idnits 2.17.1 draft-an-savi-mib-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 7 instances of too long lines in the document, the longest one being 35 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 471 has weird spacing: '...n entry conta...' == Line 794 has weird spacing: '... of the bindi...' == Line 881 has weird spacing: '...315) of the c...' == Line 935 has weird spacing: '... of the filte...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (December 12, 2014) is 3422 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Unused Reference: 'RFC2131' is defined on line 1201, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1204, but no explicit reference was found in the text == Unused Reference: 'RFC2223' is defined on line 1222, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1229, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 1232, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) -- No information found for draft-ietf-savi-dhcp - is the name correct? -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 2 errors (**), 0 flaws (~~), 11 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SAVI C. An 3 Internet-Draft J. Yang 4 Intended status: Experimental J. Wu 5 Expires: June 15, 2015 J. Bi 6 CERNET 7 December 12, 2014 9 Definition of Managed Objects for SAVI Protocol 10 draft-an-savi-mib-08 12 Abstract 14 This memo defines a portion of the Management Information Base (MIB) 15 for use with network management protocols in the Internet community. 16 In particular, it defines objects for managing SAVI (Source Address 17 Validation Improvements) protocol instance. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on June 15, 2015. 36 Copyright Notice 38 Copyright (c) 2014 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. The Internet-Standard Management Framework . . . . . . . . . 3 55 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 58 5.1. The SAVI System Table . . . . . . . . . . . . . . . . . . 4 59 5.2. The SAVI Port Table . . . . . . . . . . . . . . . . . . . 5 60 5.3. The SAVI Binding Table . . . . . . . . . . . . . . . . . 6 61 5.4. The SAVI Filtering Table . . . . . . . . . . . . . . . . 7 62 5.5. The SAVI Counting Table . . . . . . . . . . . . . . . . . 7 63 6. Textual Conventions . . . . . . . . . . . . . . . . . . . . . 8 64 7. Relationship to Other MIB Modules . . . . . . . . . . . . . . 8 65 7.1. Relationship to the INET-ADDRESS-MIB . . . . . . . . . . 8 66 7.2. Relationship to the IF-MIB . . . . . . . . . . . . . . . 9 67 7.3. MIB modules required for IMPORTS . . . . . . . . . . . . 9 68 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9 69 9. Security Considerations . . . . . . . . . . . . . . . . . . . 24 70 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 71 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 25 72 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 25 73 12.1. Normative References . . . . . . . . . . . . . . . . . . 25 74 12.2. Informative References . . . . . . . . . . . . . . . . . 26 75 12.3. URL References . . . . . . . . . . . . . . . . . . . . . 27 76 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 28 77 Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 29 79 1. Introduction 81 The Source Address Validation Improvement protocol was developed to 82 complement ingress filtering with finer-grained, standardized IP 83 source address validation(refer to [RFC7039]).A SAVI protocol 84 instance is located on the path of hosts' packets, enforcing the 85 hosts' use of legitimate IP source addresses. 87 SAVI protocol determines whether the IP address obtaining process is 88 legitimate according to IP address assignment method. For links with 89 Stateless Address Auto Configuration (SLAAC), Dynamic Host 90 Configuration Protocol (DHCP), and Secure Neighbor Discovery (SEND), 91 the process is defined in separate documents of SAVI Working Group 92 (refer to [RFC6620], [I-D.ietf-savi-dhcp], [RFC7219].) 93 This document defines a MIB module that can be used to manage the 94 SAVI protocol instance. It covers both configuration and status 95 monitoring aspects of SAVI implementations. 97 This document uses terminology from the SAVI Protocol specification. 99 2. The Internet-Standard Management Framework 101 For a detailed overview of the documents that describe the current 102 Internet-Standard Management Framework, please refer to section 7 of 103 RFC 3410 [RFC3410]. 105 Managed objects are accessed via a virtual information store, termed 106 the Management Information Base or MIB. MIB objects are generally 107 accessed through the Simple Network Management Protocol (SNMP). 108 Objects in the MIB are defined using the mechanisms defined in the 109 Structure of Management Information (SMI). This memo specifies a MIB 110 module that is compliant to the SMIv2, which is described in STD 58, 111 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 112 [RFC2580]. 114 3. Conventions 116 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 117 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 118 document are to be interpreted as described in RFC 2119 [RFC2119]. 120 4. Overview 122 The SAVI Protocol MIB module (SAVI-MIB) is conformant to SAVI 123 protocol, and is designed to: 125 o Support centralized management and monitoring of SAVI protocol 126 instance by standard SNMP protocol. 128 o Support configuration and querying of SAVI protocol parameters. 