TC-STD-MIB -- [RFC3811] 242 MplsIndexType 243 FROM MPLS-LSR-STD-MIB -- [RFC3813] 245 ; 247 mplsL3VpnMIB MODULE-IDENTITY 248 LAST-UPDATED "200504011200Z" -- 01 April 2005 12:00:00 GMT 249 ORGANIZATION "IETF Layer-3 Virtual Private 250 Networks Working Group." 251 CONTACT-INFO 252 " Thomas D. Nadeau 253 tnadeau@cisco.com 255 Harmen van der Linde 256 hvdl@att.com 258 Comments and discussion to l3vpn@ietf.org" 259 DESCRIPTION 260 "This MIB contains managed object definitions for the 261 Layer-3 Multiprotocol Label Switching Virtual 262 Private Networks. 264 Copyright (C) The Internet Society (2005). This 265 version of this MIB module is part of RFCXXX; see 266 the RFC itself for full legal notices." 267 -- Revision history. 268 REVISION 269 "200504011200Z" -- 01 April 2005 12:00:00 GMT 270 DESCRIPTION 271 "Initial version. Published as RFC xxxx." -- RFC-editor pls fill in xxx 272 ::= { mplsStdMIB 9999 } -- assigned by IANA, see section 18.1 for details 274 -- Textual Conventions. 275 MplsL3VpnName ::= TEXTUAL-CONVENTION 276 STATUS current 277 DESCRIPTION 278 "An identifier that is assigned to each MPLS/BGP VPN and 279 is used to uniquely identify it. This is assigned by the 280 system operator or NMS and SHOULD be unique throughout 281 the MPLS domain. If this is the case, then this identifier 282 can then be used at any LSR within a specific MPLS domain 283 to identify this MPLS/BGP VPN. It may also be possible to 284 preserve the uniqueness of this identifier across MPLS 285 domain boundaries, in which case this identifier can then 286 be used to uniquely identify MPLS/BGP VPNs on a more global 287 basis. This object MAY be set to the VPN ID as defined in 288 RFC 2685." 289 REFERENCE 290 "RFC 2685 Fox B., et al, 'Virtual Private 291 Networks Identifier', September 1999." 292 SYNTAX OCTET STRING (SIZE (0..31)) 294 MplsL3VpnRouteDistinguisher ::= TEXTUAL-CONVENTION 295 STATUS current 296 DESCRIPTION 297 "Syntax for a route distinguisher and route target 298 as defined in [RFC2547bis]." 299 REFERENCE 300 "[RFC2547bis]" 301 SYNTAX OCTET STRING(SIZE (0..256)) 303 MplsL3VpnRtType ::= TEXTUAL-CONVENTION 304 STATUS current 305 DESCRIPTION 306 "Used to define the type of a route target usage. 307 Route targets can be specified to be imported, 308 exported or both. For a complete definition of a 309 route target see [RFC2547bis]." 310 REFERENCE 311 "[RFC2547bis]" 312 SYNTAX INTEGER { import(1), export(2), both(3) } 314 -- Top level components of this MIB. 315 mplsL3VpnNotifications OBJECT IDENTIFIER ::= { mplsL3VpnMIB 0 } 316 mplsL3VpnObjects OBJECT IDENTIFIER ::= { mplsL3VpnMIB 1 } 317 mplsL3VpnScalars OBJECT IDENTIFIER ::= { mplsL3VpnObjects 1 } 318 mplsL3VpnConf OBJECT IDENTIFIER ::= { mplsL3VpnObjects 2 } 319 mplsL3VpnPerf OBJECT IDENTIFIER ::= { mplsL3VpnObjects 3 } 320 mplsL3VpnRoute OBJECT IDENTIFIER ::= { mplsL3VpnObjects 4 } 321 mplsL3VpnConformance OBJECT IDENTIFIER ::= { mplsL3VpnMIB 2 } 323 -- 324 -- Scalar Objects 325 -- 327 mplsL3VpnConfiguredVrfs OBJECT-TYPE 328 SYNTAX Unsigned32 329 MAX-ACCESS read-only 330 STATUS current 331 DESCRIPTION 332 "The number of VRFs which are configured on this node." 333 ::= { mplsL3VpnScalars 1 } 335 mplsL3VpnActiveVrfs OBJECT-TYPE 336 SYNTAX Gauge32 337 MAX-ACCESS read-only 338 STATUS current 339 DESCRIPTION 340 "The number of VRFs which are active on this node. 341 That is, those VRFs whose corresponding mplsL3VpnVrfOperStatus 342 object value is equal to operational (1)." 344 ::= { mplsL3VpnScalars 2 } 346 mplsL3VpnConnectedInterfaces OBJECT-TYPE 347 SYNTAX Gauge32 348 MAX-ACCESS read-only 349 STATUS current 350 DESCRIPTION 351 "Total number of interfaces connected to a VRF." 352 ::= { mplsL3VpnScalars 3 } 354 mplsL3VpnNotificationEnable OBJECT-TYPE 355 SYNTAX TruthValue 356 MAX-ACCESS read-write 357 STATUS current 358 DESCRIPTION 359 "If this object is true, then it enables the 360 generation of all notifications defined in 361 this MIB. This object's value should be 362 preserved across agent re-boots." 363 REFERENCE 364 "See also [RFC3413] for explanation that 365 notifications are under the ultimate control of the 366 MIB modules in this document." 367 DEFVAL { false } 368 ::= { mplsL3VpnScalars 4 } 370 mplsL3VpnVrfConfMaxPossRts OBJECT-TYPE 371 SYNTAX Unsigned32 372 MAX-ACCESS read-only 373 STATUS current 374 DESCRIPTION 375 "Denotes maximum number of routes which the device 376 will allow all VRFs jointly to hold. If this value is 377 set to 0, this indicates that the device is 378 unable to determine the absolute maximum. In this 379 case, the configured maximum MAY not actually 380 be allowed by the device." 381 ::= { mplsL3VpnScalars 5 } 383 mplsL3VpnVrfConfRteMxThrshTime OBJECT-TYPE 384 SYNTAX Unsigned32 385 UNITS "seconds" 386 MAX-ACCESS read-only 387 STATUS current 388 DESCRIPTION 389 "Denotes the interval in seconds, at which the route max threshold 390 notification may be re-issued after the maximum value has been 391 exceeded (or has been reached if mplsL3VpnVrfConfMaxRoutes and 392 mplsL3VpnVrfConfHighRteThresh are equal) and the initial 393 notification has been issued. This value is intended to prevent 394 continuous generation of notifications by an agent in the event 395 that routes are continually added to a VRF after it has reached 396 its maximum value. If this value is set to 0, the agent should 397 only issue a single notification at the time that the maxium 398 threshold has been reached, and should not issue any more 399 notifications until the value of routes has fallen below the 400 configured threshold value. This is the recommended default 401 behavior." 402 DEFVAL { 0 } 403 ::= { mplsL3VpnScalars 6 } 405 mplsL3VpnIllLblRcvThrsh OBJECT-TYPE 406 SYNTAX Unsigned32 407 MAX-ACCESS read-write 408 STATUS current 409 DESCRIPTION 410 "The number of illegally received labels above which 411 the mplsNumVrfSecIllglLblThrshExcd notification 412 is issued. The persistence of this value mimics 413 that of the device's configuration." 414 ::= { mplsL3VpnScalars 7 } 416 -- VPN Interface Configuration Table 418 mplsL3VpnIfConfTable OBJECT-TYPE 419 SYNTAX SEQUENCE OF MplsL3VpnIfConfEntry 420 MAX-ACCESS not-accessible 421 STATUS current 422 DESCRIPTION 423 "This table specifies per-interface MPLS capability 424 and associated information." 425 ::= { mplsL3VpnConf 1 } 427 mplsL3VpnIfConfEntry OBJECT-TYPE 428 SYNTAX MplsL3VpnIfConfEntry 429 MAX-ACCESS not-accessible 430 STATUS current 431 DESCRIPTION 432 "An entry in this table is created by an LSR for 433 every interface capable of supporting MPLS L3VPN. 434 Each entry in this table is meant to correspond to 435 an entry in the Interfaces Table." 436 INDEX { mplsL3VpnVrfName, mplsL3VpnIfConfIndex } 437 ::= { mplsL3VpnIfConfTable 1 } 439 MplsL3VpnIfConfEntry ::= SEQUENCE { 440 mplsL3VpnIfConfIndex InterfaceIndex, 441 mplsL3VpnIfVpnClassification INTEGER, 442 mplsL3VpnIfVpnRouteDistProtocol BITS, 443 mplsL3VpnIfConfStorageType StorageType, 444 mplsL3VpnIfConfRowStatus RowStatus 445 } 447 mplsL3VpnIfConfIndex OBJECT-TYPE 448 SYNTAX InterfaceIndex 449 MAX-ACCESS not-accessible 450 STATUS current 451 DESCRIPTION 452 "This is a unique index for an entry in the 453 mplsL3VpnIfConfTable. A non-zero index for an 454 entry indicates the ifIndex for the corresponding 455 interface entry in the MPLS-VPN-layer in the ifTable. 456 Note that this table does not necessarily correspond 457 one-to-one with all entries in the Interface MIB 458 having an ifType of MPLS-layer; rather, only those 459 which are enabled for MPLS L3VPN functionality." 460 REFERENCE 461 "RFC2863" 462 ::= { mplsL3VpnIfConfEntry 1 } 464 mplsL3VpnIfVpnClassification OBJECT-TYPE 465 SYNTAX INTEGER { carrierOfCarrier (1), 466 enterprise (2), 467 interProvider (3) 468 } 469 MAX-ACCESS read-create 470 STATUS current 471 DESCRIPTION 472 "Denotes whether this link participates in a 473 carrier-of-carrier's, enterprise, or inter-provider 474 scenario." 