< draft-ietf-softwire-map-mib-07.txt   draft-ietf-softwire-map-mib-08.txt >
Internet Engineering Task Force Y. Fu Internet Engineering Task Force Y. Fu
Internet-Draft CNNIC Internet-Draft CNNIC
Intended status: Standards Track S. Jiang Intended status: Standards Track S. Jiang
Expires: June 18, 2017 B. Liu Expires: November 25, 2017 B. Liu
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
J. Dong J. Dong
Y. Chen Y. Chen
Tsinghua University Tsinghua University
December 15, 2016 May 24, 2017
Definitions of Managed Objects for MAP-E Definitions of Managed Objects for MAP-E
draft-ietf-softwire-map-mib-07 draft-ietf-softwire-map-mib-08
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for using with network management protocols in the Internet for using with network management protocols in the Internet
community. In particular, it defines managed objects for MAP community. In particular, it defines managed objects for MAP
encapsulation (MAP-E) mode. encapsulation (MAP-E) mode.
Status of This Memo Status of This Memo
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 18, 2017. This Internet-Draft will expire on November 25, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 18 skipping to change at page 2, line 18
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Internet-Standard Management Framework . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . 2
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3
4.1. The mapMIBObjects . . . . . . . . . . . . . . . . . . . . 3 4.1. The mapMIBObjects . . . . . . . . . . . . . . . . . . . . 3
4.1.1. The mapRule Subtree . . . . . . . . . . . . . . . . . 3 4.1.1. The mapRule Subtree . . . . . . . . . . . . . . . . . 3
4.1.2. The mapSecurityCheck Subtree . . . . . . . . . . . . 3 4.1.2. The mapSecurityCheck Subtree . . . . . . . . . . . . 3
4.2. The mapMIBConformance Subtree . . . . . . . . . . . . . . 3 4.2. The mapMIBConformance Subtree . . . . . . . . . . . . . . 4
5. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.1. Normative References . . . . . . . . . . . . . . . . . . 12 9.1. Normative References . . . . . . . . . . . . . . . . . . 13
9.2. Informative References . . . . . . . . . . . . . . . . . 13 9.2. Informative References . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
MAP [RFC7597] is a stateless mechanism for running IPv4 over Mapping of Address and Port (MAP) [RFC7597] is a stateless mechanism
IPv6-only infrastructure. In particular, it includes two mode, for running IPv4 over IPv6-only infrastructure. In particular, it
translation mode or encapsulation mode. For the encapsulation mode, includes two mode, translation mode or encapsulation mode. For the
it provides an automatic tunnelling mechanism for providing IPv4 encapsulation mode, it provides an automatic tunnelling mechanism for
connectivity service to end users over a service provider's IPv6 providing IPv4 connectivity service to end users over a service
network provider's IPv6 network
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. This MIB module would be used for monitoring the devices community. This MIB module would be used for monitoring the devices
in the MAP scenario, especially, for the encapsulation mode. in the MAP scenario, especially, for the encapsulation mode.
2. The Internet-Standard Management Framework 2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
skipping to change at page 3, line 17 skipping to change at page 3, line 17
3. Terminology 3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
[RFC2119]. [RFC2119].
4. Structure of the MIB Module 4. Structure of the MIB Module
The MAP-E MIB provides a way to configure and monitor the MAP devices The MAP-E MIB provides a way to manage and monitor the MAP devices in
in MAP encapsulation mode through SNMP. MAP encapsulation mode through SNMP.
MAP-E MIB is configurable on a per-interface basis. It depends on MAP-E MIB is configurable on a per-interface basis. It depends on
several parts of the IF-MIB[RFC2863]. several parts of the IF-MIB[RFC2863].