130 o Support configuration and querying of binding entries. Operators 131 may insert and delete manual binding entries. 133 o Support querying of filtering entries. 135 o Support querying of the count of packets dropped because of 136 validation failure for each interface. 138 Based on SAVI protocol, attributes and objects of a SAVI protocol 139 instance can be classified into four categories: 141 o System attributes. These attributes are corresponding to a SAVI 142 protocol instance, such as IP Address Assignment Methods and some 143 constants. 145 o Anchor attributes. These attributes are corresponding to a SAVI 146 anchor. Anchor is defined in [RFC7039]. 148 o Binding Status Table. This table contains the state of binding 149 between source address and binding anchor (refer to [RFC6620], 150 [I-D.ietf-savi-dhcp], [RFC7219]). 152 o Filtering Table. This table contains the bindings between binding 153 anchor and address, which is used to filter packets (refer to 154 [RFC6620], [I-D.ietf-savi-dhcp], [RFC7219]). 156 o Counting Table. This table contains the count of fail packets for 157 each interface. 159 A table is designed for each category of objects. 161 5. Structure of the MIB Module 163 This section presents the structure of the SAVI-MIB module. The MIB 164 objects are derived from the SAVI protocol specification. 166 This MIB is composed of a series of tables meant to form the base for 167 managing SAVI entities. The following subsections describe all 168 tables in the SAVI MIB module. 170 5.1. The SAVI System Table 172 The SAVI System Table (saviObjectsSystemTable) contains the objects 173 which are corresponding to SAVI system-wide parameters. It supports 174 the configuration and collection of SAVI system-wide parameters. 176 There is an entry for each IP stack, IPv4 and IPv6. The table is 177 indexed by: 179 o saviObjectsSystemIPVersion - The IP Version. A textual convention 180 InetVersion defined in RFC4001 is used to represent the different 181 version of IP protocol. 183 It contains the following objects: 185 o saviObjectsSystemMode - Which IP address assignment method the 186 link is running in (refer to [RFC7039]). 188 o saviObjectsSystemMaxDhcpResponseTime - A constant defined in SAVI 189 protocol (refer to [I-D.ietf-savi-dhcp]). 191 o saviObjectsSystemDataSnoopingInterval - A constant defined in SAVI 192 protocol (refer to [I-D.ietf-savi-dhcp]). 194 o saviObjectsSystemMaxLeaseQueryDelay - A constant defined in SAVI 195 protocol (refer to [I-D.ietf-savi-dhcp]). 197 o saviObjectsSystemOffLinkDelay - A constant defined in SAVI 198 protocol (refer to [I-D.ietf-savi-dhcp]). 200 o saviObjectsSystemDetectionTimeout - A constant defined in SAVI 201 protocol (refer to [I-D.ietf-savi-dhcp]). 203 o saviObjectsSystemTentLT - A constant defined in SAVI protocol 204 (refer to [RFC6620]). 206 o saviObjectsSystemDefaultLT - A constant defined in SAVI protocol 207 (refer to [RFC6620]). 209 o saviObjectsSystemTWAIT - A constant defined in SAVI protocol 210 (refer to [RFC6620]). 212 The MAX-ACCESS of thses objects is READ-WRITE. Network Operators may 213 do configuration by setting these objects. 215 5.2. The SAVI Port Table 217 The SAVI Port Table (saviObjectsPortTable) contains the objects which 218 are corresponding to SAVI running parameters of each anchor. It 219 supports the configuration and collection of SAVI parameters of each 220 anchor. 222 There is an entry for each IP stack, IPv4 and IPv6. The table is 223 indexed by: 225 o saviObjectsPortIPVersion - The IP Version. 227 o saviObjectsPortIfIndex - The index value that uniquely identifies 228 the interface to which this entry is applicable. 230 It contains the following objects: 232 o saviObjectsPortValidatingAttr - An attribute defined in SAVI 233 protocol (refer to [I-D.ietf-savi-dhcp]). 235 o saviObjectsPortDhcpTrustAttr - An attribute defined in SAVI 236 protocol (refer to [I-D.ietf-savi-dhcp]). 238 o saviObjectsPortTrustAttr - An attribute defined in SAVI protocol 239 (refer to [I-D.ietf-savi-dhcp]). 241 o saviObjectsPortDhcpSnoopingAttr - An attribute defined in SAVI 242 protocol (refer to [I-D.ietf-savi-dhcp]). 244 o saviObjectsPortDataSnoopingAttr - An attribute defined in SAVI 245 protocol (refer to [I-D.ietf-savi-dhcp]). 247 o saviObjectsPortFilteringNum - The max filtering number of the 248 Port. 250 The MAX-ACCESS of these objects is READ-WRITE. Network Operators may 251 configure by setting these objects. 253 5.3. The SAVI Binding Table 255 The SAVI Binding Table (saviObjectsBindingTable) contains the objects 256 which are corresponding to Binding State Table (BST) defined in SAVI 257 protocol. It contains the binding parameters and state of each 258 binding entry. It supports the collection of binding entries. And 259 an entry can be inserted or deleted if it is a manual binding entry. 261 The table is indexed by: 263 o saviObjectsBindingIpAddressType - IP address type. A textual 264 convention InetAddressType defined in RFC4001 is used to represent 265 the different kind of IP address. 267 o saviObjectsBindingType - which IP address assignment method is 268 used to create the binding entry - manual(1), slaac(2), dhcp(3), 269 send(4). 271 o saviObjectsBindingIfIndex - The index value that uniquely 272 identifies the interface to which this entry is applicable. 