475 DEFVAL { enterprise } 476 ::= { mplsL3VpnIfConfEntry 2 } 478 mplsL3VpnIfVpnRouteDistProtocol OBJECT-TYPE 479 SYNTAX BITS { none (0), 480 bgp (1), 481 ospf (2), 482 rip(3), 483 isis(4), 484 static(5), 485 other (6) 486 } 487 MAX-ACCESS read-create 488 STATUS current 489 DESCRIPTION 490 "Denotes the route distribution protocol across the 491 PE-CE link. Note that more than one routing protocol 492 may be enabled at the same time, thus this object is 493 specified as a bitmask. For example, static(5) and 494 ospf(2) are a typical configuration." 495 ::= { mplsL3VpnIfConfEntry 3 } 497 mplsL3VpnIfConfStorageType OBJECT-TYPE 498 SYNTAX StorageType 499 MAX-ACCESS read-create 500 STATUS current 501 DESCRIPTION "The storage type for this VPN If entry. 502 Conceptual rows having the value 'permanent' 503 need not allow write-access to any columnar 504 objects in the row." 505 REFERENCE 506 "See RFC2579." 507 DEFVAL { volatile } 508 ::= { mplsL3VpnIfConfEntry 4 } 510 mplsL3VpnIfConfRowStatus OBJECT-TYPE 511 SYNTAX RowStatus 512 MAX-ACCESS read-create 513 STATUS current 514 DESCRIPTION 515 "This variable is used to create, modify, and/or 516 delete a row in this table. Rows in this 517 table signify that the specified interface is 518 associated with this VRF. If the row creation 519 operation succeeds, the interface will have been 520 associated with the specified VRF, otherwise the 521 agent MUST not allow the association. If the agent 522 only allows read-only operations on this table, it 523 MUST create entries in this table as they are created 524 on the device. When a row in this 525 table is in active(1) state, no objects in that row 526 can be modified except mplsL3VpnIfConfStorageType and 527 mplsL3VpnIfConfRowStatus." 528 ::= { mplsL3VpnIfConfEntry 5 } 530 -- VRF Configuration Table 531 mplsL3VpnVrfTable OBJECT-TYPE 532 SYNTAX SEQUENCE OF MplsL3VpnVrfEntry 533 MAX-ACCESS not-accessible 534 STATUS current 535 DESCRIPTION 536 "This table specifies per-interface MPLS L3VPN 537 VRF Table capability and associated information. 538 Entries in this table define VRF routing instances 539 associated with MPLS/VPN interfaces. Note that 540 multiple interfaces can belong to the same VRF 541 instance. The collection of all VRF instances 542 comprises an actual VPN." 543 ::= { mplsL3VpnConf 2 } 545 mplsL3VpnVrfEntry OBJECT-TYPE 546 SYNTAX MplsL3VpnVrfEntry 547 MAX-ACCESS not-accessible 548 STATUS current 549 DESCRIPTION 550 "An entry in this table is created by an LSR for 551 every VRF capable of supporting MPLS L3VPN. The 552 indexing provides an ordering of VRFs per-VPN 553 interface." 554 INDEX { mplsL3VpnVrfName } 555 ::= { mplsL3VpnVrfTable 1 } 556 MplsL3VpnVrfEntry ::= SEQUENCE { 557 mplsL3VpnVrfName MplsL3VpnName, 558 mplsL3VpnVrfVpnId VPNIdOrZero, 559 mplsL3VpnVrfDescription SnmpAdminString, 560 mplsL3VpnVrfRD MplsL3VpnRouteDistinguisher, 561 mplsL3VpnVrfCreationTime TimeStamp, 562 mplsL3VpnVrfOperStatus INTEGER, 563 mplsL3VpnVrfActiveInterfaces Gauge32, 564 mplsL3VpnVrfAssociatedInterfaces Unsigned32, 565 mplsL3VpnVrfConfMidRteThresh Unsigned32, 566 mplsL3VpnVrfConfHighRteThresh Unsigned32, 567 mplsL3VpnVrfConfMaxRoutes Unsigned32, 568 mplsL3VpnVrfConfLastChanged TimeStamp, 569 mplsL3VpnVrfConfRowStatus RowStatus, 570 mplsL3VpnVrfConfAdminStatus INTEGER, 571 mplsL3VpnVrfConfStorageType StorageType 572 } 574 mplsL3VpnVrfName OBJECT-TYPE 575 SYNTAX MplsL3VpnName 576 MAX-ACCESS not-accessible 577 STATUS current 578 DESCRIPTION 579 "The human-readable name of this VPN. This MAY 580 be equivalent to the [RFC2685] VPN-ID, but may 581 also vary. If it is set to the VPN ID, it MUST 582 be equivalent to the value of mplsL3VpnVrfVpnId. 583 It is strongly recommended that all sites supporting 584 VRFs that are part of the same VPN use the same 585 naming convention for VRFs as well as the same VPN 586 ID." 587 REFERENCE 588 "[RFC2685]" 590 ::= { mplsL3VpnVrfEntry 1 } 592 mplsL3VpnVrfVpnId OBJECT-TYPE 593 SYNTAX VPNIdOrZero 594 MAX-ACCESS read-create 595 STATUS current 596 DESCRIPTION 597 "The VPN ID as specified in [RFC2685]. If a VPN ID 598 has not been specified for this VRF, then this 599 variable SHOULD be set to an zero-length OCTET 600 STRING." 601 ::= { mplsL3VpnVrfEntry 2 } 603 mplsL3VpnVrfDescription OBJECT-TYPE 604 SYNTAX SnmpAdminString 605 MAX-ACCESS read-create 606 STATUS current 607 DESCRIPTION 608 "The human-readable description of this VRF." 609 DEFVAL { "" } 610 ::= { mplsL3VpnVrfEntry 3 } 612 mplsL3VpnVrfRD OBJECT-TYPE 613 SYNTAX MplsL3VpnRouteDistinguisher 614 MAX-ACCESS read-create 615 STATUS current 616 DESCRIPTION 617 "The route distinguisher for this VRF." 618 DEFVAL { "" } 619 ::= { mplsL3VpnVrfEntry 4 } 621 mplsL3VpnVrfCreationTime OBJECT-TYPE 622 SYNTAX TimeStamp 623 MAX-ACCESS read-only 624 STATUS current 625 DESCRIPTION 626 "The time at which this VRF entry was created." 627 ::= { mplsL3VpnVrfEntry 5 } 629 mplsL3VpnVrfOperStatus OBJECT-TYPE 630 SYNTAX INTEGER { up (1), 631 down (2) 632 } 633 MAX-ACCESS read-only 634 STATUS current 635 DESCRIPTION 636 "Denotes whether a VRF is operational or not. A VRF is 637 up(1) when at least one interface associated with the 638 VRF, which ifOperStatus is up(1). A VRF is down(2) when: 640 a. There does not exist at least one interface whose 641 ifOperStatus is up(1). 642 b. There are no interfaces associated with the VRF." 643 ::= { mplsL3VpnVrfEntry 6 } 645 mplsL3VpnVrfActiveInterfaces OBJECT-TYPE 646 SYNTAX Gauge32 647 MAX-ACCESS read-only 648 STATUS current 649 DESCRIPTION 650 "Total number of interfaces connected to this VRF with 651 ifOperStatus = up(1). 653 This value should increase when an interface is associted 654 with the corresponding VRF and its corresponding ifOperStatus 655 is equal to up(1). If an interface is associated whose 656 ifOperStatus is not up(1), then the value is not incremented 657 until such time as it transitions to this state. 659 This value should be decremented when an interface is 660 disassociated with a VRF or the corresponding ifOperStatus 661 transitions out of the up(1) state to any other state. 662 " 663 ::= { mplsL3VpnVrfEntry 7 } 665 mplsL3VpnVrfAssociatedInterfaces OBJECT-TYPE 666 SYNTAX Unsigned32 667 MAX-ACCESS read-only 668 STATUS current 669 DESCRIPTION 670 "Total number of interfaces connected to this VRF 671 (independent of ifOperStatus type)." 672 ::= { mplsL3VpnVrfEntry 8 } 674 mplsL3VpnVrfConfMidRteThresh OBJECT-TYPE 675 SYNTAX Unsigned32 676 MAX-ACCESS read-create 677 STATUS current 678 DESCRIPTION 679 "Denotes mid-level water marker for the number 680 of routes which this VRF may hold." 681 DEFVAL { 0 } 682 ::= { mplsL3VpnVrfEntry 9 } 684 mplsL3VpnVrfConfHighRteThresh OBJECT-TYPE 685 SYNTAX Unsigned32 686 MAX-ACCESS read-create 687 STATUS current 688 DESCRIPTION 689 "Denotes high-level water marker for the number of 690 routes which this VRF may hold." 691 DEFVAL { 0 } 692 ::= { mplsL3VpnVrfEntry 10 } 694 mplsL3VpnVrfConfMaxRoutes OBJECT-TYPE 695 SYNTAX Unsigned32 696 MAX-ACCESS read-create 697 STATUS current 698 DESCRIPTION 699 "Denotes maximum number of routes which this VRF is 700 configured to hold. This value MUST be less than or 701 equal to mplsL3VpnVrfConfMaxPossRts unless it is set 702 to 0." 703 DEFVAL { 0 } 704 ::= { mplsL3VpnVrfEntry 11 } 706 mplsL3VpnVrfConfLastChanged OBJECT-TYPE 707 SYNTAX TimeStamp 708 MAX-ACCESS read-only 709 STATUS current 710 DESCRIPTION 711 "The value of sysUpTime at the time of the last 712 change of this table entry, which includes changes of 713 VRF parameters defined in this table or addition or 714 deletion of interfaces associated with this VRF." 715 ::= { mplsL3VpnVrfEntry 12 } 717 mplsL3VpnVrfConfRowStatus OBJECT-TYPE 718 SYNTAX RowStatus 719 MAX-ACCESS read-create 720 STATUS current 721 DESCRIPTION 722 "This variable is used to create, modify, and/or 723 delete a row in this table. 