idnits 2.17.1 draft-an-savi-mib-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 7 instances of too long lines in the document, the longest one being 35 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 472 has weird spacing: '...n entry conta...' == Line 795 has weird spacing: '... of the bindi...' == Line 890 has weird spacing: '...315) of the c...' == Line 944 has weird spacing: '... of the filte...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (June 14, 2015) is 3239 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Unused Reference: 'RFC2131' is defined on line 1210, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1213, but no explicit reference was found in the text == Unused Reference: 'RFC2223' is defined on line 1231, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1238, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 1241, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 2 errors (**), 0 flaws (~~), 11 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SAVI C. An 3 Internet-Draft J. Yang 4 Intended status: Experimental J. Wu 5 Expires: December 16, 2015 J. Bi 6 CERNET 7 June 14, 2015 9 Definition of Managed Objects for SAVI Protocol 10 draft-an-savi-mib-09 12 Abstract 14 This memo defines a portion of the Management Information Base (MIB) 15 for use with network management protocols in the Internet community. 16 In particular, it defines objects for managing SAVI (Source Address 17 Validation Improvements) protocol instance. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on December 16, 2015. 36 Copyright Notice 38 Copyright (c) 2015 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. The Internet-Standard Management Framework . . . . . . . . . 3 55 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 58 5.1. The SAVI System Table . . . . . . . . . . . . . . . . . . 4 59 5.2. The SAVI Port Table . . . . . . . . . . . . . . . . . . . 5 60 5.3. The SAVI Binding Table . . . . . . . . . . . . . . . . . 6 61 5.4. The SAVI Filtering Table . . . . . . . . . . . . . . . . 7 62 5.5. The SAVI Counting Table . . . . . . . . . . . . . . . . . 7 63 6. Textual Conventions . . . . . . . . . . . . . . . . . . . . . 8 64 7. Relationship to Other MIB Modules . . . . . . . . . . . . . . 8 65 7.1. Relationship to the INET-ADDRESS-MIB . . . . . . . . . . 8 66 7.2. Relationship to the IF-MIB . . . . . . . . . . . . . . . 9 67 7.3. MIB modules required for IMPORTS . . . . . . . . . . . . 9 68 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9 69 9. Security Considerations . . . . . . . . . . . . . . . . . . . 24 70 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 71 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 25 72 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 73 12.1. Normative References . . . . . . . . . . . . . . . . . . 26 74 12.2. Informative References . . . . . . . . . . . . . . . . . 27 75 12.3. URL References . . . . . . . . . . . . . . . . . . . . . 27 76 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 28 77 Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 29 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 80 1. Introduction 82 The Source Address Validation Improvement protocol was developed to 83 complement ingress filtering with finer-grained, standardized IP 84 source address validation(refer to [RFC7039]).A SAVI protocol 85 instance is located on the path of hosts' packets, enforcing the 86 hosts' use of legitimate IP source addresses. 88 SAVI protocol determines whether the IP address obtaining process is 89 legitimate according to IP address assignment method. For links with 90 Stateless Address Auto Configuration (SLAAC), Dynamic Host 91 Configuration Protocol (DHCP), and Secure Neighbor Discovery (SEND), 92 the process is defined in separate documents of SAVI Working Group 93 (refer to [RFC6620], [RFC7513], [RFC7219].) 94 This document defines a MIB module that can be used to manage the 95 SAVI protocol instance. It covers both configuration and status 96 monitoring aspects of SAVI implementations. 98 This document uses terminology from the SAVI Protocol specification. 100 2. The Internet-Standard Management Framework 102 For a detailed overview of the documents that describe the current 103 Internet-Standard Management Framework, please refer to section 7 of 104 RFC 3410 [RFC3410]. 106 Managed objects are accessed via a virtual information store, termed 107 the Management Information Base or MIB. MIB objects are generally 108 accessed through the Simple Network Management Protocol (SNMP). 109 Objects in the MIB are defined using the mechanisms defined in the 110 Structure of Management Information (SMI). This memo specifies a MIB 111 module that is compliant to the SMIv2, which is described in STD 58, 112 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 113 [RFC2580]. 115 3. Conventions 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 119 document are to be interpreted as described in RFC 2119 [RFC2119]. 121 4. Overview 123 The SAVI Protocol MIB module (SAVI-MIB) is conformant to SAVI 124 protocol, and is designed to: 126 o Support centralized management and monitoring of SAVI protocol 127 instance by standard SNMP protocol. 129 o Support configuration and querying of SAVI protocol parameters. 131 o Support configuration and querying of binding entries. Operators 132 may insert and delete manual binding entries. 