274 o saviObjectsBindingIpAddress - The binding source IP address. A 275 textual convention InetAddress defined in RFC4001 is used to 276 define this object. 278 The SAVI Binding Table contains the following objects: 280 o saviObjectsBindingMacAddr - The binding source mac address. 282 o saviObjectsBindingState - The state of the binding entry. 284 o saviObjectsBindingLifetime - The remaining lifetime of the entry. 286 o saviObjectsBindingCreationtime - The value of the local clock when 287 the entry was firstly created. 289 o saviObjectsBindingTID - The Transaction ID (TID) (refer to RFC2131 290 and RFC3315) of the corresponding DHCP transaction. 292 o saviObjectsBindingRowStatus - The status of this row, by which new 293 entries may be created, or old entries be deleted from this table. 294 As defined in RFC2579, the RowStatus textual convention is used to 295 manage the creation and deletion of conceptual rows. For SAVI 296 Binding Table, an entry can be created or deleted only when 297 saviObjectsBindingType=manual. 299 The MAX-ACCESS of these objects is READ-CREATE. Network Operators 300 may create or delete an entry by setting these objects. 302 5.4. The SAVI Filtering Table 304 The SAVI Filtering Table (saviObjectsFilteringTable) contains the 305 objects which are corresponding to Filtering Table (FT) defined in 306 SAVI protocol. It supports the collection of filtering entries. 308 The table is indexed by: 310 o saviObjectsFilteringIpAddressType - IP address type. 312 o saviObjectsFilteringIfIndex - The index value that uniquely 313 identifies the interface to which this entry is applicable. 315 o saviObjectsFilteringIpAddress - The source IP address. 317 It contains the following objects: 319 o saviObjectsFilteringMacAddr - The source mac address. 321 The MAX-ACCESS of the object is READ-ONLY. 323 5.5. The SAVI Counting Table 325 The SAVI Counting Table (saviObjectsCountTable) contains the objects 326 counting packets dropped because of validation failure for each 327 interface. 329 The table is indexed by: 331 o saviObjectsCountIpAddressType - IP address type. 333 o saviObjectsCountIfIndex - The index value that uniquely identifies 334 the interface to which this entry is applicable. 336 It contains the following objects: 338 o saviObjectsCountFilterPkts - The count of packets dropped because 339 of validation failure. 341 The MAX-ACCESS of the object is READ-ONLY. 343 6. Textual Conventions 345 The textual conventions used in the SAVI-MIB are as follows. 347 The MODULE-COMPLIANCE,OBJECT-GROUP textual convention is imported 348 from SNMPv2-CONF [RFC2580]. The MODULE-IDENTITY, OBJECT-IDENTITY, 349 OBJECT-TYPE, Unsigned32 textual convention is imported from 350 SNMPv2-SMI [RFC2578]. 352 The MacAddress,TimeInterval,RowStatus textual convention is imported 353 from SNMPv2-TC [RFC2579]. 355 The InetVersion,InetAddressType,InetAddress textual convention is 356 imported from INET-ADDRESS-MIB [RFC4001]. 358 The InterfaceIndex textual convention is imported from IF-MIB 359 [RFC2863]. 361 The ip textual convention is imported from IP-MIB [RFC4293]. 363 7. Relationship to Other MIB Modules 365 7.1. Relationship to the INET-ADDRESS-MIB 367 To support extensibility, IETF defined new textual conventions to 368 represent different IP protocol and different IP address in a unified 369 formation in RFC4001. To support different IP version, a textual 370 convention InetVersion is defined to represent the different version 371 of IP protocol. To support different IP address, a generic Internet 372 address is defined. It consists of two objects: The first one has 373 the syntax InetAddressType, and the second object have the syntax 374 InetAddress. The value of the first object determines how the value 375 of the second is encoded. 377 Since SAVI running mode and parameter is independent of IPv4 and 378 IPv6, so different OID instances should be defined for each protocol. 379 In SAVI-MIB definition, when IP address is used as a part of binding 380 table, it is defined using textual conventions described in INET- 381 ADDRESS-MIB. 383 7.2. Relationship to the IF-MIB 385 The Interfaces MIB [RFC2863] defines generic managed objects for 386 managing interfaces. This document contains the interface-specific 387 extensions for managing SAVI anchors that are modeled as interfaces. 389 The IF-MIB module is required to be supported on the SAVI device. 390 The interface MUST be modeled as an ifEntry, and ifEntry objects such 391 as ifIndex are to be used as per [RFC2863]. 393 An ifIndex [RFC2863] is used as a common index for interfaces in the 394 SAVI-MIB modules. 396 7.3. MIB modules required for IMPORTS 398 The SAVI MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 399 SNMPv2-TC [RFC2579],SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET- 400 ADDRESS-MIB [RFC4001] . 402 8. Definitions 404 SAVI-MIB DEFINITIONS ::=BEGIN 406 IMPORTS 407 MODULE-COMPLIANCE,OBJECT-GROUP 408 FROM SNMPv2-CONF --RFC2580 409 MODULE-IDENTITY, OBJECT-IDENTITY, OBJECT-TYPE, Unsigned32 410 FROM SNMPv2-SMI --RFC2578 411 TEXTUAL-CONVENTION,MacAddress,TimeInterval,RowStatus 412 FROM SNMPv2-TC --RFC2579 413 InterfaceIndex 414 FROM IF-MIB --RFC2863 415 InetVersion,InetAddressType,InetAddress 416 FROM INET-ADDRESS-MIB --RFC4001 417 ip 418 FROM IP-MIB --RFC4293 419 ; 421 saviMIB MODULE-IDENTITY 422 LAST-UPDATED "201412120037Z" --Dec 12,2014 423 ORGANIZATION 424 "IETF SAVI Working Group" 425 CONTACT-INFO 426 "WG charter: 427 http://datatracker.ietf.org/wg/savi/charter/ 429 Editor: 430 Changqing An 431 CERNET 432 Postal: Network Research Center, Tsinghua University 433 Beijing 100084 434 China 435 Email: acq@cernet.edu.cn 437 Jiahai Yang 438 CERNET 439 Postal: Network Research Center, Tsinghua University 440 Beijing 100084 441 China 442 Email: yang@cernet.edu.cn 443 " 445 DESCRIPTION 446 "This MIB Module is designed to support configuration 447 and monitoring of SAVI protocol. 