Internet Draft David Zelig, Ed. Expires: February 2006 Corrigent Systems Thomas D. Nadeau, Ed. Cisco Systems, Inc. July 2005 Pseudo Wire (PW) over MPLS PSN Management Information Base draft-ietf-pwe3-pw-mpls-mib-07.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This memo defines an experimental portion of the Management Information Base for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling of Pseudo Wires over an MPLS transport network. Table of Contents Abstract.......................................................1 1 Introduction...................................................2 2 Terminology....................................................3 3 The Internet-Standard Management Framework.....................3 4 PWE3 MIB modules Architecture ................................4 Zelig & Nadeau, Ed. Expires February 2006 [Page 1] Internet Draft PW-MPLS-STD-MIB July 2005 4.1 PW-MPLS-STD-MIB Module Usage .................................4 5 PWE3 MPLS MIB Module Definitions..............................7 6 Security Considerations......................................26 7 References...................................................27 7.1 Normative references.........................................27 7.2 Informative references.......................................29 8 Editors' Addresses...........................................29 9 Contributor's Addresses......................................29 10 Intellectual Property Notice.................................30 11 Full Copyright Statement.....................................29 12 IANA considerations..........................................27 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a MIB module which can be used to manage pseudo wire (PW) services transmitted over different types of MPLS packet Switched Network (PSN) tunnels. The general PW-STD-MIB module [PWMIB] defines the global parameters for PWs, regardless of underlying PSN or emulated service type. This document describes the MIB objects that define pseudo wire association to the MPLS PSN, in a way that is not specific to the carried service. Together, [RFC3814] and [RFC3813], describe the modeling of an MPLS Tunnel, and a Tunnel's underlying cross-connects. The defined MIB support MPLS-TE as a PSN, Non-TE MPLS PSN (an outer tunnel created by The Label Distribution Protocol (LDP) [RFC3036] or manually), and MPLS PW label only (no outer tunnel). 2. Terminology This document adopts the definitions, acronyms and mechanisms described in [RFC3985]. Unless otherwise stated, the mechanisms of [RFC3985] apply and will not be re-described here. The terms "Outbound" and "Inbound" in this MIB module are based on the common practice in the MPLS standards, i.e. "outbound" are toward the PSN. However, where these terms are used in an object name, the object description clarifies the exact packet direction to prevent confusion with these terms in other documents. "PSN Tunnel" is a general term indicating a virtual connection between the two PWE3 edge devices. Each tunnel may potentially carry multiple PWs inside. In the scope of this document, it is MPLS tunnel. Zelig & Nadeau, Ed. Expires February 2006 [Page 2] Internet Draft PW-MPLS-STD-MIB July 2005 This document uses terminology from the document describing the MPLS architecture [RFC3031] for MPLS PSN. A Label Switched Path (LSP) is modeled as described in [RFC3813] and [RFC3814] via a series of cross-connects through 1 or more Label switching routers (LSR). In MPLS PSN, a PW connection typically uses a PW Label within a Tunnel Label [PWCNTRL]. Multiple pseudo wires each with a unique PW Label can share the same Tunnel. For PW transport over MPLS, the Tunnel Label is known as the "outer" Label, while the PW Label is known as the "inner" Label. An exception to this is with adjacent LSRs or the use of PHP. In this case, there is an option for PWs to connect directly without an outer Label. 3. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 4. PWE3 MIB modules Architecture The MIB structure for defining a PW service is composed from three types of MIB modules. The first type is the PW MIB module, which configures general parameters of the PW that are common to all types of emulated services and PSN types. The second type of modules is PSN type specific module. There is a different module for each type of PSN. These modules associate the PW with one or more "tunnels" that carry the service over the PSN. These modules are defined in other documents. The third type of modules is service-specific module, which is emulated signal type dependent. These modules are defined in other documents. [PWTC] defines some of the object types used in these modules. Zelig & Nadeau, Ed. Expires February 2006 [Page 3] Internet Draft PW-MPLS-STD-MIB July 2005 4.1 PW-MPLS-STD-MIB