134 o Support querying of filtering entries. 136 o Support querying of the count of packets dropped because of 137 validation failure for each interface. 139 Based on SAVI protocol, attributes and objects of a SAVI protocol 140 instance can be classified into five categories: 142 o System attributes. These attributes are corresponding to a SAVI 143 protocol instance, such as IP Address Assignment Methods and some 144 constants. 146 o Anchor attributes. These attributes are corresponding to a SAVI 147 anchor. Anchor is defined in [RFC7039]. 149 o Binding Status Table. This table contains the state of binding 150 between source address and binding anchor (refer to [RFC6620], 151 [RFC7513], [RFC7219]). 153 o Filtering Table. This table contains the bindings between binding 154 anchor and address, which is used to filter packets (refer to 155 [RFC6620], [RFC7513], [RFC7219]). 157 o Counting Table. This table contains the count of fail packets for 158 each interface. 160 A table is designed for each category of objects. 162 5. Structure of the MIB Module 164 This section presents the structure of the SAVI-MIB module. The MIB 165 objects are derived from the SAVI protocol specification. 167 This MIB is composed of a series of tables meant to form the base for 168 managing SAVI entities. The following subsections describe all 169 tables in the SAVI MIB module. 171 5.1. The SAVI System Table 173 The SAVI System Table (saviObjectsSystemTable) contains the objects 174 which are corresponding to SAVI system-wide parameters. It supports 175 the configuration and collection of SAVI system-wide parameters. 177 There is an entry for each IP stack, IPv4 and IPv6. The table is 178 indexed by: 180 o saviObjectsSystemIPVersion - The IP Version. A textual convention 181 InetVersion defined in RFC4001 is used to represent the different 182 version of IP protocol. 184 It contains the following objects: 186 o saviObjectsSystemMode - Which IP address assignment method the 187 link is running in (refer to [RFC7039]). 189 o saviObjectsSystemMaxDhcpResponseTime - A constant defined in SAVI 190 protocol (refer to [RFC7513]). 192 o saviObjectsSystemDataSnoopingInterval - A constant defined in SAVI 193 protocol (refer to [RFC7513]). 195 o saviObjectsSystemMaxLeaseQueryDelay - A constant defined in SAVI 196 protocol (refer to [RFC7513]). 198 o saviObjectsSystemOffLinkDelay - A constant defined in SAVI 199 protocol (refer to [RFC7513]). 201 o saviObjectsSystemDetectionTimeout - A constant defined in SAVI 202 protocol (refer to [RFC7513]). 204 o saviObjectsSystemTentLT - A constant defined in SAVI protocol 205 (refer to [RFC6620]). 207 o saviObjectsSystemDefaultLT - A constant defined in SAVI protocol 208 (refer to [RFC6620]). 210 o saviObjectsSystemTWAIT - A constant defined in SAVI protocol 211 (refer to [RFC6620]). 213 The MAX-ACCESS of these objects is READ-WRITE. Network Operators may 214 do configuration by setting these objects. 216 5.2. The SAVI Port Table 218 The SAVI Port Table (saviObjectsPortTable) contains the objects which 219 are corresponding to SAVI running parameters of each anchor. It 220 supports the configuration and collection of SAVI parameters of each 221 anchor. 223 There is an entry for each IP stack, IPv4 and IPv6. The table is 224 indexed by: 226 o saviObjectsPortIPVersion - The IP Version. 228 o saviObjectsPortIfIndex - The index value that uniquely identifies 229 the interface to which this entry is applicable. 231 It contains the following objects: 233 o saviObjectsPortValidatingAttr - An attribute defined in SAVI 234 protocol (refer to [RFC7513]). 236 o saviObjectsPortDhcpTrustAttr - An attribute defined in SAVI 237 protocol (refer to [RFC7513]). 239 o saviObjectsPortTrustAttr - An attribute defined in SAVI protocol 240 (refer to [RFC7513]). 242 o saviObjectsPortDhcpSnoopingAttr - An attribute defined in SAVI 243 protocol (refer to [RFC7513]). 245 o saviObjectsPortDataSnoopingAttr - An attribute defined in SAVI 246 protocol (refer to [RFC7513]). 248 o saviObjectsPortFilteringNum - The max filtering number of the 249 Port. 251 The MAX-ACCESS of these objects is READ-WRITE. Network Operators may 252 configure by setting these objects. 254 5.3. The SAVI Binding Table 256 The SAVI Binding Table (saviObjectsBindingTable) contains the objects 257 which are corresponding to Binding State Table (BST) defined in SAVI 258 protocol. It contains the binding parameters and state of each 259 binding entry. It supports the collection of binding entries. And 260 an entry can be inserted or deleted if it is a manual binding entry. 262 The table is indexed by: 264 o saviObjectsBindingIpAddressType - IP address type. A textual 265 convention InetAddressType defined in RFC4001 is used to represent 266 the different kind of IP address. 268 o saviObjectsBindingType - which IP address assignment method is 269 used to create the binding entry - manual(1), slaac(2), dhcp(3), 270 send(4). 272 o saviObjectsBindingIfIndex - The index value that uniquely 273 identifies the interface to which this entry is applicable. 275 o saviObjectsBindingIpAddress - The binding source IP address. A 276 textual convention InetAddress defined in RFC4001 is used to 277 define this object. 279 The SAVI Binding Table contains the following objects: 281 o saviObjectsBindingMacAddr - The binding source mac address. 283 o saviObjectsBindingState - The state of the binding entry. 