Network Working Group INTERNET-DRAFT Sam Aldrin Intended Status: Standards Track Huawei Technologies Expires: June 29, 2014 M.Venkatesan Dell Inc. Kannan KV Sampath Redeem Software Thomas D. Nadeau December 26, 2013 BFD Management Information Base (MIB) extensions for MPLS and MPLS-TP Networks draft-ietf-bfd-mpls-mib-03 Abstract This draft defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it extends the BFD Management Information Base BFD- STD-MIB and describes the managed objects for modeling Bidirectional Forwarding Detection (BFD) protocol for MPLS and MPLS-TP networks. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June 29, 2014. Aldrin, et al. Expires June 29, 2014 [Page 1] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1 Conventions used in this document . . . . . . . . . . . . . 3 3.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Brief description of MIB Objects . . . . . . . . . . . . . . . 4 5.1. Extensions to the BFD session table (bfdSessionTable) . . . 4 5.2. Example of BFD session configuration . . . . . . . . . . . 6 5.2.1 Example of BFD Session configuration for MPLS TE tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 6 5.2.2 Example of BFD Session configuration for ME of MPLS-TP TE tunnel . . . . . . . . . . . . . . . . . . . . . . . 7 5.3. BFD objects for session performance counters . . . . . . . 9 6. BFD-EXT-STD-MIB Module Definition . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 18 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 20 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 20 9.2 Informative References . . . . . . . . . . . . . . . . . . . 21 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 22 Aldrin, et al. Expires June 29, 2014 [Page 2] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 1 Introduction The current MIB for BFD as defined by BFD-STD-MIB is used for neighbor monitoring in IP networks. The BFD session association to the neighbors being monitored is done using the source and destination IP addresses of the neighbors configured using the respective MIB objects. To monitor MPLS/MPLS-TP paths like tunnels or Pseudowires, there is a necessity to identify or associate the BFD session to those paths. This memo defines an portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it extends the BFD Management Information Base BFD- STD-MIB and describes the managed objects to configure and/or monitor Bidirectional Forwarding Detection (BFD) protocol for MPLS [RFC5884] and MPLS-TP networks [RFC6428]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC2578, STD 58, RFC2579 and STD58, RFC2580. 3. Overview 3.1 Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. 3.2 Terminology This document adopts the definitions, acronyms and mechanisms described in [BFD], [BFD-1HOP], [BFD-MH], [RFC5884], [RFC6428]. Unless otherwise stated, the mechanisms described therein will not be re-described here. Aldrin, et al. Expires June 29, 2014 [Page 3] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 4. Acronyms BFD: Bidirectional Forwarding Detection CC: Continuity Check CV: Connectivity Verification IP: Internet Protocol LDP: Label Distribution Protocol LOC: Loss Of Continuity LSP: Label Switching Path LSR: Label Switching Router ME: Maintenance Entity MEG: Maintenance Entity Group MEP: Maintenance Entity End-Point MIP: Maintenance Entity Group Intermediate Point MIB: Management Information Base MPLS: Multi-Protocol Label Switching MPLS-TP: MPLS Transport Profile OAM: Operations, Administration, and Maintenance PW: Pseudo Wire RDI: Remote Defect Indication TE: Traffic Engineering TP: Transport Profile 5. Brief description of MIB Objects The objects described in this section support the functionality described in documents [RFC5884] and [RFC6428]. The objects are defined as an extension to the BFD base MIB defined by BFD-STD-MIB. 5.1. Extensions to the BFD session table (bfdSessionTable) The BFD session table used to identify a BFD session between a pair of nodes, as defined in BFD-STD-MIB, is extended with managed objects to achieve the required functionality in MPLS and MPLS-TP networks as described below: 1. SessionRole - Active/Passive role specification for the BFD session configured on the node. Either end of a BFD session can be configured as Active/Passive to determine which end starts transmitting the BFD control packets. 