INTERNET-DRAFT VRRP unified MIB October 2003 VRRP working group Internet Draft k. Tata Document: draft-ietf-vrrp-unified-mib-00.txt Nokia inc. Expires: December 2002 k. Karlekar Nokia inc. B. Jewell Copper Mountain Networks Inc. October 2003 Definitions of Managed Objects for the VRRPv2 and VRRpv3 draft-ietf-vrrp-unified-mib-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This document is a product of the VRRP working group.Comments should be addressed to the authors, or the mailing list at vrrp@ietf.org. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Tata, karlekar & Jewell Expires - April 2004 [Page 1] INTERNET-DRAFT VRRP unified MIB October 2003 Abstract This specification defines a Management Information Base (MIB) for use with SNMP-based network management. In particular, it defines objects for configuring, monitoring, and controlling routers that employ the Virtual Router Redundancy Protocol for both IPv4 and IPv6 as defined in RFC xxxx (RFC-editor, this is currently draft-ietf- vrrp-spec-v2-09.txt) and RFC yyyy (RFC-editor, this is currently draft-ietf-vrrp-ipv6-spec-04.txt ). This memo obsolates RFC 2787. Table of Contents 1. The Internet-Standard Management Framework.....................2 2. Revision History...............................................3 3. Overview.......................................................3 3.1 Multi-Stack Implementations................................3 3.2 VRRP MIB Structure.........................................3 3.3 VRRP MIB Table Design......................................4 3.4 Relation to Interface Group (RFC 2233) [xx]................4 3.5 VRRPv2 Scenario............................................4 3.6 VRRPv2 Scenario............................................7 3.7 Multi-Stack scenario.......................................7 4. Definitions....................................................7 5. Security considerations.......................................27 6. References....................................................28 6.1 Normative.................................................28 6.2 Informative...............................................29 7. Acknowledgements..............................................29 8. Author's Addresses............................................29 9. Changes from RFC 2787.........................................30 10. Intellectual Property Statement..............................30 11. Full Copyright Statement.....................................31 1. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 ofRFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, Tata, karlekar & Jewell Expires - April 2004 [Page 2] INTERNET-DRAFT VRRP unified MIB October 2003 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 2. Revision History This is the first draft. 3. Overview VRRP protocols as defined in draft-ietf-vrrp-spec-v2-09.txt [RFC xxxx] and draft-ietf-vrrp-ipv6-spec-04.txt [RFCyyyy] are inherently IP version specific. Though both the protocols are similar they are not identical and can coexist on a network element. RFC 2787 [RFC2787] defines managed objects that are specific to VRRP protocol for IPv4 networks as defined in RFC 2338 [RFC2338]. This document defines an IP version independent managed objects for configuring and monitoring VRRP for protocols. VRRPv2 and VRRPv3 protocols are similar in operation to an extent and hence the MIB defined has common groups that should be implemented by devices running either of the VRRPv2 and VRRPv3 protocols. This specification also defines MIB groups that are specific to a particular VRRP protocol and should only be implemented in devices supporting the specified version of VRRP protocol. 3.1 Multi-Stack Implementations This MIB is designed to support Multi-Stack implementations that run both VRRPv2 and VRRPv3 protocols. As MAC address for the interface is calculated based on the VRID, a different VRID should be used for VRRPv2 and VRRPv3 running on a given interface. Thus indexing the common tables on VRID and ifIndex should suffice to uniquely identify rows in a multi stack implementation. 