725 When a row in this table is in active(1) state, no 726 objects in that row can be modified except 727 mplsL3VpnVrfConfAdminStatus, mplsL3VpnVrfConfRowStatus 728 and mplsL3VpnVrfConfStorageType." 729 ::= { mplsL3VpnVrfEntry 13 } 731 mplsL3VpnVrfConfAdminStatus OBJECT-TYPE 732 SYNTAX INTEGER { 733 up(1), -- ready to pass packets 734 down(2), -- can't pass packets 735 testing(3) -- in some test mode 736 } 737 MAX-ACCESS read-create 738 STATUS current 739 DESCRIPTION 740 "Indicates the desired operational status of this 741 VRF." 742 ::= { mplsL3VpnVrfEntry 14 } 744 mplsL3VpnVrfConfStorageType OBJECT-TYPE 745 SYNTAX StorageType 746 MAX-ACCESS read-create 747 STATUS current 748 DESCRIPTION 749 "The storage type for this VPN VRF entry. 750 Conceptual rows having the value 'permanent' 751 need not allow write-access to any columnar 752 objects in the row." 753 REFERENCE 754 "See RFC2579." 755 DEFVAL { volatile } 756 ::= { mplsL3VpnVrfEntry 15 } 758 -- MplsL3VpnVrfRTTable 759 mplsL3VpnVrfRTTable OBJECT-TYPE 760 SYNTAX SEQUENCE OF MplsL3VpnVrfRTEntry 761 MAX-ACCESS not-accessible 762 STATUS current 763 DESCRIPTION 764 "This table specifies per-VRF route target association. 765 Each entry identifies a connectivity policy supported 766 as part of a VPN." 767 ::= { mplsL3VpnConf 3 } 769 mplsL3VpnVrfRTEntry OBJECT-TYPE 770 SYNTAX MplsL3VpnVrfRTEntry 771 MAX-ACCESS not-accessible 772 STATUS current 773 DESCRIPTION 774 "An entry in this table is created by an LSR for 775 each route target configured for a VRF supporting 776 a MPLS L3VPN instance. The indexing provides an 777 ordering per-VRF instance. See [RFC2547bis] for a 778 complete definition of a route target." 779 INDEX { mplsL3VpnVrfName, mplsL3VpnVrfRTIndex, 780 mplsL3VpnVrfRTType } 781 ::= { mplsL3VpnVrfRTTable 1 } 783 MplsL3VpnVrfRTEntry ::= SEQUENCE { 784 mplsL3VpnVrfRTIndex Unsigned32, 785 mplsL3VpnVrfRTType MplsL3VpnRtType, 786 mplsL3VpnVrfRT MplsL3VpnRouteDistinguisher, 787 mplsL3VpnVrfRTDescr SnmpAdminString, 788 mplsL3VpnVrfRTRowStatus RowStatus, 789 mplsL3VpnVrfRTStorageType StorageType 790 } 792 mplsL3VpnVrfRTIndex OBJECT-TYPE 793 SYNTAX Unsigned32 (1..4294967295) 794 MAX-ACCESS not-accessible 795 STATUS current 796 DESCRIPTION 797 "Auxiliary index for route-targets configured for a 798 particular VRF." 799 ::= { mplsL3VpnVrfRTEntry 2 } 801 mplsL3VpnVrfRTType OBJECT-TYPE 802 SYNTAX MplsL3VpnRtType 803 MAX-ACCESS not-accessible 804 STATUS current 805 DESCRIPTION 806 "The route target distribution type." 807 ::= { mplsL3VpnVrfRTEntry 3 } 809 mplsL3VpnVrfRT OBJECT-TYPE 810 SYNTAX MplsL3VpnRouteDistinguisher 811 MAX-ACCESS read-create 812 STATUS current 813 DESCRIPTION 814 "The route target distribution policy." 815 DEFVAL { "" } 816 ::= { mplsL3VpnVrfRTEntry 4 } 818 mplsL3VpnVrfRTDescr OBJECT-TYPE 819 SYNTAX SnmpAdminString 820 MAX-ACCESS read-create 821 STATUS current 822 DESCRIPTION 823 "Description of the route target." 824 DEFVAL { "" } 825 ::= { mplsL3VpnVrfRTEntry 5 } 827 mplsL3VpnVrfRTRowStatus OBJECT-TYPE 828 SYNTAX RowStatus 829 MAX-ACCESS read-create 830 STATUS current 831 DESCRIPTION 832 "This variable is used to create, modify, and/or 833 delete a row in this table. When a row in this 834 table is in active(1) state, no objects in that row 835 can be modified except mplsL3VpnVrfRTRowStatus." 836 ::= { mplsL3VpnVrfRTEntry 6 } 838 mplsL3VpnVrfRTStorageType OBJECT-TYPE 839 SYNTAX StorageType 840 MAX-ACCESS read-create 841 STATUS current 842 DESCRIPTION 843 "The storage type for this VPN RT entry. 844 Conceptual rows having the value 'permanent' 845 need not allow write-access to any columnar 846 objects in the row." 847 REFERENCE 848 "See RFC2579." 849 DEFVAL { volatile } 850 ::= { mplsL3VpnVrfRTEntry 7 } 852 -- VRF Security Table 854 mplsL3VpnVrfSecTable OBJECT-TYPE 855 SYNTAX SEQUENCE OF MplsL3VpnVrfSecEntry 856 MAX-ACCESS not-accessible 857 STATUS current 858 DESCRIPTION 859 "This table specifies per MPLS L3VPN VRF Table 860 security-related counters." 861 ::= { mplsL3VpnConf 6 } 863 mplsL3VpnVrfSecEntry OBJECT-TYPE 864 SYNTAX MplsL3VpnVrfSecEntry 865 MAX-ACCESS not-accessible 866 STATUS current 867 DESCRIPTION 868 "An entry in this table is created by an LSR for 869 every VRF capable of supporting MPLS L3VPN. Each 870 entry in this table is used to indicate security-related 871 information for each VRF entry." 872 AUGMENTS { mplsL3VpnVrfEntry } 873 ::= { mplsL3VpnVrfSecTable 1 } 875 MplsL3VpnVrfSecEntry ::= SEQUENCE { 876 mplsL3VpnVrfSecIllegalLblVltns Counter32, 877 mplsL3VpnVrfSecDiscontinuityTime TimeStamp 878 } 880 mplsL3VpnVrfSecIllegalLblVltns OBJECT-TYPE 881 SYNTAX Counter32 882 MAX-ACCESS read-only 883 STATUS current 884 DESCRIPTION 885 "Indicates the number of illegally received 886 labels on this VPN/VRF. 888 Discontinuities in the value of this counter can occur 889 at re-initialization of the management system, and at 890 other times as indicated by the value of 891 mplsL3VpnVrfSecDiscontinuityTime." 892 ::= { mplsL3VpnVrfSecEntry 1 } 894 mplsL3VpnVrfSecDiscontinuityTime OBJECT-TYPE 895 SYNTAX TimeStamp 896 MAX-ACCESS read-only 897 STATUS current 898 DESCRIPTION 899 "The value of sysUpTime on the most recent occasion at 900 which any one or more of this entry's counters suffered 901 a discontinuity. If no such discontinuities have 902 occurred since the last re-initialization of the local 903 management subsystem, then this object contains a zero 904 value." 905 ::= { mplsL3VpnVrfSecEntry 2 } 907 -- VRF Performance Table 909 mplsL3VpnVrfPerfTable OBJECT-TYPE 910 SYNTAX SEQUENCE OF MplsL3VpnVrfPerfEntry 911 MAX-ACCESS not-accessible 912 STATUS current 913 DESCRIPTION 914 "This table specifies per MPLS L3VPN VRF Table performance 915 information." 916 ::= { mplsL3VpnPerf 1 } 918 mplsL3VpnVrfPerfEntry OBJECT-TYPE 919 SYNTAX MplsL3VpnVrfPerfEntry 920 MAX-ACCESS not-accessible 921 STATUS current 922 DESCRIPTION 923 "An entry in this table is created by an LSR for 924 every VRF capable of supporting MPLS L3VPN." 925 AUGMENTS { mplsL3VpnVrfEntry } 926 ::= { mplsL3VpnVrfPerfTable 1 } 928 MplsL3VpnVrfPerfEntry ::= SEQUENCE { 929 mplsL3VpnVrfPerfRoutesAdded Counter32, 930 mplsL3VpnVrfPerfRoutesDeleted Counter32, 931 mplsL3VpnVrfPerfCurrNumRoutes Gauge32, 932 mplsL3VpnVrfPerfRoutesDropped Counter32, 933 mplsL3VpnVrfPerfDiscTime TimeStamp 934 } 936 mplsL3VpnVrfPerfRoutesAdded OBJECT-TYPE 937 SYNTAX Counter32 938 MAX-ACCESS read-only 939 STATUS current 940 DESCRIPTION 941 "Indicates the number of routes added to this VPN/VRF 942 since the last discontinuity. Discontinuities in 943 the value of this counter can occur 944 at re-initialization of the management system, and at 945 other times as indicated by the value of 946 mplsL3VpnVrfPerfDiscTime." 947 ::= { mplsL3VpnVrfPerfEntry 1 } 949 mplsL3VpnVrfPerfRoutesDeleted OBJECT-TYPE 950 SYNTAX Counter32 951 MAX-ACCESS read-only 952 STATUS current 953 DESCRIPTION 954 "Indicates the number of routes removed from this VPN/VRF. 956 Discontinuities in the value of this counter can occur 957 at re-initialization of the management system, and at 958 other times as indicated by the value of 959 mplsL3VpnVrfPerfDiscTime." 960 ::= { mplsL3VpnVrfPerfEntry 2 } 962 mplsL3VpnVrfPerfCurrNumRoutes OBJECT-TYPE 963 SYNTAX Gauge32 964 MAX-ACCESS read-only 965 STATUS current 966 DESCRIPTION 967 "Indicates the number of routes currently used by this 968 VRF." 969 ::= { mplsL3VpnVrfPerfEntry 3 } 971 mplsL3VpnVrfPerfRoutesDropped OBJECT-TYPE 972 SYNTAX Counter32 973 MAX-ACCESS read-only 974 STATUS current 975 DESCRIPTION 976 "This counter should be incremented when the number of routes 977 contained by the specified VRF exceeds or attempts to exceed 978 the maximum allowed value as indicated by 979 mplsL3VpnVrfMaxRouteThreshold. 