4.1. The mapMIBObjects 4.1. The mapMIBObjects
4.1.1. The mapRule Subtree 4.1.1. The mapRule Subtree
The mapRule subtree describes managed objects used for managing the The mapRule subtree describes managed objects used for managing the
multiple mapping rules in the MAP encapsulation mode. multiple mapping rules in the MAP encapsulation mode.
skipping to change at page 3, line 40 skipping to change at page 3, line 40
According to the MAP specification[RFC7597], the mapping rules are According to the MAP specification[RFC7597], the mapping rules are
divided into two categories, which are Basic Mapping Rule (BMR), and divided into two categories, which are Basic Mapping Rule (BMR), and
Forwarding Mapping Rule (FMR). Forwarding Mapping Rule (FMR).
4.1.2. The mapSecurityCheck Subtree 4.1.2. The mapSecurityCheck Subtree
The mapSecurityCheck subtree is to statistic the number of invalid The mapSecurityCheck subtree is to statistic the number of invalid
packets that have been identified. There are two kind of invalid packets that have been identified. There are two kind of invalid
packets which are defined in the MAP specification [RFC7597]as below. packets which are defined in the MAP specification [RFC7597]as below.
- The BR MUST perform a validation of the consistency of the source - The Border Relay (BR) will perform a validation of the consistency
IPv6 address and source port number for the packet using BMR. of the source IPv6 address and source port number for the packet
using Basic Mapping Rule (BMR).
- The Customer Edge (CE) SHOULD check that MAP received packets' - The Customer Edge (CE) will check that MAP received packets'
transport-layer destination port number is in the range configured by transport-layer destination port number is in the range configured by
MAP for the CE. MAP for the CE.
4.2. The mapMIBConformance Subtree 4.2. The mapMIBConformance Subtree
The mapMIBConformance subtree provides conformance information of MIB The mapMIBConformance subtree provides conformance information of MIB
objects. objects.
5. Definitions 5. Definitions
MAP-E-MIB DEFINITIONS ::= BEGIN The following MIB module imports definitions from [RFC2578],
[RFC2579],[RFC2580],[RFC2863], and [RFC4001].
IMPORTS MAP-E-MIB DEFINITIONS ::= BEGIN
MODULE-IDENTITY, OBJECT-TYPE, mib-2,
Integer32, Unsigned32, Counter64
FROM SNMPv2-SMI
ifIndex
FROM IF-MIB
InetAddressType, InetAddress,
InetAddressPrefixLength
FROM INET-ADDRESS-MIB
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF;
mapMIB MODULE-IDENTITY IMPORTS
LAST-UPDATED "201612150000Z" MODULE-IDENTITY, OBJECT-TYPE, mib-2,
ORGANIZATION Integer32, Unsigned32, Counter64
"IETF Softwire Working Group" FROM SNMPv2-SMI --RFC2578
CONTACT-INFO TEXTUAL-CONVENTION
"Yu Fu FROM SNMPv2-TC --RFC2579
CNNIC ifIndex
No.4 South 4th Street, Zhongguancun FROM IF-MIB --RFC2863
Beijing, P.R. China 100190 InetAddressIPv6, InetAddressIPv4,
EMail: fuyu@cnnic.cn InetAddressPrefixLength
FROM INET-ADDRESS-MIB --RFC4001
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF; --RFC2580
Sheng Jiang mapMIB MODULE-IDENTITY
Huawei Technologies Co., Ltd LAST-UPDATED "201705240000Z"
Huawei Building, 156 Beiqing Rd., Hai-Dian District ORGANIZATION
Beijing, P.R. China 100095 "IETF Softwire Working Group"
EMail: jiangsheng@huawei.com CONTACT-INFO
"Yu Fu
CNNIC
No.4 South 4th Street, Zhongguancun
Beijing, P.R. China 100190
EMail: fuyu@cnnic.cn
Bing Liu Sheng Jiang
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Huawei Building, 156 Beiqing Rd., Hai-Dian District Huawei Building, 156 Beiqing Rd., Hai-Dian District
Beijing, P.R. China 100095 Beijing, P.R. China 100095
EMail: leo.liubing@huawei.com EMail: jiangsheng@huawei.com
Jiang Dong Bing Liu
Tsinghua University Huawei Technologies Co., Ltd
Department of Computer Science, Tsinghua University Huawei Building, 156 Beiqing Rd., Hai-Dian District
Beijing 100084 Beijing, P.R. China 100095
P.R. China EMail: leo.liubing@huawei.com
Email: knight.dongjiang@gmail.com Jiang Dong
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R. China
Email: knight.dongjiang@gmail.com
Yuchi Chen Yuchi Chen
Tsinghua University Tsinghua University
Department of Computer Science, Tsinghua University Department of Computer Science, Tsinghua University
Beijing 100084 Beijing 100084
P.R. China P.R. China
Email: chenycmx@gmail.com" Email: chenycmx@gmail.com"
DESCRIPTION DESCRIPTION
"The MIB module is defined for management of objects in the "The MIB module is defined for management of objects in the
MAP-E BRs or CEs." MAP-E BRs or CEs."
