PWE3 O. Nicklass Internet-Draft RAD Data Communications Expires: January 16, 2005 July 18, 2004 Managed Objects for Structure-Agnostic TDM over Packet Network draft-ietf-pwe3-satop-mib-02.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 16, 2005. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for pseudo wire encapsulation for TDM (T1, E1, T3, E3) bit-streams circuits over a Packet Switch Network (PSN). Nicklass Expires January 16, 2005 [Page 1] Internet-Draft Managed Objects for SAToP July 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions used in this document . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 4. The Internet-Standard Management Framework . . . . . . . . . 4 5. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 6. SAToP MIB module usage . . . . . . . . . . . . . . . . . . . 5 6.1 Structure of SAToP MIB . . . . . . . . . . . . . . . . . . . 5 6.2 SAToP Connection configuration Procedure . . . . . . . . . . 5 6.3 SAToP PW Monitoring . . . . . . . . . . . . . . . . . . . . 6 6.4 Example of actual SAToP PW Setup . . . . . . . . . . . . . . 6 7. Object definition . . . . . . . . . . . . . . . . . . . . . 7 8. Security considerations . . . . . . . . . . . . . . . . . . 16 9. IANA considerations . . . . . . . . . . . . . . . . . . . . 17 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 10.1 Normative references . . . . . . . . . . . . . . . . . . . . 17 10.2 Informative references . . . . . . . . . . . . . . . . . . . 19 Author's Address . . . . . . . . . . . . . . . . . . . . . . 19 Full Copyright Statement . . . . . . . . . . . . . . . . . . 20 Nicklass Expires January 16, 2005 [Page 2] Internet-Draft Managed Objects for SAToP July 2004 1. Introduction This document describes a model for managing encapsulated Structure- Agnostic TDM signals for transmission over a Packet Switched Network (PSN)[SATOP]. SAToP is currently specified to carry the TDM bit-streams disregard any structure that may be imposed on these streams, in particular the structure imposed by the standard TDM framing [G.704] The module for managing a PW service is composed of three to five layers of MIB modules functioning all together. This general model is described in the PWE3 Architecture [FWARCH]and in PWTDMMIB]. The layering model is intended to sufficiently isolate PW services from the underlying PSN layer that carries the emulated service. This is done at the same time as providing a standard means for connecting any supported services to any supported PSNs. The model for managing SAToP at its upper layers consists of combination of the MIB modules described in [DS1MIB], [DS3MIB], [TDMMIB],[PWMIB] and the textual conventions defined in [PWTC]. The top layer contains the technology-specific management objects, that exist in MIB modules for the native service such as [DS1MIB] and [DS3MIB]. The next layer down is the PW service-specific modules such as the one defined in this document and in [PWTDMMIB]. This layer by itself might consists of one or more MIB modules depending on the specific technology in use. The next layer is the Generic PW MIB [PWMIB]. This module is used to configure general parameters of PWs that are common to all types of emulated services and PSNs. This layer is connected to the service- specific layer above, and the PSN layer below. Comments should be made directly to PWE3 group at pwe3@ietf.org. 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [BCP14]. 