285 o saviObjectsBindingLifetime - The remaining lifetime of the entry. 287 o saviObjectsBindingCreationtime - The value of the local clock when 288 the entry was firstly created. 290 o saviObjectsBindingTID - The Transaction ID (TID) (refer to RFC2131 291 and RFC3315) of the corresponding DHCP transaction. 293 o saviObjectsBindingRowStatus - The status of this row, by which new 294 entries may be created, or old entries be deleted from this table. 295 As defined in RFC2579, the RowStatus textual convention is used to 296 manage the creation and deletion of conceptual rows. For SAVI 297 Binding Table, an entry can be created or deleted only when 298 saviObjectsBindingType=manual. 300 The MAX-ACCESS of these objects is READ-CREATE. Network Operators 301 may create or delete an entry by setting these objects. 303 5.4. The SAVI Filtering Table 305 The SAVI Filtering Table (saviObjectsFilteringTable) contains the 306 objects which are corresponding to Filtering Table (FT) defined in 307 SAVI protocol. It supports the collection of filtering entries. 309 The table is indexed by: 311 o saviObjectsFilteringIpAddressType - IP address type. 313 o saviObjectsFilteringIfIndex - The index value that uniquely 314 identifies the interface to which this entry is applicable. 316 o saviObjectsFilteringIpAddress - The source IP address. 318 It contains the following objects: 320 o saviObjectsFilteringMacAddr - The source mac address. 322 The MAX-ACCESS of the object is READ-ONLY. 324 5.5. The SAVI Counting Table 326 The SAVI Counting Table (saviObjectsCountTable) contains the objects 327 counting packets dropped because of validation failure for each 328 interface. 330 The table is indexed by: 332 o saviObjectsCountIpAddressType - IP address type. 334 o saviObjectsCountIfIndex - The index value that uniquely identifies 335 the interface to which this entry is applicable. 337 It contains the following objects: 339 o saviObjectsCountFilterPkts - The count of packets dropped because 340 of validation failure. 342 The MAX-ACCESS of the object is READ-ONLY. 344 6. Textual Conventions 346 The textual conventions used in the SAVI-MIB are as follows. 348 The MODULE-COMPLIANCE,OBJECT-GROUP textual convention is imported 349 from SNMPv2-CONF [RFC2580]. The MODULE-IDENTITY, OBJECT-IDENTITY, 350 OBJECT-TYPE, Unsigned32 textual convention is imported from 351 SNMPv2-SMI [RFC2578]. 353 The MacAddress,TimeInterval,RowStatus textual convention is imported 354 from SNMPv2-TC [RFC2579]. 356 The InetVersion,InetAddressType,InetAddress textual convention is 357 imported from INET-ADDRESS-MIB [RFC4001]. 359 The InterfaceIndex textual convention is imported from IF-MIB 360 [RFC2863]. 362 The ip textual convention is imported from IP-MIB [RFC4293]. 364 7. Relationship to Other MIB Modules 366 7.1. Relationship to the INET-ADDRESS-MIB 368 To support extensibility, IETF defined new textual conventions to 369 represent different IP protocol and different IP address in a unified 370 formation in RFC4001. To support different IP version, a textual 371 convention InetVersion is defined to represent the different version 372 of IP protocol. To support different IP address, a generic Internet 373 address is defined. It consists of two objects: The first one has 374 the syntax InetAddressType, and the second object have the syntax 375 InetAddress. The value of the first object determines how the value 376 of the second is encoded. 378 Since SAVI running mode and parameter is independent of IPv4 and 379 IPv6, so different OID instances should be defined for each protocol. 380 In SAVI-MIB definition, when IP address is used as a part of binding 381 table, it is defined using textual conventions described in INET- 382 ADDRESS-MIB. 384 7.2. Relationship to the IF-MIB 386 The Interfaces MIB [RFC2863] defines generic managed objects for 387 managing interfaces. This document contains the interface-specific 388 extensions for managing SAVI anchors that are modeled as interfaces. 390 The IF-MIB module is required to be supported on the SAVI device. 391 The interface MUST be modeled as an ifEntry, and ifEntry objects such 392 as ifIndex are to be used as per [RFC2863]. 394 An ifIndex [RFC2863] is used as a common index for interfaces in the 395 SAVI-MIB modules. 397 7.3. MIB modules required for IMPORTS 399 The SAVI MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 400 SNMPv2-TC [RFC2579],SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET- 401 ADDRESS-MIB [RFC4001] . 403 8. Definitions 405 SAVI-MIB DEFINITIONS ::=BEGIN 407 IMPORTS 408 MODULE-COMPLIANCE,OBJECT-GROUP 409 FROM SNMPv2-CONF --RFC2580 410 MODULE-IDENTITY, OBJECT-IDENTITY, OBJECT-TYPE, Unsigned32 411 FROM SNMPv2-SMI --RFC2578 412 TEXTUAL-CONVENTION,MacAddress,TimeInterval,RowStatus 413 FROM SNMPv2-TC --RFC2579 414 InterfaceIndex 415 FROM IF-MIB --RFC2863 416 InetVersion,InetAddressType,InetAddress 417 FROM INET-ADDRESS-MIB --RFC4001 418 ip 419 FROM IP-MIB --RFC4293 420 ; 422 saviMIB MODULE-IDENTITY 423 LAST-UPDATED "201506150000Z" 424 ORGANIZATION 425 "IETF SAVI Working Group" 426 CONTACT-INFO 427 "WG charter: 428 http://datatracker.ietf.org/wg/savi/charter/ 430 Editor: 431 Changqing An 432 CERNET 433 Postal: Network Research Center, Tsinghua University 434 Beijing 100084 435 China 436 Email: acq@cernet.edu.cn 438 Jiahai Yang 439 CERNET 440 Postal: Network Research Center, Tsinghua University 441 Beijing 100084 442 China 443 Email: yang@cernet.edu.cn 444 " 446 DESCRIPTION 447 "This MIB Module is designed to support configuration 448 and monitoring of SAVI protocol. 