REVISION "201612150000Z" REVISION "201705240000Z"
DESCRIPTION DESCRIPTION
"Initial version. Published as RFC xxxx." "Initial version. Published as RFC xxxx."
--RFC Ed.: RFC-edtitor pls fill in xxxx --RFC Ed.: RFC-edtitor pls fill in xxxx
::= { mib-2 xxx } ::= { mib-2 xxx }
--xxx to be replaced withIANA-assigned value --xxx to be replaced withIANA-assigned value
mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1} mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1}
mapRule OBJECT IDENTIFIER mapRule OBJECT IDENTIFIER
::= { mapMIBObjects 1 } ::= { mapMIBObjects 1 }
mapSecurityCheck OBJECT IDENTIFIER mapSecurityCheck OBJECT IDENTIFIER
::= { mapMIBObjects 2 } ::= { mapMIBObjects 2 }
mapRuleTable OBJECT-TYPE -- ==============================================================
SYNTAX SEQUENCE OF MapRuleEntry -- Textual Conventions used in this MIB module
MAX-ACCESS not-accessible -- ==============================================================
STATUS current
DESCRIPTION
"The (conceptual) table containing rule Information of
specific mapping rule. It can also be used for row
creation."
::= { mapRule 1 }
mapRuleEntry OBJECT-TYPE RulePSID ::= TEXTUAL-CONVENTION
SYNTAX MapRuleEntry DISPLAY-HINT "0x:"
MAX-ACCESS not-accessible STATUS current
STATUS current DESCRIPTION
DESCRIPTION "It represents the PSID represented in the hexadecimal version
"Each entry in this table contains the information on a so as to display it more clearly."
particular mapping rule." SYNTAX OCTET STRING (SIZE (4))
INDEX { mapRuleID }
::= { mapRuleTable 1 }
MapRuleEntry ::= RuleType ::= TEXTUAL-CONVENTION
SEQUENCE { STATUS current
mapRuleID Integer32, DESCRIPTION
mapRuleIPv6PrefixType InetAddressType, "This enumeration provides the type of the mapping rule. There
mapRuleIPv6Prefix InetAddress, are two types of mapping rules: Basic Mapping Rule (BMR) and
mapRuleIPv6PrefixLen InetAddressPrefixLength, Forwarding Mapping Rule (FMR)."
mapRuleIPv4PrefixType InetAddressType, REFERENCE "bmr, fmr: section 5 of RFC 7597"
mapRuleIPv4Prefix InetAddress, SYNTAX INTEGER {
mapRuleIPv4PrefixLen InetAddressPrefixLength, bmr(1),
mapRuleBRIPv6Address InetAddress, fmr(2)
mapRulePSID Integer32, }
mapRulePSIDLen Integer32,
mapRuleOffset Unsigned32,
mapRuleEALen Integer32,
mapRuleType Integer32
}
mapRuleID OBJECT-TYPE mapRuleTable OBJECT-TYPE
SYNTAX Integer32 (1..2147483647) SYNTAX SEQUENCE OF MapRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An identifier used to distinguish the multiple mapping "The (conceptual) table containing rule Information of
rule which is unique with each CE in the same BR." specific mapping rule. It can also be used for row
::= { mapRuleEntry 1 } creation."
