| < draft-ietf-ospf-ospfv3-mib-15.txt | draft-ietf-ospf-ospfv3-mib-16.txt > | |||
|---|---|---|---|---|
| Network Working Group D. Joyal (Editor) | Network Working Group D. Joyal (Editor) | |||
| Internet Draft Nortel | Internet Draft Nortel | |||
| Intended status: Standards Track V. Manral (Editor) | Intended status: Standards Track V. Manral (Editor) | |||
| Expires: December 25, 2009 IP Infusion | Expires: January 17, 2010 IP Infusion | |||
| June 23, 2009 | July 16, 2009 | |||
| Management Information Base for OSPFv3 | Management Information Base for OSPFv3 | |||
| draft-ietf-ospf-ospfv3-mib-15.txt | draft-ietf-ospf-ospfv3-mib-16.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with | This Internet-Draft is submitted to IETF in full conformance with | |||
| the provisions of BCP 78 and BCP 79. | the provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 33 ¶ | skipping to change at page 1, line 33 ¶ | |||
| months and may be updated, replaced, or obsoleted by other documents | months and may be updated, replaced, or obsoleted by other documents | |||
| at any time. It is inappropriate to use Internet-Drafts as | at any time. It is inappropriate to use Internet-Drafts as | |||
| reference material or to cite them other than as "work in progress." | reference material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on December 25, 2009. | This Internet-Draft will expire on January 17, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license- | publication of this document (http://trustee.ietf.org/license- | |||
| info). Please review these documents carefully, as they describe | info). Please review these documents carefully, as they describe | |||
| skipping to change at page 8, line 39 ¶ | skipping to change at page 8, line 39 ¶ | |||
| InterfaceIndex | InterfaceIndex | |||
| FROM IF-MIB | FROM IF-MIB | |||
| InetAddressType, InetAddress, InetAddressPrefixLength, | InetAddressType, InetAddress, InetAddressPrefixLength, | |||
| InetAddressIPv6 | InetAddressIPv6 | |||
| FROM INET-ADDRESS-MIB | FROM INET-ADDRESS-MIB | |||
| Metric, BigMetric, Status, | Metric, BigMetric, Status, | |||
| HelloRange, DesignatedRouterPriority | HelloRange, DesignatedRouterPriority | |||
| FROM OSPF-MIB; | FROM OSPF-MIB; | |||
| ospfv3MIB MODULE-IDENTITY | ospfv3MIB MODULE-IDENTITY | |||
| LAST-UPDATED "200906231200Z" | LAST-UPDATED "200907161200Z" | |||
| ORGANIZATION "IETF OSPF Working Group" | ORGANIZATION "IETF OSPF Working Group" | |||
| CONTACT-INFO | CONTACT-INFO | |||
| "WG E-Mail: ospf@ietf.org | "WG E-Mail: ospf@ietf.org | |||
| WG Chairs: Acee Lindem | WG Chairs: Acee Lindem | |||
| acee@redback.com | acee@redback.com | |||
| Abhay Roy | Abhay Roy | |||
| akr@cisco.com | akr@cisco.com | |||
| Editors: Dan Joyal | Editors: Dan Joyal | |||
| skipping to change at page 9, line 18 ¶ | skipping to change at page 9, line 18 ¶ | |||
| vishwas@ipinfusion.com" | vishwas@ipinfusion.com" | |||
| DESCRIPTION | DESCRIPTION | |||
| "The MIB module for OSPF version 3. | "The MIB module for OSPF version 3. | |||
| Copyright (C) The IETF Trust (2009). | Copyright (C) The IETF Trust (2009). | |||
| This version of this MIB module is part of | This version of this MIB module is part of | |||
| RFC xxxx; see the RFC itself for full legal | RFC xxxx; see the RFC itself for full legal | |||
| notices." | notices." | |||
| REVISION "200906231200Z" | REVISION "200907161200Z" | |||
| DESCRIPTION -- RFC Editor assigns RFC xxxx | DESCRIPTION -- RFC Editor assigns RFC xxxx | |||
| "Initial version, published as RFC xxxx" | "Initial version, published as RFC xxxx" | |||
| -- RFC Ed.: replace xxxx with actual RFC number & remove this note | -- RFC Ed.: replace xxxx with actual RFC number & remove this note | |||
| ::= { mib-2 YYY } | ::= { mib-2 YYY } | |||
| -- RFC Ed.: replace YYY with IANA-assigned number & remove this note | -- RFC Ed.: replace YYY with IANA-assigned number & remove this note | |||
| -- Textual conventions | -- Textual conventions | |||
| Ospfv3UpToRefreshIntervalTC ::= TEXTUAL-CONVENTION | Ospfv3UpToRefreshIntervalTC ::= TEXTUAL-CONVENTION | |||
| skipping to change at page 82, line 54 ¶ | skipping to change at page 82, line 54 ¶ | |||
| END | END | |||
| 6. Security Considerations | 6. Security Considerations | |||
| There are a number of management objects defined in this MIB module | There are a number of management objects defined in this MIB module | |||
| with a MAX-ACCESS clause of read-write and/or read-create. Such | with a MAX-ACCESS clause of read-write and/or read-create. Such | |||
| objects may be considered sensitive or vulnerable in some network | objects may be considered sensitive or vulnerable in some network | |||
| environments. The support for SET operations in a non-secure | environments. The support for SET operations in a non-secure | |||
| environment without proper protection can have a negative effect on | environment without proper protection can have a negative effect on | |||
