| < draft-sehgal-roll-rpl-mib-05.txt | draft-sehgal-roll-rpl-mib-06.txt > | |||
|---|---|---|---|---|
| Internet Engineering Task Force K. Korte | Internet Engineering Task Force K. Korte | |||
| Internet-Draft J. Schoenwaelder | Internet-Draft J. Schoenwaelder | |||
| Intended status: Standards Track A. Sehgal | Intended status: Standards Track A. Sehgal | |||
| Expires: April 22, 2013 Jacobs University | Expires: August 26, 2013 Jacobs University | |||
| T. Tsou | T. Tsou | |||
| Huawei Technologies (USA) | Huawei Technologies (USA) | |||
| C. Zhou | C. Zhou | |||
| Huawei Technologies | Huawei Technologies | |||
| October 19, 2012 | February 22, 2013 | |||
| Definition of Managed Objects for the IPv6 Routing Protocol for Low | Definition of Managed Objects for the IPv6 Routing Protocol for Low | |||
| Power and Lossy Networks (RPL) | Power and Lossy Networks (RPL) | |||
| draft-sehgal-roll-rpl-mib-05 | draft-sehgal-roll-rpl-mib-06 | |||
| Abstract | Abstract | |||
| This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
| for use with network management protocols in the Internet community. | for use with network management protocols in the Internet community. | |||
| In particular, it defines objects for managing the IPv6 Routing | In particular, it defines objects for managing the IPv6 Routing | |||
| Protocol for Low Power and Lossy Networks (RPL). | Protocol for Low Power and Lossy Networks (RPL). | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 22, 2013. | This Internet-Draft will expire on August 26, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 20 ¶ | skipping to change at page 2, line 20 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. The Internet-Standard Management Framework . . . . . . . . . . 3 | 2. The Internet-Standard Management Framework . . . . . . . . . . 3 | |||
| 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 5 | 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 5 | |||
| 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 30 | 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 30 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 31 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 31 | 10.2. Informative References . . . . . . . . . . . . . . . . . 32 | |||
| Appendix A. JSON Representation . . . . . . . . . . . . . . . . . 32 | Appendix A. JSON Representation . . . . . . . . . . . . . . . . . 32 | |||
| 1. Introduction | 1. Introduction | |||
| This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
| for use with network management protocols. In particular it defines | for use with network management protocols. In particular it defines | |||
| objects for managing the IPv6 Routing Protocol for Low Power and | objects for managing the IPv6 Routing Protocol for Low Power and | |||
| Lossy Networks (RPL) [RFC6550]. It also provides management access | Lossy Networks (RPL) [RFC6550]. It also provides management access | |||
| to the Trickle [RFC6206] parameters as they are used by RPL. | to the Trickle [RFC6206] parameters as they are used by RPL. | |||
| skipping to change at page 6, line 11 ¶ | skipping to change at page 6, line 11 ¶ | |||
| FROM SNMPv2-TC -- RFC 2579 | FROM SNMPv2-TC -- RFC 2579 | |||
| OBJECT-GROUP, MODULE-COMPLIANCE | OBJECT-GROUP, MODULE-COMPLIANCE | |||
| FROM SNMPv2-CONF -- RFC 2580 | FROM SNMPv2-CONF -- RFC 2580 | |||
| InterfaceIndex | InterfaceIndex | |||
| FROM IF-MIB -- RFC 2863 | FROM IF-MIB -- RFC 2863 | |||
| InetAddressIPv6 | InetAddressIPv6 | |||
| FROM INET-ADDRESS-MIB; -- RFC 4001 | FROM INET-ADDRESS-MIB; -- RFC 4001 | |||
| rplMib MODULE-IDENTITY | rplMib MODULE-IDENTITY | |||
| LAST-UPDATED "201210190000Z" | LAST-UPDATED "201302200000Z" | |||
| ORGANIZATION | ORGANIZATION | |||
| "Jacobs University Bremen" | "Jacobs University Bremen" | |||
| CONTACT-INFO | CONTACT-INFO | |||
| "Kevin Dominik Korte | "Kevin Dominik Korte | |||
| Jacobs University Bremen | Jacobs University Bremen | |||
| Email: k.korte@jacobs-university.de | Email: k.korte@jacobs-university.de | |||
| Anuj Sehgal | Anuj Sehgal | |||
| Jacobs University Bremen | Jacobs University Bremen | |||
| Email: s.anuj@jacobs-university.de | Email: s.anuj@jacobs-university.de | |||
| skipping to change at page 6, line 38 ¶ | skipping to change at page 6, line 38 ¶ | |||
| Huawei Technologies | Huawei Technologies | |||
| Email: tina.tsou.zouting@huawei.com | Email: tina.tsou.zouting@huawei.com | |||
| Cathy Zhou | Cathy Zhou | |||
| Huawei Technologies | Huawei Technologies | |||
| Email: cathyzhou@huawei.com" | Email: cathyzhou@huawei.com" | |||
| DESCRIPTION | DESCRIPTION | |||