::= { mapRule 1 }
mapRuleIPv6PrefixType OBJECT-TYPE mapRuleEntry OBJECT-TYPE
SYNTAX InetAddressType SYNTAX MapRuleEntry
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object MUST be set to the value of ipv6(2) to "Each entry in this table contains the information on a
present the IPv6 address.It describes the particular mapping rule."
address type of the mapRuleIPv6Prefix and INDEX { mapRuleID }
mapRuleBRIPv6Address." ::= { mapRuleTable 1 }
REFERENCE
"ipv6(2): RFC 4001."
::= { mapRuleEntry 2 }
mapRuleIPv6Prefix OBJECT-TYPE MapRuleEntry ::=
SYNTAX InetAddress(SIZE (0..16)) SEQUENCE {
MAX-ACCESS read-only mapRuleID Unsigned32,
STATUS current mapRuleIPv6Prefix InetAddressIPv6,
DESCRIPTION mapRuleIPv6PrefixLen InetAddressPrefixLength,
"The IPv6 prefix defined in mapping rule which will be mapRuleIPv4Prefix InetAddressIPv4,
assigned to CE. The address type is given by mapRuleIPv4PrefixLen InetAddressPrefixLength,
mapRuleIPv6PrefixType." mapRuleBRIPv6Address InetAddressIPv6,
::= { mapRuleEntry 3 } mapRulePSID RulePSID,
mapRulePSIDLen Unsigned32,
mapRuleOffset Unsigned32,
mapRuleEALen Integer32,
mapRuleType Integer32
}
mapRuleIPv6PrefixLen OBJECT-TYPE mapRuleID OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of the IPv6 prefix defined in the mapping rule. "An identifier used to distinguish the multiple mapping
As a parameter for mapping rule, it will be also assigned rule which is unique with each CE in the same BR."
to CE." ::= { mapRuleEntry 1 }
::= { mapRuleEntry 4 }
mapRuleIPv4PrefixType OBJECT-TYPE mapRuleIPv6Prefix OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressIPv6
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object MUST be set to the value of ipv4(1) to "The IPv6 prefix defined in mapping rule which will be
present the public IPv4 address. It describes the assigned to CE. The address type is given by
address type of the mapRuleIPv4Prefix." mapRuleIPv6PrefixType."
REFERENCE ::= { mapRuleEntry 2 }
"ipv4(1): RFC 4001."
::= { mapRuleEntry 5 }
mapRuleIPv4Prefix OBJECT-TYPE mapRuleIPv6PrefixLen OBJECT-TYPE
SYNTAX InetAddress(SIZE (0..4)) SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
" The IPv4 prefix defined in mapping rule which will be "The length of the IPv6 prefix defined in the mapping rule.
assigned to CE. The address type is given by As a parameter for mapping rule, it will be also assigned
mapRuleIPv4PrefixType." to CE."
::= { mapRuleEntry 6 } ::= { mapRuleEntry 3 }
mapRuleIPv4PrefixLen OBJECT-TYPE mapRuleIPv4Prefix OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX InetAddressIPv4
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of the IPv4 prefix defined in the mapping " The IPv4 prefix defined in mapping rule which will be
rule. As a parameter for mapping rule, it will be also assigned to CE. The address type is given by
assigned to CE." mapRuleIPv4PrefixType."
::= { mapRuleEntry 7 } ::= { mapRuleEntry 4 }
mapRuleBRIPv6Address OBJECT-TYPE mapRuleIPv4PrefixLen OBJECT-TYPE
SYNTAX InetAddress(SIZE (0..16)) SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IPv6 address of the BR which will be "The length of the IPv4 prefix defined in the mapping
conveyed to CE. The address type is given by rule. As a parameter for mapping rule, it will be also
mapRuleIPv6PrefixType." assigned to CE."