2. SessionMode - Defines the mode in which BFD session is running, defined as below: i. CC - Indicates Continuity Check and RDI operations. ii. CV - Indicates Continuity Check, Connectivity Verification and RDI operations. Aldrin, et al. Expires June 29, 2014 [Page 4] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 3. Timer Negotiation Flag - Provides for timer negotiation to be enabled or disabled. This object can be used to tune the detection of period mis-configuration. 4. Map Type - Indicates the type of the path being monitored by the BFD session. This object can take the following values: For BFD session over MPLS based paths: nonTeIpv4 (1) - BFD session configured for Non-TE IPv4 path nonTeIpv6 (2) - BFD session configured for Non-TE IPv6 path teIpv4 (3) - BFD session configured for a TE IPv4 path teIpv6 (4) - BFD session configured for a TE IPv6 path pw (5) - BFD session configured for a pseudowire For MPLS-TP based paths: mep (6) - BFD session configured for an MPLS-TP path (Bidirectional tunnel, PW or Sections) will map to the corresponding maintenance entity. 5. Map Pointer A Row Pointer object which can be used to point to the first accessible object in the respective instance of the table entry identifying the path being monitored (mplsXCEntry[RFC3813]/ mplsTunnelEntry[RFC3812]/pwEntry[RFC5601] respectively for LSP/Tunnel/PW). For NON-TE LSP, the map pointer points to the corresponding mplsXCEntry. For TE based tunnel, the map pointer points to the corresponding instance of the mplsTunnelEntry. For PW, this object points to the corresponding instance of pwEntry. For MPLS-TP paths, this object points to the corresponding instance of mplsOamIdMeEntry[MPLS-OAM-ID-STD-MIB] configured to monitor the MPLS-TP path associated with the BFD session. 6. Usage of existing object bfdSessType: Aldrin, et al. Expires June 29, 2014 [Page 5] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 Additionally existing object "bfdSessType" in the BFD base MIB [BFD-STD-MIB] can be used with the already defined value multiHopOutOfBandSignaling(3) to specify an OOB (Out of band) mechanism [E.g. LSP Ping] for bootstrapping the BFD session. 5.2. Example of BFD session configuration This section provides an example of BFD session configuration for an MPLS and MPLS-TP TE tunnel. This example is only meant to enable an understanding of the proposed extension and does not illustrate every permutation of the MIB. 5.2.1 Example of BFD Session configuration for MPLS TE tunnel This section provides an example BFD session configuration for an MPLS TE tunnel. The following denotes the configured tunnel "head" entry: In mplsTunnelTable: { mplsTunnelIndex = 100, mplsTunnelInstance = 1, mplsTunnelIngressLSRId = 192.0.2.1, mplsTunnelEgressLSRId = 192.0.2.3, mplsTunnelName = "Tunnel", ... mplsTunnelSignallingProto = none (1), mplsTunnelSetupPrio = 0, mplsTunnelHoldingPrio = 0, mplsTunnelSessionAttributes = 0, mplsTunnelLocalProtectInUse = false (0), mplsTunnelResourcePointer = mplsTunnelResourceMaxRate.5, mplsTunnelInstancePriority = 1, mplsTunnelHopTableIndex = 1, mplsTunnelIncludeAnyAffinity = 0, mplsTunnelIncludeAllAffinity = 0, mplsTunnelExcludeAnyAffinity = 0, mplsTunnelPathInUse = 1, mplsTunnelRole = head (1), ... mplsTunnelRowStatus = Active } BFD session parameters used to monitor this tunnel should be configured on head-end as follows: Aldrin, et al. Expires June 29, 2014 [Page 6] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 In bfdSessTable: BfdSessEntry ::= SEQUENCE { -- BFD session index bfdSessIndex = 2, bfdSessVersionNumber = 1, -- LSP Ping used for OOB bootstrapping bfdSessType = multiHopOutOfBandSignaling, ... bfdSessAdminStatus = start, ... bfdSessDemandModeDesiredFlag = false, bfdSessControlPlaneIndepFlag = false, bfdSessMultipointFlag = false, bfdSessDesiredMinTxInterval = 100000, bfdSessReqMinRxInterval = 100000, ... -- Indicates that the BFD session is to monitor -- an MPLS TE tunnel