| "The MIB module for monitoring nodes implementing the IPv6 | "The MIB module for monitoring nodes implementing the IPv6 | |||
| routing protocol for low power and lossy networks (RPL). | routing protocol for low power and lossy networks (RPL). | |||
| Copyright (c) 2012 IETF Trust and the persons identified as | Copyright (c) 2013 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Simplified BSD | to the license terms contained in, the Simplified BSD | |||
| License set forth in Section 4.c of the IETF Trust's | License set forth in Section 4.c of the IETF Trust's | |||
| Legal Provisions Relating to IETF Documents | Legal Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info)." | (http://trustee.ietf.org/license-info)." | |||
| REVISION "201210190000Z" | REVISION "201302200000Z" | |||
| DESCRIPTION | DESCRIPTION | |||
| "Initial version, published as RFC XXXX." | "Initial version, published as RFC XXXX." | |||
| -- RFC Ed.: replace XXXX with actual RFC number & remove this note | -- RFC Ed.: replace XXXX with actual RFC number & remove this note | |||
| ::= { mib-2 XXXX } | ::= { mib-2 XXXX } | |||
| RplMessageType ::= TEXTUAL-CONVENTION | RplMessageType ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The type of an RPL control message as defined in Section | "The type of an RPL control message as defined in Section | |||
| 6 of RFC 6550." | 6 of RFC 6550." | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| SYNTAX Unsigned32 (0..255) | SYNTAX Unsigned32 (0..255) | |||
| RplInstanceID ::= TEXTUAL-CONVENTION | RplInstanceID ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A global or local RPLinstanceID as defined in Section 5.1. of | "A global or local RPLInstanceID as defined in Section 5.1 | |||
| RFC 6550." | of RFC 6550." | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| SYNTAX Unsigned32 (0..255) | SYNTAX Unsigned32 (0..255) | |||
| RplDodagVersionNumber ::= TEXTUAL-CONVENTION | RplDodagVersionNumber ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The version number of a DODAG as defined in Section 6.3 of | "The version number of a DODAG as defined in Section 6.3 of | |||
| RFC 6550." | RFC 6550." | |||
| skipping to change at page 8, line 27 ¶ | skipping to change at page 8, line 27 ¶ | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| SYNTAX INTEGER { | SYNTAX INTEGER { | |||
| silent(1), | silent(1), | |||
| send(2) | send(2) | |||
| } | } | |||
| RplModeOfOperation ::= TEXTUAL-CONVENTION | RplModeOfOperation ::= TEXTUAL-CONVENTION | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Determines the mode of operation." | "The mode of operation of an RPL instance as defined in | |||
| Section 6.3.1 of RFC 6550." | ||||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| SYNTAX INTEGER { | SYNTAX INTEGER { | |||
| noDownwardRoutes(0), | noDownwardRoutes(0), | |||
| nonStoringMode(1), | nonStoringMode(1), | |||
| storingWithoutMulticastSupport(2), | storingWithoutMulticastSupport(2), | |||
| storingWithMulticastSupport(3) | storingWithMulticastSupport(3) | |||
| } | } | |||
| RplDAODelay ::= TEXTUAL-CONVENTION | RplDAODelay ::= TEXTUAL-CONVENTION | |||
| skipping to change at page 9, line 4 ¶ | skipping to change at page 9, line 5 ¶ | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| SYNTAX Unsigned32 | SYNTAX Unsigned32 | |||
| RplDodagPreference ::= TEXTUAL-CONVENTION | RplDodagPreference ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The preference of a DODAG compared to another DODAG of the | "The preference of a DODAG compared to another DODAG of the | |||
| same instance as defined in Section 6.3 of RFC 6550." | same instance as defined in Section 6.3 of RFC 6550." | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| SYNTAX Unsigned32 (0..7) | SYNTAX Unsigned32 (0..7) | |||
| RplMinHopRankIncrease ::= TEXTUAL-CONVENTION | RplMinHopRankIncrease ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The minimal incerease of a rank within a single hop as | "The minimal increase of a rank within a single hop as | |||
| defined in Section 6.7.6 of RFC 6550." | defined in Section 6.7.6 of RFC 6550." | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| SYNTAX Unsigned32 (0..131071) | SYNTAX Unsigned32 (0..131071) | |||
| RplPathControlSize ::= TEXTUAL-CONVENTION | RplPathControlSize ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The Path Control Size within a DODAG as defined in | "The Path Control Size within a DODAG as defined in | |||
| skipping to change at page 11, line 23 ¶ | skipping to change at page 11, line 24 ¶ | |||
| "The default minimum increase of the rank in a single hop. | "The default minimum increase of the rank in a single hop. | |||
