<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2629 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2629.xml">
<!ENTITY rfc2863 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2863.xml">
<!ENTITY rfc3418 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3418.xml">
<!ENTITY rfc4181 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4181.xml">
<!ENTITY rfc2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY rfc2578 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2578.xml">
<!ENTITY rfc2579 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2579.xml">
<!ENTITY rfc2580 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2580.xml">
<!ENTITY rfc3410 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3410.xml">
<!ENTITY rfc4271 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4271.xml">
<!ENTITY rfc4273 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4273.xml">
<!ENTITY rfc1657 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1657.xml">
<!ENTITY rfc4456 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4456.xml">
<!ENTITY rfc5065 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5065.xml">
<!ENTITY rfc4760 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4760.xml">
<!ENTITY rfc2545 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2545.xml">
<!ENTITY rfc4001 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4001.xml">
<!ENTITY rfc3107 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3107.xml">
<!ENTITY rfc4022 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4022.xml">
<!ENTITY rfc3411 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3411.xml">
<!ENTITY rfc1997 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1997.xml">
]>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<?rfc strict="no"?>
<?rfc rfcedstyle="yes"?>
<rfc category="std" docName="draft-jhaas-idr-bgp4-mibv2-community-02"
     ipr="full3978">
  <front>
    <title abbrev="BGP-4 Community MIB">
    Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol (BGP-4), BGP Community Extension
    </title>

    <author fullname="Jeffrey Haas" initials="J" role=""
            surname="Haas">
      <organization>Arbor Networks</organization>

      <address>
        <postal>
          <street></street>

          <city></city>

          <country></country>
        </postal>

        <phone></phone>

        <email>jhaas@arbor.net</email>
      </address>
    </author>

    <date year="2008" />

    <area>Routing Area</area>

    <workgroup>Inter-Domain Routing Working Group</workgroup>

    <keyword>Network Management</keyword>

    <keyword>Management Information base</keyword>

    <keyword>MIB</keyword>

    <keyword>SMIv2</keyword>

    <keyword>BGP</keyword>
    <keyword>BGP4</keyword>
    <keyword>BGP-4</keyword>
    <keyword>Border Gateway Protocol</keyword>
    <keyword>Community</keyword>
    <keyword>BGP Community</keyword>

    <abstract>
      <t>This memo defines a portion of the Management Information Base (MIB)
      for use with network management protocols. In particular it defines
      objects for managing the Border Gateway Protocol's Community
      extension.</t>
    </abstract>
  </front>

  <middle>
    <section title="Introduction">
      <t>This memo defines a portion of the Management Information Base (MIB)
      for use with network management protocols. In particular it defines
      objects for managing the Border Gateway Protocol's Community
      extension.  <xref target="RFC1997"></xref>.</t>
    </section>

    <section title="The Internet-Standard Management Framework">
      <t>For a detailed overview of the documents that describe the
      current Internet-Standard Management Framework, please refer to
      section 7 of RFC 3410 <xref target="RFC3410"></xref>.</t>

      <t>Managed objects are accessed via a virtual information store, termed
      the Management Information Base or MIB. MIB objects are generally
      accessed through the Simple Network Management Protocol (SNMP). Objects
      in the MIB are defined using the mechanisms defined in the Structure of
      Management Information (SMI). This memo specifies a MIB module that is
      compliant to the SMIv2, which is described in STD 58, RFC 2578 <xref
      target="RFC2578"></xref>, STD 58, RFC 2579 <xref
      target="RFC2579"></xref> and STD 58, RFC 2580 <xref
      target="RFC2580"></xref>.</t>
    </section>

    <section title="Conventions">
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
      in this document are to be interpreted as described in RFC 2119
      <xref target="RFC2119"></xref>.</t>
    </section>

    <section title="Overview">
      <t>The BGP-4 MIB, Version 2, provides for an extension mechanism by
      which BGP extensions can have MIBs created under the BGP-4 MIB
      subtree.  This MIB documents the objects for managing the BGP-4
      Community extension as documented in <xref target="RFC1997"></xref>.</t>
    </section>

    <section title="Structure of the MIB Module">
      <section title="Tables">
        <t>
        <list style="symbols">
          <t>bgp4V2CommunityTable - This table provides access to
          a human-readable version of the community associated with BGP
          reachability and also access to the encoded version of the
          communities attached to the reachability.</t>
        </list>
        </t>
      </section>
    </section>

