idnits 2.17.1 draft-an-savi-mib-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 7 instances of too long lines in the document, the longest one being 35 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 478 has weird spacing: '...n entry conta...' == Line 835 has weird spacing: '... of the bindi...' == Line 929 has weird spacing: '...315) of the c...' == Line 983 has weird spacing: '... of the filte...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (December 15, 2015) is 3056 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Unused Reference: 'RFC2131' is defined on line 1263, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1267, but no explicit reference was found in the text == Unused Reference: 'RFC2223' is defined on line 1289, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1299, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 1303, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 2 errors (**), 0 flaws (~~), 11 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SAVI C. An 3 Internet-Draft J. Yang 4 Intended status: Experimental J. Wu 5 Expires: June 17, 2016 J. Bi 6 CERNET 7 December 15, 2015 9 Definition of Managed Objects for SAVI Protocol 10 draft-an-savi-mib-10 12 Abstract 14 This memo defines a portion of the Management Information Base (MIB) 15 for use with network management protocols in the Internet community. 16 In particular, it defines objects for managing SAVI (Source Address 17 Validation Improvements) protocol instance. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on June 17, 2016. 36 Copyright Notice 38 Copyright (c) 2015 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. The Internet-Standard Management Framework . . . . . . . . . 3 55 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 58 5.1. The SAVI System Table . . . . . . . . . . . . . . . . . . 4 59 5.2. The SAVI Port Table . . . . . . . . . . . . . . . . . . . 5 60 5.3. The SAVI Binding Table . . . . . . . . . . . . . . . . . 6 61 5.4. The SAVI Filtering Table . . . . . . . . . . . . . . . . 7 62 5.5. The SAVI Counting Table . . . . . . . . . . . . . . . . . 7 63 6. Textual Conventions . . . . . . . . . . . . . . . . . . . . . 8 64 7. Relationship to Other MIB Modules . . . . . . . . . . . . . . 8 65 7.1. Relationship to the INET-ADDRESS-MIB . . . . . . . . . . 8 66 7.2. Relationship to the IF-MIB . . . . . . . . . . . . . . . 9 67 7.3. MIB modules required for IMPORTS . . . . . . . . . . . . 9 68 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9 69 9. Security Considerations . . . . . . . . . . . . . . . . . . . 25 70 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 71 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 26 72 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 73 12.1. Normative References . . . . . . . . . . . . . . . . . . 26 74 12.2. Informative References . . . . . . . . . . . . . . . . . 28 75 12.3. URL References . . . . . . . . . . . . . . . . . . . . . 28 76 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 29 77 Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 30 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30 80 1. Introduction 82 The Source Address Validation Improvement protocol was developed to 83 complement ingress filtering with finer-grained, standardized IP 84 source address validation(refer to [RFC7039]).A SAVI protocol 85 instance is located on the path of hosts' packets, enforcing the 86 hosts' use of legitimate IP source addresses. 88 SAVI protocol determines whether the IP address obtaining process is 89 legitimate according to IP address assignment method. For links with 90 Stateless Address Auto Configuration (SLAAC), Dynamic Host 91 Configuration Protocol (DHCP), and Secure Neighbor Discovery (SEND), 92 the process is defined in separate documents of SAVI Working Group 93 (refer to [RFC6620], [RFC7513], [RFC7219].) 94 This document defines a MIB module that can be used to manage the 95 SAVI protocol instance. It covers both configuration and status 96 monitoring aspects of SAVI implementations. 98 This document uses terminology from the SAVI Protocol specification. 