448 " 449 REVISION "201412120037Z" 450 DESCRIPTION 451 "Initial version" 452 ::= {ip xxx} 454 saviObjects OBJECT IDENTIFIER ::= { saviMIB 1 } 456 -- System parameters for SAVI protocol 458 saviObjectsSystemTable OBJECT-TYPE 459 SYNTAX SEQUENCE OF SaviObjectsSystemEntry 460 MAX-ACCESS not-accessible 461 STATUS current 462 DESCRIPTION 463 "The table containing savi system-wide parameters." 464 ::= { saviObjects 1 } 466 saviObjectsSystemEntry OBJECT-TYPE 467 SYNTAX SaviObjectsSystemEntry 468 MAX-ACCESS not-accessible 469 STATUS current 470 DESCRIPTION 471 "An entry containing savi system-wide parameters for a 472 particular IP version. 473 " 474 INDEX { saviObjectsSystemIPVersion } 475 ::= { saviObjectsSystemTable 1 } 477 SaviObjectsSystemEntry ::= 478 SEQUENCE { 479 saviObjectsSystemIPVersion InetVersion, 480 saviObjectsSystemMode INTEGER, 481 saviObjectsSystemMaxDhcpResponseTime TimeInterval, 482 saviObjectsSystemDataSnoopingInterval TimeInterval, 483 saviObjectsSystemMaxLeaseQueryDelay TimeInterval, 484 saviObjectsSystemOffLinkDelay TimeInterval, 485 saviObjectsSystemDetectionTimeout TimeInterval, 486 saviObjectsSystemTentLT TimeInterval, 487 saviObjectsSystemDefaultLT TimeInterval, 488 saviObjectsSystemTWAIT TimeInterval 489 } 491 saviObjectsSystemIPVersion OBJECT-TYPE 492 SYNTAX InetVersion 493 MAX-ACCESS not-accessible 494 STATUS current 495 DESCRIPTION 496 "The IP version " 497 ::= { saviObjectsSystemEntry 1 } 499 saviObjectsSystemMode OBJECT-TYPE 500 SYNTAX INTEGER { 501 savi-disable(1), 502 savi-default(2), 503 savi-dhcp-only(3), 504 savi-slaac-only(4), 505 savi-dhcp-slaac-mix(5), 506 savi-send(6) 507 } 508 MAX-ACCESS read-write 509 STATUS current 510 DESCRIPTION 511 "IP Address Assignment Methods. " 512 ::= { saviObjectsSystemEntry 2 } 514 saviObjectsSystemMaxDhcpResponseTime OBJECT-TYPE 515 SYNTAX TimeInterval 516 MAX-ACCESS read-write 517 STATUS current 518 DESCRIPTION 519 "A constant. 520 TimeInterval is defined in RFC 2579, it's a period of time, 521 measured in units of 0.01 seconds, 522 and the value is (0..2147483647). 524 " 525 ::= { saviObjectsSystemEntry 3 } 527 saviObjectsSystemDataSnoopingInterval OBJECT-TYPE 528 SYNTAX TimeInterval 529 MAX-ACCESS read-write 530 STATUS current 531 DESCRIPTION 532 "A constant. 533 TimeInterval is defined in RFC 2579, it's a period of time, 534 measured in units of 0.01 seconds, 535 and the value is (0..2147483647). 536 " 537 ::= { saviObjectsSystemEntry 4 } 539 saviObjectsSystemMaxLeaseQueryDelay OBJECT-TYPE 540 SYNTAX TimeInterval 541 MAX-ACCESS read-write 542 STATUS current 543 DESCRIPTION 544 "A constant. 545 TimeInterval is defined in RFC 2579, it's a period of time, 546 measured in units of 0.01 seconds, 547 and the value is (0..2147483647). 548 " 549 ::= { saviObjectsSystemEntry 5 } 551 saviObjectsSystemOffLinkDelay OBJECT-TYPE 552 SYNTAX TimeInterval 553 MAX-ACCESS read-write 554 STATUS current 555 DESCRIPTION 556 "A constant. 557 TimeInterval is defined in RFC 2579, it's a period of time, 558 measured in units of 0.01 seconds, 559 and the value is (0..2147483647). 560 " 561 ::= { saviObjectsSystemEntry 6 } 563 saviObjectsSystemDetectionTimeout OBJECT-TYPE 564 SYNTAX TimeInterval 565 MAX-ACCESS read-write 566 STATUS current 567 DESCRIPTION 568 "A constant. 569 TimeInterval is defined in RFC 2579, it's a period of time, 570 measured in units of 0.01 seconds, 571 and the value is (0..2147483647). 573 " 574 ::= { saviObjectsSystemEntry 7 } 576 saviObjectsSystemTentLT OBJECT-TYPE 577 SYNTAX TimeInterval 578 MAX-ACCESS read-write 579 STATUS current 580 DESCRIPTION 581 "A constant. 582 TimeInterval is defined in RFC 2579, it's a period of time, 583 measured in units of 0.01 seconds, 584 and the value is (0..2147483647). 585 " 586 ::= { saviObjectsSystemEntry 8 } 588 saviObjectsSystemDefaultLT OBJECT-TYPE 589 SYNTAX TimeInterval 590 MAX-ACCESS read-write 591 STATUS current 592 DESCRIPTION 593 "A constant. 594 TimeInterval is defined in RFC 2579, it's a period of time, 595 measured in units of 0.01 seconds, 596 and the value is (0..2147483647). 597 " 598 ::= { saviObjectsSystemEntry 9 } 600 saviObjectsSystemTWAIT OBJECT-TYPE 601 SYNTAX TimeInterval 602 MAX-ACCESS read-write 603 STATUS current 604 DESCRIPTION 605 "A constant. 606 TimeInterval is defined in RFC 2579, it's a period of time, 607 measured in units of 0.01 seconds, 608 and the value is (0..2147483647). 609 " 610 ::= { saviObjectsSystemEntry 10 } 612 -- Port parameters for SAVI protocol 614 saviObjectsPortTable OBJECT-TYPE 615 SYNTAX SEQUENCE OF SaviObjectsPortEntry 616 MAX-ACCESS not-accessible 617 STATUS current 618 DESCRIPTION 619 "The table containing SAVI parameters of each anchor." 621 ::= { saviObjects 2 } 623 saviObjectsPortEntry OBJECT-TYPE 624 SYNTAX SaviObjectsPortEntry 625 MAX-ACCESS not-accessible 626 STATUS current 627 DESCRIPTION 628 "An entry containing SAVI running parameters of an anchor." 