| Changes to this value may not persist across restarts." | Changes to this value may not persist across restarts." | |||
| DEFVAL { 256 } | DEFVAL { 256 } | |||
| ::= { rplDefaults 7 } | ::= { rplDefaults 7 } | |||
| rplDefaultMaxRankIncrease OBJECT-TYPE | rplDefaultMaxRankIncrease OBJECT-TYPE | |||
| SYNTAX Unsigned32 (0..65535) | SYNTAX Unsigned32 (0..65535) | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The default maximum allowable increase in rank in support | "The default maximum allowable increase in rank in support | |||
| of local repair. If DAGMaxRankIncrease is 0 then this | of local repair. If DAGMaxRankIncrease is 0 then this | |||
| mechanism is disabled. Changes to this value may not | mechanism is disabled. Changes to this value may not | |||
| persist across restarts." | persist across restarts." | |||
| DEFVAL { 65535 } | DEFVAL { 65535 } | |||
| ::= { rplDefaults 8 } | ::= { rplDefaults 8 } | |||
| rplDefaultModeOfOperation OBJECT-TYPE | rplDefaultModeOfOperation OBJECT-TYPE | |||
| SYNTAX RplModeOfOperation | SYNTAX RplModeOfOperation | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The mode of operation of the RPL instance. Changes to this | "The mode of operation of the RPL instance. Changes to this | |||
| value may not persist across restarts." | value may not persist across restarts." | |||
| skipping to change at page 19, line 22 ¶ | skipping to change at page 19, line 22 ¶ | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The Path Control Size of this DODAG." | "The Path Control Size of this DODAG." | |||
| ::= { rplDodagEntry 15 } | ::= { rplDodagEntry 15 } | |||
| rplDodagParentTable OBJECT-TYPE | rplDodagParentTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF RplDodagParentEntry | SYNTAX SEQUENCE OF RplDodagParentEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The list of parents for a DODAG." | "The list of parents of a DODAG." | |||
| ::= { rplObjects 6 } | ::= { rplObjects 6 } | |||
| rplDodagParentEntry OBJECT-TYPE | rplDodagParentEntry OBJECT-TYPE | |||
| SYNTAX RplDodagParentEntry | SYNTAX RplDodagParentEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Information about a known DODAG parent." | "Information about a known DODAG parent." | |||
| INDEX { rplInstanceID, rplDodagIndex, rplDodagParentID } | INDEX { rplInstanceID, rplDodagIndex, rplDodagParentID } | |||
| ::= { rplDodagParentTable 1 } | ::= { rplDodagParentTable 1 } | |||
| skipping to change at page 19, line 44 ¶ | skipping to change at page 19, line 44 ¶ | |||
| RplDodagParentEntry ::= SEQUENCE { | RplDodagParentEntry ::= SEQUENCE { | |||
| rplDodagParentID InetAddressIPv6, | rplDodagParentID InetAddressIPv6, | |||
| rplDodagParentIf InterfaceIndex | rplDodagParentIf InterfaceIndex | |||
| } | } | |||
| rplDodagParentID OBJECT-TYPE | rplDodagParentID OBJECT-TYPE | |||
| SYNTAX InetAddressIPv6 | SYNTAX InetAddressIPv6 | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "An RPL parent associated with this DODAG." | "The address of a parent associated with this DODAG." | |||
| ::= { rplDodagParentEntry 1 } | ::= { rplDodagParentEntry 1 } | |||
| rplDodagParentIf OBJECT-TYPE | rplDodagParentIf OBJECT-TYPE | |||
| SYNTAX InterfaceIndex | SYNTAX InterfaceIndex | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The interface over which the parent can be reached." | "The interface over which the parent can be reached." | |||
| ::= { rplDodagParentEntry 2 } | ::= { rplDodagParentEntry 2 } | |||
| rplDodagChildTable OBJECT-TYPE | rplDodagChildTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF RplDodagChildEntry | SYNTAX SEQUENCE OF RplDodagChildEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The list of children for a DODAG." | "The list of children of a DODAG." | |||
| ::= { rplObjects 7 } | ::= { rplObjects 7 } | |||
| rplDodagChildEntry OBJECT-TYPE | rplDodagChildEntry OBJECT-TYPE | |||
| SYNTAX RplDodagChildEntry | SYNTAX RplDodagChildEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Information about a known DODAG child." | "Information about a known DODAG child." | |||
| INDEX { rplInstanceID, rplDodagIndex, rplDodagChildID } | INDEX { rplInstanceID, rplDodagIndex, rplDodagChildID } | |||
| ::= { rplDodagChildTable 1 } | ::= { rplDodagChildTable 1 } | |||
| skipping to change at page 20, line 34 ¶ | skipping to change at page 20, line 34 ¶ | |||
| RplDodagChildEntry ::= SEQUENCE { | RplDodagChildEntry ::= SEQUENCE { | |||
| rplDodagChildID InetAddressIPv6, | rplDodagChildID InetAddressIPv6, | |||
| rplDodagChildIf InterfaceIndex | rplDodagChildIf InterfaceIndex | |||
| } | } | |||
| rplDodagChildID OBJECT-TYPE | rplDodagChildID OBJECT-TYPE | |||