3.2 VRRP MIB Structure The VRRP MIB contains three groups: - vrrpOperations Group: Objects related to VRRP router's configuration and control. - vrrpStatistics Group: Objects containing information useful in monitoring the operation of VRRP IPv6 routers. - vrrpNotifications Group: Consists of objects and definitions for use in SNMP notifications sent by VRRP Ipv6 routers. It also defines a VRRPv2 specific table: - The vrrpAssoIpAddrTable, which contains the addresses of the virtual router(s) that a given VRRP router is backing up. Tata, karlekar & Jewell Expires - April 2004 [Page 3] INTERNET-DRAFT VRRP unified MIB October 2003 Tables in the MIB include the following: (1)The vrrpOperTable, which contains objects that define the operational characteristics of a VRRP router. Rows in this table correspond to instances of virtual routers. (2)The vrrpRouterStatsTable which contains the operating statistics for a VRRP IPv6 router. (3)The vrrpAssoIpAddrTable, which contains the addresses of the virtual router(s) that a given VRRP router is backing up. This table is required only for VRRPv2 implementations. 3.3 VRRP MIB Table Design The tables in the VRRP MIB are structured with the assumption that a VRRP network management application would likely be designed to display information or provide configuration about a VRRP router on a "per-virtual-router basis". Thus, the tables defined in the MIB consist of conceptual rows which are grouped in a manner to present a view of individual virtual routers with a minimal number of SNMP operations. 3.4 Relation to Interface Group (IF-MIB) Since a router can be participating in VRRP on one or more physical interfaces, "ifIndex" is used as an index into the tables defined in the VRRP MIB. 3.5 VRRPv2 Scenario The following section provides examples of how some of the objects in this MIB are instantiated. KEY: ---- The labels in the following tables and diagrams correspond to the actual MIB objects as follows: if = IfIndex VrId = vrrpOperVrId State = vrrpOperState Prior = vrrpOperPriority AddrType= vrrpOperIpAddrType IpAddr = vrrpOperMasterIpAddr RowStat = vrrpOperRowStatus The following figure shows a simple network with two VRRPv2 routers configured with two virtual routers. This sample topology is taken Tata, karlekar & Jewell Expires - April 2004 [Page 4] INTERNET-DRAFT VRRP unified MIB October 2003 from the VRRP specification [xx]. Addresses in '()' indicate the address of the default gateway for a given host, H1 - H4. In the diagram, "Interface" is used in the context defined in IF-MIB [xx]. VRID=1 VRID=2 +-----+ +-----+ | MR1 | | MR2 | | & | | & | | BR2 | | BR1 | +-----+ +-----+ IP A -------->* *<---------- IP B Interface=I1 | | Interface=I2 | | | | ------------------+------------+-----+--------+--------+--------+-- ^ ^ ^ ^ | | | | (IP A) (IP A) (IP B) (IP B) | | | | +--+--+ +--+--+ +--+--+ +--+--+ | H1 | | H2 | | H3 | | H4 | +-----+ +-----+ +--+--+ +--+--+ ----- MIB Tables For VRRPv2 Router "IP A": ----- vrrpOperTable ------------- | if | VrId | State | Prior | AddrType| IpAddr | ... | RowStat | +----+--------+-------+-------+---------+--------+-( )-+---------+ | | | | | | | | | | I1 | 01 | M | 255 | 1 | A | | active | | | | | | | | | | +----+--------+-------+-------+---------+--------+-( )-+---------+ | | | | | | | | | | I1 | 02 | B | 1-254 | 1 | B | | active | | | | | | | | | | +----+--------+-------+-------+---------+--------+-( )-+---------+ Tata, karlekar & Jewell Expires - April 2004 [Page 5] INTERNET-DRAFT VRRP unified MIB October 2003 vrrpAssoIpAddrTable ------------------- | if | VrId | AddrType | IP | RowStat | +----+------+----------+------+---------+ | | | | | | | I1 | 01 | 1 | A | active | | | | | | | +----+------+----------+------+---------+ | | | | | | | I1 | 02 | 1 | B | active | | | | | | | +----+------+----------+------+---------+ ----- MIB Tables For VRRPv3 Router "IPv6 B": ----- vrrpOperTable ------------- | if | VrId | State | Prior | AddrType| IpAddr | ... | RowStat | +----+--------+-------+-------+---------+--------+-( )-+---------+ | | | | | | | | | | I2 | 01 | B | 1-254 | 1 | A | | active | | | | | | | | | | +----+--------+-------+-------+---------+--------+-( )-+---------+ | | | | | | | | | | I2 | 02 | M | 255 | 1 | B | | active | | | | | | | | | | +----+--------+-------+-------+---------+--------+-( )-+---------+ vrrpAssoIpAddrTable ------------------- | if | VrId | AddrType | IP | RowStat | +----+------+----------+------+---------+ | | | | | | | I1 | 01 | 1 | A | active | | | | | | | +----+------+----------+------+---------+ | | | | | | | I1 | 02 | 1 | B | active | | | | | | | +----+------+----------+------+---------+ NOTES: 1) "I1" and "I2" are used to designate IF indices on each respective router. 2) For "State": M = Master; B = Backup. Tata, karlekar & Jewell Expires - April 2004 [Page 6] INTERNET-DRAFT VRRP unified MIB October 2003 3) In the vrrpIpv6OperTable, a "priority" of 255 indicates that the respective router owns the IPv6 address, e.g., this IPv6 address is native to the router (i.e., "the IPv6 Address Owner" [17]). 