    <section title="Relationship to Other MIB Modules">
      <section title="MIB modules required for IMPORTS">
        <t>The following MIB module IMPORTS objects from SNMPv2-SMI <xref
        target="RFC2578"></xref>, SNMPv2-TC <xref target="RFC2579"></xref>,
        SNMPv2-CONF <xref target="RFC2580"></xref> and the BGP-4 MIB,
        Version 2.
        </t>
      </section>
    </section>

    <section title="Definitions">
      <figure>
        <artwork>
BGP4V2-COMMUNITY-MIB DEFINITIONS ::= BEGIN

    IMPORTS
        mib-2, MODULE-IDENTITY, OBJECT-TYPE
            FROM SNMPv2-SMI
        MODULE-COMPLIANCE, OBJECT-GROUP
            FROM SNMPv2-CONF
        SnmpAdminString
            FROM SNMP-FRAMEWORK-MIB
        Bgp4V2AddressFamilyIdentifierTC,
        Bgp4V2SubsequentAddressFamilyIdentifierTC
            FROM BGP4V2-TC-MIB
        bgp4V2PeerInstance, bgp4V2NlriAfi, bgp4V2NlriSafi,
        bgp4V2NlriPrefix, bgp4V2NlriPrefixLen,
        bgp4V2PeerLocalAddrType, bgp4V2PeerLocalAddr,
        bgp4V2PeerRemoteAddrType, bgp4V2PeerRemoteAddr,
        bgp4V2NlriIndex
           FROM BGP4V2-MIB;


    bgp4V2Community MODULE-IDENTITY
        LAST-UPDATED "200811020000Z"
        ORGANIZATION "IETF IDR Working Group"
        CONTACT-INFO "E-mail:  idr@ietf.org"
        DESCRIPTION
            "This MIB module defines additional management objects
             for the Border Gateway Protocol, Version 4.
             Specifically, it adds objects for the management of the
             BGP Community PATH_ATTRIBUTE as documented in RFC 1997."
        REVISION "200811020000Z"
        DESCRIPTION
            "Initial revision."
        ::= { mib-2 XXX }


    -- Top level components of this MIB module

    -- Ojbects
    bgp4V2CommunityObjects 
        OBJECT IDENTIFIER ::= { bgp4V2Community 1 }

    -- Conformance
    bgp4V2CommunityConformance 
        OBJECT IDENTIFIER ::= { bgp4V2Community 2 }

    --
    -- BGP Communities per-NLRI entry.
    --

    bgp4V2CommunityTable OBJECT-TYPE
        SYNTAX     SEQUENCE OF Bgp4V2CommunityEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
            "The BGP-4 Path Attribute Community Table contains the
             per network path (NLRI) data on the community membership
             advertised with a route."
        ::= { bgp4V2CommunityObjects 1 }

    bgp4V2CommunityEntry OBJECT-TYPE
        SYNTAX     Bgp4V2CommunityEntry
        MAX-ACCESS not-accessible
        STATUS     current
        DESCRIPTION
            "Information about a community association provided with a
             path to a network.  Note that although this table shares
             the indices of bgp4V2NlriTable that not all reachability
             may have communities."
        INDEX {
            bgp4V2PeerInstance,
            bgp4V2NlriAfi,
            bgp4V2NlriSafi,
            bgp4V2NlriPrefix,
            bgp4V2NlriPrefixLen,
            bgp4V2PeerLocalAddrType,
            bgp4V2PeerLocalAddr,
            bgp4V2PeerRemoteAddrType,
            bgp4V2PeerRemoteAddr,
            bgp4V2NlriIndex
        }
        ::= { bgp4V2CommunityTable 1 }

    Bgp4V2CommunityEntry ::= SEQUENCE {
        bgp4V2CommunityString
            SnmpAdminString,
        bgp4V2Communities
            OCTET STRING
    }

    bgp4V2CommunityString OBJECT-TYPE
        SYNTAX     SnmpAdminString
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "This is a string depicting the set of communities
             associated with a given NLRI.  The format of this string is
             implementation-dependent and should be designed for
             operator readability.
             