::= { mapRuleEntry 8 } ::= { mapRuleEntry 5 }
mapRulePSID OBJECT-TYPE mapRuleBRIPv6Address OBJECT-TYPE
SYNTAX Integer32 SYNTAX InetAddressIPv6
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The PSID value algorithmically identifies a set of "The IPv6 address of the BR which will be
ports assigned to a CE." conveyed to CE."
REFERENCE ::= { mapRuleEntry 6 }
"PSID: section 3 of RFC 7597."
::= { mapRuleEntry 9 }
mapRulePSIDLen OBJECT-TYPE mapRulePSID OBJECT-TYPE
SYNTAX Integer32 SYNTAX RulePSID
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The bit length value of the number of significant bits in "The PSID value algorithmically identifies a set of
the PSID field. When it is set to 0, the PSID ports assigned to a CE."
field is to be ignored." REFERENCE
::= { mapRuleEntry 10 } "PSID: section 5.1 of RFC 7597."
::= { mapRuleEntry 7 }
mapRuleOffset OBJECT-TYPE mapRulePSIDLen OBJECT-TYPE
SYNTAX Unsigned32(0..15) SYNTAX Unsigned32(0..16)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Bit length value of the number of significant bits in "The bit length value of the number of significant bits in
the PSID field. When it is set to 0, the PSID the PSID field. When it is set to 0, the PSID
field is to be ignored." field is to be ignored."
::= { mapRuleEntry 11 } ::= { mapRuleEntry 8 }
mapRuleEALen OBJECT-TYPE mapRuleOffset OBJECT-TYPE
SYNTAX Integer32 SYNTAX Unsigned32(0..15)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of the Embedded-Address (EA) defined in "Bit length value of the number of significant bits in
mapping rule which will be assigned to CE." the PSID field. When it is set to 0, the PSID
REFERENCE field is to be ignored."
"EA: section 3 of RFC 7597." ::= { mapRuleEntry 9 }
::= { mapRuleEntry 12 }
mapRuleType OBJECT-TYPE mapRuleEALen OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of the mapping rule. A value of 0 means it "The length of the Embedded-Address (EA) defined in
is a BMR; a non-zero value means it is a FMR." mapping rule which will be assigned to CE."
REFERENCE REFERENCE
"BMR, FMR: section 5 of RFC 7597." "EA: section 3 of RFC 7597."
::= { mapRuleEntry 13 } ::= { mapRuleEntry 10 }
mapSecurityCheckTable OBJECT-TYPE mapRuleType OBJECT-TYPE
SYNTAX SEQUENCE OF MapSecurityCheckEntry SYNTAX RuleType
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The (conceptual) table containing information on "It represents the type of the mapping rule. the value of
MAP security checks. This table can be used to statistic 1 means it is a BMR; the value 2 means it is a FMR."
the number of invalid packets that been identified" REFERENCE
::= { mapSecurityCheck 1 } "bmr, fmr: section 5 of RFC 7597"
::= { mapRuleEntry 11 }
mapSecurityCheckEntry OBJECT-TYPE mapSecurityCheckTable OBJECT-TYPE
SYNTAX MapSecurityCheckEntry SYNTAX SEQUENCE OF MapSecurityCheckEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry in this table contains the information on a "The (conceptual) table containing information on
particular MAP SecurityCheck." MAP security checks. This table can be used to statistic
INDEX { ifIndex } the number of invalid packets that been identified."
::= { mapSecurityCheckTable 1 } ::= { mapSecurityCheck 1 }
MapSecurityCheckEntry ::= mapSecurityCheckEntry OBJECT-TYPE
SEQUENCE { SYNTAX MapSecurityCheckEntry
mapSecurityCheckInvalidv4 Counter64, MAX-ACCESS not-accessible
mapSecurityCheckInvalidv6 Counter64 STATUS current
} DESCRIPTION
"Each entry in this table contains the information on a
particular MAP SecurityCheck."
