MADMAN Working Group Glenn Mansfield [glenn@cysols.com] INTERNET-DRAFT Cyber Solutions Inc. draft-mansfield-irr-mib-00.txt August 1998 The Internet Routing Registry MIB Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." To view the entire list of current Internet-Drafts, please check the "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Abstract A routing registry(RR) is a repository of routing policy information. The IETF-RPSL-WG has developed a Routing Policy Specification Language (RPSL) for describing routing policy constraints. This document addresses the need for providing the means of managing the routing registry as well as to provide access to the routing registry from within the Internet standard network management framework. It defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community to monitor and manage the RRs. Expires: February 7, 1998 [Page 1] Internet Draft August 5 1997 Table of Contents 1. The Routing Registry .......................................... 2 2. Rationale for having a Routing Registry MIB ................... 2 3. The Restriction of scope ...................................... 3 4. The SNMPv2 Network Management Framework ...................... 3 5. The IRR MIB Model ............................................. 4 6. The IRR MIB ................................................... 5 7. Acknowledgements .............................................. 8 8. References .................................................... 8 Security Considerations ........................................... 9 Authors' Addresses ................................................ 9 1. The Routing Registry. The IRR is a repository of routing policies. The policies are themselves described the Routing Policy Specification Language (RPSL)[1]. Network operators and administrators are expected to announce their network routing policies by registering the same in the IRR. For a tutorial on using the Routing Policy Specification Language (RPSL) to describe routing policies in an IRR readers are encouraged to refer to [2]. 2. Rationale for having a Routing Registry MIB. The usage of the IRR has evolved from the initial goals of plain information sharing to more involved applications ranging from troubleshooting to detecting and eliminating conflicting routing requirements, router configuration, network management and mapping. These new usages have on the one hand brought in stronger requirement for data integrity and security [8]. On the other hand it has brought in the requirement of being able to monitor a RR from within the standard network management framework as well to allow access to the information in the RR itself using the same network management protocols. The third revision of the Internet network management framework has put in place a safe and secure mechanism of accessing management information. There is also a gathering momentum to manage network Expires: February 7, 1998 [Page 2] Internet Draft August 5 1997 applications, hosts, resources and anything that is related to the operation of the network, within the standard Internet network management framework. The IRR is an important network resource and as such needs to be managed effectively. Management would certainly involve monitoring the status of the IRR DB. Moreover the information resource represented by the IRR is of great use to network management applications. Thus there is a substantial requirement to allow access to the IRR using the standard network management protocols. With the security and access control mechanisms firmly in place in the SNMP framework, the database contents may be updated subject to the locally enforced access controls. The new SNMP-based access mechanism will not exclude the present access mechanism, it will supplement the present mechanisms. One can foresee other modes of access, too e.g. LDAP. 3. The Restriction of scope. To keep the MIB implementation and description relatively simple the the scope of the IRR-MIB is restricted as follows. o The present MIB will not concern itself with the distributed nature of the IRR. o The MIB itself will not contain information about or vouch for data integrity. o The consistency of the data retrieved from the MIB is not guaranteed. Separate mechanisms will need to be employed for which provisions will be made (like sync point information). 4. The SNMPv2 Network Management Framework. The major components of the SNMPv2 Network Management framework are described in the documents listed below. o RFC 1902 [3] defines the Structure of Management Information (SMI), the mechanisms used for describing and naming objects for the purpose of management. o STD 17, RFC 1213 [4] defines MIB-II, the core set of managed objects (MO) for the Internet suite of protocols. Expires: February 7, 1998 [Page 3] Internet Draft August 5 1997 o RFC 1905 [5] defines the protocol used for network access to managed objects. Textual conventions are defined in RFC 1903 [6], and conformance statements are defined in RFC 1904 [7]. The framework is adaptable/extensible by defining new MIBs to suit the requirements of specific applications/protocols/situations. 