Module Usage - The PW table (pwTable) in [PWMIB] is used for all PW types (ATM, FR, Ethernet, SONET, etc.). This table contains high level generic parameters related to the PW creation. The operator or the agent for each PW service creates a row. - If the PSN type in pwTable is MPLS, the agent creates a row in the MPLS specific parameters table (pwMplsVcTable) in this module, which contain MPLS specific parameters such as EXP bits handling and outer tunnel configuration. - The operator configures the association to the desired MPLS tunnel (require for MPLS TE tunnels or manually configured PWs) through the pwMplsTeOutbaoundTable. For LDP based outer tunnel, there is no need for manula configuration since there is only a single tunnel toward the peer. - The agent creates rows in the MPLS mapping table in order to allow quick retrieval of information based on the tunnel indexes. The relation to the MPLS network is by configuration of the edge LSR only - that is to say, the LSR providing the PW function. Since Tunnels are uni-directional, a pair of tunnels must exist (one for inbound, one for outbound). The following graphic depicts a VC that originates and terminates at LSR-M. It uses LSPs A and B formed by Tunnels Ax and Bx continuing through LSR-N to LSR-P. The concatenations of Tunnels create the LSPs. Note: 'X' denotes a Tunnel's cross-connect. LSP-A <- - - - - - - - - - - - - - - - - - - - - - - - - - - - +---- (edge) LSR-M ---+ +--------- LSR-N ---------+ + LSR-P |---+ | | | | | | Tunnel | | Tunnel | | + | A1 (M<-N) +----+ +----+ A2 (M<-P) +----+ +----+ | | <------| | | |<--------------| | | | <-->| N |PWin inSeg |MPLS| |MPLS| outSeg inSeg |MPLS| |MPLS| N S | | <---X<-----| IF | | IF |<------X<------| IF | | IF | A E | S | | |<-->| | | |<-->| | | T R | | --->X----->| | | |------>X------>| | | | I V | P |PWout outSeg| | | | inSeg outSeg | | | | V I | | ------>| | | |-------------->| | | | E C + | Tunnel +----+ +----+ Tunnel +----+ +----+ E |---+ B1 (M->N) | | B2 (M->P) | | | | | | | +---------------------+ +-------------------------+ +----- Zelig & Nadeau, Ed. Expires February 2006 [Page 4] Internet Draft PW-MPLS-STD-MIB July 2005 - - - - - - - - - - - - - - - - - - - - - - - - - - - -> LSP-B The PW-MPLS-MIB supports three options for MPLS network: - In the MPLS-TE case, Tunnel A1 and B1 are created via the MPLS-TE MIB [RFC3814]. The tunnels are associated to the PW by the (4) indexes that uniquely identify the Tunnel at the TE-MIB. - In the Non TE case, Tunnel A1 and B1 are either manually configured or set up with LDP. The tunnels are associated to the PW by the XC index in the MPLS-LSR-MIB [RFC3813]. - In the PW label only case, there is no outer tunnel on top of the PW label. This case is useful in case of adjacent PEs in manual configuration mode. Note that when LSR-N acts as PHP for the outer tunnel label, there are still entries for the outer tunnel in the relevant MPLS MIB modules. A combination of MPLS-TE outer tunnel(s) and LDP outer tunnel for the same PW is allowed through the pwMplsOutboundTunnel. The current tunnel that is used to forward traffic is indicated in the object pwMplsOutboundTunnelTypeInUse. The PW MPLS MIB module reports through the inbound table the XC entry in the LDP-STD_MIB of the PW that were signaled through LDP. This MIB module assumes that a single PW can be associated to one MPLS-TE tunnel at a time. This tunnel may be composed of multiple instances (i.e. LSP), each represented by a separate instance index. The current active LSP is reported through this MIB module. It is worth noting that inbound (tunnel originated in the remote PE) mapping is nor configured nor reported through the PW MPLS MIB module since the local PE does not know the inbound association between specific PW and MPLS tunnels. 5. PWE3 MPLS MIB Module Definitions PW-MPLS-STD-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI -- [RFC2578] MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- [RFC2580] Zelig & Nadeau, Ed. Expires February 2006 [Page 5] Internet Draft PW-MPLS-STD-MIB July 2005 StorageType FROM SNMPv2-TC -- [RFC2579] InterfaceIndexOrZero FROM IF-MIB -- [RFC2863] MplsTunnelIndex, MplsTunnelInstanceIndex, MplsLdpIdentifier, MplsLsrIdentifier FROM MPLS-TC-STD-MIB -- [RFC3810] MplsIndexType FROM MPLS-LSR-STD-MIB -- [RFC3813] PwIndexType, pwMIB FROM PW-TC-STD-MIB pwIndex FROM PW-STD-MIB ; pwMplsStdMIB MODULE-IDENTITY LAST-UPDATED "200507041200Z" -- 4 July 2005 12:00:00 GMT ORGANIZATION "Pseudo Wire Edge to Edge Emulation (PWE3) Working Group." CONTACT-INFO " David Zelig, Editor E-mail: davidz@corrigent.com Thomas D. Nadeau, Editor Email: tnadeau@cisco.com The PWE3 Working Group (email distribution pwe3@ietf.org, http://www.ietf.org/html.charters/pwe3-charter.html) " DESCRIPTION "This MIB module complements the PW MIB module for PW operation over MPLS. Copyright (C) The Internet Society (2005). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices. -- RFC Ed.: replace yyyy with actual RFC number & remove this note " -- Revision history. REVISION "200507041200Z" -- 4 July 2005 12:00:00 GMT DESCRIPTION Zelig & Nadeau, Ed. Expires February 2006 [Page 6] Internet Draft PW-MPLS-STD-MIB July 2005 " First published as RFCWXYZ. " -- RFC Editor: Please replace -- WXYZ with correct # ::= { pwMIB 4 } -- RFC Editor: To be assigned by IANA -- the value 4 is requested for this -- specific Module. Please replace XXX -- with the assigned value. -- Top-level components of this MIB. -- Notifications pwMplsNotifications OBJECT IDENTIFIER ::= { pwMplsStdMIB 0 } -- Tables, Scalars pwMplsObjects OBJECT IDENTIFIER ::= { pwMplsStdMIB 1 } -- Conformance pwMplsConformance OBJECT IDENTIFIER ::= { pwMplsStdMIB 2 } -- PW MPLS table pwMplsTable OBJECT-TYPE SYNTAX SEQUENCE OF PwMplsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table controls MPLS specific parameters when the PW is going to be carried over MPLS PSN." ::= { pwMplsObjects 1 } pwMplsEntry OBJECT-TYPE SYNTAX PwMplsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table represents parameters specific to MPLS PSN for a pseudo wire (PW). The row is created automatically by the local agent if the pwPsnType is MPLS. It is indexed by pwIndex, which uniquely identifying a singular PW. " INDEX { pwIndex } ::= { pwMplsTable 1 } PwMplsEntry ::= SEQUENCE { pwMplsMplsType BITS, Zelig & Nadeau, Ed. Expires February 2006 [Page 7] Internet Draft PW-MPLS-STD-MIB July 2005 pwMplsExpBitsMode INTEGER, pwMplsExpBits Unsigned32, pwMplsTtl Unsigned32, pwMplsLocalLdpID MplsLdpIdentifier, pwMplsLocalLdpEntityID MplsLsrIdentifier, pwMplsPeerLdpID MplsLdpIdentifier, pwMplsStorageType StorageType } pwMplsMplsType OBJECT-TYPE SYNTAX BITS { mplsTe (0), mplsNonTe (1), vcOnly (2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Set by the operator to indicate the outer tunnel types, if exists. mplsTe(0) is used if the outer tunnel was set-up by MPLS-TE, and mplsNonTe(1) is used the outer tunnel was set up by LDP or manually. Combination of mplsTe(0) and mplsNonTe(1) may exist together. vcOnly(2) is used if there is no outer tunnel label, i.e. in static provisioning without MPLS tunnel. vcOnly(2) cannot be combined with mplsNonTe(1) or mplsTe(0)." DEFVAL { { mplsNonTe } } ::= { pwMplsEntry 1 } pwMplsExpBitsMode OBJECT-TYPE SYNTAX INTEGER { outerTunnel (1), specifiedValue (2), serviceDependant (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Set by the operator to indicate the way the PW shim label EXP bits are to be determined. The value of outerTunnel(1) is used where there is an outer tunnel - pwMplsMplsType is mplsTe(0) or mplsNonTe(1). Note that in this case there is no need to mark the PW label with the EXP bits since the PW label is not visible to the intermediate nodes. If there is no outer tunnel, specifiedValue(2) indicates that the value is specified by pwMplsExpBits, and serviceDependant(3) indicates that the EXP bits are setup based on a rule specified in the emulated service specific Zelig & Nadeau, Ed. Expires February 2006 [Page 8] Internet Draft PW-MPLS-STD-MIB July 2005 tables, for example when the EXP bits are a function of 802.1p marking for Ethernet emulated service." DEFVAL { outerTunnel } ::= { pwMplsEntry 2 } pwMplsExpBits OBJECT-TYPE SYNTAX Unsigned32 (0..7) MAX-ACCESS read-write STATUS current DESCRIPTION "Set by the operator to indicate the MPLS EXP bits to be used on the PW shim label if pwMplsExpBitsMode is specifiedValue(2), zero otherwise." DEFVAL { 0 } ::= { pwMplsEntry 3 } pwMplsTtl OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-write STATUS current DESCRIPTION "Set by the operator to indicate the PW TTL value to be used on the PW shim label." DEFVAL { 2 } ::= { pwMplsEntry 4 } pwMplsLocalLdpID OBJECT-TYPE SYNTAX MplsLdpIdentifier MAX-ACCESS read-write STATUS current DESCRIPTION "The local LDP identifier of the LDP entity creating this PW in the local node. As the PW labels are always set from the per platform label space, the last two octets in the LDP ID MUST be always both zeros." REFERENCE "'LDP specifications', RFC 3036 section 2.2.2." ::= { pwMplsEntry 5 } pwMplsLocalLdpEntityID OBJECT-TYPE SYNTAX MplsLsrIdentifier MAX-ACCESS read-write STATUS current DESCRIPTION "The local node LDP Entity ID of the LDP entity creating this PW. Should return the value of all zeros if not used." ::= { pwMplsEntry 6 } Zelig & Nadeau, Ed. Expires February 2006 [Page 9] Internet Draft PW-MPLS-STD-MIB July 2005 pwMplsPeerLdpID OBJECT-TYPE SYNTAX MplsLdpIdentifier MAX-ACCESS read-only STATUS current DESCRIPTION "The peer LDP identifier as identified from the LDP session. Should