449 " 450 REVISION "201506150000Z" 451 DESCRIPTION 452 "Initial version" 453 ::= {ip xxx} 455 saviObjects OBJECT IDENTIFIER ::= { saviMIB 1 } 457 -- System parameters for SAVI protocol 459 saviObjectsSystemTable OBJECT-TYPE 460 SYNTAX SEQUENCE OF SaviObjectsSystemEntry 461 MAX-ACCESS not-accessible 462 STATUS current 463 DESCRIPTION 464 "The table containing savi system-wide parameters." 465 ::= { saviObjects 1 } 467 saviObjectsSystemEntry OBJECT-TYPE 468 SYNTAX SaviObjectsSystemEntry 469 MAX-ACCESS not-accessible 470 STATUS current 471 DESCRIPTION 472 "An entry containing savi system-wide parameters for a 473 particular IP version. 474 " 475 INDEX { saviObjectsSystemIPVersion } 476 ::= { saviObjectsSystemTable 1 } 478 SaviObjectsSystemEntry ::= 479 SEQUENCE { 480 saviObjectsSystemIPVersion InetVersion, 481 saviObjectsSystemMode INTEGER, 482 saviObjectsSystemMaxDhcpResponseTime TimeInterval, 483 saviObjectsSystemDataSnoopingInterval TimeInterval, 484 saviObjectsSystemMaxLeaseQueryDelay TimeInterval, 485 saviObjectsSystemOffLinkDelay TimeInterval, 486 saviObjectsSystemDetectionTimeout TimeInterval, 487 saviObjectsSystemTentLT TimeInterval, 488 saviObjectsSystemDefaultLT TimeInterval, 489 saviObjectsSystemTWAIT TimeInterval 490 } 492 saviObjectsSystemIPVersion OBJECT-TYPE 493 SYNTAX InetVersion 494 MAX-ACCESS not-accessible 495 STATUS current 496 DESCRIPTION 497 "The IP version " 498 ::= { saviObjectsSystemEntry 1 } 500 saviObjectsSystemMode OBJECT-TYPE 501 SYNTAX INTEGER { 502 savi-disable(1), 503 savi-default(2), 504 savi-dhcp-only(3), 505 savi-slaac-only(4), 506 savi-dhcp-slaac-mix(5), 507 savi-send(6) 508 } 509 MAX-ACCESS read-write 510 STATUS current 511 DESCRIPTION 512 "IP Address Assignment Methods. " 513 ::= { saviObjectsSystemEntry 2 } 515 saviObjectsSystemMaxDhcpResponseTime OBJECT-TYPE 516 SYNTAX TimeInterval 517 MAX-ACCESS read-write 518 STATUS current 519 DESCRIPTION 520 "A constant. 521 TimeInterval is defined in RFC 2579, it's a period of time, 522 measured in units of 0.01 seconds, 523 and the value is (0..2147483647). 525 " 526 ::= { saviObjectsSystemEntry 3 } 528 saviObjectsSystemDataSnoopingInterval OBJECT-TYPE 529 SYNTAX TimeInterval 530 MAX-ACCESS read-write 531 STATUS current 532 DESCRIPTION 533 "A constant. 534 TimeInterval is defined in RFC 2579, it's a period of time, 535 measured in units of 0.01 seconds, 536 and the value is (0..2147483647). 537 " 538 ::= { saviObjectsSystemEntry 4 } 540 saviObjectsSystemMaxLeaseQueryDelay OBJECT-TYPE 541 SYNTAX TimeInterval 542 MAX-ACCESS read-write 543 STATUS current 544 DESCRIPTION 545 "A constant. 546 TimeInterval is defined in RFC 2579, it's a period of time, 547 measured in units of 0.01 seconds, 548 and the value is (0..2147483647). 549 " 550 ::= { saviObjectsSystemEntry 5 } 552 saviObjectsSystemOffLinkDelay OBJECT-TYPE 553 SYNTAX TimeInterval 554 MAX-ACCESS read-write 555 STATUS current 556 DESCRIPTION 557 "A constant. 558 TimeInterval is defined in RFC 2579, it's a period of time, 559 measured in units of 0.01 seconds, 560 and the value is (0..2147483647). 561 " 562 ::= { saviObjectsSystemEntry 6 } 564 saviObjectsSystemDetectionTimeout OBJECT-TYPE 565 SYNTAX TimeInterval 566 MAX-ACCESS read-write 567 STATUS current 568 DESCRIPTION 569 "A constant. 570 TimeInterval is defined in RFC 2579, it's a period of time, 571 measured in units of 0.01 seconds, 572 and the value is (0..2147483647). 574 " 575 ::= { saviObjectsSystemEntry 7 } 577 saviObjectsSystemTentLT OBJECT-TYPE 578 SYNTAX TimeInterval 579 MAX-ACCESS read-write 580 STATUS current 581 DESCRIPTION 582 "A constant. 583 TimeInterval is defined in RFC 2579, it's a period of time, 584 measured in units of 0.01 seconds, 585 and the value is (0..2147483647). 586 " 587 ::= { saviObjectsSystemEntry 8 } 589 saviObjectsSystemDefaultLT OBJECT-TYPE 590 SYNTAX TimeInterval 591 MAX-ACCESS read-write 592 STATUS current 593 DESCRIPTION 594 "A constant. 595 TimeInterval is defined in RFC 2579, it's a period of time, 596 measured in units of 0.01 seconds, 597 and the value is (0..2147483647). 598 " 599 ::= { saviObjectsSystemEntry 9 } 601 saviObjectsSystemTWAIT OBJECT-TYPE 602 SYNTAX TimeInterval 603 MAX-ACCESS read-write 604 STATUS current 605 DESCRIPTION 606 "A constant. 607 TimeInterval is defined in RFC 2579, it's a period of time, 608 measured in units of 0.01 seconds, 609 and the value is (0..2147483647). 610 " 611 ::= { saviObjectsSystemEntry 10 } 613 -- Port parameters for SAVI protocol 615 saviObjectsPortTable OBJECT-TYPE 616 SYNTAX SEQUENCE OF SaviObjectsPortEntry 617 MAX-ACCESS not-accessible 618 STATUS current 619 DESCRIPTION 620 "The table containing SAVI parameters of each anchor." 622 ::= { saviObjects 2 } 624 saviObjectsPortEntry OBJECT-TYPE 625 SYNTAX SaviObjectsPortEntry 626 MAX-ACCESS not-accessible 627 STATUS current 628 DESCRIPTION 629 "An entry containing SAVI running parameters of an anchor." 