100 2. The Internet-Standard Management Framework 102 For a detailed overview of the documents that describe the current 103 Internet-Standard Management Framework, please refer to section 7 of 104 RFC 3410 [RFC3410]. 106 Managed objects are accessed via a virtual information store, termed 107 the Management Information Base or MIB. MIB objects are generally 108 accessed through the Simple Network Management Protocol (SNMP). 109 Objects in the MIB are defined using the mechanisms defined in the 110 Structure of Management Information (SMI). This memo specifies a MIB 111 module that is compliant to the SMIv2, which is described in STD 58, 112 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 113 [RFC2580]. 115 3. Conventions 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 119 document are to be interpreted as described in RFC 2119 [RFC2119]. 121 4. Overview 123 The SAVI Protocol MIB module (SAVI-MIB) is conformant to SAVI 124 protocol, and is designed to: 126 o Support centralized management and monitoring of SAVI protocol 127 instance by standard SNMP protocol. 129 o Support configuration and querying of SAVI protocol parameters. 131 o Support configuration and querying of binding entries. Operators 132 may insert and delete manual binding entries. 134 o Support querying of filtering entries. 136 o Support querying of the count of packets dropped because of 137 validation failure for each interface. 139 Based on SAVI protocol, attributes and objects of a SAVI protocol 140 instance can be classified into five categories: 142 o System attributes. These attributes are corresponding to a SAVI 143 protocol instance, such as IP Address Assignment Methods and some 144 constants. 146 o Anchor attributes. These attributes are corresponding to a SAVI 147 anchor. Anchor is defined in [RFC7039]. 149 o Binding Status Table. This table contains the state of binding 150 between source address and binding anchor (refer to [RFC6620], 151 [RFC7513], [RFC7219]). 153 o Filtering Table. This table contains the bindings between binding 154 anchor and address, which is used to filter packets (refer to 155 [RFC6620], [RFC7513], [RFC7219]). 157 o Counting Table. This table contains the count of fail packets for 158 each interface. 160 A table is designed for each category of objects. 162 5. Structure of the MIB Module 164 This section presents the structure of the SAVI-MIB module. The MIB 165 objects are derived from the SAVI protocol specification. 167 This MIB is composed of a series of tables meant to form the base for 168 managing SAVI entities. The following subsections describe all 169 tables in the SAVI MIB module. 171 5.1. The SAVI System Table 173 The SAVI System Table (saviObjectsSystemTable) contains the objects 174 which are corresponding to SAVI system-wide parameters. It supports 175 the configuration and collection of SAVI system-wide parameters. 177 There is an entry for each IP stack, IPv4 and IPv6. The table is 178 indexed by: 180 o saviObjectsSystemIPVersion - The IP Version. A textual convention 181 InetVersion defined in RFC4001 is used to represent the different 182 version of IP protocol. 184 It contains the following objects: 186 o saviObjectsSystemSlaacEnable - If SAVI for SlAAC is enabled. 188 o saviObjectsSystemDhcpEnable - If SAVI for DHCP is enabled. 190 o saviObjectsSystemSendEnable - If SAVI for SEND is enabled. 192 o saviObjectsSystemManualEnable - If SAVI for MANUAL is enabled. 194 o saviObjectsSystemMaxDhcpResponseTime - A constant defined in SAVI 195 protocol (refer to [RFC7513]). 197 o saviObjectsSystemDataSnoopingInterval - A constant defined in SAVI 198 protocol (refer to [RFC7513]). 200 o saviObjectsSystemMaxLeaseQueryDelay - A constant defined in SAVI 201 protocol (refer to [RFC7513]). 203 o saviObjectsSystemOffLinkDelay - A constant defined in SAVI 204 protocol (refer to [RFC7513]). 206 o saviObjectsSystemDetectionTimeout - A constant defined in SAVI 207 protocol (refer to [RFC7513]). 209 o saviObjectsSystemTentLT - A constant defined in SAVI protocol 210 (refer to [RFC6620]). 212 o saviObjectsSystemDefaultLT - A constant defined in SAVI protocol 213 (refer to [RFC6620]). 