Network Working Group Kam Lam (Lucent) Document: draft-ietf-disman-conditionmib-02.txt An-ni Huynh (Cetus) Expiration: July 23, 2002 David Perkins (SNMPinfo) Category: Internet Draft April 23, 2002 Alarm Report Control MIB draft-ietf-disman-conditionmib-02.txt Status of this Memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. [Editor's Note: This version (02) is an update to draft-ietf-disman-conditionmib-0.txt to narrow the scope of the document to Alarm Report Control. The text pertaining to the Condition MIB module has been removed from the document. The title of the document has also been changed to reflect the current scope. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. 1. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for controlling the reporting of alarm conditions. Table of Contents 1 Abstract .............................................. xx 2 The SNMP Network Management Framework ................. xx 3 Introduction ......................................... xx 4 ARC MIB Overview ...................................... xx 4.1 Relationship between ARC mode and Alarm Reporting ... xx 5 ARC MIB Object Definitions ............................ xx 6 Security Considerations ............................... xx 7 Acknowledgments........................................ xx 8 References ............................................ xx 9 Author's Address ...................................... xx 10 Intellectual Property ................................. xx Full Copyright Statement ................................. xx 2. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: 0 An overall architecture, described in RFC 2571 [RFC2571]. 0 Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 0 Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. 0 Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. o A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 3. Introduction The scope of this MIB is target for network operators responsible for managing the operations of network resources. This document contains an alarm reporting control (ARC) MIB module, which provides a mechanism for a manager to suppress or defer the reporting of alarm conditions based on the resource type and alarm condition type. 4. ARC MIB Overview There is a need to provide a mechanism for controlling the reporting of alarm conditions of resources in a network device. For examples, (a) inhibiting the reporting of alarm conditions of a resource until the resource is problem-free, (b) inhibiting the reporting of alarm conditions of a resource for a specified time period, or (c) inhibiting the reporting of alarm conditions of a resource until later on explicitly allowed by the managing system. The alarm reporting control (ARC) feature provides an automatic in-service provisioning capability. It allows sufficient time for service setup, customer testing, and other maintenance activities in an "alarm-free" state. Once a resource is "problem-free", alarm reporting can be automatically or manually turned on (i.e., allowed). By putting a network resource in ARC mode, (i.e., in NALM, NALM-TI, NALM-QI, or NALM-QI-CD, as described below), the technicians and managing systems will not be flooded with unnecessary work items during operations activities such as service provisioning and network setup/teardown. This will reduce maintenance costs and improve the operation and maintenance of these systems. Putting a network resource in ARC mode shall not affect the availability of active alarm condition information for potential retrieval. ITU-T Recommendation M.3100 Amendment 3 [M.3100 Amd3] provides the business requirements, analysis, and design of the Alarm Reporting Control Feature. This document defines the SNMP objects to support a subset of the ARC functions described in M.3100 Amd3. In particular, it defines a table that can be used to specify the ARC setting for the resources in a system. Specification of objects for defining and storing alarms, including active and history alarms, standing and transient alarms, are outside the scope of this document. However, the probable causes listed in IANAItuProbableCause of the ITU Alarm MIB are used by the ARC mib for specifying alarm condition types of the ARC settings. 