630 INDEX { 631 saviObjectsPortIPVersion, 632 saviObjectsPortIfIndex 633 } 634 ::= { saviObjectsPortTable 1 } 636 SaviObjectsPortEntry ::= 637 SEQUENCE { 638 saviObjectsPortIPVersion InetVersion, 639 saviObjectsPortIfIndex InterfaceIndex, 640 saviObjectsPortValidatingAttr INTEGER, 641 saviObjectsPortDhcpTrustAttr INTEGER, 642 saviObjectsPortTrustAttr INTEGER, 643 saviObjectsPortDhcpSnoopingAttr INTEGER, 644 saviObjectsPortDataSnoopingAttr INTEGER, 645 saviObjectsPortFilteringNum Unsigned32 646 } 648 saviObjectsPortIPVersion OBJECT-TYPE 649 SYNTAX InetVersion 650 MAX-ACCESS not-accessible 651 STATUS current 652 DESCRIPTION 653 "The IP version " 654 ::= { saviObjectsPortEntry 1 } 656 saviObjectsPortIfIndex OBJECT-TYPE 657 SYNTAX InterfaceIndex 658 MAX-ACCESS not-accessible 659 STATUS current 660 DESCRIPTION 661 "The index value that uniquely identifies the interface to 662 which this entry is applicable. The interface identified by 663 a particular value of this index is the same interface as 664 identified by the same value of the IF-MIB's ifIndex. 665 " 666 ::= { saviObjectsPortEntry 2 } 668 saviObjectsPortValidatingAttr OBJECT-TYPE 669 SYNTAX INTEGER { 670 enable(1), 671 disable(2) 672 } 673 MAX-ACCESS read-write 674 STATUS current 675 DESCRIPTION 676 "An attribute defined in SAVI protocol. 677 enable(1), the attribute is set. 678 disable(2), the attribute is not set. 679 " 680 ::= { saviObjectsPortEntry 3 } 682 saviObjectsPortDhcpTrustAttr OBJECT-TYPE 683 SYNTAX INTEGER { 684 enable(1), 685 disable(2) 686 } 687 MAX-ACCESS read-write 688 STATUS current 689 DESCRIPTION 690 "An attribute defined in SAVI protocol. 691 enable(1), the attribute is set. 692 disable(2), the attribute is not set. 693 " 694 ::= { saviObjectsPortEntry 4 } 696 saviObjectsPortTrustAttr OBJECT-TYPE 697 SYNTAX INTEGER { 698 enable(1), 699 disable(2) 700 } 701 MAX-ACCESS read-write 702 STATUS current 703 DESCRIPTION 704 "An attribute defined in SAVI protocol. 705 enable(1), the attribute is set. 706 disable(2), the attribute is not set. 707 " 708 ::= { saviObjectsPortEntry 5 } 710 saviObjectsPortDhcpSnoopingAttr OBJECT-TYPE 711 SYNTAX INTEGER { 712 enable(1), 713 disable(2) 714 } 715 MAX-ACCESS read-write 716 STATUS current 717 DESCRIPTION 718 "An attribute defined in SAVI protocol. 719 enable(1), the attribute is set. 720 disable(2), the attribute is not set. 721 " 722 ::= { saviObjectsPortEntry 6 } 724 saviObjectsPortDataSnoopingAttr OBJECT-TYPE 725 SYNTAX INTEGER { 726 enable(1), 727 disable(2) 728 } 729 MAX-ACCESS read-write 730 STATUS current 731 DESCRIPTION 732 "An attribute defined in SAVI protocol. 733 enable(1), the attribute is set. 734 disable(2), the attribute is not set. 735 " 736 ::= { saviObjectsPortEntry 7 } 738 saviObjectsPortFilteringNum OBJECT-TYPE 739 SYNTAX Unsigned32 740 MAX-ACCESS read-write 741 STATUS current 742 DESCRIPTION 743 "The max filtering number of the Port." 744 ::= { saviObjectsPortEntry 8 } 746 -- Binding Status Table for SAVI protocol 748 saviObjectsBindingTable OBJECT-TYPE 749 SYNTAX SEQUENCE OF SaviObjectsBindingEntry 750 MAX-ACCESS not-accessible 751 STATUS current 752 DESCRIPTION 753 "The table containing the state of binding 754 between source address and anchor. 755 " 756 ::= { saviObjects 3 } 758 saviObjectsBindingEntry OBJECT-TYPE 759 SYNTAX SaviObjectsBindingEntry 760 MAX-ACCESS not-accessible 761 STATUS current 762 DESCRIPTION 763 "An entry containing the state of binding between source 764 address and anchor. 765 Entries are keyed on the source IP address type, 766 binding type, anchor, and source IP address. 767 " 768 INDEX { 769 saviObjectsBindingIpAddressType, 770 saviObjectsBindingType, 771 saviObjectsBindingIfIndex, 772 saviObjectsBindingIpAddress 773 } 774 ::= { saviObjectsBindingTable 1 } 776 SaviObjectsBindingEntry ::= 777 SEQUENCE { 778 saviObjectsBindingIpAddressType InetAddressType, 779 saviObjectsBindingType INTEGER, 780 saviObjectsBindingIfIndex InterfaceIndex, 781 saviObjectsBindingIpAddress InetAddress, 782 saviObjectsBindingMacAddr MacAddress, 783 saviObjectsBindingState INTEGER, 784 saviObjectsBindingLifetime TimeInterval, 785 saviObjectsBindingCreationtime DateAndTime, 786 saviObjectsBindingTID INTEGER, 787 saviObjectsBindingRowStatus RowStatus 788 } 790 saviObjectsBindingIpAddressType OBJECT-TYPE 791 SYNTAX InetAddressType 792 MAX-ACCESS not-accessible 793 STATUS current 794 DESCRIPTION 795 "IP address type of the binding source IP." 796 ::= { saviObjectsBindingEntry 1 } 798 saviObjectsBindingType OBJECT-TYPE 799 SYNTAX INTEGER { 800 manual(1), 801 slaac(2), 802 dhcp(3), 803 send(4) 804 } 805 MAX-ACCESS not-accessible 806 STATUS current 807 DESCRIPTION 808 "IP address assignment methods." 809 ::= { saviObjectsBindingEntry 2 } 811 saviObjectsBindingIfIndex OBJECT-TYPE 812 SYNTAX InterfaceIndex 813 MAX-ACCESS not-accessible 814 STATUS current 815 DESCRIPTION 816 "The index value that uniquely identifies the interface to 817 which this entry is applicable. The interface identified by 818 a particular value of this index is the same interface as 819 identified by the same value of the IF-MIB's ifIndex. 820 " 821 ::= { saviObjectsBindingEntry 3 } 823 saviObjectsBindingIpAddress OBJECT-TYPE 824 SYNTAX InetAddress 825 MAX-ACCESS not-accessible 826 STATUS current 827 DESCRIPTION 828 "The binding source IP address" 829 ::= { saviObjectsBindingEntry 4 } 831 saviObjectsBindingMacAddr OBJECT-TYPE 832 SYNTAX MacAddress 833 MAX-ACCESS read-create 834 STATUS current 835 DESCRIPTION 836 "The binding source mac address." 