629 INDEX { 630 saviObjectsPortIPVersion, 631 saviObjectsPortIfIndex 632 } 633 ::= { saviObjectsPortTable 1 } 635 SaviObjectsPortEntry ::= 636 SEQUENCE { 637 saviObjectsPortIPVersion InetVersion, 638 saviObjectsPortIfIndex InterfaceIndex, 639 saviObjectsPortValidatingAttr INTEGER, 640 saviObjectsPortDhcpTrustAttr INTEGER, 641 saviObjectsPortTrustAttr INTEGER, 642 saviObjectsPortDhcpSnoopingAttr INTEGER, 643 saviObjectsPortDataSnoopingAttr INTEGER, 644 saviObjectsPortFilteringNum Unsigned32 645 } 647 saviObjectsPortIPVersion OBJECT-TYPE 648 SYNTAX InetVersion 649 MAX-ACCESS not-accessible 650 STATUS current 651 DESCRIPTION 652 "The IP version " 653 ::= { saviObjectsPortEntry 1 } 655 saviObjectsPortIfIndex OBJECT-TYPE 656 SYNTAX InterfaceIndex 657 MAX-ACCESS not-accessible 658 STATUS current 659 DESCRIPTION 660 "The index value that uniquely identifies the interface to 661 which this entry is applicable. The interface identified by 662 a particular value of this index is the same interface as 663 identified by the same value of the IF-MIB's ifIndex. 664 " 665 ::= { saviObjectsPortEntry 2 } 667 saviObjectsPortValidatingAttr OBJECT-TYPE 668 SYNTAX INTEGER { 669 enable(1), 670 disable(2) 671 } 672 MAX-ACCESS read-write 673 STATUS current 674 DESCRIPTION 675 "An attribute defined in SAVI protocol. 676 enable(1), the attribute is set. 677 disable(2), the attribute is not set. 678 " 679 ::= { saviObjectsPortEntry 3 } 681 saviObjectsPortDhcpTrustAttr OBJECT-TYPE 682 SYNTAX INTEGER { 683 enable(1), 684 disable(2) 685 } 686 MAX-ACCESS read-write 687 STATUS current 688 DESCRIPTION 689 "An attribute defined in SAVI protocol. 690 enable(1), the attribute is set. 691 disable(2), the attribute is not set. 692 " 693 ::= { saviObjectsPortEntry 4 } 695 saviObjectsPortTrustAttr OBJECT-TYPE 696 SYNTAX INTEGER { 697 enable(1), 698 disable(2) 699 } 700 MAX-ACCESS read-write 701 STATUS current 702 DESCRIPTION 703 "An attribute defined in SAVI protocol. 704 enable(1), the attribute is set. 705 disable(2), the attribute is not set. 706 " 707 ::= { saviObjectsPortEntry 5 } 709 saviObjectsPortDhcpSnoopingAttr OBJECT-TYPE 710 SYNTAX INTEGER { 711 enable(1), 712 disable(2) 713 } 714 MAX-ACCESS read-write 715 STATUS current 716 DESCRIPTION 717 "An attribute defined in SAVI protocol. 718 enable(1), the attribute is set. 719 disable(2), the attribute is not set. 720 " 721 ::= { saviObjectsPortEntry 6 } 723 saviObjectsPortDataSnoopingAttr OBJECT-TYPE 724 SYNTAX INTEGER { 725 enable(1), 726 disable(2) 727 } 728 MAX-ACCESS read-write 729 STATUS current 730 DESCRIPTION 731 "An attribute defined in SAVI protocol. 732 enable(1), the attribute is set. 733 disable(2), the attribute is not set. 734 " 735 ::= { saviObjectsPortEntry 7 } 737 saviObjectsPortFilteringNum OBJECT-TYPE 738 SYNTAX Unsigned32 739 MAX-ACCESS read-write 740 STATUS current 741 DESCRIPTION 742 "The max filtering number of the Port." 743 ::= { saviObjectsPortEntry 8 } 745 -- Binding Status Table for SAVI protocol 747 saviObjectsBindingTable OBJECT-TYPE 748 SYNTAX SEQUENCE OF SaviObjectsBindingEntry 749 MAX-ACCESS not-accessible 750 STATUS current 751 DESCRIPTION 752 "The table containing the state of binding 753 between source address and anchor. 754 " 755 ::= { saviObjects 3 } 757 saviObjectsBindingEntry OBJECT-TYPE 758 SYNTAX SaviObjectsBindingEntry 759 MAX-ACCESS not-accessible 760 STATUS current 761 DESCRIPTION 762 "An entry containing the state of binding between source 763 address and anchor. 764 Entries are keyed on the source IP address type, 765 binding type, anchor, and source IP address. 766 " 767 INDEX { 768 saviObjectsBindingIpAddressType, 769 saviObjectsBindingType, 770 saviObjectsBindingIfIndex, 771 saviObjectsBindingIpAddress 772 } 773 ::= { saviObjectsBindingTable 1 } 775 SaviObjectsBindingEntry ::= 776 SEQUENCE { 777 saviObjectsBindingIpAddressType InetAddressType, 778 saviObjectsBindingType INTEGER, 779 saviObjectsBindingIfIndex InterfaceIndex, 780 saviObjectsBindingIpAddress InetAddress, 781 saviObjectsBindingMacAddr MacAddress, 782 saviObjectsBindingState INTEGER, 783 saviObjectsBindingLifetime TimeInterval, 784 saviObjectsBindingCreationtime DateAndTime, 785 saviObjectsBindingTID INTEGER, 786 saviObjectsBindingRowStatus RowStatus 787 } 789 saviObjectsBindingIpAddressType OBJECT-TYPE 790 SYNTAX InetAddressType 791 MAX-ACCESS not-accessible 792 STATUS current 793 DESCRIPTION 794 "IP address type of the binding source IP." 795 ::= { saviObjectsBindingEntry 1 } 797 saviObjectsBindingType OBJECT-TYPE 798 SYNTAX INTEGER { 799 manual(1), 800 slaac(2), 801 dhcp(3), 802 send(4) 803 } 804 MAX-ACCESS not-accessible 805 STATUS current 806 DESCRIPTION 807 "IP address assignment methods." 808 ::= { saviObjectsBindingEntry 2 } 810 saviObjectsBindingIfIndex OBJECT-TYPE 811 SYNTAX InterfaceIndex 812 MAX-ACCESS not-accessible 813 STATUS current 814 DESCRIPTION 815 "The index value that uniquely identifies the interface to 816 which this entry is applicable. The interface identified by 817 a particular value of this index is the same interface as 818 identified by the same value of the IF-MIB's ifIndex. 819 " 820 ::= { saviObjectsBindingEntry 3 } 822 saviObjectsBindingIpAddress OBJECT-TYPE 823 SYNTAX InetAddress 824 MAX-ACCESS not-accessible 825 STATUS current 826 DESCRIPTION 827 "The binding source IP address" 828 ::= { saviObjectsBindingEntry 4 } 830 saviObjectsBindingMacAddr OBJECT-TYPE 831 SYNTAX MacAddress 832 MAX-ACCESS read-create 833 STATUS current 834 DESCRIPTION 835 "The binding source mac address." 