3.6 VRRPv2 Scenario This section will be added at in the next revision if required. 3.7 Multi-Stack scenario This section will be added at in the next revision if required. 4. Definitions VRRP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Integer32, mib-2, Unsigned32 FROM SNMPv2-SMI TEXTUAL-CONVENTION, RowStatus, MacAddress, TruthValue, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF ifIndex FROM IF-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB; vrrpMIB MODULE-IDENTITY LAST-UPDATED "200310150000Z" ORGANIZATION "IETF VRRP Working Group" CONTACT-INFO "Kalyan Tata (editor) Nokia Inc. 313 Fair Child Dr. Mountain View, CA 94043" DESCRIPTION "This MIB describes objects used for managing Virtual Router Redundancy Protocol (VRRP) over IPv4 and IPv6 protocols. This MIB supports both VRRPv2 and VRRPv3 protocols simultaniously running on a given interface of a router. Copyright (C) The Internet Society (2003). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." Tata, karlekar & Jewell Expires - April 2004 [Page 7] INTERNET-DRAFT VRRP unified MIB October 2003 REVISION "200310150000Z" -- 15 Oct 2003 DESCRIPTION "Initial version as published in xxxx" ::= { mib-2 68 } -- -- Textual Conventions -- VrId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A number which, along with an interface index (IfIndex), serves to uniquely identify a virtual router on a given VRRP router. A set of one or more associated addresses is assigned to a VRID for VRRPv2 protocol." SYNTAX Integer32 (1..255) -- -- VRRP MIB Groups -- vrrpOperations OBJECT IDENTIFIER ::= { vrrpMIB 1 } vrrpStatistics OBJECT IDENTIFIER ::= { vrrpMIB 2 } vrrpConformance OBJECT IDENTIFIER ::= { vrrpMIB 3 } -- -- Start of MIB objects -- vrrpNodeVersion OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "This value identifies the particular version of the VRRP supported by this node. This has been deprecated as a node can run multiple VRRP versions." ::= { vrrpOperations 1 } vrrpNotificationCntl OBJECT-TYPE SYNTAX INTEGER { enabled (1), disabled (2) } MAX-ACCESS read-write Tata, karlekar & Jewell Expires - April 2004 [Page 8] INTERNET-DRAFT VRRP unified MIB October 2003 STATUS current DESCRIPTION "Indicates whether the VRRP-enabled router will generate SNMP traps for events defined in this MIB. 'Enabled' results in SNMP traps; 'disabled', no traps are sent." DEFVAL { enabled } ::= { vrrpOperations 2 } -- -- VRRP Operations Table -- vrrpOperTable OBJECT-TYPE SYNTAX SEQUENCE OF VrrpOperEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Operations table for a VRRP router which consists of a sequence (i.e., one or more conceptual rows) of 'vrrpOperEntry' items." ::= { vrrpOperations 3 } vrrpOperEntry OBJECT-TYPE SYNTAX VrrpOperEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the vrrpOperTable containing the operational characteristics of a virtual router. On a VRRP router, a given virtual router is identified by a combination of the IF index and VRID. Note that rows in this table can be distinguished on a Multi-stacked device that is running both VRRPv2 and VRRPv3 on a single interface (and hence the same IfIndex) by the VrID which will be different for VRRPv2 and VRRPv3. Rows in the table cannot be modified unless the value of `vrrpOperAdminState' is `disabled' and the `vrrpOperState' has transitioned to `initialize'." INDEX { ifIndex, vrrpOperVrId } ::= { vrrpOperTable 1 } VrrpOperEntry ::= SEQUENCE { vrrpOperVrId VrId, vrrpOperVirtualMacAddr Tata, karlekar & Jewell Expires - April 2004 [Page 9] INTERNET-DRAFT VRRP unified MIB October 2003 MacAddress, vrrpOperState INTEGER, vrrpOperAdminState INTEGER, vrrpOperPriority Integer32, vrrpOperIpAddrCount Integer32, vrrpOperMasterIpAddrType InetAddressType, vrrpOperMasterIpAddr InetAddress, vrrpOperPrimaryIpAddrType InetAddressType, vrrpOperPrimaryIpAddr InetAddress, vrrpOperAdvertisementInterval Integer32, vrrpOperPreemptMode TruthValue, vrrpOperVirtualRouterUpTime TimeStamp, vrrpOperProtocol INTEGER, vrrpOperRowStatus RowStatus } vrrpOperVrId OBJECT-TYPE SYNTAX VrId MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains the Virtual Router Identifier (VRID)." ::= { vrrpOperEntry 1 } vrrpOperVirtualMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The virtual MAC address of the virtual router.Although this object can be derived from the 'vrrpOperVrId' object, it is defined so that it is easily obtainable by a management application and can be included in VRRP-related SNMP traps." ::= { vrrpOperEntry 2 } vrrpOperState