3. Terminology SAToP terminology used in this document is taken from the [SATOP] draft that describes a mechanism for transporting Structure-Agnostic Nicklass Expires January 16, 2005 [Page 3] Internet-Draft Managed Objects for SAToP July 2004 (TDM) bit-streams over a packet-oriented network. The mechanism encapsulates TDM bit-streams (T1, E1, T3, E3) as pseudo-wires over a packet-oriented network. This emulation is referred to as "emulation of unstructured TDM circuits" in [PWTDMREQ] and suits applications where the PEs have no need to interpret TDM data or to participate in the TDM signaling. "PSN-bound" references the traffic direction where TDM data is received, adapted to packet based on number of payload bytes per packet, assigned a SAToP header (Sequence numbers, flags, and timestamps (if the RTP header is used)), prepended multiplexing layer and PSN headers and sent into the PSN. Conversely, The "CE-bound" references the traffic direction where packets are received from the PSN, packet payloads are reassembled by including a jitter buffer where payload of the received SAToP packets is stored prior to play-out to the TDM line. The size of this buffer SHOULD be locally configurable to allow accommodation to the PSN- specific packet delay variation. The CE-bound SAToP IWF SHOULD use the sequence number in the control word for detection of lost and mis-ordered packets. If the RTP header is used, the RTP sequence numbers MAY be used for the same purposes. 4. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 5. Overview This MIB module is designed to satisfy the following requirements and constraints: 1. Fits within the architecture defined in [PWMIB], [PWARCH]. 2. The MIB module supports edge-to-edge emulation of Structure- Nicklass Expires January 16, 2005 [Page 4] Internet-Draft Managed Objects for SAToP July 2004 Agnostic TDM bit-stream connections. 3. The MIB module configures the connection and its relevant behavior. 4. The MIB module reports various alarms, counters and status objects. 5. The PSN specific objects are defined in other documents. 6. SAToP MIB module usage 6.1 Structure of SAToP MIB The SAToP PW Configuration Parameter Table (pwVcSatopCfgTable) has objects for PW connection characteristics. In situations where sets of objects are common amongst few PW connections, a single entry may be referenced by many PW connection entries in pwVcTDMTable [PWTDMMIB]. 6.2 SAToP Connection configuration Procedure Configuring a SAToP PW involves the following steps: First Configure the interface layer parameters using DS1-MIB and or DS3-MIB. Next, create an entry in the pwVcTable and configure the PSN tunnels: - Follow steps as defined in [PWMIB]. NOTE: The agent should create an entry in the pwVcTDMTable [PWTDM]for any entry created in the pwVcTable with pwVcType equal one of the following values: o 17 Structure-agnostic E1 over Packet o 18 Structure-agnostic T1 (DS1) over Packet o 19 Structure-agnostic E3 over Packet o 20 Structure-agnostic T3 (DS3) over Packet Next complete the SAToP PW configuration: - If necessary, create an entry in the pwVcSatopCfgTable (a suitable entry may already exist). Nicklass Expires January 16, 2005 [Page 5] Internet-Draft Managed Objects for SAToP July 2004 - Set the index of this pwVcSatopCfgTable entry in the pwVcTDMTable [PWTDMMIB]. 6.3 SAToP PW Monitoring Upon making the SAToP PW operational, the pwVcTDMPerfCurrentTable, pwVcTDMPerfIntervalTable, and pwVcTDMPerfTable [PWTDMMIB]can be used to monitor the various counters, indicators, and conditions of the PW. 6.4 Example of actual SAToP PW Setup This section provides an example of using the various MIB objects described in Figure 1 below to set up a SAToP PW connection of DS1 type. While this example is not meant to illustrate all options of the MIB, it is intended as an aid to understanding some of the key concepts. See [PWMIB] for an example of setting up PSN Tunnels. 1. configure the DS1 interface [DS1MIB]. 2. Get a new pwVcIndexNext [PWMIB] and create a new pwVcTable [PWMIB] entry using the value of pwVcIndexNext (assume here, the PW index = 20). 3. Set the pwVcType [PWMIB] of the new entry to (18) 'Structure- agnostic T1 (DS1) over Packet'. This should create a new entry in the pwVcTDMTable [PWTDMMIB]. 4. If needed, create an entry in the pwVcTDMCfgTable. Verify that there are no error in the configuration using the relevant object. 5. If needed, create an entry in the pwVcSatopCfgTable. Verify that there are no error in the configuration using the relevant object. 