4.1 Relationship between ARC mode and alarm reporting When the ARC mib is used in a managed system, the following rules apply: For alarm condition raised prior to entering ARC mode, reporting of alarm raised and alarm cleared will be sent as usual. For alarm condition raised after entering ARC mode and also cleared before exiting ARC mode, no reporting of alarm raised will be sent and no reporting of alarm cleared will be sent. For alarm condition raised after entering ARC mode and not cleared when exiting ARC mode, the reporting of alarm raised will be deferred until the moment of exiting ARC mode. The reporting of alarm cleared will be sent as usual (i.e., at the time of alarm cleared). Further details of the ARC function can be found in M.3100 Amd3. 5. ARC MIB Object Definition ARC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI IANAItuProbableCause FROM ALARM-MIB MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF arcMIB MODULE-IDENTITY LAST-UPDATED "200204230000Z" ORGANIZATION " " CONTACT-INFO "Kam Lam Lucent Technologies, 4C-616 101 Crawfords Corner Road Holmdel, NJ 07733, USA Tel: +1 732 949 8338 E-mail: hklam@lucent.com" DESCRIPTION "The MIB module describes the objects for controlling a resource in reporting alarm conditions that it detectes. Alarm Report Control is a feature that provides an automatic in-service provisioning capability. Alarm reporting is turned off on a per-resource basis for a selective set of potential alarm conditions to allow sufficient time for customer testing and other maintenance activities in an "alarm free" state. Once a resource is ready for service , alarm reporting is automatically or manually turned on. There are five ARC states: ALM, NALM, NALM-QI, NALM-QI-CD and NALM-TI. ALM: Alarm reporting is turned on (i.e., is allowed). NALM: Alarm reporting is turned off (i.e., not allowed). NALM-QI: NALM - Qualified Inhibit. Alarm reporting is turned off until the managed entity is qualified problem-free for a specified persistence interval. NALM-QI-CD: NALM-QI - Count down. This is a substate of NALM-QI and performs the persistence timing countdown function when the managed entity is qualified problem-free. NALM-TI: NALM - Timed Inhibit. Alarm reporting is turned off for a specified time interval. ALM may transition to NALM, NALM-QI, or NAML-TI by management request. NALM may transition to ALM, NALM-QI, or NAML-TI by management request. NALM-QI may transition to NALM or ALM by management request. NALM-QI may transition to ALM automatically if qualified problem-free (if NALM-QI-CD is not supported) or if the CD timer expired (if NALM-QI-CD is supported) NALM-TI may transition to ALM or NALM by management request. NALM-TI may transition to ALM automatically if the TI timer expired. Further details of ARC state transitions are defined in Figure 3 of M.3100 Amd3." REVISION "200204230000Z" DESCRIPTION "The initial version." ::={ mib-2 yy} ------------------ -- MIB Objects ------------------ arcMIBTimeIntervals OBJECT IDENTIFIER ::= { arcMIB 1 } arcMIBObjects OBJECT IDENTIFIER ::= { arcMIB 2 } arcMIBTITimeInterval OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates the time interval used for the nalmTI state, in units of second. It is a pre-defined length of time in which the resource will stay in the NALM-TI state before transition into the ALM state. " ::= { arcMIBTimeIntervals 1 } arcMIBCDTimeInterval OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates the time interval used for the nalmQICD state, in units of second. It is a pre-defined length of time in which the resource will stay in the NALM-QI-CD state before transition into the ALM state after it is problem-free." ::= { arcMIBTimeIntervals 2 } arcTable OBJECT-TYPE SYNTAX SEQUENCE OF ArcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of arc settings on the system." ::= { arcMIBObjects 1 } arcEntry OBJECT-TYPE SYNTAX ArcEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A conceptual row that contains information about the ARC setting of a resource in the system." INDEX { arcIndex, arcAlarmType } ::= { arcTable 1 } ArcEntry ::= SEQUENCE { arcIndex OBJECT IDENTIFIER, arcAlarmType IANAItuProbableCause, arcState INTEGER, arcNalmTimeRemaining Unsigned32 } arcIndex OBJECT-TYPE SYNTAX OBJECT IDENTIFIER MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object uniquely identifies a resource, which is under the arcState's control for the associated arcAlarmType." ::= { arcEntry 1 } arcAlarmType OBJECT-TYPE SYNTAX IANAItuProbableCause MAX-ACCESS read-create STATUS current DESCRIPTION "This object identifies the alarm condition type controled by the arcState. Only one alarm condition type is identified for each entry." ::= { arcEntry 2 } arcState OBJECT-TYPE SYNTAX INTEGER { alm (1), nalm (2), nalmQI (3), nalmTI (4), nalmQICD (5) } MAX-ACCESS read-write STATUS current DESCRIPTION "The object controls the alarm report of