836 ::= { saviObjectsBindingEntry 5 } 838 saviObjectsBindingState OBJECT-TYPE 839 SYNTAX INTEGER { 840 NO_BIND(1), 841 INIT_BIND_OR_TENTATIVE(2), 842 BOUND_OR_VALID(3), 843 TESTING_TP-LT(4), 844 TESTING_VP(5) 845 } 846 MAX-ACCESS read-create 847 STATUS current 848 DESCRIPTION 849 "The state of the binding entry. " 850 ::= { saviObjectsBindingEntry 6 } 852 saviObjectsBindingLifetime OBJECT-TYPE 853 SYNTAX TimeInterval 854 MAX-ACCESS read-create 855 STATUS current 856 DESCRIPTION 857 "The remaining lifetime of the entry. 859 TimeInterval is defined in RFC 2579, it's a period of time, 860 measured in units of 0.01 seconds, 861 and the value is (0..2147483647). 862 If saviObjectsBindingType=manual, a value of 2147483647 863 represents infinity. 864 " 865 ::= { saviObjectsBindingEntry 7 } 867 saviObjectsBindingCreationtime OBJECT-TYPE 868 SYNTAX DateAndTime 869 MAX-ACCESS read-create 870 STATUS current 871 DESCRIPTION 872 "The value of the local clock when the entry was firstly created. 873 " 874 ::= { saviObjectsBindingEntry 8 } 876 saviObjectsBindingTID OBJECT-TYPE 877 SYNTAX INTEGER 878 MAX-ACCESS read-create 879 STATUS current 880 DESCRIPTION 881 "The Transaction ID (TID) (refer to RFC2131 and RFC3315) of the corresponding DHCP transaction. 882 " 883 ::= { saviObjectsBindingEntry 9 } 885 saviObjectsBindingRowStatus OBJECT-TYPE 886 SYNTAX RowStatus 887 MAX-ACCESS read-create 888 STATUS current 889 DESCRIPTION 890 "The status of this row, by which new entries may be 891 created, or old entries deleted from this table. 892 An Entry can be created or deleted only when 893 saviObjectsBindingType=manual. 894 " 895 ::= { saviObjectsBindingEntry 10 } 897 -- Filtering Table for SAVI protocol 899 saviObjectsFilteringTable OBJECT-TYPE 900 SYNTAX SEQUENCE OF SaviObjectsFilteringEntry 901 MAX-ACCESS not-accessible 902 STATUS current 903 DESCRIPTION 904 "The table containing the filtering entries." 905 ::= { saviObjects 4 } 907 saviObjectsFilteringEntry OBJECT-TYPE 908 SYNTAX SaviObjectsFilteringEntry 909 MAX-ACCESS not-accessible 910 STATUS current 911 DESCRIPTION 912 "An entry containing the filtering parameters. 913 Entries are keyed on the source IP address type, 914 anchor, and source IP address. 915 " 916 INDEX { saviObjectsFilteringIpAddressType, 917 saviObjectsFilteringIfIndex, 918 saviObjectsFilteringIpAddress 919 } 920 ::= { saviObjectsFilteringTable 1 } 922 SaviObjectsFilteringEntry ::= 923 SEQUENCE { 924 saviObjectsFilteringIpAddressType InetAddressType, 925 saviObjectsFilteringIfIndex InterfaceIndex, 926 saviObjectsFilteringIpAddress InetAddress, 927 saviObjectsFilteringMacAddr MacAddress 928 } 930 saviObjectsFilteringIpAddressType OBJECT-TYPE 931 SYNTAX InetAddressType 932 MAX-ACCESS not-accessible 933 STATUS current 934 DESCRIPTION 935 "IP address type of the filtering source IP" 936 ::= { saviObjectsFilteringEntry 1 } 938 saviObjectsFilteringIfIndex OBJECT-TYPE 939 SYNTAX InterfaceIndex 940 MAX-ACCESS not-accessible 941 STATUS current 942 DESCRIPTION 943 "The index value that uniquely identifies the interface to 944 which this entry is applicable. The interface identified by 945 a particular value of this index is the same interface as 946 identified by the same value of the IF-MIB's ifIndex. 947 " 948 ::= { saviObjectsFilteringEntry 2 } 950 saviObjectsFilteringIpAddress OBJECT-TYPE 951 SYNTAX InetAddress 952 MAX-ACCESS not-accessible 953 STATUS current 954 DESCRIPTION 955 "The filtering source IP address." 956 ::= { saviObjectsFilteringEntry 3 } 958 saviObjectsFilteringMacAddr OBJECT-TYPE 959 SYNTAX MacAddress 960 MAX-ACCESS read-only 961 STATUS current 962 DESCRIPTION 963 "The filtering source mac address." 964 ::= { saviObjectsFilteringEntry 4 } 966 --Count of packets dropped because of validation failure for each interface. 968 saviObjectsCountTable OBJECT-TYPE 969 SYNTAX SEQUENCE OF saviObjectsCountEntry 970 MAX-ACCESS not-accessible 971 STATUS current 972 DESCRIPTION 973 "The table containing count of packets dropped because of validation failure." 974 ::= { saviObjects 5 } 976 saviObjectsCountEntry OBJECT-TYPE 977 SYNTAX saviObjectsCountEntry 978 MAX-ACCESS not-accessible 979 STATUS current 980 DESCRIPTION 981 "An entry containing count of packets dropped because of validation failure for each interface." 982 INDEX { saviObjectsCountIPVersion, 983 saviObjectsCountIfIndex 984 } 985 ::= { saviObjectsCountTable 1 } 987 saviObjectsCountEntry ::= 988 SEQUENCE { 989 saviObjectsCountIPVersion InetVersion, 990 saviObjectsCountIfIndex InterfaceIndex, 991 saviObjectsCountFilterPkts Counter64 992 } 994 saviObjectsCountIPVersion OBJECT-TYPE 995 SYNTAX InetVersion 996 MAX-ACCESS not-accessible 997 STATUS current 998 DESCRIPTION 999 "The IP version " 1000 ::= { saviObjectsCountEntry 1 } 1002 saviObjectsCountIfIndex OBJECT-TYPE 1003 SYNTAX InterfaceIndex 1004 MAX-ACCESS not-accessible 1005 STATUS current 1006 DESCRIPTION 1007 "The Interface." 1008 ::= { saviObjectsCountEntry 2 } 1010 saviObjectsCountFilterPkts OBJECT-TYPE 1011 SYNTAX Counter64 1012 MAX-ACCESS read-write 1013 STATUS current 1014 DESCRIPTION 1015 "The count of Pkts dropped." 1016 ::= { saviObjectsCountEntry 3 } 1018 -- Conformance information 1019 saviConformance OBJECT IDENTIFIER ::= { saviMIB 2 } 1020 saviCompliances OBJECT IDENTIFIER ::= { saviConformance 1 } 1022 -- Compliance statements 1023 saviCompliance MODULE-COMPLIANCE 1024 STATUS current 1025 DESCRIPTION 1026 "The compliance statement for entities which implement SAVI 1027 protocol. 