981 Discontinuities in the value of this counter can occur 982 at re-initialization of the management system, and at 983 other times as indicated by the value of 984 mplsL3VpnVrfPerfDiscTime." 985 ::= { mplsL3VpnVrfPerfEntry 4 } 987 mplsL3VpnVrfPerfDiscTime OBJECT-TYPE 988 SYNTAX TimeStamp 989 MAX-ACCESS read-only 990 STATUS current 991 DESCRIPTION 992 "The value of sysUpTime on the most recent occasion at 993 which any one or more of this entry's counters suffered 994 a discontinuity. If no such discontinuities have 995 occurred since the last re-initialization of the local 996 management subsystem, then this object contains a zero 997 value." 998 ::= { mplsL3VpnVrfPerfEntry 5 } 1000 -- VRF Routing Table 1002 mplsL3VpnVrfRteTable OBJECT-TYPE 1003 SYNTAX SEQUENCE OF MplsL3VpnVrfRteEntry 1004 MAX-ACCESS not-accessible 1005 STATUS current 1006 DESCRIPTION 1007 "This table specifies per-interface MPLS L3VPN VRF Table 1008 routing information. Entries in this table define VRF routing 1009 entries associated with the specified MPLS/VPN interfaces. Note 1010 that this table contains both BGP and IGP routes, as both may 1011 appear in the same VRF." 1012 REFERENCE 1013 "[RFC2096]" 1014 ::= { mplsL3VpnRoute 1 } 1016 mplsL3VpnVrfRteEntry OBJECT-TYPE 1017 SYNTAX MplsL3VpnVrfRteEntry 1018 MAX-ACCESS not-accessible 1019 STATUS current 1020 DESCRIPTION 1021 "An entry in this table is created by an LSR for every route 1022 present configured (either dynamically or statically) within 1023 the context of a specific VRF capable of supporting MPLS/BGP 1024 VPN. The indexing provides an ordering of VRFs per-VPN 1025 interface. 1027 Implementors need to be aware that there are quite a few 1028 index objects which together can exceed the size allowed 1029 for an OID. So immplementors must make sure that OIDs of 1030 column instances in this table will have no more than 128 1031 sub-identifiers, otherwise they cannot be accessed using 1032 SNMPv1, SNMPv2c, or SNMPv3." 1034 INDEX { mplsL3VpnVrfName, 1035 mplsL3VpnVrfRteInetCidrDestType, 1036 mplsL3VpnVrfRteInetCidrDest, 1037 mplsL3VpnVrfRteInetCidrPfxLen, 1038 mplsL3VpnVrfRteInetCidrPolicy, 1039 mplsL3VpnVrfRteInetCidrNHopType, 1040 mplsL3VpnVrfRteInetCidrNextHop 1041 } 1042 ::= { mplsL3VpnVrfRteTable 1 } 1044 MplsL3VpnVrfRteEntry ::= SEQUENCE { 1045 mplsL3VpnVrfRteInetCidrDestType InetAddressType, 1046 mplsL3VpnVrfRteInetCidrDest InetAddress, 1047 mplsL3VpnVrfRteInetCidrPfxLen InetAddressPrefixLength, 1048 mplsL3VpnVrfRteInetCidrPolicy OBJECT IDENTIFIER, 1049 mplsL3VpnVrfRteInetCidrNHopType InetAddressType, 1050 mplsL3VpnVrfRteInetCidrNextHop InetAddress, 1051 mplsL3VpnVrfRteInetCidrIfIndex InterfaceIndexOrZero, 1052 mplsL3VpnVrfRteInetCidrType INTEGER, 1053 mplsL3VpnVrfRteInetCidrProto IANAipRouteProtocol, 1054 mplsL3VpnVrfRteInetCidrAge Gauge32, 1055 mplsL3VpnVrfRteInetCidrNextHopAS InetAutonomousSystemNumber, 1056 mplsL3VpnVrfRteInetCidrMetric1 Integer32, 1057 mplsL3VpnVrfRteInetCidrMetric2 Integer32, 1058 mplsL3VpnVrfRteInetCidrMetric3 Integer32, 1059 mplsL3VpnVrfRteInetCidrMetric4 Integer32, 1060 mplsL3VpnVrfRteInetCidrMetric5 Integer32, 1061 mplsL3VpnVrfRteXCPointer MplsIndexType, 1062 mplsL3VpnVrfRteInetCidrStatus RowStatus 1063 } 1065 mplsL3VpnVrfRteInetCidrDestType OBJECT-TYPE 1066 SYNTAX InetAddressType 1067 MAX-ACCESS not-accessible 1068 STATUS current 1069 DESCRIPTION 1070 "The type of the mplsL3VpnVrfRteInetCidrDest address, as 1071 defined in the InetAddress MIB. 1073 Only those address types that may appear in an actual 1074 routing table are allowed as values of this object." 1075 REFERENCE "RFC4001" 1076 ::= { mplsL3VpnVrfRteEntry 1 } 1078 mplsL3VpnVrfRteInetCidrDest OBJECT-TYPE 1079 SYNTAX InetAddress 1080 MAX-ACCESS not-accessible 1081 STATUS current 1082 DESCRIPTION 1083 "The destination IP address of this route. 1085 The type of this address is determined by the value of 1086 the mplsL3VpnVrfRteInetCidrDestType object. 1088 The values for the index objects 1089 mplsL3VpnVrfRteInetCidrDest and 1090 mplsL3VpnVrfRteInetCidrPfxLen must be consistent. When 1091 the value of mplsL3VpnVrfRteInetCidrDest is x, then 1092 the bitwise logical-AND of x with the value of the mask 1093 formed from the corresponding index object 1094 mplsL3VpnVrfRteInetCidrPfxLen MUST be 1095 equal to x. If not, then the index pair is not 1096 consistent and an inconsistentName error must be 1097 returned on SET or CREATE requests." 1098 ::= { mplsL3VpnVrfRteEntry 2 } 1100 mplsL3VpnVrfRteInetCidrPfxLen OBJECT-TYPE 1101 SYNTAX InetAddressPrefixLength (0..128) 1102 MAX-ACCESS not-accessible 1103 STATUS current 1104 DESCRIPTION 1105 "Indicates the number of leading one bits which form the 1106 mask to be logical-ANDed with the destination address 1107 before being compared to the value in the 1108 mplsL3VpnVrfRteInetCidrDest field. 1110 The values for the index objects 1111 mplsL3VpnVrfRteInetCidrDest and 1112 mplsL3VpnVrfRteInetCidrPfxLen must be consistent. When 1113 the value of mplsL3VpnVrfRteInetCidrDest is x, then the 1114 bitwise logical-AND of x with the value of the mask 1115 formed from the corresponding index object 1116 mplsL3VpnVrfRteInetCidrPfxLen MUST be 1117 equal to x. If not, then the index pair is not 1118 consistent and an inconsistentName error must be 1119 returned on SET or CREATE requests." 1120 ::= { mplsL3VpnVrfRteEntry 3 } 1122 mplsL3VpnVrfRteInetCidrPolicy OBJECT-TYPE 1123 SYNTAX OBJECT IDENTIFIER 1124 MAX-ACCESS not-accessible 1125 STATUS current 1126 DESCRIPTION 1127 "This object is an opaque object without any defined 1128 semantics. Its purpose is to serve as an additional 1129 index which may delineate between multiple entries to 1130 the same destination. The value { 0 0 } shall be used 1131 as the default value for this object." 1132 ::= { mplsL3VpnVrfRteEntry 4 } 1134 mplsL3VpnVrfRteInetCidrNHopType OBJECT-TYPE 1135 SYNTAX InetAddressType 1136 MAX-ACCESS not-accessible 1137 STATUS current 1138 DESCRIPTION 1139 "The type of the mplsL3VpnVrfRteInetCidrNextHop address, 1140 as defined in the InetAddress MIB. 1142 Value should be set to unknown(0) for non-remote 1143 routes. 1145 Only those address types that may appear in an actual 1146 routing table are allowed as values of this object." 1147 REFERENCE "RFC4001" 1148 ::= { mplsL3VpnVrfRteEntry 5 } 1150 mplsL3VpnVrfRteInetCidrNextHop OBJECT-TYPE 1151 SYNTAX InetAddress 1152 MAX-ACCESS not-accessible 1153 STATUS current 1154 DESCRIPTION 1155 "On remote routes, the address of the next system en 1156 route. For non-remote routes, a zero length string. 1157 The type of this address is determined by the value of 1158 the mplsL3VpnVrfRteInetCidrNHopType object." 1159 ::= { mplsL3VpnVrfRteEntry 6 } 1161 mplsL3VpnVrfRteInetCidrIfIndex OBJECT-TYPE 1162 SYNTAX InterfaceIndexOrZero 1163 MAX-ACCESS read-create 1164 STATUS current 1165 DESCRIPTION 1166 "The ifIndex value which identifies the local interface 1167 through which the next hop of this route should be 1168 reached. A value of 0 is valid and represents the 1169 scenario where no interface is specified." 1170 DEFVAL { 0 } 1171 ::= { mplsL3VpnVrfRteEntry 7 } 1173 mplsL3VpnVrfRteInetCidrType OBJECT-TYPE 1174 SYNTAX INTEGER { 1175 other (1), -- not specified by this MIB 1176 reject (2), -- route which discards traffic and 1177 -- returns ICMP notification 1178 local (3), -- local interface 1180 remote (4), -- remote destination 1181 blackhole(5) -- route which discards traffic 1182 -- silently 1183 } 1184 MAX-ACCESS read-create 1185 STATUS current 1186 DESCRIPTION 1187 "The type of route. Note that local(3) refers to a 1188 route for which the next hop is the final destination; 1189 remote(4)refers to a route for which the next hop is 1190 not the final destination. 