| SYNTAX InetAddressIPv6 | SYNTAX InetAddressIPv6 | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "An RPL child associated with this DODAG." | "The address of an RPL child associated with this DODAG." | |||
| ::= { rplDodagChildEntry 1 } | ::= { rplDodagChildEntry 1 } | |||
| rplDodagChildIf OBJECT-TYPE | rplDodagChildIf OBJECT-TYPE | |||
| SYNTAX InterfaceIndex | SYNTAX InterfaceIndex | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The interface over which the child can be reached." | "The interface over which the child can be reached." | |||
| ::= { rplDodagChildEntry 2 } | ::= { rplDodagChildEntry 2 } | |||
| skipping to change at page 21, line 32 ¶ | skipping to change at page 21, line 32 ¶ | |||
| ::= { rplStats 3 } | ::= { rplStats 3 } | |||
| rplSecurityPolicyViolations OBJECT-TYPE | rplSecurityPolicyViolations OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The number of messages discarded because the described level | "The number of messages discarded because the described level | |||
| of security for the message type and originator is unknown or | of security for the message type and originator is unknown or | |||
| does not meet locally maintained security policies as defined | does not meet locally maintained security policies as defined | |||
| in Section 10.7. of RFC 6550." | in Section 10.7 of RFC 6550." | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| ::= { rplStats 4 } | ::= { rplStats 4 } | |||
| rplIntegrityCheckFailures OBJECT-TYPE | rplIntegrityCheckFailures OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The number of messages discarded because the integrity | "The number of messages discarded because the integrity | |||
| check failed against the received message authentication | check failed against the received message authentication | |||
| code (MAC) as defined in Section 10.7. of RFC 6550." | code (MAC) as defined in Section 10.7 of RFC 6550." | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| ::= { rplStats 5 } | ::= { rplStats 5 } | |||
| rplReplayProtectionFailures OBJECT-TYPE | rplReplayProtectionFailures OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The number of messages discarded because the received | "The number of messages discarded because the received | |||
| message Counter value is non-zero and less than the | message Counter value is non-zero and less than the | |||
| maintained incoming Counter watermark or because the | maintained incoming Counter watermark or because the | |||
| received Timestamp Counter value indicates a message | received Timestamp Counter value indicates a message | |||
| transmission time that is earlier than the Current time | transmission time that is earlier than the Current time | |||
| less the acceptable packet delay as defined in Section | less the acceptable packet delay as defined in Section | |||
| 10.7. of RFC 6550. This counter is also incremented if the | 10.7 of RFC 6550. This counter is also incremented if the | |||
| temporal consistency check of the message fails as defined | temporal consistency check of the message fails as defined | |||
| in Section 10.7.1." | in Section 10.7.1." | |||
| REFERENCE | REFERENCE | |||
| "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | "RFC 6550: RPL: IPv6 Routing Protocol for LLNs" | |||
| ::= { rplStats 6 } | ::= { rplStats 6 } | |||
| rplValidParentFailures OBJECT-TYPE | rplValidParentFailures OBJECT-TYPE | |||
| SYNTAX Counter32 | SYNTAX Counter32 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| skipping to change at page 29, line 46 ¶ | skipping to change at page 29, line 46 ¶ | |||
| 7. Security Considerations | 7. Security Considerations | |||
| There are a number of management objects defined in this MIB module | There are a number of management objects defined in this MIB module | |||
| with a MAX-ACCESS clause of read-write and/or read-create. Such | with a MAX-ACCESS clause of read-write and/or read-create. Such | |||
| objects may be considered sensitive or vulnerable in some network | objects may be considered sensitive or vulnerable in some network | |||
| environments. The support for SET operations in a non-secure | environments. The support for SET operations in a non-secure | |||
| environment without proper protection can have a negative effect on | environment without proper protection can have a negative effect on | |||
| network operations. These are the tables and objects and their | network operations. These are the tables and objects and their | |||
| sensitivity/vulnerability: | sensitivity/vulnerability: | |||