| network operations. Improper manipulation of the objects represented | network operations. Improper manipulation of the objects represented | |||
| by this MIB may result in disruption of network connectivity by | by this MIB module may result in disruption of network connectivity | |||
| administratively disabling the entire OSPFv3 entity or individual | by administratively disabling the entire OSPFv3 entity or individual | |||
| interfaces, by deleting configured neighbors, by reducing the limit | interfaces, by deleting configured neighbors, by reducing the limit | |||
| on External LSAs, by changing ASBR status, by manipulating route | on External LSAs, by changing ASBR status, by manipulating route | |||
| aggregation, by manipulating interface and route metrics, by changing | aggregation, by manipulating interface and route metrics, by changing | |||
| hello interval or dead interval, or by changing interface type. | hello interval or dead interval, or by changing interface type. | |||
| Remote monitoring can be defeated by disabling of SNMP notifications. | Remote monitoring can be defeated by disabling of SNMP notifications. | |||
| Performance can be impacted by increasing the limit on External LSAs | Performance can be impacted by increasing the limit on External LSAs | |||
| or changing DR/BDR priority. | or changing DR/BDR priority. | |||
| Some of the readable objects in this MIB module (i.e., objects with a | Some of the readable objects in this MIB module (i.e., objects with a | |||
| MAX-ACCESS other than not-accessible) may be considered sensitive or | MAX-ACCESS other than not-accessible) may be considered sensitive or | |||
| vulnerable in some network environments. It is thus important to | vulnerable in some network environments. It is thus important to | |||
| control even GET and/or NOTIFY access to these objects and possibly | control even GET and/or NOTIFY access to these objects and possibly | |||
| to even encrypt the values of these objects when sending them over | to even encrypt the values of these objects when sending them over | |||
| the network via SNMP. Unauthorized access to readable objects in this | the network via SNMP. Unauthorized access to readable objects in this | |||
| MIB allows the discovery of the network topology and operating | MIB module allows the discovery of the network topology and operating | |||
| parameters which can be used to target further attacks on the network | parameters which can be used to target further attacks on the network | |||
| or to gain a competitive business advantage. | or to gain a competitive business advantage. | |||
| SNMP versions prior to SNMPv3 did not include adequate security. | SNMP versions prior to SNMPv3 did not include adequate security. | |||
| Even if the network itself is secure (for example by using IPsec), | Even if the network itself is secure (for example by using IPsec), | |||
| even then, there is no control as to who on the secure network is | even then, there is no control as to who on the secure network is | |||
| allowed to access and GET/SET (read/change/create/delete) the objects | allowed to access and GET/SET (read/change/create/delete) the objects | |||
| in this MIB module. | in this MIB module. | |||
| It is RECOMMENDED that implementers consider the security features as | It is RECOMMENDED that implementers consider the security features as | |||
| skipping to change at page 85, line 16 ¶ | skipping to change at page 85, line 16 ¶ | |||
| [RFC3411] Harrington, D., Presuhn, R., Wijnen, B., | [RFC3411] Harrington, D., Presuhn, R., Wijnen, B., | |||
| "An Architecture for Describing Simple Network Management | "An Architecture for Describing Simple Network Management | |||
| Protocol (SNMP) Management Frameworks", RFC 3411, | Protocol (SNMP) Management Frameworks", RFC 3411, | |||
| December 2002. | December 2002. | |||
| [RFC3413] Levi, D., Meyer, P., Stewart, B., | [RFC3413] Levi, D., Meyer, P., Stewart, B., | |||
| "Simple Network Management Protocol (SNMP) Applications", | "Simple Network Management Protocol (SNMP) Applications", | |||
| RFC 3413, December 2002. | RFC 3413, December 2002. | |||
| [RFC3414] Blumenthal, U., Wijnen, B., "User-based Security Model | ||||
| (USM) for version 3 of the Simple Network Management | ||||
| Protocol (SNMPv3)", RFC 3414, December 2002. | ||||
| [RFC3415] Wijnen, B., Presuhn, R., McCloghrie, K., | ||||
| "View-based Access Control Model (VACM) for the | ||||
| Simple Network Management Protocol (SNMP)", RFC 3415, | ||||
| December 2002. | ||||
| 11. Contributors' Addresses | 11. Contributors' Addresses | |||
| Jacek Kwiatkowski | Jacek Kwiatkowski | |||
| Intel Technology Poland | Intel Technology Poland | |||
| ul. Slowackiego 173 | ul. Slowackiego 173 | |||
| 80-298 Gdansk, Poland | 80-298 Gdansk, Poland | |||
| Email: jacek.kwiatkowski@intel.com | Email: jacek.kwiatkowski@intel.com | |||
| Sebastian Zwolinski | Sebastian Zwolinski | |||
| Intel Technology Poland | Intel Technology Poland | |||
| End of changes. 8 change blocks. | ||||
| 18 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||