837 ::= { saviObjectsBindingEntry 5 } 839 saviObjectsBindingState OBJECT-TYPE 840 SYNTAX INTEGER { 841 NO_BIND(1), 842 INIT_BIND(2), 843 BOUND(3), 844 DETECTION(4), 845 RECOVERY(5), 846 VERIFY(6), 847 TENTATIVE(7), 848 VALID(8), 849 TESTING_TP-LT(9), 850 TESTING_VP(10), 851 TESTING_VP'(11), 852 TENTATIVE_NUD(12), 853 TENTATIVE_DAD(13) 854 } 855 MAX-ACCESS read-create 856 STATUS current 857 DESCRIPTION 858 "The state of the binding entry. " 860 ::= { saviObjectsBindingEntry 6 } 862 saviObjectsBindingLifetime OBJECT-TYPE 863 SYNTAX TimeInterval 864 MAX-ACCESS read-create 865 STATUS current 866 DESCRIPTION 867 "The remaining lifetime of the entry. 868 TimeInterval is defined in RFC 2579, it's a period of time, 869 measured in units of 0.01 seconds, 870 and the value is (0..2147483647). 871 If saviObjectsBindingType=manual, a value of 2147483647 872 represents infinity. 873 " 874 ::= { saviObjectsBindingEntry 7 } 876 saviObjectsBindingCreationtime OBJECT-TYPE 877 SYNTAX DateAndTime 878 MAX-ACCESS read-create 879 STATUS current 880 DESCRIPTION 881 "The value of the local clock when the entry was firstly created. 882 " 883 ::= { saviObjectsBindingEntry 8 } 885 saviObjectsBindingTID OBJECT-TYPE 886 SYNTAX INTEGER 887 MAX-ACCESS read-create 888 STATUS current 889 DESCRIPTION 890 "The Transaction ID (TID) (refer to RFC2131 and RFC3315) of the corresponding DHCP transaction. 891 " 892 ::= { saviObjectsBindingEntry 9 } 894 saviObjectsBindingRowStatus OBJECT-TYPE 895 SYNTAX RowStatus 896 MAX-ACCESS read-create 897 STATUS current 898 DESCRIPTION 899 "The status of this row, by which new entries may be 900 created, or old entries deleted from this table. 901 An Entry can be created or deleted only when 902 saviObjectsBindingType=manual. 903 " 904 ::= { saviObjectsBindingEntry 10 } 906 -- Filtering Table for SAVI protocol 908 saviObjectsFilteringTable OBJECT-TYPE 909 SYNTAX SEQUENCE OF SaviObjectsFilteringEntry 910 MAX-ACCESS not-accessible 911 STATUS current 912 DESCRIPTION 913 "The table containing the filtering entries." 914 ::= { saviObjects 4 } 916 saviObjectsFilteringEntry OBJECT-TYPE 917 SYNTAX SaviObjectsFilteringEntry 918 MAX-ACCESS not-accessible 919 STATUS current 920 DESCRIPTION 921 "An entry containing the filtering parameters. 922 Entries are keyed on the source IP address type, 923 anchor, and source IP address. 924 " 925 INDEX { saviObjectsFilteringIpAddressType, 926 saviObjectsFilteringIfIndex, 927 saviObjectsFilteringIpAddress 928 } 929 ::= { saviObjectsFilteringTable 1 } 931 SaviObjectsFilteringEntry ::= 932 SEQUENCE { 933 saviObjectsFilteringIpAddressType InetAddressType, 934 saviObjectsFilteringIfIndex InterfaceIndex, 935 saviObjectsFilteringIpAddress InetAddress, 936 saviObjectsFilteringMacAddr MacAddress 937 } 939 saviObjectsFilteringIpAddressType OBJECT-TYPE 940 SYNTAX InetAddressType 941 MAX-ACCESS not-accessible 942 STATUS current 943 DESCRIPTION 944 "IP address type of the filtering source IP" 945 ::= { saviObjectsFilteringEntry 1 } 947 saviObjectsFilteringIfIndex OBJECT-TYPE 948 SYNTAX InterfaceIndex 949 MAX-ACCESS not-accessible 950 STATUS current 951 DESCRIPTION 952 "The index value that uniquely identifies the interface to 953 which this entry is applicable. The interface identified by 954 a particular value of this index is the same interface as 955 identified by the same value of the IF-MIB's ifIndex. 956 " 957 ::= { saviObjectsFilteringEntry 2 } 959 saviObjectsFilteringIpAddress OBJECT-TYPE 960 SYNTAX InetAddress 961 MAX-ACCESS not-accessible 962 STATUS current 963 DESCRIPTION 964 "The filtering source IP address." 965 ::= { saviObjectsFilteringEntry 3 } 967 saviObjectsFilteringMacAddr OBJECT-TYPE 968 SYNTAX MacAddress 969 MAX-ACCESS read-only 970 STATUS current 971 DESCRIPTION 972 "The filtering source mac address." 973 ::= { saviObjectsFilteringEntry 4 } 975 --Count of packets dropped because of validation failure for each interface. 977 saviObjectsCountTable OBJECT-TYPE 978 SYNTAX SEQUENCE OF saviObjectsCountEntry 979 MAX-ACCESS not-accessible 980 STATUS current 981 DESCRIPTION 982 "The table containing count of packets dropped because of validation failure." 983 ::= { saviObjects 5 } 985 saviObjectsCountEntry OBJECT-TYPE 986 SYNTAX saviObjectsCountEntry 987 MAX-ACCESS not-accessible 988 STATUS current 989 DESCRIPTION 990 "An entry containing count of packets dropped because of validation failure for each interface." 991 INDEX { saviObjectsCountIPVersion, 992 saviObjectsCountIfIndex 993 } 994 ::= { saviObjectsCountTable 1 } 996 saviObjectsCountEntry ::= 997 SEQUENCE { 998 saviObjectsCountIPVersion InetVersion, 999 saviObjectsCountIfIndex InterfaceIndex, 1000 saviObjectsCountFilterPkts Counter64 1001 } 1003 saviObjectsCountIPVersion OBJECT-TYPE 1004 SYNTAX InetVersion 1005 MAX-ACCESS not-accessible 1006 STATUS current 1007 DESCRIPTION 1008 "The IP version " 1009 ::= { saviObjectsCountEntry 1 } 1011 saviObjectsCountIfIndex OBJECT-TYPE 1012 SYNTAX InterfaceIndex 1013 MAX-ACCESS not-accessible 1014 STATUS current 1015 DESCRIPTION 1016 "The Interface." 1017 ::= { saviObjectsCountEntry 2 } 1019 saviObjectsCountFilterPkts OBJECT-TYPE 1020 SYNTAX Counter64 1021 MAX-ACCESS read-write 1022 STATUS current 1023 DESCRIPTION 1024 "The count of Pkts dropped." 1025 ::= { saviObjectsCountEntry 3 } 1027 -- Conformance information 1028 saviConformance OBJECT IDENTIFIER ::= { saviMIB 2 } 1029 saviCompliances OBJECT IDENTIFIER ::= { saviConformance 1 } 1031 -- Compliance statements 1032 saviCompliance MODULE-COMPLIANCE 1033 STATUS current 1034 DESCRIPTION 1035 "The compliance statement for entities which implement SAVI 1036 protocol. 