1192 Routes which do not result in traffic forwarding or 1193 rejection should not be displayed even if the 1194 implementation keeps them stored internally. 1196 reject(2) refers to a route which, if matched, discards 1197 the message as unreachable and returns a notification 1198 (e.g. ICMP error) to the message sender. This is used 1199 in some protocols as a means of correctly aggregating 1200 routes. 1202 blackhole(5) refers to a route which, if matched, 1203 discards the message silently." 1204 DEFVAL { other } 1205 ::= { mplsL3VpnVrfRteEntry 8 } 1207 mplsL3VpnVrfRteInetCidrProto OBJECT-TYPE 1208 SYNTAX IANAipRouteProtocol 1209 MAX-ACCESS read-only 1210 STATUS current 1211 DESCRIPTION 1212 "The routing mechanism via which this route was learned. 1213 Inclusion of values for gateway routing protocols is 1214 not intended to imply that hosts should support those 1215 protocols." 1216 ::= { mplsL3VpnVrfRteEntry 9 } 1218 mplsL3VpnVrfRteInetCidrAge OBJECT-TYPE 1219 SYNTAX Gauge32 1220 MAX-ACCESS read-only 1221 STATUS current 1222 DESCRIPTION 1223 "The number of seconds since this route was last updated 1224 or otherwise determined to be correct. Note that no 1225 semantics of 'too old' can be implied except through 1226 knowledge of the routing protocol by which the route 1227 was learned." 1228 ::= { mplsL3VpnVrfRteEntry 10 } 1230 mplsL3VpnVrfRteInetCidrNextHopAS OBJECT-TYPE 1231 SYNTAX InetAutonomousSystemNumber 1232 MAX-ACCESS read-create 1233 STATUS current 1234 DESCRIPTION 1235 "The Autonomous System Number of the Next Hop. The 1236 semantics of this object are determined by the 1237 routing protocol specified in the route's 1238 mplsL3VpnVrfRteInetCidrProto value. When this 1239 object is unknown or not relevant its value should 1240 be set to zero." 1241 DEFVAL { 0 } 1242 ::= { mplsL3VpnVrfRteEntry 11 } 1244 mplsL3VpnVrfRteInetCidrMetric1 OBJECT-TYPE 1245 SYNTAX Integer32 (-1 | 0..2147483647) 1246 MAX-ACCESS read-create 1247 STATUS current 1248 DESCRIPTION 1249 "The primary routing metric for this route. The 1250 semantics of this metric are determined by the 1251 routing protocol specified in the route's 1252 mplsL3VpnVrfRteInetCidrProto value. If this 1253 metric is not used, its value should be set to 1254 -1." 1255 DEFVAL { -1 } 1256 ::= { mplsL3VpnVrfRteEntry 12 } 1258 mplsL3VpnVrfRteInetCidrMetric2 OBJECT-TYPE 1259 SYNTAX Integer32 (-1 | 0..2147483647) 1260 MAX-ACCESS read-create 1261 STATUS current 1262 DESCRIPTION 1263 "An alternate routing metric for this route. The 1264 semantics of this metric are determined by the routing 1265 protocol specified in the route's 1266 mplsL3VpnVrfRteInetCidrProto 1267 value. If this metric is not used, its value should be 1268 set to -1." 1269 DEFVAL { -1 } 1270 ::= { mplsL3VpnVrfRteEntry 13 } 1272 mplsL3VpnVrfRteInetCidrMetric3 OBJECT-TYPE 1273 SYNTAX Integer32 (-1 | 0..2147483647) 1274 MAX-ACCESS read-create 1275 STATUS current 1276 DESCRIPTION 1277 "An alternate routing metric for this route. The 1278 semantics of this metric are determined by the routing 1279 protocol specified in the route's 1280 mplsL3VpnVrfRteInetCidrProto 1281 value. If this metric is not used, its value should be 1282 set to -1." 1283 DEFVAL { -1 } 1284 ::= { mplsL3VpnVrfRteEntry 14 } 1286 mplsL3VpnVrfRteInetCidrMetric4 OBJECT-TYPE 1287 SYNTAX Integer32 (-1 | 0..2147483647) 1288 MAX-ACCESS read-create 1289 STATUS current 1290 DESCRIPTION 1291 "An alternate routing metric for this route. The 1292 semantics of this metric are determined by the routing 1293 protocol specified in the route's 1294 mplsL3VpnVrfRteInetCidrProto value. If this metric 1295 is not used, its value should be set to -1." 1296 DEFVAL { -1 } 1297 ::= { mplsL3VpnVrfRteEntry 15 } 1299 mplsL3VpnVrfRteInetCidrMetric5 OBJECT-TYPE 1300 SYNTAX Integer32 (-1 | 0..2147483647) 1301 MAX-ACCESS read-create 1302 STATUS current 1303 DESCRIPTION 1304 "An alternate routing metric for this route. The 1305 semantics of this metric are determined by the routing 1306 protocol specified in the route's 1307 mplsL3VpnVrfRteInetCidrProto value. If this metric is 1308 not used, its value should be set to -1." 1309 DEFVAL { -1 } 1310 ::= { mplsL3VpnVrfRteEntry 16 } 1312 mplsL3VpnVrfRteXCPointer OBJECT-TYPE 1313 SYNTAX MplsIndexType 1314 MAX-ACCESS read-create 1315 STATUS current 1316 DESCRIPTION 1317 "Index into mplsXCTable which identifies which cross 1318 connect entry is associated with this VRF route entry 1319 by containing the mplsXCIndex of that cross-connect entry. 1320 The string containing the single octet 0x00 indicates that 1321 a label stack is not associated with this route entry. This 1322 can be the case because the label bindings have not yet 1323 been established, or because some change in the agent has 1324 removed them. 1326 When the label stack associated with this VRF route is created, 1327 it MUST establish the associated cross-connect 1328 entry in the mplsXCTable and then set that index to the value 1329 of this object. Changes to the cross-connect object in the 1330 mplsXCTable MUST automatically be be reflected the value of 1331 this object. If this object represents a static routing entry, 1332 then the manager must ensure that this entry is also maintained 1333 consistently in the corresponding mplsXCTable as well." 1334 REFERENCE 1335 "RFC 3813 - Multiprotocol Label Switching (MPLS) Label Switching 1336 Router (LSR) Management Information base (MIB), C. Srinivasan, 1337 A. Vishwanathan, and T. Nadeau, June 2004" 1338 ::= { mplsL3VpnVrfRteEntry 17 } 1340 mplsL3VpnVrfRteInetCidrStatus OBJECT-TYPE 1341 SYNTAX RowStatus 1342 MAX-ACCESS read-create 1343 STATUS current 1344 DESCRIPTION 1345 "The row status variable, used according to row 1346 installation and removal conventions. 1347 A row entry cannot be modified when the status is 1348 marked as active(1)." 1349 ::= { mplsL3VpnVrfRteEntry 18 } 1351 -- MPLS L3VPN Notifications 1352 mplsL3VpnVrfUp NOTIFICATION-TYPE 1353 OBJECTS { mplsL3VpnIfConfRowStatus, 1354 mplsL3VpnVrfOperStatus 1355 } 1356 STATUS current 1357 DESCRIPTION 1358 "This notification is generated when: 1359 a. The ifOperStatus of an interface associated with 1360 a VRF changes to the up(1) state. 1361 b. When an interface with ifOperStatus = up(1) is 1362 associated with a VRF." 1363 ::= { mplsL3VpnNotifications 1 } 1365 mplsL3VpnVrfDown NOTIFICATION-TYPE 1366 OBJECTS { mplsL3VpnIfConfRowStatus, 1367 mplsL3VpnVrfOperStatus 1368 } 1369 STATUS current 1370 DESCRIPTION 1371 "This notification is generated when: 1372 a. The ifOperStatus of an interface associated with a VRF 1373 changes to the down(1) state. 1374 b. When an interface with ifOperStatus = up(1) state is 1375 disassociated with a VRF." 1376 ::= { mplsL3VpnNotifications 2 } 1378 mplsL3VpnVrfRouteMidThreshExceeded NOTIFICATION-TYPE 1379 OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes, 1380 mplsL3VpnVrfConfMidRteThresh 1381 } 1382 STATUS current 1383 DESCRIPTION 1384 "This notification is generated when the number of routes 1385 contained by the specified VRF exceeds the value indicated by 1386 mplsL3VpnVrfMidRouteThreshold. A single notification MUST be 1387 generated when this threshold is exceeded, and no other 1388 notifications of this type should be issued until the value 1389 of mplsL3VpnVrfPerfCurrNumRoutes has fallen below that of 1390 mplsL3VpnVrfConfMidRteThresh." 