OBJECT-TYPE Tata, karlekar & Jewell Expires - April 2004 [Page 10] INTERNET-DRAFT VRRP unified MIB October 2003 SYNTAX INTEGER { initialize(1), backup(2), master(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current state of the virtual router. This object has three defined values: - `initialize', which indicates that all the virtual router is waiting for a startup event. - `backup', which indicates the virtual router is monitoring the availability of the master router. - `master', which indicates that the virtual router is forwarding packets for IP addresses that are associated with this router. Setting the `vrrpOperAdminState' object (below) initiates transitions in the value of this object." ::= { vrrpOperEntry 3 } vrrpOperAdminState OBJECT-TYPE SYNTAX INTEGER { up(1), down(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This object will enable/disable the virtual router function. Setting the value to `up', will transition the state of the virtual routerfrom `initialize' to `backup' or `master', depending on the value of `vrrpOperPriority'. Setting the value to `down', will transition the router from `master' or `backup' to `initialize'. State transitions may not be immediate; they sometimes depend on other factors, such as the interface (IF) state. The `vrrpOperAdminState' object must be set to `down' prior to modifying the other read-create objects in the conceptual row. The value of the `vrrpOperRowStatus' object (below) must be `active', signifying that the conceptual row is valid (i.e., the objects are correctly set), in order for this object to be set to `up'." Tata, karlekar & Jewell Expires - April 2004 [Page 11] INTERNET-DRAFT VRRP unified MIB October 2003 DEFVAL { down } ::= { vrrpOperEntry 4 } vrrpOperPriority OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the priority to be used for the virtual router master election process. Higher values imply higher priority. A priority of '0', although not settable, is sent by the master router to indicate that this router has ceased to participate in VRRP and a backup virtual router should transition to become a new master. A priority of 255 is used for the router that owns the associated IP address(es)." DEFVAL { 100 } ::= { vrrpOperEntry 5 } vrrpOperIpAddrCount OBJECT-TYPE SYNTAX Integer32 (0..255) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IPv4 addresses that are associated with this virtual router. This number is equal to the number of rows in the vrrpAssoIpAddrTable that correspond to a given IF index/VRID pair. This should be set to 0 for VRRPv3 implementations. " ::= { vrrpOperEntry 6 } vrrpOperMasterIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "This specifies the the type of inetAddress in this row." ::= { vrrpOperEntry 7 } vrrpOperMasterIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION Tata, karlekar & Jewell Expires - April 2004 [Page 12] INTERNET-DRAFT VRRP unified MIB October 2003 "The master router's real (primary) IP address. This is the IP address listed as the source in VRRP advertisement last received by this virtual router." ::= { vrrpOperEntry 8 } vrrpOperPrimaryIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "This specifies the the type of vrrpOperPrimaryIpAddr. This is applicable for rows describing VRRP for IPv4 only." ::= { vrrpOperEntry 9 } vrrpOperPrimaryIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This is applicable for rows that describe VRRPv2. In the case where there is more than one IP address for a given `ifIndex', this object is used to specify the IP address that will become the `vrrpOperMasterIpAddr', should the virtual router transition from backup to master. If this object is set to 0.0.0.0, the IP address which is numerically lowest will be selected. This should be set to 0.0.0.0 for rows specifying VRRPv3" DEFVAL { '00000000'H } -- 0.0.0.0 ::= { vrrpOperEntry 10 } -- Removed Auth vrrpOperAdvertisementInterval OBJECT-TYPE SYNTAX Integer32 (1..255) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The time interval, in seconds, between sending advertisement messages. Only the master router sends VRRP advertisements." DEFVAL { 1 } ::= { vrrpOperEntry 11 } vrrpOperPreemptMode OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current Tata, karlekar & Jewell Expires - April 2004 [Page 13] INTERNET-DRAFT VRRP unified MIB October 2003 DESCRIPTION "Controls whether a higher priority virtual router will preempt a lower priority master." DEFVAL { true } ::= { vrrpOperEntry 12 } vrrpOperVirtualRouterUpTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "This is the value of the `sysUpTime' object when this virtual router (i.e., the `vrrpOperState') transitioned out of `initialized'." ::= { vrrpOperEntry 13 } vrrpOperProtocol OBJECT-TYPE SYNTAX INTEGER { ipv4 (1), ipv6 (2), bridge (3), decnet (4), other (5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The particular protocol being controlled by this Virtual Router. New enumerations to this list can only be added via a new RFC on the standards track." DEFVAL { ipv4 } ::= { vrrpOperEntry 14 } vrrpOperRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status variable, used in accordance to installation and removal conventions for conceptual rows. The rowstatus of a currently active row in the vrrpOperTable is constrained by the operational state of the corresponding virtual router. When `vrrpOperRowStatus' is set to active(1), no other objects in the conceptual row, with the exception of `vrrpOperAdminState', can be modified. Prior to setting the `vrrpOperRowStatus' object from `active' to a different Tata, karlekar & Jewell Expires - April 2004 [Page 14] INTERNET-DRAFT VRRP unified MIB October 2003 value, the `vrrpOperAdminState' object must be set to `down' and the `vrrpOperState' object be transitioned to `initialize'. To create a row in this table, a manager sets this object to either createAndGo(4) or createAndWait(5). Until instances of all corresponding columns are appropriately configured, the value of the corresponding instance of the `vrrpOperRowStatus' column will be read as notReady(3). In particular, a newly created row cannot be made active(1) until (minimally) the corresponding instance of `vrrpOperVrId' has been set and there is at least one active row in the `vrrpAssoIpAddrTable' defining an associated IP address for the virtual router." ::= { vrrpOperEntry 15 } -- -- VRRP Associated Address Table - for VRRP over IPv4 only -- vrrpAssoIpAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF VrrpAssoIpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of addresses associated with this virtual router." ::= { vrrpOperations 4 } vrrpAssoIpAddrEntry OBJECT-TYPE SYNTAX VrrpAssoIpAddrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table contains an IP address that is associated with a virtual router. The number of rows for a given ifIndex and VrId will equal the number of IP addresses associated (e.g., backed up) by the virtual router (equivalent to 'vrrpOperIpAddrCount'). Rows in the table cannot be modified unless the value of `vrrpOperAdminState' is `disabled' and the `vrrpOperState' has transitioned to `initialize'." INDEX { ifIndex, vrrpOperVrId, vrrpAssoIpAddrType, vrrpAssoIpAddr } ::= { vrrpAssoIpAddrTable 1 } Tata, karlekar & Jewell Expires - April 2004 [Page 15] INTERNET-DRAFT VRRP unified MIB October 2003 VrrpAssoIpAddrEntry ::= SEQUENCE { vrrpAssoIpAddrType InetAddressType, vrrpAssoIpAddr InetAddress, vrrpAssoIpAddrRowStatus RowStatus } vrrpAssoIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The assigned IP addresses that a virtual router is responsible for backing up." ::= { vrrpAssoIpAddrEntry 1 } vrrpAssoIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "The assigned IP addresses that a virtual router is responsible for backing up. Implementors need to be aware that if the size of of vrrpAssoIpAddr exceeds 112 octets then OIDs of instances of columns in this row will have more than 128 sub-identifiers and cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3." ::= { vrrpAssoIpAddrEntry 2 } vrrpAssoIpAddrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status variable, used according to installation and removal conventions for conceptual rows. Setting this object to active(1) or createAndGo(4) results in the addition of an associated address for a virtual router. Destroying the entry or setting it to notInService(2) removes the associated address from the virtual router. The use of other values is implementation-dependent. " ::= { vrrpAssoIpAddrEntry 3 } -- -- VRRP Router Statistics -- vrrpRouterChecksumErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only Tata, karlekar & Jewell Expires - April 2004 [Page 16] INTERNET-DRAFT VRRP unified MIB October 2003 STATUS current DESCRIPTION "The total number of VRRP packets received with an invalid VRRP checksum value." ::= { vrrpStatistics 1 } vrrpRouterVersionErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of VRRP packets received with an unknown or unsupported version number." ::= { vrrpStatistics 2 } vrrpRouterVrIdErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of VRRP