return the value of zero if not applicable or not known yet." ::= { pwMplsEntry 7 } pwMplsStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-write STATUS current DESCRIPTION "This variable indicates the storage type for this row." ::= { pwMplsEntry 8 } -- End of PW MPLS table -- Pseudo Wire MPLS Outbound Tunnel table pwMplsOutboundTable OBJECT-TYPE SYNTAX SEQUENCE OF PwMplsOutboundEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table reports and configure the current outbound MPLS tunnels (i.e. toward the PSN) or the physical interface in case of PW label only that carry the PW traffic. It also reports the current outer tunnel and LSP which forward the PW traffic." ::= { pwMplsObjects 2 } pwMplsOutboundEntry OBJECT-TYPE SYNTAX PwMplsOutboundEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table configured the outer tunnel used for carrying the PW traffic toward the PSN. In the case of PW label only, it configures the interface that will carry the PW traffic. An entry in this table augments the pwMplsEntry, and is created automatically when the corresponding row has been created by the agent in the pwMplsEntry. This table points to the appropriate MPLS MIB module. In the MPLS-TE case, the 3 variables relevant to the Zelig & Nadeau, Ed. Expires February 2006 [Page 10] Internet Draft PW-MPLS-STD-MIB July 2005 indexing of a TE tunnel head-end are used as in MPLS-TE-STD-MIB are to be configured, and the tunnel instance indicates the LSP that is currently in use for forwarding the traffic. In case of signaled Non-TE MPLS (an outer tunnel label assigned by LDP) the table points to the XC entry in the LSR-STD-MIB. If the Non-TE MPLS tunnel is manually configured, the operator configure the XC pointer to this tunnel. In case of PW label only (no outer tunnel) the ifIndex of the port to carry the PW is configured here. It is possible to associate a PW to one TE tunnel head-end and a non-TE tunnel together. An indication in this table will report the currently active one, In addition, in the TE case the table reports the active tunnel instance (i.e. the specific LSP in use). " AUGMENTS { pwMplsEntry } ::= { pwMplsOutboundTable 1 } PwMplsOutboundEntry ::= SEQUENCE { pwMplsOutboundLsrXcIndex MplsIndexType, pwMplsOutboundTunnelIndex MplsTunnelIndex, pwMplsOutboundTunnelInstance MplsTunnelInstanceIndex, pwMplsOutboundTunnelLclLSR MplsLsrIdentifier, pwMplsOutboundTunnelPeerLSR MplsLsrIdentifier, pwMplsOutboundIfIndex InterfaceIndexOrZero, pwMplsOutboundTunnelTypeInUse INTEGER } pwMplsOutboundLsrXcIndex OBJECT-TYPE SYNTAX MplsIndexType MAX-ACCESS read-write STATUS current DESCRIPTION "This object is applicable if pwMplsMplsType mplsNonTe(1) bit is set, and MUST return a value of zero otherwise. If the outer tunnel is signaled, the object is read-only and indicate the XC index in the MPLS-LSR-STD-MIB of the outer tunnel toward the peer. Otherwise (tunnel is set-up manually) the operator define the XC index of the manually created outer tunnel through this object. " ::= { pwMplsOutboundEntry 1 } Zelig & Nadeau, Ed. Expires February 2006 [Page 11] Internet Draft PW-MPLS-STD-MIB July 2005 pwMplsOutboundTunnelIndex OBJECT-TYPE SYNTAX MplsTunnelIndex MAX-ACCESS read-write STATUS current DESCRIPTION "This object is applicable if pwMplsMplsType mplsTe(0) bit is set, and MUST return a value of zero otherwise. It is Part of set of indexes for outbound tunnel. The operator set this object to represent the desired tunnel head-end toward the peer for carrying the PW traffic. " ::= { pwMplsOutboundEntry 2 } pwMplsOutboundTunnelInstance OBJECT-TYPE SYNTAX MplsTunnelInstanceIndex MAX-ACCESS read-only STATUS current DESCRIPTION "This object is applicable if pwMplsMplsType mplsTe(0) bit is set, and MUST return a value of zero otherwise. It indicates the actual tunnel instance that is currently active and carrying the PW traffic - it should return the value of zero until if the information from the MPLS-TE application is not yet known. " ::= { pwMplsOutboundEntry 3 } pwMplsOutboundTunnelLclLSR OBJECT-TYPE SYNTAX MplsLsrIdentifier MAX-ACCESS read-write STATUS current DESCRIPTION "This object is applicable if pwMplsMplsType mplsTe(0) bit is set, and MUST return a value of all zeros otherwise. It is part of set of indexes for outbound tunnel. The operator set this object to represent the desired tunnel head-end toward the peer for carrying the PW traffic. " ::= { pwMplsOutboundEntry 4 } pwMplsOutboundTunnelPeerLSR OBJECT-TYPE SYNTAX MplsLsrIdentifier MAX-ACCESS read-write STATUS current DESCRIPTION "This object is applicable if pwMplsMplsType mplsTe(0) bit is set, and MUST return a value of zero otherwise. It is part of set of indexes for outbound tunnel. It is Zelig & Nadeau, Ed. Expires February 2006 [Page 12] Internet Draft PW-MPLS-STD-MIB