1391 ::= { mplsL3VpnNotifications 3 } 1393 mplsL3VpnVrfNumVrfRouteMaxThreshExceeded NOTIFICATION-TYPE 1394 OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes, 1395 mplsL3VpnVrfConfHighRteThresh 1396 } 1397 STATUS current 1398 DESCRIPTION 1399 "This notification is generated when the number of routes 1400 contained by the specified VRF exceeds or attempts to exceed 1401 the maximum allowed value as indicated by 1402 mplsL3VpnVrfMaxRouteThreshold. In cases where 1403 mplsL3VpnVrfConfHighRteThresh is set to the same value 1404 as mplsL3VpnVrfConfMaxRoutes, mplsL3VpnVrfConfHighRteThresh 1405 need not be exceeded; rather, just reached for this notification 1406 to be issued. 1407 Note that mplsL3VpnVrfConfRteMxThrshTime denotes the interval 1408 at which the this notification will be re-issued after the 1409 maximum value has been exceeded (or reached if 1410 mplsL3VpnVrfConfMaxRoutes and mplsL3VpnVrfConfHighRteThresh are 1411 equal) and the initial notification has been issued. This value 1412 is intended to prevent continuous generation of notifications by 1413 an agent in the event that routes are continually added to a VRF 1414 after it has reached its maximum value. The default value is 0 1415 minutes. If this value is set to 0, the agent should only issue 1416 a single notification at the time that the maximum threshold has 1417 been reached, and should not issue any more notifications until 1418 the value of routes has fallen below the configured threshold 1419 value." 1421 ::= { mplsL3VpnNotifications 4 } 1423 mplsL3VpnNumVrfSecIllglLblThrshExcd NOTIFICATION-TYPE 1424 OBJECTS { mplsL3VpnVrfSecIllegalLblVltns } 1425 STATUS current 1426 DESCRIPTION 1427 "This notification is generated when the number of illegal 1428 label violations on a VRF as indicated by 1429 mplsL3VpnVrfSecIllegalLblVltns has exceeded 1430 mplsL3VpnIllLblRcvThrsh. The threshold is not 1431 included in the varbind here because the value of 1432 mplsL3VpnVrfSecIllegalLblVltns should be one greater than 1433 the threshold at the time this notification is issued." 1434 ::= { mplsL3VpnNotifications 5 } 1436 mplsL3VpnNumVrfRouteMaxThreshCleared NOTIFICATION-TYPE 1437 OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes, 1438 mplsL3VpnVrfConfHighRteThresh 1439 } 1440 STATUS current 1441 DESCRIPTION 1442 "This notification is generated only after the number of routes 1443 contained by the specified VRF exceeds or attempts to exceed 1444 the maximum allowed value as indicated by 1445 mplsVrfMaxRouteThreshold, and then falls below this value. The 1446 emission of this notification informs the operator that the 1447 error condition has been cleared without the operator having to 1448 query the device. 1450 Note that mplsL3VpnVrfConfRteMxThrshTime denotes the interval at 1451 which the the mplsNumVrfRouteMaxThreshExceeded notification will 1452 be re-issued after the maximum value has been exceeded (or 1453 reached if mplsL3VpnVrfConfMaxRoutes and 1454 mplsL3VpnVrfConfHighRteThresh are equal) and the initial 1455 notification has been issued. Therefore, 1456 the generation of this notification should also be emitted with 1457 this same frequency (assuming that the error condition is 1458 cleared). Specifically, if the error condition is reached and 1459 cleared several times during the period of time specified in 1460 mplsL3VpnVrfConfRteMxThrshTime, only a single notification will 1461 be issued to indicate the first instance of the error condition 1462 as well as the first time the error condition is cleared. 1463 This behavior is intended to prevent continuous generation of 1464 notifications by an agent in the event that routes are 1465 continually added and removed to/from a VRF after it has 1466 reached its maximum value. The default value is 0. If this value 1467 is set to 0, the agent should issue a notification whenever the 1468 maximum threshold has been cleared." 1470 ::= { mplsL3VpnNotifications 6 } 1472 -- Conformance Statement 1473 mplsL3VpnGroups 1474 OBJECT IDENTIFIER ::= { mplsL3VpnConformance 1 } 1476 mplsL3VpnCompliances 1477 OBJECT IDENTIFIER ::= { mplsL3VpnConformance 2 } 1479 -- Module Compliance 1481 mplsL3VpnModuleFullCompliance MODULE-COMPLIANCE 1482 STATUS current 1483 DESCRIPTION 1484 "Compliance statement for agents that provide full support 1485 for the L3 MPLS VPN MIB" 1486 MODULE -- this module 1487 MANDATORY-GROUPS { mplsL3VpnScalarGroup, 1488 mplsL3VpnVrfGroup, 1489 mplsL3VpnIfGroup, 1490 mplsL3VpnPerfGroup, 1491 mplsL3VpnVrfRteGroup, 1492 mplsL3VpnVrfRTGroup, 1493 mplsL3VpnSecGroup, 1494 mplsL3VpnNotificationGroup 1495 } 1497 GROUP mplsL3VpnPerfRouteGroup 1498 DESCRIPTION "This group is only mandatory for LSRs that 1499 support tracking the number of routes attempted 1500 to be added to VRFs." 1502 OBJECT mplsL3VpnIfConfRowStatus 1503 SYNTAX RowStatus { active(1), notInService(2) } 1504 WRITE-SYNTAX RowStatus { active(1), notInService(2), 1505 createAndGo(4), destroy(6) 1506 } 1507 DESCRIPTION "Support for createAndWait and notReady is 1508 not required." 1510 OBJECT mplsL3VpnVrfConfRowStatus 1511 SYNTAX RowStatus { active(1), notInService(2) } 1512 WRITE-SYNTAX RowStatus { active(1), notInService(2), 1513 createAndGo(4), destroy(6) 1514 } 1515 DESCRIPTION "Support for createAndWait and notReady is 1516 not required." 1518 OBJECT mplsL3VpnVrfRTRowStatus 1519 SYNTAX RowStatus { active(1), notInService(2) } 1520 WRITE-SYNTAX RowStatus { active(1), notInService(2), 1521 createAndGo(4), destroy(6) 1522 } 1523 DESCRIPTION "Support for createAndWait and notReady is 1524 not required." 1526 ::= { mplsL3VpnCompliances 1 } 1528 -- 1529 -- ReadOnly Compliance 1530 -- 1532 mplsL3VpnModuleReadOnlyCompliance MODULE-COMPLIANCE 1533 STATUS current 1534 DESCRIPTION "Compliance requirement for implementations that only 1535 provide read-only support for L3-MPLS-VPN-STD-MIB. 1536 Such devices can then be monitored but cannot be 1537 configured using this MIB module. 1538 " 1539 MODULE -- this module 1540 MANDATORY-GROUPS { mplsL3VpnScalarGroup, 1541 mplsL3VpnVrfGroup, 1542 mplsL3VpnIfGroup, 1543 mplsL3VpnPerfGroup, 1544 mplsL3VpnVrfRteGroup, 1545 mplsL3VpnVrfRTGroup, 1546 mplsL3VpnSecGroup, 1547 mplsL3VpnNotificationGroup 1548 } 1550 GROUP mplsL3VpnPerfRouteGroup 1551 DESCRIPTION "This group is only mandatory for LSRs that 1552 support tracking the number of routes attempted to 1553 be added to VRFs." 1555 OBJECT mplsL3VpnIfConfRowStatus 1556 SYNTAX RowStatus { active(1) } 1557 MIN-ACCESS read-only 1558 DESCRIPTION "Write access is not required." 1560 OBJECT mplsL3VpnVrfConfRowStatus 1561 SYNTAX RowStatus { active(1) } 1562 MIN-ACCESS read-only 1563 DESCRIPTION "Write access is not required." 1564 OBJECT mplsL3VpnVrfRTRowStatus 1565 SYNTAX RowStatus { active(1) } 1566 MIN-ACCESS read-only 1567 DESCRIPTION "Write access is not required." 1569 OBJECT mplsL3VpnIfVpnClassification 1570 MIN-ACCESS read-only 1571 DESCRIPTION "Write access is not required." 1573 OBJECT mplsL3VpnIfVpnRouteDistProtocol 1574 MIN-ACCESS read-only 1575 DESCRIPTION "Write access is not required." 1577 OBJECT mplsL3VpnIfConfStorageType 1578 MIN-ACCESS read-only 1579 DESCRIPTION "Write access is not required." 1581 OBJECT mplsL3VpnVrfVpnId 1582 MIN-ACCESS read-only 1583 DESCRIPTION "Write access is not required." 1585 OBJECT mplsL3VpnVrfDescription 1586 MIN-ACCESS read-only 1587 DESCRIPTION "Write access is not required." 1589 OBJECT mplsL3VpnVrfRD 1590 MIN-ACCESS read-only 1591 DESCRIPTION "Write access is not required." 1593 OBJECT mplsL3VpnVrfConfMidRteThresh 1594 MIN-ACCESS read-only 1595 DESCRIPTION "Write access is not required." 1597 OBJECT mplsL3VpnVrfConfHighRteThresh 1598 MIN-ACCESS read-only 1599 DESCRIPTION "Write access is not required." 1601 OBJECT mplsL3VpnVrfConfMaxRoutes 1602 MIN-ACCESS read-only 1603 DESCRIPTION "Write access is not required." 1605 OBJECT mplsL3VpnVrfConfStorageType 1606 MIN-ACCESS read-only 1607 DESCRIPTION "Write access is not required." 