INDEX { ifIndex }
::= { mapSecurityCheckTable 1 }
mapSecurityCheckInvalidv4 OBJECT-TYPE MapSecurityCheckEntry ::=
SYNTAX Counter64 SEQUENCE {
MAX-ACCESS accessible-for-notify mapSecurityCheckInvalidv4 Counter64,
STATUS current mapSecurityCheckInvalidv6 Counter64
DESCRIPTION }
"The CE SHOULD check that MAP received packets'
transport-layer destination port number is in the range
configured by MAP for the CE. So this object indicate
the number of the invalid IPv4 packets received by the
MAP."
::= { mapSecurityCheckEntry 1 }
mapSecurityCheckInvalidv6 OBJECT-TYPE mapSecurityCheckInvalidv4 OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS accessible-for-notify MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The BR MUST perform a validation of the consistency of "The CE SHOULD check that MAP received packets'
the source IPv6 address and source port number for the transport-layer destination port number is in the range
packet using BMR. So this object indicate the number of configured by MAP for the CE. So this object indicate
the invalid IPv6 packets received by the BR." the number of the invalid IPv4 packets received by the
::= { mapSecurityCheckEntry 2 } MAP."
::= { mapSecurityCheckEntry 1 }
-- Conformance Information mapSecurityCheckInvalidv6 OBJECT-TYPE
mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2} SYNTAX Counter64
mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 } MAX-ACCESS read-only
mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 } STATUS current
DESCRIPTION
"The BR MUST perform a validation of the consistency of
the source IPv6 address and source port number for the
packet using BMR. So this object indicate the number of
the invalid IPv6 packets received by the BR."
::= { mapSecurityCheckEntry 2 }
-- compliance statements -- Conformance Information
mapMIBCompliance MODULE-COMPLIANCE mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2}
STATUS current mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 }
DESCRIPTION mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 }
" Describes the minimal requirements for conformance
to the MAP-E MIB."
MODULE -- this module
MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup }
::= { mapMIBCompliances 1 }
-- Units of Conformance -- compliance statements
mapMIBRuleGroup OBJECT-GROUP mapMIBCompliance MODULE-COMPLIANCE
OBJECTS { STATUS current
mapRuleIPv6PrefixType, DESCRIPTION
mapRuleIPv6Prefix, " Describes the minimal requirements for conformance
mapRuleIPv6PrefixLen, to the MAP-E MIB."
mapRuleIPv4PrefixType, MODULE -- this module
mapRuleIPv4Prefix, MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup }
mapRuleIPv4PrefixLen, ::= { mapMIBCompliances 1 }
mapRuleBRIPv6Address,
mapRulePSID,
mapRulePSIDLen,
mapRuleOffset,
mapRuleEALen,
mapRuleType }
STATUS current
DESCRIPTION
" The collection of this objects are used to give the
information of mapping rules in MAP-E."
::= { mapMIBGroups 1 }
mapMIBSecurityGroup OBJECT-GROUP -- Units of Conformance
OBJECTS { mapMIBRuleGroup OBJECT-GROUP
mapSecurityCheckInvalidv4, OBJECTS {
mapSecurityCheckInvalidv6 } mapRuleIPv6Prefix,
STATUS current mapRuleIPv6PrefixLen,
DESCRIPTION mapRuleIPv4Prefix,
" The collection of this objects are used to give the mapRuleIPv4PrefixLen,
information on MAP security checks." mapRuleBRIPv6Address,
::= { mapMIBGroups 2 } mapRulePSID,
mapRulePSIDLen,
mapRuleOffset,
mapRuleEALen,
mapRuleType }
STATUS current
DESCRIPTION
" The collection of this objects are used to give the
information of mapping rules in MAP-E."
::= { mapMIBGroups 1 }
END mapMIBSecurityGroup OBJECT-GROUP
OBJECTS {
mapSecurityCheckInvalidv4,
mapSecurityCheckInvalidv6 }
STATUS current
DESCRIPTION
" The collection of this objects are used to give the
information on MAP security checks."