July 2005 typically equal to pwPeerAddr. " ::= { pwMplsOutboundEntry 5 } pwMplsOutboundIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-write STATUS current DESCRIPTION "This object is applicable if pwMplsMplsType mplsTe(0) bit is set, and MUST return a value of zero otherwise. The operator configure the ifIndex of the outbound port in this case. " ::= { pwMplsOutboundEntry 6 } pwMplsOutboundTunnelTypeInUse OBJECT-TYPE SYNTAX INTEGER { notYetKnown (1), mplsTe (2), mplsNonTe (3), vcOnly (4) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the current tunnel that is carrying the PW traffic. The value of notYetKnown(1) should be used if the agent is currently unable to determine which tunnel or interface is carrying the PW, for example because both tunnels are in operational status down. " ::= { pwMplsOutboundEntry 7 } -- End of PW MPLS Outbound Tunnel table -- PW MPLS inbound table pwMplsInboundTable OBJECT-TYPE SYNTAX SEQUENCE OF PwMplsInboundEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table indicates the PW LDP XC entry in the MPLS-LSR-STD-MIB for signaled PWs. " ::= { pwMplsObjects 3 } Zelig & Nadeau, Ed. Expires February 2006 [Page 13] Internet Draft PW-MPLS-STD-MIB July 2005 pwMplsInboundEntry OBJECT-TYPE SYNTAX PwMplsInboundEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table is created by the agent for each signaled PW, and shows the XC index related to the PW signaling in the inbound direction in the MPLS-LSR-STD-MIB that controls and display the information for all the LDP signaling processes in the local node. " INDEX { pwIndex } ::= { pwMplsInboundTable 1 } PwMplsInboundEntry ::= SEQUENCE { pwMplsInboundXcIndex MplsIndexType } pwMplsInboundXcIndex OBJECT-TYPE SYNTAX MplsIndexType MAX-ACCESS read-only STATUS current DESCRIPTION "The XC index representing this PW in the inbound direction. Should return the value of zero if the information is not yet known." ::= { pwMplsInboundEntry 1 } -- End of PW MPLS inbound table -- PW to Non-TE mapping Table. pwMplsNonTeMappingTable OBJECT-TYPE SYNTAX SEQUENCE OF PwMplsNonTeMappingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table indicates outbound Tunnel to a PW in non-TE applications, maps the PW to it's (inbound) XC entry, and indicates the PW to physical interface mapping for a PW label to physical interface a PW label is in use without outer tunnel. " ::= { pwMplsObjects 4 } pwMplsNonTeMappingEntry OBJECT-TYPE SYNTAX PwMplsNonTeMappingEntry MAX-ACCESS not-accessible Zelig & Nadeau, Ed. Expires February 2006 [Page 14] Internet Draft PW-MPLS-STD-MIB July 2005 STATUS current DESCRIPTION "A row in this table displays the association between the PW and - it's non-TE MPLS outbound outer Tunnel or, - it's XC entry in the MPLS-LSR-STD-MIB, - it's physical interface if there is no outer tunnel (PW label only) and manual configuration. Rows are created in this table by the by the agent depending on the setting of pwMplsMplsType: - If pwMplsMplsType mplsNonTe(1) bit is set, the agent creates a row for the outbound direction (pwMplsNonTeMappingDirection set to psnBound(1)). The pwMplsNonTeMappingXcIndex holds the XC index in the MPLS-LSR-STD-MIB of the PSN bound outer tunnel. pwMplsNonTeMappingIfIndex MUST be zero for this row. - If pwMplsMplsType vcOnly(2) bit is set, the agent creates a row for the outbound direction (pwMplsNonTeMappingDirection set to psnBound(1)). The pwMplsNonTeMappingIfIndex holds the ifIndex of the physical port this PW will use in the outbound direction. pwMplsNonTeMappingXcIndex MUST be zero for this row. - If the PW has been set-up by signaling protocol (i.e. pwOwner equal pwIdFecSignaling(2) or genFecSignaling(3)), the agent creates a row for the inbound direction (pwMplsNonTeMappingDirection set to fromPsn(2)). The pwMplsNonTeMappingXcIndex holds the XC index in the MPLS-LSR-STD-MIB of the PW LDP generated XC entry. pwMplsNonTeMappingIfIndex MUST be zero for this row. An application can use this table to quickly retrieve the PW carried over specific non-TE MPLS outer tunnel or physical interface. " INDEX { pwMplsNonTeMappingDirection, pwMplsNonTeMappingXcIndex, pwMplsNonTeMappingIfIndex, pwMplsNonTeMappingVcIndex } ::= { pwMplsNonTeMappingTable 1 } PwMplsNonTeMappingEntry ::= SEQUENCE { pwMplsNonTeMappingDirection INTEGER, pwMplsNonTeMappingXcIndex MplsIndexType, Zelig & Nadeau, Ed. Expires February 2006 [Page 15] Internet Draft PW-MPLS-STD-MIB July 2005 pwMplsNonTeMappingIfIndex InterfaceIndexOrZero, pwMplsNonTeMappingVcIndex PwIndexType } pwMplsNonTeMappingDirection OBJECT-TYPE SYNTAX INTEGER { psnBound (1), fromPsn (2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Index for the conceptual XC row identifying Tunnel to PW mappings, indicating the direction of packet flow the entry is related too. psnBound(1) indicates