packets received with an invalid VRID for this virtual router." ::= { vrrpStatistics 3 } -- -- VRRP Router Statistics Table -- vrrpRouterStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF VrrpRouterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of virtual router statistics." ::= { vrrpStatistics 4 } vrrpRouterStatsEntry OBJECT-TYPE SYNTAX VrrpRouterStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table, containing statistics information about a given virtual router." INDEX { ifIndex, vrrpOperVrId } ::= { vrrpRouterStatsTable 1 } VrrpRouterStatsEntry ::= SEQUENCE { Tata, karlekar & Jewell Expires - April 2004 [Page 17] INTERNET-DRAFT VRRP unified MIB October 2003 vrrpStatsBecomeMaster Counter32, vrrpStatsAdvertiseRcvd Counter32, vrrpStatsAdvertiseIntervalErrors Counter32, vrrpStatsAuthFailures Counter32, vrrpStatsIpTtlErrors Counter32, vrrpStatsPriorityZeroPktsRcvd Counter32, vrrpStatsPriorityZeroPktsSent Counter32, vrrpStatsInvalidTypePktsRcvd Counter32, vrrpStatsAddressListErrors Counter32, vrrpStatsInvalidAuthType Counter32, vrrpStatsAuthTypeMismatch Counter32, vrrpStatsPacketLengthErrors Counter32, vrrpStatsHopLimitErrors Counter32, vrrpStatsDiscontinuityTime TimeStamp, vrrpStatsRefreshRate Unsigned32 } vrrpStatsBecomeMaster OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times that this virtual router's state has transitioned to MASTER. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 1 } vrrpStatsAdvertiseRcvd OBJECT-TYPE Tata, karlekar & Jewell Expires - April 2004 [Page 18] INTERNET-DRAFT VRRP unified MIB October 2003 SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of VRRP advertisements received by this virtual router. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 2 } vrrpStatsAdvertiseIntervalErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of VRRP advertisement packets received for which the advertisement interval is different than the one configured for the local virtual router. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 3 } vrrpStatsAuthFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The total number of VRRP packets received that do not pass the authentication check. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 4 } vrrpStatsIpTtlErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current Tata, karlekar & Jewell Expires - April 2004 [Page 19] INTERNET-DRAFT VRRP unified MIB October 2003 DESCRIPTION "The total number of VRRP packets received by the virtual router with IP TTL (Time-To-Live) not equal to 255. This should be set to zero for rows indicating VRRPv3 statistics. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 5 } vrrpStatsPriorityZeroPktsRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of VRRP packets received by the virtual router with a priority of '0'. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 6 } vrrpStatsPriorityZeroPktsSent OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of VRRP packets sent by the virtual router with a priority of '0'. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 7 } vrrpStatsInvalidTypePktsRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of VRRP packets received by the virtual router Tata, karlekar & Jewell Expires - April 2004 [Page 20] INTERNET-DRAFT VRRP unified MIB October 2003 with an invalid value in the 'type' field. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 8 } vrrpStatsAddressListErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received for which the address list does not match the locally configured list for the virtual router. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 9 } vrrpStatsInvalidAuthType OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS deprecated DESCRIPTION "The total number of packets received with an unknown authentication type. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 10 } vrrpStatsAuthTypeMismatch OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received with 'Auth Type' not equal to the locally configured authentication method (`vrrpOperAuthType'). Tata, karlekar & Jewell Expires - April 2004 [Page 21] INTERNET-DRAFT VRRP unified MIB October 2003 Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 11 } vrrpStatsPacketLengthErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received with a packet length less than the length of the VRRP header. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 12 } vrrpStatsHopLimitErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of VRRPv3 packets received by the virtual router with IPv6 hop limit not equal to 255. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 13 } vrrpStatsDiscontinuityTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which any one or more of this entry's counters suffered a discontinuity. If no such discontinuities have occurred since the last re- Tata, karlekar & Jewell Expires - April 2004 [Page 22] INTERNET-DRAFT VRRP unified MIB October 2003 initialization of the local management subsystem, then this object contains a zero value. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 14 } vrrpStatsRefreshRate OBJECT-TYPE SYNTAX Unsigned32 UNITS "milli-seconds" MAX-ACCESS read-only STATUS current DESCRIPTION "The minimum reasonable polling interval for this entry. This object provides an indication of the minimum amount of time required to update the counters in this entry. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of vrrpStatsDiscontinuityTime." ::= { vrrpRouterStatsEntry 15 } -- -- Trap Definitions -- vrrpNotifications OBJECT IDENTIFIER ::= { vrrpMIB 0 } vrrpTrapNewMasterReason OBJECT-TYPE SYNTAX INTEGER { priority (0), preempted (1), masterNoResponse (2) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This indicates the reason for NewMaster trap. Used by vrrpTrapNewMaster trap." ::= { vrrpOperations 6 } vrrpTrapProtoErrReason OBJECT-TYPE SYNTAX INTEGER { Tata, karlekar & Jewell Expires - April 2004 [Page 23] INTERNET-DRAFT VRRP unified MIB October 2003 hopLimitError (0), versionError (1), checksumError (2), vridError(3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This indicates the reason for protocol error trap. Used by vrrpTrapProtoError trap." ::= { vrrpOperations 7 } vrrpTrapNewMaster NOTIFICATION-TYPE OBJECTS { vrrpOperMasterIpAddrType, vrrpOperMasterIpAddr, vrrpTrapNewMasterReason } STATUS current DESCRIPTION "The newMaster trap indicates that the sending agent has transitioned to 'Master' state." ::= { vrrpNotifications 1 } vrrpTrapProtoError NOTIFICATION-TYPE OBJECTS { vrrpTrapProtoErrReason } STATUS current DESCRIPTION "The error trap indicates that the sending agent has encountered the protocol error indicated by ErrorReason." ::= { vrrpNotifications 2 } -- -- Conformance Information -- vrrpMIBCompliances OBJECT IDENTIFIER ::= { vrrpConformance 1 } vrrpMIBGroups OBJECT IDENTIFIER ::= { vrrpConformance 2 } -- -- Compliance Statements -- vrrpMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "This compliance is deprecated in favour of vrrpMIBCompliance2." Tata, karlekar & Jewell Expires - April 2004 [Page 24] INTERNET-DRAFT VRRP unified MIB October 2003 MODULE -- this module MANDATORY-GROUPS { vrrpDeprecatedGroup } ::= { vrrpMIBCompliances 1 } vrrpMIBCompliance2 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for all VRRP implementations either VRRPv2 or VRRPv3." MODULE -- this module MANDATORY-GROUPS { vrrpOperGroup, vrrpStatsGroup, vrrpTrapGroup, vrrpNotificationGroup } GROUP vrrpIpv4Group DESCRIPTION "This group is mandatory for all systems supporting VRRPv2." GROUP vrrpIpv6Group DESCRIPTION "This group is mandatory for all systems supporting VRRPv3." OBJECT vrrpOperPriority WRITE-SYNTAX Integer32 (1..255) DESCRIPTION "SETable values are from 1 to 255." ::= { vrrpMIBCompliances 2 } -- -- Conformance Groups -- vrrpOperGroup OBJECT-GROUP OBJECTS { vrrpNotificationCntl, vrrpOperVirtualMacAddr, vrrpOperState, vrrpOperAdminState, vrrpOperPriority, vrrpOperMasterIpAddrType, vrrpOperMasterIpAddr, vrrpOperPrimaryIpAddrType, vrrpOperPrimaryIpAddr, Tata, karlekar & Jewell Expires - April 2004 [Page 25] INTERNET-DRAFT VRRP unified MIB October 2003 vrrpOperAdvertisementInterval, vrrpOperPreemptMode, vrrpOperVirtualRouterUpTime, vrrpOperProtocol, vrrpOperRowStatus, vrrpAssoIpAddrRowStatus } STATUS current DESCRIPTION "Conformance group for VRRPv2 and VRRPv3 operations." ::= { vrrpMIBGroups 1 } vrrpStatsGroup OBJECT-GROUP OBJECTS { vrrpRouterChecksumErrors, vrrpRouterVersionErrors, vrrpRouterVrIdErrors, vrrpStatsBecomeMaster, vrrpStatsAdvertiseRcvd, vrrpStatsAdvertiseIntervalErrors, vrrpStatsPriorityZeroPktsRcvd, vrrpStatsPriorityZeroPktsSent, vrrpStatsInvalidTypePktsRcvd, vrrpStatsAddressListErrors, vrrpStatsAuthTypeMismatch, vrrpStatsPacketLengthErrors, vrrpStatsDiscontinuityTime, vrrpStatsRefreshRate } STATUS current DESCRIPTION "Conformance group for VRRPv2 and VRRPv3 statistics." ::= { vrrpMIBGroups 2 } vrrpIpv4Group OBJECT-GROUP OBJECTS { vrrpOperIpAddrCount, vrrpOperPrimaryIpAddr, vrrpOperPrimaryIpAddrType, vrrpAssoIpAddrRowStatus, vrrpStatsIpTtlErrors } STATUS current DESCRIPTION "Conformance group for VRRPv2 implementations." ::= { vrrpMIBGroups 