bfdMplsSessMapType = teIpv4(3), -- OID of the first accessible object (mplsTunnelName) of -- the mplsTunnelEntry identifying the MPLS TE tunnel (being -- monitored using BFD) in the MPLS tunnel table. -- A value of zeroDotzero indicates that no association -- has been made as yet between the BFD session and the path -- being monitored. -- In the above OID example: -- 100 -> Tunnel Index -- 1 -> Tunnel instance -- 3221225985 -> Ingress LSR Id 192.0.2.1 -- 3221225987 -> Egress LSR Id 192.0.2.3 bfdMplsSessMapPointer = mplsTunnelName.100.1.3221225985.3221225987, bfdSessRowStatus = createAndGo } Similarly BFD session would be configured on the tail-end of the tunnel. Creating the above row will trigger the bootstrapping of the session using LSP Ping and its subsequent establishment over the path by de-multiplexing of the control packets using the BFD session discriminators. 5.2.2 Example of BFD Session configuration for ME of MPLS-TP TE tunnel This example considers the OAM identifiers configuration on a head-end LSR to manage and monitor a co-routed bidirectional MPLS tunnel. Only relevant objects which are applicable for IP based OAM Aldrin, et al. Expires June 29, 2014 [Page 7] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 identifiers of co-routed MPLS tunnel are illustrated here. In mplsOamIdMegTable: { -- MEG index (Index to the table) mplsOamIdMegIndex = 1, mplsOamIdMegName = "MEG1", mplsOamIdMegOperatorType = ipCompatible (1), mplsOamIdMegServiceType = lsp (1), mplsOamIdMegMpLocation = perNode(1), -- Mandatory parameters needed to activate the row go here mplsOamIdMegRowStatus = createAndGo (4) } This will create an entry in the mplsOamIdMegTable to manage and monitor the MPLS tunnel. The following ME table is used to associate the path information to a MEG. In mplsOamIdMeTable: { -- ME index (Index to the table) mplsOamIdMeIndex = 1, -- MP index (Index to the table) mplsOamIdMeMpIndex = 1, mplsOamIdMeName = "ME1", mplsOamIdMeMpIfIndex = 0, -- Source MEP id is derived from the IP compatible MPLS tunnel mplsOamIdMeSourceMepIndex = 0, -- Source MEP id is derived from the IP compatible MPLS tunnel mplsOamIdMeSinkMepIndex = 0, mplsOamIdMeMpType = mep (1), mplsOamIdMeMepDirection = down (2), mplsOamIdMeProactiveOamPhbTCValue = 0, mplsOamIdMeOnDemandOamPhbTCValue = 0, -- RowPointer MUST point to the first accessible column of an -- MPLS tunnel mplsOamIdMeServicePointer = mplsTunnelName.1.1.1.2, -- Mandatory parameters needed to activate the row go here mplsOamIdMeRowStatus = createAndGo (4) } BFD session parameters used to monitor this tunnel should be configured on head-end as follows: In bfdSessTable: BfdSessEntry ::= SEQUENCE { Aldrin, et al. Expires June 29, 2014 [Page 8] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 -- BFD session index bfdSessIndex = 2, bfdSessVersionNumber = 1, -- LSP Ping used for OOB bootstrapping bfdSessType = multiHopOutOfBandSignaling, ... bfdSessAdminStatus = start, ... bfdSessDemandModeDesiredFlag = false, bfdSessControlPlaneIndepFlag = false, bfdSessMultipointFlag = false, bfdSessDesiredMinTxInterval = 100000, bfdSessReqMinRxInterval = 100000, ... -- Indicates that the BFD session is to monitor -- a ME of an MPLS-TP TE tunnel bfdMplsSessMapType = mep(6), bfdMplsSessMapPointer = mplsOamIdMeName.1.1.1, bfdSessRowStatus = createAndGo } Similarly BFD session would be configured on the tail-end of the tunnel and creating the above row will trigger the bootstrapping of the session using LSP Ping and its subsequent establishment over the path by de-multiplexing of the control packets using the BFD session discriminators. 5.3. BFD objects for session performance counters BFD-STD-MIB defines BFD Session Performance Table (bfdSessionPerfTable), for collecting per-session BFD performance counters, as an extension to the bfdSessionTable. The bfdSessionPerfTable is extended with the performance counters to collect Mis-connectivity Defect, Loss of Continuity Defect and RDI (Remote Defect Indication) counters. 1. bfdMplsSessPerfMisDefCount - Mis-connectivity defect count for this BFD session. 2. bfdMplsSessPerfLocDefCount - Loss of continuity defect count for this BFD session. 