that the entry is related to packets toward the PSN. fromPsn(2) indicates that the entry is related to packets coming from the PSN. " ::= { pwMplsNonTeMappingEntry 1 } pwMplsNonTeMappingXcIndex OBJECT-TYPE SYNTAX MplsIndexType MAX-ACCESS not-accessible STATUS current DESCRIPTION "See the description clause of pwMplsNonTeMappingEntry for the usage guidelines of this object." ::= { pwMplsNonTeMappingEntry 2 } pwMplsNonTeMappingIfIndex OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS not-accessible STATUS current DESCRIPTION "See the description clause of pwMplsNonTeMappingEntry for the usage guidelines of this object." ::= { pwMplsNonTeMappingEntry 3 } pwMplsNonTeMappingVcIndex OBJECT-TYPE SYNTAX PwIndexType MAX-ACCESS read-only STATUS current DESCRIPTION "The value that represent the PW in the pwTable." ::= { pwMplsNonTeMappingEntry 4 } -- End of PW to Non-TE mapping Table. Zelig & Nadeau, Ed. Expires February 2006 [Page 16] Internet Draft PW-MPLS-STD-MIB July 2005 -- PW to TE MPLS tunnels mapping Table. pwMplsTeMappingTable OBJECT-TYPE SYNTAX SEQUENCE OF PwMplsTeMappingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table enable the retrieval of a PW association to the outbound MPLS tunnel for MPLS-TE applications." ::= { pwMplsObjects 5 } pwMplsTeMappingEntry OBJECT-TYPE SYNTAX PwMplsTeMappingEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table represents the association between a PW and it's MPLS-TE outer (head-end) Tunnel. An application can use this table to quickly retrieve the list of the PWs that are configured on a specific MPLS TE outer tunnel. The pwMplsTeMappingTunnelInstance reports the actual LSP out of the tunnel head-end that is currently forwarding the traffic. The table in indexed by the head-end indexes of a TE tunnel and the PW index. " INDEX { pwMplsTeMappingTunnelIndex, pwMplsTeMappingTunnelInstance, pwMplsTeMappingTunnelPeerLsrID, pwMplsTeMappingTunnelLocalLsrID, pwMplsTeMappingVcIndex } ::= { pwMplsTeMappingTable 1 } PwMplsTeMappingEntry ::= SEQUENCE { pwMplsTeMappingTunnelIndex MplsTunnelIndex, pwMplsTeMappingTunnelInstance MplsTunnelInstanceIndex, pwMplsTeMappingTunnelPeerLsrID MplsLsrIdentifier, pwMplsTeMappingTunnelLocalLsrID MplsLsrIdentifier, pwMplsTeMappingVcIndex PwIndexType } pwMplsTeMappingTunnelIndex OBJECT-TYPE SYNTAX MplsTunnelIndex MAX-ACCESS not-accessible Zelig & Nadeau, Ed. Expires February 2006 [Page 17] Internet Draft PW-MPLS-STD-MIB July 2005 STATUS current DESCRIPTION "Primary index for the conceptual row identifying the MPLS-TE tunnel that is carrying the PW traffic." ::= { pwMplsTeMappingEntry 1 } pwMplsTeMappingTunnelInstance OBJECT-TYPE SYNTAX MplsTunnelInstanceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object identify the MPLS-TE LSP that is carrying the PW traffic. Should return the value of zero if the information of the specific LSP is not yet known. Note that based on the recommendation in the MPLS-TC-STD-MIB, instance index 0 should refer to the configured tunnel interface." ::= { pwMplsTeMappingEntry 2 } pwMplsTeMappingTunnelPeerLsrID OBJECT-TYPE SYNTAX MplsLsrIdentifier MAX-ACCESS not-accessible STATUS current DESCRIPTION "Identifies the Peer LSR when the outer tunnel is MPLS-TE based." ::= { pwMplsTeMappingEntry 3 } pwMplsTeMappingTunnelLocalLsrID OBJECT-TYPE SYNTAX MplsLsrIdentifier MAX-ACCESS not-accessible STATUS current DESCRIPTION "Identifies the local LSR." ::= { pwMplsTeMappingEntry 4 } pwMplsTeMappingVcIndex OBJECT-TYPE SYNTAX PwIndexType MAX-ACCESS read-only STATUS current DESCRIPTION "The value that represent the PW in the pwTable." ::= { pwMplsTeMappingEntry 5 } -- End of PW to TE MPLS tunnels mapping Table. -- conformance information pwMplsGroups OBJECT IDENTIFIER ::= { pwMplsConformance 1 } pwMplsCompliances OBJECT IDENTIFIER ::= { pwMplsConformance 2 } Zelig & Nadeau, Ed. Expires February 2006 [Page 18] Internet Draft PW-MPLS-STD-MIB July 2005 -- Compliance requirement for fully compliant implementations. pwMplsModuleFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for agents that provide full support for PW-MPLS MIB Module. Such devices can then be monitored and also be configured using this MIB module." MODULE -- this module MANDATORY-GROUPS { pwMplsGroup, pwMplsOutboundMainGroup, pwMplsInboundGroup, pwMplsMappingGroup } GROUP pwMplsOutboundTeGroup DESCRIPTION "This group MUST be supported if the implementation allows MPLS TE tunnels to carry PW traffic. " OBJECT pwMplsMplsType DESCRIPTION "Support of vcOnly(2) is not required. At least one of mplsTe(0) or mplsNonTe(1) MUST be supported if signaling of PW is supported. " OBJECT pwMplsExpBitsMode DESCRIPTION "Support of specifiedValue(2) and serviceDependant(3) is optional. " OBJECT pwMplsLocalLdpID MIN-ACCESS read-only DESCRIPTION "A read-write access is required if