a resource. A manager can set the arcState to either alm, nalm, nalmQI, or nalmTI. ALM: Alarm reporting is turned on (i.e., is allowed). NALM: Alarm reporting is turned off. NALM-TI: Alarm reporting is turned off for a time interval. (TI - Time Inhibit). NALM-QI: Alarm reporting is turned off for a specified alarm type until the resource is qualified problem-free for an optional time interval. Problem-free means that the condition corresponding to the specified alarm type does not exist. (QI - Qualified Inhibit). NALM-QI-CD: This is a substate of NALM-QI and performs the persistence timing count down function after the resource is qualified problem-free. (CD - Count Down). According to the requirements in M.3100 Amendement3, a resource supporting the ARC feature shall support the ALM state and at least one of the NALM, NALM-TI, and NALM-QI states. NALM-QI-CD is an optional substate of NALM-QI. Once the resource enters the normal reporting mode (ie., in the alm state) for the specified alarm type, the corresponding entry will be automatically deleted from the arc table. The manual setting of the arcState to alm has the effect of removing the entry from the arc table. The value of nalamQICD is a transitional state from nalmQI to alm. It is optional depending on the type and the implementation of the resource. If it is supported, before the state transitions from nalmQI to alm, a count down period is activated for a duration set by the object arcNalmCDTimeInterval. When the time is up, the arcState is set to alm." ::= { arcEntry 3 } arcNalmTimeRemaining OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates the time remaining in the NALM-TI interval or the NALM-QI-CD interval, in units of second. At the moment the resource enters the NALM-TI state, this variable will have the initial value equal to the value of arcNalmTITimeInterval and then starts decrementing as time goes by. Similarly at the moment the resource enters the NALM-QI-CD state, this variable will have the initial value equal to the value of arcNalmCDTimeInterval and then starts decrementing as time goes by. This variable is read-write and thus will allow the manager to extend or shorten, as needed, the remaining time when the resource is in the NALM-TI or NALM-QI-CD state. If this variable is supported and the resource is currently not in the NALM-TI nor NAML-QI-CD state, the value of this variable shall equal to zero." ::= { arcEntry 4 } -------------------------- -- conformance information -------------------------- arcConformance OBJECT IDENTIFIER ::= { arcMIB 3 } arcCompliances OBJECT IDENTIFIER ::= { arcConformance 1 } arcCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for systems supporting the ARC MIB." MODULE -- this module MANDATORY-GROUPS { arcSettingGroup } ::= { arcCompliances 1 } arcGroups OBJECT IDENTIFIER ::= { arcConformance 2 } arcSettingGroup OBJECT-GROUP OBJECTS { arcState } STATUS current DESCRIPTION "ARC Setting group." ::= { arcGroups 1} arcTIGroup OBJECT-GROUP OBJECTS { arcMIBTITimeInterval, arcNalmTimeRemaining } STATUS current DESCRIPTION "ARC Time Inhibit group." ::= { arcGroups 2} arcQICDGroup OBJECT-GROUP OBJECTS { arcMIBCDTimeInterval, arcNalmTimeRemaining } STATUS current DESCRIPTION "ARC Quality Inhibit (QI) Count Down (CD) group." ::= { arcGroups 3} END 6. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. So, it is important to control the GET access to these objects and possibly even encrypt the object values when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [RFC2574] and the View-based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 7. Acknowledgements The authors wish to thank Brian Teer and Sharon Chisholm for reviewing and commenting on this draft. 8. References [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [RFC1212] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [RFC1215] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets - MIB-II", STD 17, RFC 1213, March 1991. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [M.3100 Amendment 3] ITU Recommendation M.3100 Amendment 3, "Generic Network Information Model", January 2001. 9. Author's Address Hing-Kam Lam Lucent Technologies 101 Crawfords Corner Road, Room 4C-616 Holmdel, NJ 07733 USA Phone: +1 732-949-8338 EMail: hklam@lucent.com An-ni Huynh Cetus Networks USA Phone: +1 732-615-5402 EMail: a_n_huynh@yahoo.com Name: David T. Perkins Company: SNMPinfo Address: 3763 Benton Street Santa Clara, CA 95051 EMail: dperkins@dsperkins.com 10. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. Expires July 23 2002 [Page xx]