3 } vrrpIpv6Group OBJECT-GROUP Tata, karlekar & Jewell Expires - April 2004 [Page 26] INTERNET-DRAFT VRRP unified MIB October 2003 OBJECTS { vrrpStatsHopLimitErrors } STATUS current DESCRIPTION "Conformance group for VRRPv3 implementations." ::= { vrrpMIBGroups 4 } vrrpDeprecatedGroup OBJECT-GROUP OBJECTS { vrrpStatsAuthFailures, vrrpStatsInvalidAuthType, vrrpNodeVersion } STATUS deprecated DESCRIPTION "Deprecated objects." ::= { vrrpMIBGroups 5 } vrrpTrapGroup OBJECT-GROUP OBJECTS { vrrpTrapNewMasterReason, vrrpTrapProtoErrReason } STATUS current DESCRIPTION "Conformance group for objects contained in VRRP notifications." ::= { vrrpMIBGroups 6 } vrrpNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { vrrpTrapNewMaster, vrrpTrapProtoError } STATUS current DESCRIPTION "The VRRP MIB Notification Group." ::= { vrrpMIBGroups 7 } END 5. Security considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network Tata, karlekar & Jewell Expires - April 2004 [Page 27] INTERNET-DRAFT VRRP unified MIB October 2003 environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: A number of objects in the vrrpOperTable possess the read-create attribute. Manipulation of these objects is capable of affecting the operation of a virtual router. Specific examples of this include, but are not limited to: o The vrrpOperAdminState object which could be used to disable a virtual router. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 6. References 6.1 Normative [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. Tata, karlekar & Jewell Expires - April 2004 [Page 28] INTERNET-DRAFT VRRP unified MIB October 2003 [RFCxxxx] Robert Hinden, "Virtual Router Redundancy Protocol", (draft-ietf-vrrp-spec-v2-09.txt), August 2003. [RFCyyyy] Robert Hinden, "Virtual Router Redundancy Protocol for IPv6", (draft-ietf-vrrp-ipv6-spec-05.txt), June 2003. [RFC2787] Jewell & Chuang, "Definitions of Managed Objects for the Virtual Router Redundancy Protocol", RFC 2787, March 2000. 6.2 Informative [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. 7. Acknowledgements This specification is based on RFC 2787. The authors of RFC2787 are Brian Jewell and David Chuang 8. Author's Addresses Kalyan Tata Nokia Inc. 313 Fair Child Dr. Mountain View, California 94043 US Phone: +1 408-505-0542 Email: kalyan.tata@nokia.com Kripakaran karlekar Nokia Inc. 313 Fair Child Dr. Mountain View, California 94087 US Phone: +1 - Email: kripakaran.karlekar@nokia.com Brian R. Jewell Copper Mountain Networks, Inc. 2470 Embarcadero Way Palo Alto, California 94303 Tata, karlekar & Jewell Expires - April 2004 [Page 29] INTERNET-DRAFT VRRP unified MIB October 2003 US Phone: +1 650 687 3367 Email: bjewell@coppermountain.com 9. Changes from RFC 2787 - General rewrite to change MIB definition to accommodate protocol changes in virtual router functionality from RFC 2338 and to accomidate VRRP for IPv6. - Change all definitions of IPaddress to InetAddress and add InetAddressType as defined in RFC 3291 in the following : o vrrpOperTable defined with vrrpOperIpAddrType and vrrpOperMasterIpAddr. - Added vrrpIpv6StatsAsMasterUpTime to vrrpIPv6Statisctcs group. - Authentication has been removed from VRRPv2 and there is no authentication mechanism defined in VRRP for IPv6 protocol. So all authentication related configuration, statistics and notifications are removed. - Added ifIndex and vrrpOperVrId to vrrpTrapNewMaster. - Added new trap to indicate various errors encountered by the VRRP protocol. - Added ErrorReason to indicate the reason for vrrpErrorTrap. - Updated mib description with copyright information. - Modify conformance statement to reflect changes in vrrpOperGroup and vrrpStatsGroup. 10. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards- related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Tata, karlekar & Jewell Expires - April 2004 [Page 30] INTERNET-DRAFT VRRP unified MIB October 2003 11. Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 14. RFC Editor Notes This section contains notes to the RFC Editor and should be removed as the document is converted into an RFC. In the module identity section of the MIB (beginning of section 5) the RFC number of this document must be added in the description field (replacing xxxx). In the references section (8.1) the reference to the ID for rfc3291bis must be replaced with a proper RFC (not yet issued as I write this.) Tata, karlekar & Jewell Expires - April 2004 [Page 31] INTERNET-DRAFT VRRP unified MIB October 2003 Tata, karlekar & Jewell Expires - April 2004 [Page 32]