the implementation supports more than one LDP entity identifier for PW signaling. " OBJECT pwMplsLocalLdpEntityID MIN-ACCESS read-only DESCRIPTION "A read-write access is required if the implementation supports more than one LDP entity index for PW signaling. " OBJECT pwMplsOutboundLsrXcIndex Zelig & Nadeau, Ed. Expires February 2006 [Page 19] Internet Draft PW-MPLS-STD-MIB July 2005 MIN-ACCESS read-only DESCRIPTION "A value other than zero MUST be supported if the implementation support non TE signaling of the outer tunnel. A read-write access MUST be supported if the implementation supports manually setting of the PW labels and carrying them over non-TE tunnels. " OBJECT pwMplsOutboundIfIndex MIN-ACCESS read-only DESCRIPTION "A value other than zero and read-write operations MUST be supported if the implementation supports manully configured PW without MPLS outer tunnel. " ::= { pwMplsCompliances 1 } -- Compliance requirement for Read Only compliant implementations. pwMplsModuleReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for agents that provide read only support for PW-MPLS MIB Module. Such devices can then be monitored but cannot be configured using this MIB module." MODULE -- this module MANDATORY-GROUPS { pwMplsGroup, pwMplsOutboundMainGroup, pwMplsInboundGroup, pwMplsMappingGroup } GROUP pwMplsOutboundTeGroup DESCRIPTION "This group MUST be supported if the implementation allows MPLS TE tunnels to carry PW traffic. " OBJECT pwMplsMplsType MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support of vcOnly(2) is not required. At least one of mplsTe(0) or mplsNonTe(1) MUST be supported if signaling of PW is supported. " OBJECT pwMplsExpBitsMode MIN-ACCESS read-only DESCRIPTION "Write access is not required. Support of specifiedValue(2) and Zelig & Nadeau, Ed. Expires February 2006 [Page 20] Internet Draft PW-MPLS-STD-MIB July 2005 serviceDependant(3) is optional. " OBJECT pwMplsExpBits MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT pwMplsTtl MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT pwMplsLocalLdpID MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT pwMplsLocalLdpEntityID MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT pwMplsStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT pwMplsOutboundLsrXcIndex MIN-ACCESS read-only DESCRIPTION "Write access is not required. A value other than zero MUST be supported if the implementation support non TE signaling of the outer tunnel. " OBJECT pwMplsOutboundTunnelIndex MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT pwMplsOutboundTunnelLclLSR MIN-ACCESS read-only DESCRIPTION "Write access is not required. " OBJECT pwMplsOutboundTunnelPeerLSR MIN-ACCESS read-only DESCRIPTION "Write access is not required. " Zelig & Nadeau, Ed. Expires February 2006 [Page 21] Internet Draft PW-MPLS-STD-MIB July 2005 OBJECT pwMplsOutboundIfIndex MIN-ACCESS read-only DESCRIPTION "Write access is not required. A value other than zero MUST be supported if the implementation supports manually configured PW without MPLS outer tunnel. " ::= { pwMplsCompliances 2 } -- Units of conformance. pwMplsGroup OBJECT-GROUP OBJECTS { pwMplsMplsType, pwMplsExpBitsMode, pwMplsExpBits, pwMplsTtl, pwMplsLocalLdpID, pwMplsLocalLdpEntityID, pwMplsPeerLdpID, pwMplsStorageType } STATUS current DESCRIPTION "Collection of objects needed for PW over MPLS PSN configuration." ::= { pwMplsGroups 1 } pwMplsOutboundMainGroup OBJECT-GROUP OBJECTS { pwMplsOutboundLsrXcIndex, pwMplsOutboundIfIndex, pwMplsOutboundTunnelTypeInUse } STATUS current DESCRIPTION "Collection of objects needed for outbound association of PW and MPLS tunnel." ::= { pwMplsGroups 2 } pwMplsOutboundTeGroup OBJECT-GROUP OBJECTS { pwMplsOutboundTunnelIndex, pwMplsOutboundTunnelInstance, Zelig & Nadeau, Ed. Expires February 2006 [Page 22] Internet Draft PW-MPLS-STD-MIB July 2005 pwMplsOutboundTunnelLclLSR, pwMplsOutboundTunnelPeerLSR } STATUS current DESCRIPTION "Collection of objects needed for outbound association of PW and MPLS TE tunnel." ::= { pwMplsGroups 3 } pwMplsInboundGroup OBJECT-GROUP OBJECTS { pwMplsInboundXcIndex } STATUS current DESCRIPTION "Collection of objects needed for inbound PW presentation. This group MUST be supported if PW signaling through LDP is used." ::= { pwMplsGroups 4 } pwMplsMappingGroup OBJECT-GROUP OBJECTS { pwMplsNonTeMappingVcIndex, pwMplsTeMappingVcIndex } STATUS current DESCRIPTION "Collection of objects needed for mapping association of PW and MPLS tunnel." ::= { pwMplsGroups 5 } END 6. Security Considerations It is clear that this MIB module is potentially useful for monitoring of PW capable PEs. This MIB module can also be used for configuration of certain objects, and anything that can be configured can be incorrectly configured, with potentially disastrous results. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their Zelig & Nadeau, Ed. Expires February 2006 [Page 23] Internet Draft PW-MPLS-STD-MIB July 2005 sensitivity/vulnerability: o the pwMplsTable, pwMplsNonTeMappingTable and pwMplsTeMappingTable collectively contain objects to provision PW over MPLS tunnels. Unauthorized access to objects in these tables, could result in disruption of traffic on the network. The use of stronger mechanisms such as SNMPv3 security should be considered where possible. Specifically, SNMPv3 VACM and USM MUST be used with any v3 agent which implements this MIB module. Administrators should consider whether read access to these objects should be allowed, since read access may be undesirable under certain circumstances. Some of the readable objects in this MIB module "i.e., objects with a MAX-ACCESS other than not-accessible" may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o the pwMplsTable, pwMplsNonTeMappingTable, pwMplsTeMappingTable and pwMplsOutboundTable collectively show the PW over MPLS association. If an Administrator does not want to reveal this information, then these tables should be considered sensitive/vulnerable. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure "for example by using IPSec", even then, there is no control as to who on the secure network is allowed to access and GET/SET "read/change/create/delete" the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework "see [RFC3410], section 8", including full support for the SNMPv3 cryptographic mechanisms "for authentication and privacy". Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals "users" that have legitimate rights to indeed GET or SET "change/create/delete" them. 7 References Zelig & Nadeau, Ed. Expires February 2006 [Page 24] Internet Draft PW-MPLS-STD-MIB July 2005 7.1 Normative references [PWCNTRL] Martini et al, "Pseudowire Setup and Maintenance using LDP", draft-ietf-pwe3-control-protocol-17.txt, June 2005. [RFC3985] Bryant, S., et al, "PWE3 Architecture",RFC2985, March 2005 [PWTC] Nadeau, T., et al, "Definitions for Textual Conventions and OBJECT-IDENTITIES for Pseudo-Wires Management", work-in-progress. [PWMIB] Zelig, D., et al, "Pseudo Wire (PW) Management Information Base", work-in-progress. [RFC2863] McCloghrie, K., Kastenholz, F., "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, Jan 2001. [RFC3813] Srinivasan, C., Viswanathan, A., and Nadeau, T., "MPLS Label Switch Router Management Information Base Using SMIv2", work-in-progress. [RFC3814] Srinivasan, C., Viswanathan, A., and Nadeau, T., "MPLS Traffic Engineering Management Information Base Using SMIv2", RFC3812. [RFC3811] Nadeau, T., Cucchiara, J., "Definition of Textual Conventions and OBJECT-IDENTITIES for Multi-Protocol Label Switching (MPLS) Management", RFC 3811, June 2004. [RFC3036] Andersson, L., et al, "LDP specification", RFC 3036, January 2001. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements Zelig & Nadeau, Ed. Expires February 2006 [Page 25] Internet Draft PW-MPLS-STD-MIB July 2005 for SMIv2", STD 58, RFC 2580, April 1999. 7.2 Informative references [RFC3036] Andersson, L., Doolan, P., Feldman, N., Fredette, A., and B. Thomas, "LDP Specification", RFC 3036, January 2001. [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. 8. Editors' Addresses David Zelig Corrigent Systems 126, Yigal Alon st. Tel Aviv, ISRAEL Phone: +972-3-6945273 Email: davidz@corrigent.com Thomas D. Nadeau Cisco Systems, Inc. 250 Apollo Drive Chelmsford, MA 01824 Email: tnadeau@cisco.com 9. Contributors' Addresses Dave Danenberg Email: dave_danenberg@yahoo.com Andrew G. Malis Tellabs, Inc. 2730 Orchard Parkway San Jose, CA 95134 Email: Andy.Malis@tellabs.com Sharon Mantin AxONLink (Israel) Ltd 9 Bareket St. Petah Tikva 49517, Israel Phone: +972-3-9263972 Email: sharon.mantin@axonlink.com 10. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to Zelig & Nadeau, Ed. Expires February 2006 [Page 26] Internet Draft PW-MPLS-STD-MIB July 2005 pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. 11. Full Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 12. IANA Considerations PWE3 related standards track PW modules should be rooted under the pwMIB subtree. The IANA is requested to manage that namespace. New assignments can only be made via a Standards Action as specified in [RFC2434]. IANA is requested to make a MIB OID assignment under the pwMIB branch as specified in section 11.1. 12.1 IANA Considerations for PW-MPLS-STD-MIB This document also requests IANA to assign { pwMIB 4 } to the Zelig & Nadeau, Ed. Expires February 2006 [Page 27] Internet Draft PW-MPLS-STD-MIB July 2005 PW-MPLS-STD-MIB module specified in this document. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Zelig & Nadeau, Ed. Expires February 2006 [Page 28]