| o rplActiveInstance: [ TBD ] explain sensitivity | o The objects below rplDefaults control the operation of RPL. | |||
| Unauthorized access to these objects can either make RPL | ||||
| inefficient or even fail to converge. | ||||
| o The objects below rplActive select the currently active RPL DODAG | ||||
| in the currently active RPL Instance. Unauthorized changes may | ||||
| prevent communication or cause loss of efficiency. | ||||
| o The rplOCPTable controls which objective functions can be used by | ||||
| an RPL implementation. Unauthorized access may prevent certain | ||||
| RPL instances to be established or less it may cause less | ||||
| efficient RPL instances to be used. | ||||
| Some of the readable objects in this MIB module (i.e., objects with a | Some of the readable objects in this MIB module (i.e., objects with a | |||
| MAX-ACCESS other than not-accessible) may be considered sensitive or | MAX-ACCESS other than not-accessible) may be considered sensitive or | |||
| vulnerable in some network environments. It is thus important to | vulnerable in some network environments. It is thus important to | |||
| control even GET and/or NOTIFY access to these objects and possibly | control even GET and/or NOTIFY access to these objects and possibly | |||
| to even encrypt the values of these objects when sending them over | to even encrypt the values of these objects when sending them over | |||
| the network via SNMP. These are the tables and objects and their | the network via SNMP. These tables and objects provide detailed | |||
| sensitivity/vulnerability: | information about the structure and operation of RPL instances and | |||
| the topology of the DODAGs. This information may be exploited to | ||||
| target attacks or to gain insights about the structure of a certain | ||||
| deployment. | ||||
| [TODO: Need to describe vulnerabilities here.] | The counters of the RPL-MIB are provided primarily to assist in | |||
| troubleshooting problems in RPL deployments. The counters, however, | ||||
| may also be used to gain insights into certain active attacks on RPL | ||||
| itself. | ||||
| SNMP versions prior to SNMPv3 did not include adequate security. | SNMP versions prior to SNMPv3 did not include adequate security. | |||
| Even if the network itself is secure (for example by using IPsec), | Even if the network itself is secure (for example by using IPsec), | |||
| even then, there is no control as to who on the secure network is | even then, there is no control as to who on the secure network is | |||
| allowed to access and GET/SET (read/change/create/delete) the objects | allowed to access and GET/SET (read/change/create/delete) the objects | |||
| in this MIB module. | in this MIB module. | |||
| It is RECOMMENDED that implementers consider the security features as | It is RECOMMENDED that implementers consider the security features as | |||
| provided by the SNMPv3 framework (see [RFC3410], section 8), | provided by the SNMPv3 framework (see [RFC3410], section 8), | |||
| including full support for the SNMPv3 cryptographic mechanisms (for | including full support for the SNMPv3 cryptographic mechanisms (for | |||
| skipping to change at page 30, line 44 ¶ | skipping to change at page 31, line 13 ¶ | |||
| remove this note. | remove this note. | |||
| IANA has allocated a number for RPL in the IANAipRouteProtocol | IANA has allocated a number for RPL in the IANAipRouteProtocol | |||
| textual convention of the IANA-RTPROTO-MIB. | textual convention of the IANA-RTPROTO-MIB. | |||
| 9. Acknowledgements | 9. Acknowledgements | |||
| The authors like to thank Michael Richardson for providing helpful | The authors like to thank Michael Richardson for providing helpful | |||
| comments during the development of this specification. | comments during the development of this specification. | |||
| Juergen Schoenwaelder and Anuj Sehgal were partly funded by Flamingo, | ||||
| a Network of Excellence project (ICT-318488) supported by the | ||||
| European Commission under its Seventh Framework Programme. | ||||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in | [RFC2119] Bradner, S., "Key words for use in | |||
| RFCs to Indicate Requirement Levels", | RFCs to Indicate Requirement Levels", | |||
| BCP 14, RFC 2119, March 1997. | BCP 14, RFC 2119, March 1997. | |||
| [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., | [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., | |||
| and J. Schoenwaelder, Ed., "Structure | and J. Schoenwaelder, Ed., "Structure | |||
| End of changes. 25 change blocks. | ||||
| 32 lines changed or deleted | 53 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||