             Note that SnmpAdminString is only capable of representing a
             maximum of 255 characters.  This may lead to the string
             being truncated in the presence of a large AS Path.  It is
             RECOMMENDED that when this object's contents will be
             truncated that the final 3 octets be reserved for the
             ellipses string, '...'.  bgp4V2Communities may give access
             to the full set of communities." 
        ::= { bgp4V2CommunityEntry 1 }

    bgp4V2Communities OBJECT-TYPE
        SYNTAX     OCTET STRING (SIZE(0..4072))
        MAX-ACCESS read-only
        STATUS     current
        DESCRIPTION
            "This object contains the list of BGP Communities associated
             with the reachability.  Each community consists of four
             octets and is interpreted according to the syntax
             documented in RFC 1997.  Briefly, the first two octets of
             each community is a 2-octet Autonomous System number in
             network byte order and the lower two octets is a 2-octet
             number with semantics specific to that AS.  
             
             Note also that certain well-known values will have
             additional semantics.

             In the circumstance where this object must be truncated by
             the implementation, the implementation SHOULD truncate the
             object on a 4-octet divisible boundary in order to provide
             all communities in-tact."
        ::= { bgp4V2CommunityEntry 2 }


    --
    -- Conformance Information
    --

    bgp4V2CommunityMIBCompliances OBJECT IDENTIFIER ::=
        { bgp4V2CommunityConformance 1 }

    bgp4V2CommunityMIBGroups OBJECT IDENTIFIER ::=
        { bgp4V2CommunityConformance 2 }

    bgp4V2CommunityMIBCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
            "The compliance statement for entities which
            implement the BGP4 mib."
         MODULE -- this module
         MANDATORY-GROUPS {
            bgp4V2CommunityRequiredGroup
            }
        ::= { bgp4V2CommunityMIBCompliances 1 }

    bgp4V2CommunityRequiredGroup OBJECT-GROUP
        OBJECTS {
            bgp4V2CommunityString,
            bgp4V2Communities
        }
        STATUS current
        DESCRIPTION
            "Objects associated with BGP communities that are
             required to be implemented in this MIB."
        ::= { bgp4V2CommunityMIBGroups 1 }
END
        </artwork>
      </figure>
    </section>

    <section title="Security Considerations">
      <!--[TODO] Remember to consider security from the start. -->

      <t>Some of the readable objects in this MIB module (i.e., objects with a
      MAX-ACCESS other than not-accessible) may be considered sensitive or
      vulnerable in some network environments. It is thus important to control
      even GET and/or NOTIFY access to these objects and possibly to even
      encrypt the values of these objects when sending them over the network
      via SNMP. These are the tables and objects and their
      sensitivity/vulnerability: 
        <list style="symbols">
          <t>bgp4V2CommunityString, bgp4V2Communities - 
          BGP Communities may be used to implement routing policy for ISPs and
          that routing policy may reflect business relationships.  Inadvertent
          disclosure of this information inadvertently expose sensitive
          information about those business relationships.</t>
        </list>
      </t>

      <t>SNMP versions prior to SNMPv3 did not include adequate security. Even
      if the network itself is secure (for example by using IPSec), even then,
      there is no control as to who on the secure network is allowed to access
      and GET/SET (read/change/create/delete) the objects in this MIB
      module.</t>

      <t>It is RECOMMENDED that implementers consider the security features as
      provided by the SNMPv3 framework (see <xref target="RFC3410"></xref>,
      section 8), including full support for the SNMPv3 cryptographic
      mechanisms (for authentication and privacy).</t>

      <t>Further, deployment of SNMP versions prior to SNMPv3 is NOT
      RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable
      cryptographic security. It is then a customer/operator responsibility to
      ensure that the SNMP entity giving access to an instance of this MIB
      module is properly configured to give access to the objects only to
      those principals (users) that have legitimate rights to indeed GET or
      SET (change/create/delete) them.</t>
    </section>

    <section title="IANA Considerations">
      <t>This memo includes no request to IANA.</t>
    </section>
  </middle>

  <back>

    <references title="Normative References">
      &rfc2119;

      &rfc2578;

      &rfc2579;

      &rfc2580;

      <!--  <t>[TODO]: Add your own normative references.</t>-->

      &rfc1997;

    </references>

    <references title="Informative References">
      &rfc3410;
    </references>

  </back>
</rfc>