::= { mapMIBGroups 2 }
END
6. IANA Considerations 6. IANA Considerations
The MIB module in this document uses the following IANA-assigned The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value Descriptor OBJECT IDENTIFIER value
---------- ----------------------- ---------- -----------------------
MAP-E-MIB { mib-2 XXX } MAP-E-MIB { mib-2 XXX }
skipping to change at page 11, line 32 skipping to change at page 11, line 35
a MAX-ACCESS clause of read-write and/or read-create. So, if this a MAX-ACCESS clause of read-write and/or read-create. So, if this
MIB module is implemented correctly, then there is no risk that an MIB module is implemented correctly, then there is no risk that an
intruder can alter or create any management objects of this MIB intruder can alter or create any management objects of this MIB
module via direct SNMP SET operations. module via direct SNMP SET operations.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the objects and their sensitivity/ the network via SNMP.
vulnerability:
mapRuleIPv6PrefixType The following objects are vulnerable in the sense that when an
intruder sees the information in this MIB module, then it might help
him/her to set up an attack on the MAP node. Objects that reveal
rule information of the MAP Domain: Various objects can reveal the
rule information of the map domain. A curious outsider could monitor
these to assess the number of rules and the IPv6 prefix performed in
this domain. Futher, an intruder could use the information to guess
the address-sharing ratios of the ISPs. These are the objects and
their sensitivity/ vulnerability:
mapRuleIPv6Prefix mapRuleIPv6Prefix
mapRuleIPv6PrefixLen mapRuleIPv6PrefixLen
mapRuleIPv4PrefixType
mapRuleIPv4Prefix mapRuleIPv4Prefix
mapRuleIPv4PrefixLen mapRuleIPv4PrefixLen
mapRuleBRIPv6Address mapRuleBRIPv6Address
mapRulePSID mapRulePSID
mapRulePSIDLen mapRulePSIDLen
mapRuleOffset mapRuleOffset
mapRuleEALen mapRuleEALen
mapRuleType mapRuleType
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec), Even if the network itself is secure (for example by using IPSec),
skipping to change at page 13, line 11 skipping to change at page 13, line 20
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, Version 2 (SMIv2)", STD 58, RFC 2578,
DOI 10.17487/RFC2578, April 1999, DOI 10.17487/RFC2578, April 1999,
<http://www.rfc-editor.org/info/rfc2578>. <http://www.rfc-editor.org/info/rfc2578>.
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999,
<http://www.rfc-editor.org/info/rfc2579>.
[RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Conformance Statements for SMIv2", Schoenwaelder, Ed., "Conformance Statements for SMIv2",
STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999,
<http://www.rfc-editor.org/info/rfc2580>. <http://www.rfc-editor.org/info/rfc2580>.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000,
<http://www.rfc-editor.org/info/rfc2863>. <http://www.rfc-editor.org/info/rfc2863>.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005,
<http://www.rfc-editor.org/info/rfc4001>.
[RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S.,
Murakami, T., and T. Taylor, Ed., "Mapping of Address and Murakami, T., and T. Taylor, Ed., "Mapping of Address and
Port with Encapsulation (MAP-E)", RFC 7597, Port with Encapsulation (MAP-E)", RFC 7597,
DOI 10.17487/RFC7597, July 2015, DOI 10.17487/RFC7597, July 2015,
<http://www.rfc-editor.org/info/rfc7597>. <http://www.rfc-editor.org/info/rfc7597>.
9.2. Informative References 9.2. Informative References
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999,
<http://www.rfc-editor.org/info/rfc2579>.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
DOI 10.17487/RFC2629, June 1999, DOI 10.17487/RFC2629, June 1999,
<http://www.rfc-editor.org/info/rfc2629>. <http://www.rfc-editor.org/info/rfc2629>.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, Standard Management Framework", RFC 3410,
DOI 10.17487/RFC3410, December 2002, DOI 10.17487/RFC3410, December 2002,
<http://www.rfc-editor.org/info/rfc3410>. <http://www.rfc-editor.org/info/rfc3410>.
 End of changes. 55 change blocks. 
333 lines changed or deleted 342 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/