1037 " 1038 MODULE 1039 MANDATORY-GROUPS { 1040 systemGroup, 1041 portGroup, 1042 bindingGroup, 1043 filteringGroup 1044 } 1045 ::= { saviCompliances 1} 1047 saviGroups OBJECT IDENTIFIER ::= { saviConformance 2 } 1049 --Units of conformance 1051 systemGroup OBJECT-GROUP 1052 OBJECTS { 1053 saviObjectsSystemMode, 1054 saviObjectsSystemMaxDhcpResponseTime, 1055 saviObjectsSystemDataSnoopingInterval, 1056 saviObjectsSystemMaxLeaseQueryDelay, 1057 saviObjectsSystemOffLinkDelay, 1058 saviObjectsSystemDetectionTimeout, 1059 saviObjectsSystemTentLT, 1060 saviObjectsSystemDefaultLT, 1061 saviObjectsSystemTWAIT 1062 } 1063 STATUS current 1064 DESCRIPTION 1065 "The system group contains objects corrsponding to savi system 1066 parameters. 1067 " 1068 ::= {saviGroups 1} 1070 portGroup OBJECT-GROUP 1071 OBJECTS { 1072 saviObjectsPortValidatingAttr, 1073 saviObjectsPortDhcpTrustAttr, 1074 saviObjectsPortTrustAttr, 1075 saviObjectsPortDhcpSnoopingAttr, 1076 saviObjectsPortDataSnoopingAttr, 1077 saviObjectsPortFilteringNum 1078 } 1079 STATUS current 1080 DESCRIPTION 1081 "The if group contains objects corresponding to the savi running 1082 parameters of each anchor. 1083 " 1084 ::= {saviGroups 2} 1086 bindingGroup OBJECT-GROUP 1087 OBJECTS { 1088 saviObjectsBindingMacAddr, 1089 saviObjectsBindingState, 1090 saviObjectsBindingLifetime, 1091 saviObjectsBindingCreationtime, 1092 saviObjectsBindingTID, 1093 saviObjectsBindingRowStatus 1094 } 1095 STATUS current 1096 DESCRIPTION 1097 "The binding group contains the binding 1098 information of anchor and soure ip address. 1099 " 1100 ::= {saviGroups 3} 1102 filteringGroup OBJECT-GROUP 1103 OBJECTS { 1104 saviObjectsFilteringMacAddr 1105 } 1106 STATUS current 1107 DESCRIPTION 1108 "The filtering group contains the filtering 1109 information of anchor and soure ip address. 1110 " 1111 ::= {saviGroups 4} 1112 END 1114 9. Security Considerations 1116 There are a number of management objects defined in this MIB module 1117 with a MAX-ACCESS clause of read-write and/or read-create. Such 1118 objects may be considered sensitive or vulnerable in some network 1119 environments. The support for SET operations in a non-secure 1120 environment without proper protection can have a negative effect on 1121 network operations. These are the tables and objects and their 1122 sensitivity/vulnerability: 1124 o saviObjectsSystemTable - Unauthorized changes to the writable 1125 objects under saviObjectsSystemTable MAY disrupt allocation of 1126 resources in the network. For example, a device's SAVI system 1127 mode be changed by set operation to SAVI-DISABLE will give chance 1128 to IP source address spoofing. 1130 o saviObjectsPortTable - Unauthorized changes to the writable 1131 objects under saviObjectsPortTable MAY disrupt allocation of 1132 resources in the network. For example, an anchor's ValidatingAttr 1133 be changed by set operation to DISABLE will give chance to IP 1134 source address spoofing. 1136 o saviObjectsBindingTable - Unauthorized changes to the writable 1137 objects under this table MAY disrupt allocation of resources in 1138 the network. For example, a manual binding entry is inserted to 1139 the BST will give chance to IP source address spoofing. 1141 Some of the readable objects in this MIB module (i.e., objects with a 1142 MAX-ACCESS other than not-accessible) may be considered sensitive or 1143 vulnerable in some network environments. It is thus important to 1144 control even GET and/or NOTIFY access to these objects and possibly 1145 to even encrypt the values of these objects when sending them over 1146 the network via SNMP. These are the tables and objects and their 1147 sensitivity/vulnerability: 1149 o saviObjectsBindingTable, saviObjectsFilteringTable - The IP 1150 address and binding anchor information will be helpful to some 1151 attacks. 1153 SNMP versions prior to SNMPv3 did not include adequate security. 1154 Even if the network itself is secure (for example by using IPsec), 1155 there is no control as to who on the secure network is allowed to 1156 access and GET/SET (read/change/create/delete) the objects in this 1157 MIB module. 1159 It is RECOMMENDED that implementers consider the security features as 1160 provided by the SNMPv3 framework (see [RFC3410], section 8), 1161 including full support for the SNMPv3 cryptographic mechanisms (for 1162 authentication and privacy). 1164 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1165 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1166 enable cryptographic security. It is then a customer/operator 1167 responsibility to ensure that the SNMP entity giving access to an 1168 instance of this MIB module is properly configured to give access to 1169 the objects only to those principals (users) that have legitimate 1170 rights to indeed GET or SET (change/create/delete) them. 1172 10. IANA Considerations 1174 The MIB module in this document uses the following IANA-assigned 1175 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1177 Descriptor OBJECT IDENTIFIER value 1178 ---------- ----------------------- 1179 SAVI-MIB { ip XXX } 1181 11. Contributors 1182 12. References 1184 12.1. Normative References 1186 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1187 Requirement Levels", BCP 14, RFC 2119, March 1997. 1189 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1190 Schoenwaelder, Ed., "Structure of Management Information 1191 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1193 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1194 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 1195 58, RFC 2579, April 1999. 