6. Configure the newly created TDM PW with the required pointers, indices and the relevant entry in pwVcTDMCfgTable and in pwVcSatopCfgTable (assuming 13 and 10 respectively). In [DS1MIB] dsx1IfIndex = 4 In [PWMIB] pwVcIndex = 20 In [PWTDMMIB] pwVcTDMTable, has a corresponding index of 20. Nicklass Expires January 16, 2005 [Page 6] Internet-Draft Managed Objects for SAToP July 2004 Figure 1: An entry in pwVcSatopCfgTable In pwVcSatopCfgTable create a new entry(index = 10): { pwVcSatopCfgConsecPktLoss2Normal = 3 -- Exit LOPS state pwVcSatopCfgConsecMissPktNorma2Loss = 5 -- Enter LOPS state ... pwVcSatopCfgPktReplacePolicy = allOnes(1) ... pwVcSatopCfgMissingPktsToSes = 3 -- packets, pwVcSatopCfgRowStatus = createAndGo } Check that there are no error bits set in pwVcSatopCfgConfigError. Complete the pwVcTDMTable with: { pwVcTDMIfIndex = 4 -- IfIndex of associated DS1 entry pwVcGenTDMCfgIndex = 13 -- Index of associated entry -- in pwVcTDMCfgTable. pwVcTDMCfgIndex = 10 -- Index of associated entry -- in pwVcSatopCfgTable (above). } Check that there are no error bits set in pwVcTDMConfigError [PWTDMMIB]. It is important to note that such configuration reflects one end point of PW connection. In order to have the connection well operating, both end points should have compatible configuration, each within its own device. 7. Object definition PW-SATOP-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP Nicklass Expires January 16, 2005 [Page 7] Internet-Draft Managed Objects for SAToP July 2004 FROM SNMPv2-CONF RowStatus, StorageType FROM SNMPv2-TC pwStdMIB FROM PW-TC-DRAFT04-MIB PwVcTDMCfgIndex FROM PW-TDM-MIB; -- The SAToP MIB pwVcSatopMIB MODULE-IDENTITY LAST-UPDATED "200407180000Z" ORGANIZATION "Pseudo-Wire Emulation Edge-to-Edge (PWE3) Working Group" CONTACT-INFO " Orly Nicklass Postal: RAD Data Communications 24 Raoul Wallenberg St., Bldg C Tel Aviv 69719, Israel Email: orly_n@rad.com The PWE3 Working Group (email distribution pwe3@ietf.org, http://www.ietf.org/html.charters/pwe3-charter.html) " DESCRIPTION "This MIB contains managed object definitions for encapsulating TDM bit-streams (T1,E1, T3, E3) as pseudo-wires over packet-switching networks (PSN). as in: Structure- Agnostic TDM over Packet [SATOP]. This MIB reports to the PW-STD-MIB as in: Zelig, D., Nadeau, T. 'Pseudo Wire (PW) Management Information Base'. The PW-STD-MIB contains structures and MIB associations generic to Pseudo-Wire (PW) emulation. PW-specific MIBs (such as this) contain config and stats for specific PW types. Copyright (C) The Internet Society (2004). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices. -- RFC Ed.: replace yyyy with actual RFC number & remove this note " Nicklass Expires January 16, 2005 [Page 8] Internet-Draft Managed Objects for SAToP July 2004 ::= { pwStdMIB x } --To be assigned by IANA -- we request to assign value 6 -- Tables, Scalars pwVcSatopObjects OBJECT IDENTIFIER ::= { pwVcSatopMIB 1 } -- Notifications pwVcSatopTraps OBJECT IDENTIFIER ::= { pwVcSatopMIB 2 } -- Conformance pwVcSatopConformance OBJECT IDENTIFIER ::= { pwVcSatopMIB 3 } -- Obtain index for PW SAToP Configuration table entries pwVcSatopCfgIndexNext OBJECT-TYPE SYNTAX PwVcTDMCfgIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains the value to be used for pwVcSatopCfgIndex when creating entries in the pwVcSatopCfgTable. The value 0 indicates that no unassigned entries are available. To obtain the value of pwVcSatopCfgIndex for a new entry in the pwVcSatopCfgTable, the manager issues a management protocol retrieval operation to obtain the current value of pwVcSatopCfgIndex. After each retrieval operation, the agent should modify the value to reflect the next unassigned index. After a manager retrieves a value the agent will determine through its local policy when this index value will be made available for reuse." ::= { pwVcSatopObjects 1 } -- PW SAToP PW Configuration Table pwVcSatopCfgTable OBJECT-TYPE SYNTAX SEQUENCE