3. bfdMplsSessPerfRdiInCount - Total number of RDI messages received for this BFD session. 4. bfdMplsSessPerfRdiOutCount - Total number of RDI messages sent for this BFD session. Aldrin, et al. Expires June 29, 2014 [Page 9] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 6. BFD-EXT-STD-MIB Module Definition BFD-EXT-STD-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, mib-2, Counter32, zeroDotZero FROM SNMPv2-SMI -- [RFC2578] RowPointer,TruthValue,TEXTUAL-CONVENTION FROM SNMPv2-TC -- [RFC2579] MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- [RFC2580] bfdSessIndex FROM BFD-STD-MIB; bfdMplsMib MODULE-IDENTITY LAST-UPDATED "201312260000Z" -- December 26 2013 ORGANIZATION "IETF Bidirectional Forwarding Detection Working Group" CONTACT-INFO " Sam Aldrin Huawei Technologies 2330 Central Express Way, Santa Clara, CA 95051, USA Email: aldrin.ietf@gmail.com Venkatesan Mahalingam Dell Inc. 350 Holger Way, San Jose, CA 95134, USA Email: venkat.mahalingams@gmail.com Kannan KV Sampath Redeem Software India Email: kannankvs@gmail.com Thomas D. Nadeau Email: tnadeau@lucidvision.com" DESCRIPTION " Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This MIB module is an initial version containing objects to provide a proactive mechanism to detect faults using Aldrin, et al. Expires June 29, 2014 [Page 10] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 BFD for MPLS and MPLS-TP networks." REVISION "201312260000Z" -- December 26 2013 DESCRIPTION -- RFC Ed.: RFC-editor pls fill in xxxx ::= { mib-2 XXX } -- XXX to be replaced with correct value -- RFC Ed.: assigned by IANA -- ------------------------------------------------------------ -- groups in the MIB -- ------------------------------------------------------------ bfdMplsObjects OBJECT IDENTIFIER ::= { bfdMplsMib 0 } bfdMplsConformance OBJECT IDENTIFIER ::= { bfdMplsMib 1 } -- ------------------------------------------------------------ -- Textual Conventions -- ------------------------------------------------------------ SessionMapTypeTC ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Used to indicate the type of MPLS or MPLS-TP path associated to the session" SYNTAX INTEGER { nonTeIpv4(1), -- mapping into LDP IPv4 nonTeIpv6(2), -- mapping into LDP IPv6 teIpv4(3), -- mapping into TE IPv4 teIpv6(4), -- mapping into TE IPv6 pw(5), -- mapping into Pseudowires mep(6) -- mapping into MEPs in MPLS-TP } DefectActionTC ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The action to be taken when the mis-connectivity/loss of connectivity defect occurs in the MPLS or MPLS-TP path associated to the session" SYNTAX INTEGER { alarmOnly(1), -- Alarm only alarmAndBlockData(2) -- Alarm and block the data } -- ------------------------------------------------------------------ -- BFD session table extensions for MPLS and MPLS-TP BFD sessions -- ------------------------------------------------------------------ -- bfdMplsSessTable - bfdSessTable Extension Aldrin, et al. Expires June 29, 2014 [Page 11] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 bfdMplsSessTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdMplsSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is an extension to the bfdSessTable for configuring BFD sessions for MPLS or MPLS-TP paths." ::= { bfdMplsObjects 1 } bfdMplsSessEntry OBJECT-TYPE SYNTAX BfdMplsSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table extends a row in bfdSessTable." INDEX { bfdSessIndex } ::= { bfdMplsSessTable 1 } BfdMplsSessEntry ::= SEQUENCE { bfdMplsSessRole INTEGER, bfdMplsSessMode INTEGER, bfdMplsSessTmrNegotiate TruthValue, bfdMplsSessMapType SessionMapTypeTC, bfdMplsSessMapPointer RowPointer, bfdMplsSessMisConnectivityDefectAction DefectActionTC, bfdMplsSessLOCDefect DefectActionTC } bfdMplsSessRole OBJECT-TYPE SYNTAX INTEGER { active(1), passive(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether the system is playing the active(1) role or the passive(2) role for this BFD session." REFERENCE "RFC 5880, Section 6.1" DEFVAL { active } ::= { bfdMplsSessEntry 1 } bfdMplsSessMode OBJECT-TYPE SYNTAX INTEGER { cc(1), cv(2) Aldrin, et al. Expires June 29, 2014 [Page 12] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 } MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether the BFD session is running in Continuity Check(CC) or the Connectivity Verification(CV) mode." REFERENCE "1.RFC6428, Proactive Connectivity Verification, Continuity Check and Remote Defect Indication for MPLS Transport Profile." DEFVAL { cc } ::= { bfdMplsSessEntry 2 } bfdMplsSessTmrNegotiate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies if timer negotiation is required for the BFD session. When set to false, timer negotiation is disabled." DEFVAL { true } ::= { bfdMplsSessEntry 3 } bfdMplsSessMapType OBJECT-TYPE SYNTAX SessionMapTypeTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the type of path being monitored by this BFD session entry." DEFVAL { nonTeIpv4 } ::= { bfdMplsSessEntry 4 } bfdMplsSessMapPointer OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "If bfdMplsSessMapType is nonTeIpv4(1) or nonTeIpv6(2), then this object MUST contain zeroDotZero or point to an instance of the mplsXCEntry indicating the LDP-based LSP associated with this BFD session. If bfdMplsSessMapType is teIpv4(3) or teIpv6(4), then this object MUST contain zeroDotZero or point to an instance of the mplsTunnelEntry indicating Aldrin, et al. Expires June 29, 2014 [Page 13] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 the RSVP-based MPLS TE tunnel associated with this BFD session. If bfdMplsSessMapType is pw(5), then this object MUST contain zeroDotZero or point to an instance of the pwEntry indicating the MPLS Pseudowire associated with this BFD session. If bfdMplsSessMapTpye is mep(6). then this object MUST contain zeroDotZero or point to an instance identifying the mplsOamIdMeEntry configured for monitoring the MPLS-TP path associated with this BFD session. If this object points to a conceptual row instance in a table consistent with bfdMplsSessMapType but this instance does not currently exist then no valid path is associated with this session entry. If this object contains zeroDotZero then no valid path is associated with this BFD session entry till it is populated with a valid pointer consistent with the value of bfdMplsSessMapType as explained above." REFERENCE "1. Multiprotocol Label Switching (MPLS) Traffic Engineering (TE)Management Information Base (MIB), [RFC3812]. 2. Multiprotocol Label Switching (MPLS) Label Switching Router (LSR) Management Information Base (MIB), [RFC3813]. 3. Pseudowire (PW) Management Information Base (MIB, [RFC5601]. 4. MPLS-TP Operations, Administration, and Management (OAM) Identifiers Management Information Base (MIB), ID draft-ietf-mpls-tp-oam-id-mib-04, December 2013." DEFVAL { zeroDotZero } ::= { bfdMplsSessEntry 5 } bfdMplsSessMisConnectivityDefectAction OBJECT-TYPE SYNTAX DefectActionTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the action to be taken when the mis-connectivity defect is detected on this BFD session." DEFVAL { alarmOnly } ::= { bfdMplsSessEntry 6 } Aldrin, et al. Expires June 29, 2014 [Page 14] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 bfdMplsSessLOCDefect OBJECT-TYPE SYNTAX DefectActionTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the action to be taken when the loss of continuity defect is detected on this BFD session." DEFVAL { alarmOnly } ::= { bfdMplsSessEntry 7 } -- ------------------------------------------------------------------ -- BFD Objects for Session performance -- ----------------------------------------------------------------- -- bfdMplsSessPerfTable - bfdSessPerfTable Extension bfdMplsSessPerfTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdMplsSessPerfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table is an extension to the bfdSessPerfTable" ::= { bfdMplsObjects 2 } bfdMplsSessPerfEntry OBJECT-TYPE SYNTAX BfdMplsSessPerfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table extends the bfdSessPerfTable" INDEX { bfdSessIndex } ::= { bfdMplsSessPerfTable 1 } BfdMplsSessPerfEntry ::= SEQUENCE { bfdMplsSessPerfMisDefCount Counter32, bfdMplsSessPerfLocDefCount Counter32, bfdMplsSessPerfRdiInCount Counter32, bfdMplsSessPerfRdiOutCount Counter32 } bfdMplsSessPerfMisDefCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object gives a count of the mis-connectivity defects detected for the BFD session. For instance, this count will be incremented when the received BFD control packet Aldrin, et al. Expires June 29, 2014 [Page 15] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 carries an incorrect globally unique source MEP identifier." ::= { bfdMplsSessPerfEntry 1 } bfdMplsSessPerfLocDefCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object gives a count of the Loss of continuity defects detected in MPLS and MPLS-TP paths" ::= { bfdMplsSessPerfEntry 2 } bfdMplsSessPerfRdiInCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object gives a count of the Remote Defect Indications received for the BFD session." ::= { bfdMplsSessPerfEntry 3 } bfdMplsSessPerfRdiOutCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This object gives a count of the Remote Defect Indications sent by the BFD session" ::= { bfdMplsSessPerfEntry 4 } -- Module compliance bfdMplsGroups OBJECT IDENTIFIER ::= { bfdMplsConformance 1 } bfdMplsCompliances OBJECT IDENTIFIER ::= { bfdMplsConformance 2 } -- Compliance requirement for fully compliant implementations. bfdMplsModuleFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance statement for agents that provide full support for the BFD-EXT-STD-MIB module. " MODULE -- This module. Aldrin, et al. Expires June 29, 2014 [Page 16] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 MANDATORY-GROUPS { bfdSessionExtGroup, bfdSessionExtPerfGroup } ::= { bfdMplsCompliances 1 } -- Compliance requirement for read-only implementations. bfdMplsModuleReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance requirement for implementations that only provide read-only support for BFD-EXT-STD-MIB. Such devices can then be monitored but cannot be configured using this MIB module." MODULE -- This module. MANDATORY-GROUPS { bfdSessionExtGroup, bfdSessionExtPerfGroup } OBJECT bfdMplsSessRole MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdMplsSessMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdMplsSessTmrNegotiate MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdMplsSessMapType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdMplsSessMapPointer MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { bfdMplsCompliances 2 } -- Units of conformance. Aldrin, et al. Expires June 29, 2014 [Page 17] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 bfdSessionExtGroup OBJECT-GROUP OBJECTS { bfdMplsSessRole, bfdMplsSessMode, bfdMplsSessTmrNegotiate, bfdMplsSessMapType, bfdMplsSessMapPointer, bfdMplsSessMisConnectivityDefectAction, bfdMplsSessLOCDefect } STATUS current DESCRIPTION "Collection of objects needed for BFD monitoring for MPLS and MPLS-TP paths" ::= { bfdMplsGroups 1 } bfdSessionExtPerfGroup OBJECT-GROUP OBJECTS { bfdMplsSessPerfMisDefCount, bfdMplsSessPerfLocDefCount, bfdMplsSessPerfRdiInCount, bfdMplsSessPerfRdiOutCount } STATUS current DESCRIPTION "Collection of objects needed to monitor the performance of BFD sessions on MPLS and MPLS-TP paths" ::= { bfdMplsGroups 2 } END 7. Security Considerations As BFD session for MPLS path may be tied into the stability of the MPLS network infrastructure, the effects of an attack on a BFD session may be very serious. This ultimately has denial-of-service effects, as links may be declared to be down (or falsely declared to be up.) As such, improper configuration of the objects represented by this MIB may result in denial of service to a large number of end- users. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on Aldrin, et al. Expires June 29, 2014 [Page 18] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 network operations. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. o The bfdMplsSessTable may be used to directly configure BFD sessions for MPLS path. Unauthorized access to objects in this table could result in disruption of traffic on the network. This is especially true if an unauthorized user configures enough tables to invoke a denial of service attack on the device where they are configured, or on a remote device where the sessions terminate. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o The bfdSessPerfTable and bfdMplsSessPerfTable both allows access to the performance characteristics of BFD sessions for MPLS paths. Network administrators not wishing to show this information should consider this table sensitive. The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and bfdSessAuthenticationKey objects hold security methods and associated security keys of BFD sessions for MPLS paths. These objects SHOULD be considered highly sensitive objects. In order for these sensitive information from being improperly accessed, implementers MAY wish to disallow read and create access to these objects. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure "for example by using IPSec", even then, there is no control as to who on the secure network is allowed to access and GET/SET "read/change/create/delete" the objects in these MIB modules. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms "for authentication and privacy". Aldrin, et al. Expires June 29, 2014 [Page 19] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 Further, deployment of SNMP versions prior to SNMPv3 is not recommended. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals "users" that have legitimate rights to indeed GET or SET "change/create/delete" them. 8. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- bfdMplsMib { mib-2 XXX } [Editor's Note (to be removed prior to publication): the IANA is requested to assign a value for "XXX" under the 'mib-2' subtree and to record the assignment in the SMI Numbers registry. When the assignment has been made, the RFC Editor is asked to replace "XXX" here and in the MIB module) with the assigned value and to remove this note.] 9. References 9.1 Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [BFD] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, June 2010. [BFD-1HOP] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June 2010. [BFD-MH] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for Multihop Paths", RFC 5883, June 2010. [RFC5884] Aggarwal, R. et.al., "Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)", RFC 5884, June 2010 Aldrin, et al. Expires June 29, 2014 [Page 20] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 [RFC6428] Allan, D., Swallow, G., Drake, J., "Proactive Connectivity Verification, Continuity Check and Remote Defect indication for MPLS Transport Profile", RFC 6428, November 2011. [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. 9.2 Informative References [RFC3410] J. Case, R. Mundy, D. pertain, B.Stewart, "Introduction and Applicability Statement for Internet Standard Management Framework", RFC 3410, December 2002. [RFC3812] Srinivasan, C., Viswanathan, A., and T. Nadeau, "Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB)", RFC 3812, June 2004. [RFC3813] Srinivasan, C., Viswanathan, A., and T. Nadeau, "Multiprotocol Label Switching (MPLS) Label Switching (LSR) Router Management Information Base (MIB)", RFC 3813, June 2004. [RFC5601] T. Nadeau, Ed., D. Zelig, Ed., "Pseudowire (PW) Management Information Base (MIB)", RFC 5601, July 2009 [BFD-STD-MIB] T. Nadeau, Z. Ali, N. Akiya "BFD Management Information Base", ID draft-ietf-bfd-mib-16, November 2013. [MPLS-OAM-ID-STD-MIB] Sam Aldrin, M.Venkatesan, Kannan KV Sampath, Thomas D. Nadeau, Sami Boutros, Ping Pan, "MPLS-TP Operations, Administration, and Management (OAM) Identifiers Management Information Base (MIB)", ID draft-ietf-mpls-tp-oam-id-mib-04, December 2013. Aldrin, et al. Expires June 29, 2014 [Page 21] INTERNET DRAFT BFD Extensions for MPLS MIB December 26, 2013 10. Acknowledgments The authors would like to thank Jeffrey Haas, Mukund Mani, Lavanya Srivatsa, Muly Ilan and John Salloway for their valuable comments. 11. Authors' Addresses Sam Aldrin Huawei Technologies 2330 Central Express Way, Santa Clara, CA 95051, USA Email: aldrin.ietf@gmail.com Venkatesan Mahalingam Dell Inc. 350 Holger Way, San Jose, CA 95134, USA Email: venkat.mahalingams@gmail.com Kannan KV Sampath Redeem Software India Email: kannankvs@gmail.com Thomas D. Nadeau Email: tnadeau@lucidvision.com Aldrin, et al. Expires June 29, 2014 [Page 22]