1609 OBJECT mplsL3VpnVrfRT 1610 MIN-ACCESS read-only 1611 DESCRIPTION "Write access is not required." 1612 OBJECT mplsL3VpnVrfRTDescr 1613 MIN-ACCESS read-only 1614 DESCRIPTION "Write access is not required." 1616 OBJECT mplsL3VpnVrfRTStorageType 1617 MIN-ACCESS read-only 1618 DESCRIPTION "Write access is not required." 1620 OBJECT mplsL3VpnVrfRteInetCidrIfIndex 1621 MIN-ACCESS read-only 1622 DESCRIPTION "Write access is not required." 1624 OBJECT mplsL3VpnVrfRteInetCidrType 1625 MIN-ACCESS read-only 1626 DESCRIPTION "Write access is not required." 1628 OBJECT mplsL3VpnVrfRteInetCidrNextHopAS 1629 MIN-ACCESS read-only 1630 DESCRIPTION "Write access is not required." 1632 OBJECT mplsL3VpnVrfRteInetCidrMetric1 1633 MIN-ACCESS read-only 1634 DESCRIPTION "Write access is not required." 1636 OBJECT mplsL3VpnVrfRteInetCidrMetric2 1637 MIN-ACCESS read-only 1638 DESCRIPTION "Write access is not required." 1640 OBJECT mplsL3VpnVrfRteInetCidrMetric3 1641 MIN-ACCESS read-only 1642 DESCRIPTION "Write access is not required." 1644 OBJECT mplsL3VpnVrfRteInetCidrMetric4 1645 MIN-ACCESS read-only 1646 DESCRIPTION "Write access is not required." 1648 OBJECT mplsL3VpnVrfRteInetCidrMetric5 1649 MIN-ACCESS read-only 1650 DESCRIPTION "Write access is not required." 1652 OBJECT mplsL3VpnVrfRteXCPointer 1653 MIN-ACCESS read-only 1654 DESCRIPTION "Write access is not required." 1656 OBJECT mplsL3VpnVrfRteInetCidrStatus 1657 SYNTAX RowStatus { active(1) } 1658 MIN-ACCESS read-only 1659 DESCRIPTION "Write access is not required." 1660 ::= { mplsL3VpnCompliances 2 } 1662 -- Units of conformance. 1663 mplsL3VpnScalarGroup OBJECT-GROUP 1664 OBJECTS { mplsL3VpnConfiguredVrfs, 1665 mplsL3VpnActiveVrfs, 1666 mplsL3VpnConnectedInterfaces, 1667 mplsL3VpnNotificationEnable, 1668 mplsL3VpnVrfConfMaxPossRts, 1669 mplsL3VpnVrfConfRteMxThrshTime, 1670 mplsL3VpnIllLblRcvThrsh 1671 } 1672 STATUS current 1673 DESCRIPTION 1674 "Collection of scalar objects required for MPLS VPN 1675 management." 1676 ::= { mplsL3VpnGroups 1 } 1678 mplsL3VpnVrfGroup OBJECT-GROUP 1679 OBJECTS { mplsL3VpnVrfVpnId, 1680 mplsL3VpnVrfDescription, 1681 mplsL3VpnVrfRD, 1682 mplsL3VpnVrfCreationTime, 1683 mplsL3VpnVrfOperStatus, 1684 mplsL3VpnVrfActiveInterfaces, 1685 mplsL3VpnVrfAssociatedInterfaces, 1686 mplsL3VpnVrfConfMidRteThresh, 1687 mplsL3VpnVrfConfHighRteThresh, 1688 mplsL3VpnVrfConfMaxRoutes, 1689 mplsL3VpnVrfConfLastChanged, 1690 mplsL3VpnVrfConfRowStatus, 1691 mplsL3VpnVrfConfAdminStatus, 1692 mplsL3VpnVrfConfStorageType 1693 } 1694 STATUS current 1695 DESCRIPTION 1696 "Collection of objects needed for MPLS VPN VRF 1697 management." 1698 ::= { mplsL3VpnGroups 2 } 1700 mplsL3VpnIfGroup OBJECT-GROUP 1701 OBJECTS { mplsL3VpnIfVpnClassification, 1702 mplsL3VpnIfVpnRouteDistProtocol, 1703 mplsL3VpnIfConfStorageType, 1704 mplsL3VpnIfConfRowStatus 1705 } 1706 STATUS current 1707 DESCRIPTION 1708 "Collection of objects needed for MPLS VPN interface 1709 management." 1710 ::= { mplsL3VpnGroups 3 } 1712 mplsL3VpnPerfGroup OBJECT-GROUP 1713 OBJECTS { mplsL3VpnVrfPerfRoutesAdded, 1714 mplsL3VpnVrfPerfRoutesDeleted, 1715 mplsL3VpnVrfPerfCurrNumRoutes 1716 } 1717 STATUS current 1718 DESCRIPTION 1719 "Collection of objects needed for MPLS VPN 1720 performance information." 1721 ::= { mplsL3VpnGroups 4 } 1723 mplsL3VpnPerfRouteGroup OBJECT-GROUP 1724 OBJECTS { mplsL3VpnVrfPerfRoutesDropped, 1725 mplsL3VpnVrfPerfDiscTime 1726 } 1727 STATUS current 1728 DESCRIPTION 1729 "Collection of objects needed to track MPLS VPN 1730 routing table dropped routes." 1731 ::= { mplsL3VpnGroups 5 } 1733 mplsL3VpnSecGroup OBJECT-GROUP 1734 OBJECTS { mplsL3VpnVrfSecIllegalLblVltns, 1735 mplsL3VpnVrfSecDiscontinuityTime } 1736 STATUS current 1737 DESCRIPTION 1738 "Collection of objects needed for MPLS VPN 1739 security-related information." 1740 ::= { mplsL3VpnGroups 7 } 1742 mplsL3VpnVrfRteGroup OBJECT-GROUP 1743 OBJECTS { 1744 mplsL3VpnVrfRteInetCidrIfIndex, 1745 mplsL3VpnVrfRteInetCidrType, 1746 mplsL3VpnVrfRteInetCidrProto, 1747 mplsL3VpnVrfRteInetCidrAge, 1748 mplsL3VpnVrfRteInetCidrNextHopAS, 1749 mplsL3VpnVrfRteInetCidrMetric1, 1750 mplsL3VpnVrfRteInetCidrMetric2, 1751 mplsL3VpnVrfRteInetCidrMetric3, 1752 mplsL3VpnVrfRteInetCidrMetric4, 1753 mplsL3VpnVrfRteInetCidrMetric5, 1754 mplsL3VpnVrfRteXCPointer, 1755 mplsL3VpnVrfRteInetCidrStatus 1756 } 1758 STATUS current 1759 DESCRIPTION 1760 "Objects required for VRF route table management." 1761 ::= { mplsL3VpnGroups 8 } 1763 mplsL3VpnVrfRTGroup OBJECT-GROUP 1764 OBJECTS { mplsL3VpnVrfRTDescr, 1765 mplsL3VpnVrfRT, 1766 mplsL3VpnVrfRTRowStatus, 1767 mplsL3VpnVrfRTStorageType 1768 } 1769 STATUS current 1770 DESCRIPTION 1771 "Objects required for VRF route target management." 1772 ::= { mplsL3VpnGroups 9 } 1774 mplsL3VpnNotificationGroup NOTIFICATION-GROUP 1775 NOTIFICATIONS { mplsL3VpnVrfUp, 1776 mplsL3VpnVrfDown, 1777 mplsL3VpnVrfRouteMidThreshExceeded, 1778 mplsL3VpnVrfNumVrfRouteMaxThreshExceeded, 1779 mplsL3VpnNumVrfSecIllglLblThrshExcd, 1780 mplsL3VpnNumVrfRouteMaxThreshCleared 1781 } 1782 STATUS current 1783 DESCRIPTION 1784 "Objects required for MPLS VPN notifications." 1785 ::= { mplsL3VpnGroups 10 } 1786 END 1788 -- End of MPLS-VPN-MIB 1790 9. Acknowledgments 1792 This document has benefited from discussions and input from 1793 Bill Fenner, Gerald Ash, Sumit Mukhopadhyay, Mike Piecuch, 1794 and Joan Weiss. 1796 10. Intellectual Property Statement 1798 The IETF takes no position regarding the validity or scope of any 1799 Intellectual Property Rights or other rights that might be claimed to 1800 pertain to the implementation or use of the technology described in 1801 this document or the extent to which any license under such rights 1802 might or might not be available; nor does it represent that it has 1803 made any independent effort to identify any such rights. Information 1804 on the procedures with respect to rights in RFC documents can be 1805 found in BCP 78 and BCP 79. 1807 Copies of IPR disclosures made to the IETF Secretariat and any 1808 assurances of licenses to be made available, or the result of an 1809 attempt made to obtain a general license or permission for the use of 1810 such proprietary rights by implementers or users of this 1811 specification can be obtained from the IETF on-line IPR repository at 1812 http://www.ietf.org/ipr. 1814 The IETF invites any interested party to bring to its attention any 1815 copyrights, patents or patent applications, or other proprietary 1816 rights that may cover technology that may be required to implement 1817 this standard. Please address the information to the IETF at ietf- 1818 ipr@ietf.org. 1820 11. References 1822 11.1 Normative References 1824 [RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate 1825 Requirement Levels", BCP 14, RFC2119, March 1997. 1827 [RFC3811] Nadeau, T. and J. Cucchiara, "Definition of Textual 1828 Conventions and for Multiprotocol Label Switching (MPLS) 1829 Management", RFC 3811, June 2004. 1831 [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol 1832 Label Switching Architecture", RFC 3031, January 2001. 1834 [RFC2547bis] Rosen, E., Rekhter, Y., et al., "BGP/MPLS 1835 VPNs", Internet Draft , 1836 September 2003. 1838 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1839 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1840 April 1999. 1842 [RFC2685] Fox B., et al, "Virtual Private Networks 1843 Identifier", RFC 2685, September 1999. 1845 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1846 Architecture for Describing Simple Network Management 1847 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 1848 December 2002. 