OF PwVcSatopCfgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains a set of parameters that may be referenced by one or more SAToP PWs in pwVcTDMTable." REFERENCE "See [PWTDMMIB]" Nicklass Expires January 16, 2005 [Page 9] Internet-Draft Managed Objects for SAToP July 2004 ::= { pwVcSatopObjects 2 } pwVcSatopCfgEntry OBJECT-TYPE SYNTAX PwVcSatopCfgEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "These parameters define the characteristics of a SAToP PW. They are grouped here to ease NMS burden. Once an entry is created here it may be re-used by many PWs." INDEX { pwVcSatopCfgIndex } ::= { pwVcSatopCfgTable 1 } PwVcSatopCfgEntry ::= SEQUENCE { pwVcSatopCfgIndex PwVcTDMCfgIndex, pwVcSatopCfgRowStatus RowStatus, pwVcSatopCfgConsecPktsLoss2Normal Unsigned32, pwVcSatopCfgConsecMissPktNorma2Loss Unsigned32, pwVcSatopCfgPktReplacePolicy INTEGER, pwVcSatopCfgTDMDataSetUp2Synch Unsigned32, pwVcSatopCfgSetUp2SynchTimeOut Unsigned32, pwVcSatopCfgAlarmThreshold Unsigned32, pwVcSatopCfgClearAlarmThreshold Unsigned32, pwVcSatopCfgExcessivePktLossThreshold Unsigned32, pwVcSatopCfgMissingPktsToSes Unsigned32, pwVcSatopCfgTimestampMode INTEGER, pwVcSatopCfgStorageType StorageType } pwVcSatopCfgIndex OBJECT-TYPE SYNTAX PwVcTDMCfgIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "Primary index inthis table" ::= { pwVcSatopCfgEntry 1 } pwVcSatopCfgRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION Nicklass Expires January 16, 2005 [Page 10] Internet-Draft Managed Objects for SAToP July 2004 "Object used for creating, modifying, and deleting a row from this table." ::= { pwVcSatopCfgEntry 2 } -- The following counters work together to integrate -- errors and the lack of errors on the SAToP PW. An error is -- caused by a missing packet. Missing packet can be a result -- of: packet loss in the network, (uncorrectable) packet out -- of sequence, packet length error, jitter buffer overflow, -- and jitter buffer underflow. The result is declaring whether -- or not the SAToP PW is in Loss of Packet (LOPS) state. -- pwVcSatopCfgConsecPktsLoss2Normal OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The number of consecutive packets with sequential sequence numbers that are required to exit the LOPS state." REFERENCE "See [SATOP]" DEFVAL { 2 } ::= { pwVcSatopCfgEntry 3 } pwVcSatopCfgConsecMissPktNorma2Loss OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION " The number of consecutive missing packets that are required to enter the LOPS state." REFERENCE "See [SATOP]" DEFVAL { 10 } ::= { pwVcSatopCfgEntry 4 } pwVcSatopCfgPktReplacePolicy OBJECT-TYPE SYNTAX INTEGER { allOnes (1), implementationSpecific(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "This is the value to be played when CE bound packets have over/underflow the jitter buffer, or are missing Nicklass Expires January 16, 2005 [Page 11] Internet-Draft Managed Objects for SAToP July 2004 for any reason. This byte pattern is sent (played) on the TDM line." DEFVAL { 1 } -- Play all ones ::= { pwVcSatopCfgEntry 5 } pwVcSatopCfgTDMDataSetUp2Synch OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The SAToP IWF is in an intermediate state until this amount of TDM data bytes (usually half of the jitter buffer) has been received in consecutive SAToP packets. default value is set for E1 line." DEFVAL {1400 } ::= { pwVcSatopCfgEntry 6 } pwVcSatopCfgSetUp2SynchTimeOut OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The intermediate state timer is set to this value. The SAToP IWF is in an intermediate state until pwVcSatopCfgTDMDataSetUp2Synch amount of TDM data bytes has been received in consecutive SAToP packets or until this timer expires. The timer units are (millisec)" DEFVAL { 5} ::= { pwVcSatopCfgEntry 7 } pwVcSatopCfgAlarmThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "Alarms are only reported when the defect state persists for the length of time specified by this object. The object's unit is millisec" DEFVAL { 2500 } ::= { pwVcSatopCfgEntry 8 } pwVcSatopCfgClearAlarmThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "Alarm MUST be cleared after the corresponding defect is undetected for the amount of time specified by this object. Nicklass Expires January 16, 2005 [Page 12] Internet-Draft Managed Objects for SAToP July 2004 The object's unit is millisec" DEFVAL { 10000 } ::= { pwVcSatopCfgEntry 9 } pwVcSatopCfgExcessivePktLossThreshold OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "Excessive packet loss rate is detected by computing the average packetloss rate over a pwVcSatopCfgAvePktLossTimeWindow amount of time and comparing it with this threshold value. " ::= { pwVcSatopCfgEntry 10 } pwVcSatopCfgMissingPktsToSes OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "Number of missing packets detected (consecutive or not) within a 1 second window to cause a Severely Error Second (SES) to be counted." DEFVAL { 3 } ::= { pwVcSatopCfgEntry 11 } pwVcSatopCfgTimestampMode OBJECT-TYPE SYNTAX INTEGER { notApplicable (1), absolute (2), differential (3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Timestamp generation MAY be used in one of the following modes: 1. Absolute mode: the PSN-bound IWF sets timestamps using the clock recovered from the incoming TDM attachment circuit. As a consequence, the timestamps are closely correlated with the sequence numbers. All SAToP implementations that support usage of the RTP header MUST support this mode. 2. Differential mode: Both IWFs have access to a common high- quality timing source, and this source is used for timestamp generation. Support of this mode is OPTIONAL. " Nicklass Expires January 16, 2005 [Page 13] Internet-Draft Managed Objects for SAToP July 2004 ::= { pwVcSatopCfgEntry 12 } pwVcSatopCfgStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This variable indicates the storage type for this row." ::= { pwVcSatopCfgEntry 13 } -- End of SAToP PW Configuration Parameter Table -- Conformance Information pwVcSatopGroups OBJECT IDENTIFIER ::= { pwVcSatopConformance 1 } pwVcSatopCompliances OBJECT IDENTIFIER ::= { pwVcSatopConformance 2 } pwSatopModuleCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for agent that support Structure- Agnostic TDM over PSN." MODULE -- this module MANDATORY-GROUPS { pwVcSatopCfgGroup } OBJECT pwVcSatopCfgConsecPktsLoss2Normal MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not required." OBJECT pwVcSatopCfgConsecMissPktNorma2Loss MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not required." OBJECT pwVcSatopCfgPktReplacePolicy MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not Nicklass Expires January 16, 2005 [Page 14] Internet-Draft Managed Objects for SAToP July 2004 required." OBJECT pwVcSatopCfgTDMDataSetUp2Synch MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not required." OBJECT pwVcSatopCfgSetUp2SynchTimeOut MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not required." OBJECT pwVcSatopCfgExcessivePktLossThreshold MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not required." OBJECT pwVcSatopCfgMissingPktsToSes MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not required." OBJECT pwVcSatopCfgTimestampMode MIN-ACCESS read-only DESCRIPTION "The ability to set this object is not required." ::= { pwVcSatopCompliances 1 } -- Units of conformance. pwVcSatopCfgGroup OBJECT-GROUP OBJECTS { pwVcSatopCfgIndexNext, pwVcSatopCfgRowStatus, pwVcSatopCfgConsecPktsLoss2Normal, pwVcSatopCfgConsecMissPktNorma2Loss, pwVcSatopCfgPktReplacePolicy, pwVcSatopCfgTDMDataSetUp2Synch, Nicklass Expires January 16, 2005 [Page 15] Internet-Draft Managed Objects for SAToP July 2004 pwVcSatopCfgSetUp2SynchTimeOut, pwVcSatopCfgAlarmThreshold, pwVcSatopCfgClearAlarmThreshold, pwVcSatopCfgExcessivePktLossThreshold, pwVcSatopCfgMissingPktsToSes, pwVcSatopCfgTimestampMode, pwVcSatopCfgStorageType } STATUS current DESCRIPTION "Collection of detailed objects needed to configure SAToP PWs." ::= { pwVcSatopGroups 1 } END 8. Security considerations It is clear that this MIB module is potentially useful for monitoring of SAToP PWs. This MIB can also be used for configuration of certain objects, and anything that can be configured can be incorrectly configured, with potentially disastrous results. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: The pwVcSatopCfgTable contains objects of SAToP PW parameters on a Provider Edge (PE) device. Unauthorized access to objects in these tables could result in disruption of traffic on the network. The use of stronger mechanisms such as SNMPv3 security should be considered where possible. Specifically, SNMPv3 VACM and USM MUST be used with any SNMPV3 agent, which implements this MIB module. Administrators should consider whether read access to these objects should be allowed, since read access may be undesirable under certain circumstances. Some of the readable objects in this MIB module "i.e., objects with a MAX-ACCESS other than not-accessible" may be considered sensitive or Nicklass Expires January 16, 2005 [Page 16] Internet-Draft Managed Objects for SAToP July 2004 vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure "for example by using IPSec", even then, there is no control as to who on the secure network is allowed to access and GET/SET "read/change/create/delete" the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework "see [RFC3410], section 8", including full support for the SNMPv3 cryptographic mechanisms "for authentication and privacy". Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals "users" that have legitimate rights to indeed GET or SET "change/create/delete" them. 9. IANA considerations As requested in the PW TC MIB [PWTC], PWE3 related standards track MIB modules should be rooted under the pwStdMIB subtree. The IANA is requested to assign { pwStdMIB 6 } to the PW SAToP MIB module specified in this document. 10. References 10.1 Normative references [PWTDMREQ] M. Riegel, et al, "Requirements for Edge-to-Edge Emulation of TDM Circuits over Packet Switching Networks (PSN)", work in progress. [PWARCH] Bryant S., Pate P., "PWE3 Architecture", work in progress. [SATOP] Vainshtein A.,Stein Y., "Structure-Agnostic TDM over Packet (SAToP)", work-in-progress. [TDMOIP] Y(J) SteinR. Shashoua, R. Insler, M. Anavi "TDM over IP", work in progress. Nicklass Expires January 16, 2005 [Page 17] Internet-Draft Managed Objects for SAToP July 2004 [CESOPSN] Vainshtein a., et at., "Structured TDM Circuit Emulation Service over Packet Switched Network (CESoPSN)", work in progress. [PWMIB] Zelig D., Nadeau T., "Pseudo Wire (PW) Management Information Base", work-in-progress. [PWTC] Nadeau, T., Zelig D. "Definitions for Textual Conventions and OBJECT-IDENTITIES for Pseudo-Wires Management", work-in-progress. [PWTDMMIB] Nicklass O., " Managed Objects for TDM over Packet Switched Network (PSN)", work-in-progress. [DS1MIB] Nicklass O. " Definitions of Managed Objects for the DS1, E1, DS2 and E2 Interface Types", , work-in-progress. [DS3MIB] Nicklass O. "Definitions of Managed Objects for the DS3/E3 Interface Types", . work-in-progress. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [G.704] ITU-T Recommendation G.704 (10/98) - Synchronous frame structures used at 1544, 6312, 2048, 8448 and 44 736 Kbit/s hierarchical levels [ITU-T-G.826] ITU-T G.826: Error performance parameters and objectives forinternational, constant bit rate digital paths at or above theprimary rate, November 1993. Nicklass Expires January 16, 2005 [Page 18] Internet-Draft Managed Objects for SAToP July 2004 10.2 Informative references [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. Author's Address Orly Nicklass RAD Data Communications 24 Raoul Wallenberg St., Bldg C Tel Aviv 69719 ISRAEL Phone: +972 3 7659969 EMail: orly_n@rad.com Nicklass Expires January 16, 2005 [Page 19] Internet-Draft Managed Objects for SAToP July 2004 Full Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Nicklass Expires January 16, 2005 [Page 20]