1.1. Object Definitions. Managed objects are accessed via a virtual information store, the MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object type is named by an OBJECT IDENTIFIER, which is an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, often a textual string, termed the descriptor, is used to refer to the object type. 4. The IRR MIB Model. +------------+ +--------------+ | | | | | | | | | IRR-DB |<------------->| IRR server | | | | | | | | | +-----X------+ +--------------+ | | +-----X------+ +--------------+ | | | | | IRR-MIB |<------------->| SNMPD | | | | | +------------+ +--------------+ The IRR-MIB essentially consists of two components. The iRRstatsTable and the iRRDBs. The iRRstatsTable contains the summary statistics of all the modules of the IRR, the owner of the module, the number of objects corresponding to each IRR object-type, and the date and time of last update. Expires: February 7, 1998 [Page 4] Internet Draft August 5 1997 The iRRDBs contains tables corresponding to the each object types. 5. The IRR MIB. IRR-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Counter32, Gauge32, OBJECT-TYPE FROM SNMPv2-SMI DisplayString, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF; iRRMIB MODULE-IDENTITY LAST-UPDATED "9808050000Z" ORGANIZATION "The WIDE project " CONTACT-INFO " Glenn Mansfield Postal: Cyber Solutions Inc. 6-6-3, Minami Yoshinari Aoba-ku, Sendai, Japan 989-3204. Tel: +81-22-303-4012 Fax: +81-22-303-4015 E-mail: glenn@cysols.com" DESCRIPTION " The MIB module for monitoring and accessing the IRR." ::= { experimental NN } iRRStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF iRRStatsTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " The table holding information related to the Directory Servers." ::= {iRRMIB 1} iRRStatsTableEntry OBJECT-TYPE SYNTAX IRRStatsTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Expires: February 7, 1998 [Page 5] Internet Draft August 5 1997 " Entry containing summary description for each module of the IRR-DB." INDEX { iRRModuleIndex } ::= {iRRStatsTable 1} IRRStatsTableEntry ::= SEQUENCE { iRRModuleIndex INTEGER, iRRModuleDescription DisplayString, iRRAsObjects Gauge32, iRRMntnerObjects Gauge32, iRRPersonObjects Gauge32, iRRRouteObjects Counter32, -- .. -- .. } iRRModuleIndex OBJECT-TYPE SYNTAX INTEGER (1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "An index to uniquely identify the IRR module. This attribute is the index used for lexicographic ordering of the table." ::= {iRRStatsTableEntry 1} iRRModuleDescription OBJECT-TYPE SYNTAX Display MAX-ACCESS read-only STATUS current DESCRIPTION " Describes the IRR DB Module." ::= {iRRStatsTableEntry 2} Expires: February 7, 1998 [Page 6] Internet Draft August 5 1997 iRRAsObjects OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION " Number of As Objects in this module." ::= {iRRStatsTableEntry 3} -- etc. -- etc. iRRDBs OBJECT-TYPE ::= {iRRMIB 2} iRRASTable OBJECT-TYPE SYNTAX iRRAsTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Table containing the AS Objects of the IRR-DB corresponding to the module indexed by iRRModuleIndex." INDEX { iRRModuleIndex } ::= {iRRDBs 1} iRRASTableEntry OBJECT-TYPE SYNTAX IRRASTableEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " Entry containing the attributes of the AS object." INDEX { iRRAsNumber, } ::= {iRRASTable 1} IRRASTableEntry ::= SEQUENCE { iRRAsNumber INTEGER, iRRAsName DisplayString, -- .. -- .. } Expires: February 7, 1998 [Page 7] Internet Draft August 5 1997 iRRAsNumber OBJECT-TYPE SYNTAX INTEGER (1..100000) MAX-ACCESS read-only STATUS current DESCRIPTION "The AS number. It also uniquely identifies the AS." ::= {iRRASTableEntry 1} iRRAsName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-write STATUS current DESCRIPTION " The name of the AS." ::= {iRRASTableEntry 2} -- etc. -- etc. END 7. Acknowledgments This document draws from the discussion within the WIDE project and with personnel of NTT-Data's networking group. 8. References [1] C. Alaettinoglu, T. Bates, E. Gerich, D. Karrenberg, D. Meyer, M. Terpstra, and C. Villamizar. Routing policy specification language (rpsl). Technical Report RFC 2280, Internet Engineering Task Force, 1998. ftp://ds.internic.net/rfc/rfc2280.txt. [2] T. Bates, E. Gerich, L. Joncheray, J-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu. Representation of ip routing policies in a routing reg- istry (ripe-81++). Technical Report RFC 1786, Internet Engineer- ing Task Force, 1995. ftp://ds.internic.net/rfc/rfc1786.txt. [3] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University, January 1996. Expires: February 7, 1998 [Page 8] Internet Draft August 5 1997 [4] McCloghrie, K., and M. Rose, Editors, "Management Information Base for Network Management of TCP/IP-based internets: MIB-II", STD 17, RFC 1213, Hughes LAN Systems, Performance Systems International, March 1991. [5] Case, J., McCloghrie, K., Rose, M., and S, Waldbusser, "Protocol Operations for version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, SNMP Research,Inc., Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon University, January 1996. [6] Case, J., McCloghrie, K., Rose, M., Waldbusser, S., "Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1903, January 1996. [7] Case, J., McCloghrie, K., Rose, M., Waldbusser, S., "Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1904, January 1996. [8] Meyer, D., Schmitz, J., Orange, C., Alaettinoglu, C., "Using RPSL in Practice", work in progress, draft-ietf-rps-appl-rpsl-02.txt. Security Considerations The contents of the IRR are sensitive and are likely to effect the operation on a small or large scale. The defined MIB provides read-write access to information in the IRR. Thus it may be used for active attacks on the system. Proper access controls and security mechanism available in the SNMP framework need to put in place to before allowing write access. Authors' Addresses Glenn Mansfield Cyber Solutions Inc. 6-6-3 Minami Yoshinari Aoba-ku, Sendai 989-3204 Japan Phone: +81-22-303-4012 EMail: glenn@cysols.com Expires: February 7, 1998 [Page 9]