1850 [RFC3813] Srinivasan, C., Viswanathan, A. and T. 1851 Nadeau, "MPLS Multiprotocol Label Switching 1852 (MPLS) Label Switch Router Management 1853 Information Base ", RFC 3813, June 2004 1855 [RFC3812] C. Srinivasan, A. Viswanathan, and T. Nadeau, "MPLS 1856 Traffic Engineering Management Information Base ", 1857 RFC 3812, June 2004 1859 [RFC2096] Baker, F., "IP Forwarding Table MIB", 1860 Request for Comments 2096, January 1997. 1862 [VPNTCMIB] B. Schliesser, and T. Nadeau, "Definition of 1863 Textual Conventions for Provider Provisioned 1864 Virtual Private Network (PPVPN) Management.", 1865 Internet Draft , 1866 May 2004. 1868 [RFC4001] Daniele, M., et al., "Textual Conventions for Internet 1869 Network Addresses", RFC4001, February 2005. 1871 [RFC2863] McCloghrie, K., and Kastenholz, F., "The Interfaces Group 1872 MIB", RFC 2863, June 2000. 1874 [RTPROTO] IANA, "IP Route Protocol MIB", 1875 http://www.iana.org/assignments/ianaiprouteprotocol-mib, 1876 September 2000. 1878 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, 1879 J., Rose, M., and S. Waldbusser, "Structure of 1880 Management Information Version 2 (SMIv2)", STD 58, RFC 1881 2578, April 1999. 1883 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1884 Rose, M. and S. Waldbusser, "Textual Conventions for 1885 SMIv2", STD 58, RFC 2579, April 1999. 1887 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1888 Rose, M. and S. Waldbusser, "Conformance Statements for 1889 SMIv2", STD 58, RFC 2580, April 1999. 1891 11.2 Informative References 1893 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 1894 "Introduction and Applicability Statements for 1895 Internet-Standard Management Framework", RFC 3410, 1896 December 2002. 1898 [RFC3413] Levi, D., Meyer, P., Stewart, B., 1899 "SNMP Applications", RFC 3413, December 2002. 1901 [RFC2434] Narten, T. and H. Alvestrand., "Guidelines for Writing an 1902 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 1903 October 1998. 1905 12. Editors' Addresses 1907 Thomas D. Nadeau 1908 Cisco Systems, Inc. 1909 300 Beaverbrook Drive 1910 Boxborough, MA 1911 Phone: +1-978-936-1470 1912 Email: tnadeau@cisco.com 1914 Harmen van der Linde 1915 AT&T - Layer-2/Layer-3 NM Architecture and Operations Planning 1916 Room C2-3C34 1917 200 Laurel Ave 1918 Middletown, NJ 07748 1919 Tel: +1-732-420-1916 1920 Email: hvdl@att.com 1922 13. Contributors' Addresses 1924 Luyuan Fang Martin Tatham 1925 AT&T British Telecom 1926 200 Laurel Ave BT Adastal Park, 1927 Middletown, NJ 07748 Martlesham Heath, 1928 Phone: +1-732-420-1921 Ipswich, IP5 3RE 1929 Email: luyuanfang@att.com UK 1930 Tel: +44 1473 606349 1931 Fax: +44 1473 606727 1932 Email: martin.tatham@bt.com 1934 Fabio M. Chiussi Joseph Dube 1935 Bell Laboratories, Avici Systems, Inc. 1936 Lucent Technologies 101 Billerica Avenue 1937 101 Crawfords Corner Road North Billerica, MA 01862 1938 Room 4D-521 1939 Holmdel, NJ 07733 1940 Phone: +1-732-949-2407 1941 Email: fabio@bell-labs.com 1943 14. Dedication 1945 Steve Brannon passed away suddenly on January 30, 2001. We would like 1946 to dedicate our efforts in this area and this document to his memory. 1948 15. Full Copyright Statement 1950 Copyright (C) The Internet Society (2005). This document is 1951 subject to the rights, licenses and restrictions contained in BCP 1952 78, and except as set forth therein, the authors retain all their 1953 rights. 1955 This document and the information contained herein are provided 1956 on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 1957 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND 1958 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, 1959 EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT 1960 THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR 1961 ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 1962 PARTICULAR PURPOSE. 1964 16. Security Considerations 1966 It is clear that these MIB modules are potentially useful for 1967 monitoring of MPLS LSRs supporting L3 MPLS VPN. This 1968 MIB module can also be used for configuration of certain objects, 1969 and anything that can be configured can be incorrectly configured, 1970 with potentially disastrous results. 1972 There are a number of management objects defined in this MIB module 1973 with a MAX-ACCESS clause of read-write and/or read-create. Such 1974 objects may be considered sensitive or vulnerable in some network 1975 environments. The support for SET operations in a non-secure 1976 environment without proper protection can have a negative effect on 1977 network operations. These are the tables and objects and their 1978 sensitivity/vulnerability: 1980 o the mplsL3VpnVrfRouteTable, mplsL3VpnIfConfTable and 1981 mplsL3VpnVrfTable tables collectively 1982 contain objects which may be used to provision MPLS VRF 1983 interfaces and configuration. Unauthorized access to objects 1984 in these tables, could result in disruption of traffic on the 1985 network. This is especially true if these VRFs have been 1986 previously provisioned and are in use. The use of stronger 1987 mechanisms such as SNMPv3 security should be considered where 1988 possible. Specifically, 1989 SNMPv3 VACM and USM MUST be used with any v3 agent which 1990 implements this MIB module. Administrators should consider 1991 whether read access to these objects should be allowed, 1992 since read access may be undesirable under certain 1993 circumstances. 1995 Some of the readable objects in this MIB module (i.e., objects with a 1996 MAX-ACCESS other than not-accessible) may be considered sensitive or 1997 vulnerable in some network environments. It is thus important to 1998 control even GET and/or NOTIFY access to these objects and possibly 1999 to even encrypt the values of these objects when sending them over 2000 the network via SNMP. These are the tables and objects and their 2001 sensitivity/vulnerability: 2003 o the mplsL3VpnVrfTable, mplsL3VpnIfConfTable tables 2004 collectively show the VRF interfaces and 2005 associated VRF configurations as well as their linkages to other 2006 MPLS-related configuration and/or performanc statistics. 2007 Administrators not wishing to reveal this information should 2008 consider these objects sensitive/vulnerable and take 2009 precautions so they are not revealed. 2011 SNMP versions prior to SNMPv3 did not include adequate security. 2012 Even if the network itself is secure (for example by using IPSec), 2013 even then, there is no control as to who on the secure network is 2014 allowed to access and GET/SET (read/change/create/delete) the objects 2015 in this MIB module. 2017 It is RECOMMENDED that implementers consider the security features as 2018 provided by the SNMPv3 framework (see [RFC3410], section 8), 2019 including full support for the SNMPv3 cryptographic mechanisms (for 2020 authentication and privacy). 2022 Further, deployment of SNMP versions prior to SNMPv3 is NOT 2023 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 2024 enable cryptographic security. It is then a customer/operator 2025 responsibility to ensure that the SNMP entity giving access to an 2026 instance of this MIB module, is properly configured to give access 2027 to the objects only to those principals (users) that have legitimate 2028 rights to indeed GET or SET (change/create/delete) them. 2030 18. IANA Considerations 2032 As described in MPLS-TC-STD-MIB [RFC3811], MPLS related 2033 standards track MIB modules should be rooted under the mplsStdMIB 2034 subtree. There is one MPLS-related 2035 MIB module contained in this document. Each of the following "IANA 2036 Considerations" subsections requests IANA for a new assignment under 2037 the mplsStdMIB subtree. New assignments can only be made via a 2038 Standards Action as specified in [RFC2434]. 2040 18.1. IANA Considerations for MPLS-L3VPN-STD-MIB 2042 The IANA is requested to assign { mplsStdMIB 11 } to the 2043 MPLS-L3VPN-STD-MIB module specified in this document.