1197 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1198 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1199 April 1999. 1201 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1202 Schoenwaelder, "Textual Conventions for Internet Network 1203 Addresses", RFC 4001, February 2005. 1205 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS 1206 SAVI: First-Come, First-Served Source Address Validation 1207 Improvement for Locally Assigned IPv6 Addresses", RFC 1208 6620, May 2012. 1210 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 1211 2131, March 1997. 1213 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 1214 and M. Carney, "Dynamic Host Configuration Protocol for 1215 IPv6 (DHCPv6)", RFC 3315, July 2003. 1217 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, 1218 "Source Address Validation Improvement (SAVI) Framework", 1219 RFC 7039, October 2013. 1221 [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor 1222 Discovery (SEND) Source Address Validation Improvement 1223 (SAVI)", RFC 7219, May 2014. 1225 [RFC7513] Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address 1226 Validation Improvement (SAVI) Solution for DHCP", RFC 1227 7513, May 2015. 1229 12.2. Informative References 1231 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 1232 RFC 2223, October 1997. 1234 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1235 "Introduction and Applicability Statements for Internet- 1236 Standard Management Framework", RFC 3410, December 2002. 1238 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1239 June 1999. 1241 [RFC4181] Heard, C., "Guidelines for Authors and Reviewers of MIB 1242 Documents", BCP 111, RFC 4181, September 2005. 1244 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1245 MIB", RFC 2863, June 2000. 1247 [RFC4293] Routhier, S., "Management Information Base for the 1248 Internet Protocol (IP)", RFC 4293, April 2006. 1250 12.3. URL References 1252 [idguidelines] 1253 IETF Internet Drafts editor, 1254 "http://www.ietf.org/ietf/1id-guidelines.txt". 1256 [idnits] IETF Internet Drafts editor, 1257 "http://www.ietf.org/ID-Checklist.html". 1259 [xml2rfc] XML2RFC tools and documentation, 1260 "http://xml.resource.org". 1262 [ops] the IETF OPS Area, "http://www.ops.ietf.org". 1264 [ietf] IETF Tools Team, "http://tools.ietf.org". 1266 Appendix A. Change Log 1268 From draft 00 to draft 01 1270 o Change the value range of object saviObjectsSystemMode and add a 1271 new value savi-send(6). 1273 From draft 01 to draft 02 1275 o Change saviObjectsTrustStatus into two booleans, one is 1276 saviObjectsDhcpTrustStatus, another is saviObjectsRaTrustStatus. 1278 o Change the character string saviObjectsIf to saviObjectsPort 1279 globally. 1281 o Change saviObjectsBindingState according to the latest version of 1282 solution drafts. 1284 From draft 02 to draft 03 1286 o Add a new object saviObjectsPortBindRecoveryAttr, and change the 1287 object saviObjectsPortRaTrustStatus to saviObjectsPortTrustAttr 1288 according to the latest version of solution drafts and RFC. 1290 o Change the value range and meaning of saviObjectsBindingState 1291 according to the latest version of solution drafts and RFC. 1293 o Change the value range of object saviObjectsBindingType, add a new 1294 value send(4), and change the value static(1) to manual(1). 1296 From draft 03 to draft 04 1298 o Add three new objects according to the latest version of solution 1299 drafts and RFC, i.e. saviObjectsSystemTentLT, 1300 saviObjectsSystemDefaultLT, saviObjectsSystemTWAIT. 1302 From draft 04 to draft 05 1304 o Add two new objects according to the latest version of solution 1305 drafts and RFC, i.e. saviObjectsBindingCreationtime, 1306 saviObjectsBindingTID. 1308 From draft 05 to draft 06 1310 o Add three new objects, saviObjectsSystemDadTimeout, 1311 saviObjectsPortDhcpSnoopingAttr and 1312 saviObjectsPortDataSnoopingAttr. 1314 o Replace object saviObjectsSystemBindRecoveryInterval with 1315 saviObjectsSystemDataSnoopingInterval. 1317 o Replace object saviObjectsPortSAVISAVIAttr with 1318 saviObjectsPortTrustAttr. 1320 o Delete object saviObjectsPortBindRecoveryAttr. 1322 From draft 06 to draft 07 1324 o Replace object saviObjectsSystemDadTimeout with 1325 saviObjectsSystemDetectionTimeout. 1327 From draft 07 to draft 08 1329 o Add a new table to count the fail packets of each interface. 1331 From draft 08 to draft 09 1333 o Change the value range and meaning of saviObjectsBindingState 1334 according to the latest version of solution RFC. 1336 Appendix B. Open Issues 1338 Note to RFC Editor: please remove this appendix before publication as 1339 an RFC. 1341 Authors' Addresses 1343 Changqing An 1344 CERNET 1345 Network Research Center, Tsinghua University 1346 Beijing 100084 1347 China 1349 Phone: +86 10 62603113 1350 EMail: acq@cernet.edu.cn 1352 Jiahai Yang 1353 CERNET 1354 Network Research Center, Tsinghua University 1355 Beijing 100084 1356 China 1358 Phone: +86 10 62783492 1359 EMail: yang@cernet.edu.cn 1360 Jianping Wu 1361 CERNET 1362 Network Research Center, Tsinghua University 1363 Beijing 100084 1364 China 1366 EMail: jianping@cernet.edu.cn 1368 Jun Bi 1369 CERNET 1370 Network Research Center, Tsinghua University 1371 Beijing 100084 1372 China 1374 EMail: junbi@cernet.edu.cn