1028 " 1029 MODULE 1030 MANDATORY-GROUPS { 1031 systemGroup, 1032 portGroup, 1033 bindingGroup, 1034 filteringGroup 1035 } 1036 ::= { saviCompliances 1} 1038 saviGroups OBJECT IDENTIFIER ::= { saviConformance 2 } 1039 --Units of conformance 1041 systemGroup OBJECT-GROUP 1042 OBJECTS { 1043 saviObjectsSystemMode, 1044 saviObjectsSystemMaxDhcpResponseTime, 1045 saviObjectsSystemDataSnoopingInterval, 1046 saviObjectsSystemMaxLeaseQueryDelay, 1047 saviObjectsSystemOffLinkDelay, 1048 saviObjectsSystemDetectionTimeout, 1049 saviObjectsSystemTentLT, 1050 saviObjectsSystemDefaultLT, 1051 saviObjectsSystemTWAIT 1052 } 1053 STATUS current 1054 DESCRIPTION 1055 "The system group contains objects corrsponding to savi system 1056 parameters. 1057 " 1058 ::= {saviGroups 1} 1060 portGroup OBJECT-GROUP 1061 OBJECTS { 1062 saviObjectsPortValidatingAttr, 1063 saviObjectsPortDhcpTrustAttr, 1064 saviObjectsPortTrustAttr, 1065 saviObjectsPortDhcpSnoopingAttr, 1066 saviObjectsPortDataSnoopingAttr, 1067 saviObjectsPortFilteringNum 1068 } 1069 STATUS current 1070 DESCRIPTION 1071 "The if group contains objects corresponding to the savi running 1072 parameters of each anchor. 1073 " 1074 ::= {saviGroups 2} 1076 bindingGroup OBJECT-GROUP 1077 OBJECTS { 1078 saviObjectsBindingMacAddr, 1079 saviObjectsBindingState, 1080 saviObjectsBindingLifetime, 1081 saviObjectsBindingCreationtime, 1082 saviObjectsBindingTID, 1083 saviObjectsBindingRowStatus 1084 } 1085 STATUS current 1086 DESCRIPTION 1087 "The binding group contains the binding 1088 information of anchor and soure ip address. 1089 " 1090 ::= {saviGroups 3} 1092 filteringGroup OBJECT-GROUP 1093 OBJECTS { 1094 saviObjectsFilteringMacAddr 1095 } 1096 STATUS current 1097 DESCRIPTION 1098 "The filtering group contains the filtering 1099 information of anchor and soure ip address. 1100 " 1101 ::= {saviGroups 4} 1102 END 1104 9. Security Considerations 1106 There are a number of management objects defined in this MIB module 1107 with a MAX-ACCESS clause of read-write and/or read-create. Such 1108 objects may be considered sensitive or vulnerable in some network 1109 environments. The support for SET operations in a non-secure 1110 environment without proper protection can have a negative effect on 1111 network operations. These are the tables and objects and their 1112 sensitivity/vulnerability: 1114 o saviObjectsSystemTable - Unauthorized changes to the writable 1115 objects under saviObjectsSystemTable MAY disrupt allocation of 1116 resources in the network. For example, a device's SAVI system 1117 mode be changed by set operation to SAVI-DISABLE will give chance 1118 to IP source address spoofing. 1120 o saviObjectsPortTable - Unauthorized changes to the writable 1121 objects under saviObjectsPortTable MAY disrupt allocation of 1122 resources in the network. For example, an anchor's ValidatingAttr 1123 be changed by set operation to DISABLE will give chance to IP 1124 source address spoofing. 1126 o saviObjectsBindingTable - Unauthorized changes to the writable 1127 objects under this table MAY disrupt allocation of resources in 1128 the network. For example, a manual binding entry is inserted to 1129 the BST will give chance to IP source address spoofing. 1131 Some of the readable objects in this MIB module (i.e., objects with a 1132 MAX-ACCESS other than not-accessible) may be considered sensitive or 1133 vulnerable in some network environments. It is thus important to 1134 control even GET and/or NOTIFY access to these objects and possibly 1135 to even encrypt the values of these objects when sending them over 1136 the network via SNMP. These are the tables and objects and their 1137 sensitivity/vulnerability: 1139 o saviObjectsBindingTable, saviObjectsFilteringTable - The IP 1140 address and binding anchor information will be helpful to some 1141 attacks. 1143 SNMP versions prior to SNMPv3 did not include adequate security. 1144 Even if the network itself is secure (for example by using IPsec), 1145 there is no control as to who on the secure network is allowed to 1146 access and GET/SET (read/change/create/delete) the objects in this 1147 MIB module. 1149 It is RECOMMENDED that implementers consider the security features as 1150 provided by the SNMPv3 framework (see [RFC3410], section 8), 1151 including full support for the SNMPv3 cryptographic mechanisms (for 1152 authentication and privacy). 1154 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1155 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1156 enable cryptographic security. It is then a customer/operator 1157 responsibility to ensure that the SNMP entity giving access to an 1158 instance of this MIB module is properly configured to give access to 1159 the objects only to those principals (users) that have legitimate 1160 rights to indeed GET or SET (change/create/delete) them. 1162 10. IANA Considerations 1164 The MIB module in this document uses the following IANA-assigned 1165 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1167 Descriptor OBJECT IDENTIFIER value 1168 ---------- ----------------------- 1169 SAVI-MIB { ip XXX } 1171 11. Contributors 1173 12. References 1175 12.1. Normative References 1177 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1178 Requirement Levels", BCP 14, RFC 2119, March 1997. 1180 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1181 Schoenwaelder, Ed., "Structure of Management Information 1182 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1184 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1185 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 1186 58, RFC 2579, April 1999. 1188 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1189 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1190 April 1999. 1192 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1193 Schoenwaelder, "Textual Conventions for Internet Network 1194 Addresses", RFC 4001, February 2005. 1196 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS 1197 SAVI: First-Come, First-Served Source Address Validation 1198 Improvement for Locally Assigned IPv6 Addresses", RFC 1199 6620, May 2012. 1201 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 1202 2131, March 1997. 1204 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 1205 and M. Carney, "Dynamic Host Configuration Protocol for 1206 IPv6 (DHCPv6)", RFC 3315, July 2003. 1208 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, 1209 "Source Address Validation Improvement (SAVI) Framework", 1210 RFC 7039, October 2013. 1212 [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor 1213 Discovery (SEND) Source Address Validation Improvement 1214 (SAVI)", RFC 7219, May 2014. 1216 [I-D.ietf-savi-dhcp] 1217 Bi, J.,Wu, J.,Yao, G., and F. Baker, "SAVI Solution for 1218 DHCP", 2014. 1220 12.2. Informative References 1222 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 1223 RFC 2223, October 1997. 1225 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1226 "Introduction and Applicability Statements for Internet- 1227 Standard Management Framework", RFC 3410, December 2002. 1229 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1230 June 1999. 1232 [RFC4181] Heard, C., "Guidelines for Authors and Reviewers of MIB 1233 Documents", BCP 111, RFC 4181, September 2005. 1235 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1236 MIB", RFC 2863, June 2000. 1238 [RFC4293] Routhier, S., "Management Information Base for the 1239 Internet Protocol (IP)", RFC 4293, April 2006. 1241 12.3. URL References 1243 [idguidelines] 1244 IETF Internet Drafts editor, 1245 "http://www.ietf.org/ietf/1id-guidelines.txt", . 1247 [idnits] IETF Internet Drafts editor, 1248 "http://www.ietf.org/ID-Checklist.html", . 1250 [xml2rfc] XML2RFC tools and documentation, 1251 "http://xml.resource.org", . 1253 [ops] the IETF OPS Area, "http://www.ops.ietf.org", . 1255 [ietf] IETF Tools Team, "http://tools.ietf.org", . 1257 Appendix A. Change Log 1259 From draft 00 to draft 01 1261 o Change the value range of object saviObjectsSystemMode and add a 1262 new value savi-send(6). 1264 From draft 01 to draft 02 1266 o Change saviObjectsTrustStatus into two booleans, one is 1267 saviObjectsDhcpTrustStatus, another is saviObjectsRaTrustStatus. 1269 o Change the character string saviObjectsIf to saviObjectsPort 1270 globally. 1272 o Change saviObjectsBindingState according to the latest version of 1273 solution drafts. 1275 From draft 02 to draft 03 1277 o Add a new object saviObjectsPortBindRecoveryAttr, and change the 1278 object saviObjectsPortRaTrustStatus to saviObjectsPortTrustAttr 1279 according to the latest version of solution drafts and RFC. 1281 o Change the value range and meaning of saviObjectsBindingState 1282 according to the latest version of solution drafts and RFC. 1284 o Change the value range of object saviObjectsBindingType, add a new 1285 value send(4), and change the value static(1) to manual(1). 1287 From draft 03 to draft 04 1289 o Add three new objects according to the latest version of solution 1290 drafts and RFC, i.e. saviObjectsSystemTentLT, 1291 saviObjectsSystemDefaultLT, saviObjectsSystemTWAIT. 1293 From draft 04 to draft 05 1295 o Add two new objects according to the latest version of solution 1296 drafts and RFC, i.e. saviObjectsBindingCreationtime, 1297 saviObjectsBindingTID. 1299 From draft 05 to draft 06 1301 o Add three new objects, saviObjectsSystemDadTimeout, 1302 saviObjectsPortDhcpSnoopingAttr and 1303 saviObjectsPortDataSnoopingAttr. 1305 o Replace object saviObjectsSystemBindRecoveryInterval with 1306 saviObjectsSystemDataSnoopingInterval. 1308 o Replace object saviObjectsPortSAVISAVIAttr with 1309 saviObjectsPortTrustAttr. 1311 o Delete object saviObjectsPortBindRecoveryAttr. 1313 From draft 06 to draft 07 1315 o Replace object saviObjectsSystemDadTimeout with 1316 saviObjectsSystemDetectionTimeout. 1318 From draft 07 to draft 08 1320 o Add a new table to count the fail packets of each interface. 1322 Appendix B. Open Issues 1324 Note to RFC Editor: please remove this appendix before publication as 1325 an RFC. 1327 Authors' Addresses 1329 Changqing An 1330 CERNET 1331 Network Research Center, Tsinghua University 1332 Beijing 100084 1333 China 1335 Phone: +86 10 62603113 1336 EMail: acq@cernet.edu.cn 1338 Jiahai Yang 1339 CERNET 1340 Network Research Center, Tsinghua University 1341 Beijing 100084 1342 China 1344 Phone: +86 10 62783492 1345 EMail: yang@cernet.edu.cn 1346 Jianping Wu 1347 CERNET 1348 Network Research Center, Tsinghua University 1349 Beijing 100084 1350 China 1352 EMail: jianping@cernet.edu.cn 1354 Jun Bi 1355 CERNET 1356 Network Research Center, Tsinghua University 1357 Beijing 100084 1358 China 1360 EMail: junbi@cernet.edu.cn