215 o saviObjectsSystemTWAIT - A constant defined in SAVI protocol 216 (refer to [RFC6620]). 218 The MAX-ACCESS of these objects is READ-WRITE. Network Operators may 219 do configuration by setting these objects. 221 5.2. The SAVI Port Table 223 The SAVI Port Table (saviObjectsPortTable) contains the objects which 224 are corresponding to SAVI running parameters of each anchor. It 225 supports the configuration and collection of SAVI parameters of each 226 anchor. 228 There is an entry for each IP stack, IPv4 and IPv6. The table is 229 indexed by: 231 o saviObjectsPortIPVersion - The IP Version. 233 o saviObjectsPortIfIndex - The index value that uniquely identifies 234 the interface to which this entry is applicable. 236 It contains the following objects: 238 o saviObjectsPortValidatingAttr - An attribute defined in SAVI 239 protocol (refer to [RFC7513]). 241 o saviObjectsPortDhcpTrustAttr - An attribute defined in SAVI 242 protocol (refer to [RFC7513]). 244 o saviObjectsPortTrustAttr - An attribute defined in SAVI protocol 245 (refer to [RFC7513]). 247 o saviObjectsPortDhcpSnoopingAttr - An attribute defined in SAVI 248 protocol (refer to [RFC7513]). 250 o saviObjectsPortDataSnoopingAttr - An attribute defined in SAVI 251 protocol (refer to [RFC7513]). 253 o saviObjectsPortFilteringNum - The max filtering number of the 254 Port. 256 The MAX-ACCESS of these objects is READ-WRITE. Network Operators may 257 configure by setting these objects. 259 5.3. The SAVI Binding Table 261 The SAVI Binding Table (saviObjectsBindingTable) contains the objects 262 which are corresponding to Binding State Table (BST) defined in SAVI 263 protocol. It contains the binding parameters and state of each 264 binding entry. It supports the collection of binding entries. And 265 an entry can be inserted or deleted if it is a manual binding entry. 267 The table is indexed by: 269 o saviObjectsBindingIpAddressType - IP address type. A textual 270 convention InetAddressType defined in RFC4001 is used to represent 271 the different kind of IP address. 273 o saviObjectsBindingType - which IP address assignment method is 274 used to create the binding entry - manual(1), slaac(2), dhcp(3), 275 send(4). 277 o saviObjectsBindingIfIndex - The index value that uniquely 278 identifies the interface to which this entry is applicable. 280 o saviObjectsBindingIpAddress - The binding source IP address. A 281 textual convention InetAddress defined in RFC4001 is used to 282 define this object. 284 The SAVI Binding Table contains the following objects: 286 o saviObjectsBindingMacAddr - The binding source mac address. 288 o saviObjectsBindingState - The state of the binding entry. 290 o saviObjectsBindingLifetime - The remaining lifetime of the entry. 292 o saviObjectsBindingCreationtime - The value of the local clock when 293 the entry was firstly created. 295 o saviObjectsBindingTID - The Transaction ID (TID) (refer to RFC2131 296 and RFC3315) of the corresponding DHCP transaction. 298 o saviObjectsBindingRowStatus - The status of this row, by which new 299 entries may be created, or old entries be deleted from this table. 300 As defined in RFC2579, the RowStatus textual convention is used to 301 manage the creation and deletion of conceptual rows. For SAVI 302 Binding Table, an entry can be created or deleted only when 303 saviObjectsBindingType=manual. 305 The MAX-ACCESS of these objects is READ-CREATE. Network Operators 306 may create or delete an entry by setting these objects. 308 5.4. The SAVI Filtering Table 310 The SAVI Filtering Table (saviObjectsFilteringTable) contains the 311 objects which are corresponding to Filtering Table (FT) defined in 312 SAVI protocol. It supports the collection of filtering entries. 314 The table is indexed by: 316 o saviObjectsFilteringIpAddressType - IP address type. 318 o saviObjectsFilteringIfIndex - The index value that uniquely 319 identifies the interface to which this entry is applicable. 321 o saviObjectsFilteringIpAddress - The source IP address. 323 It contains the following objects: 325 o saviObjectsFilteringMacAddr - The source mac address. 327 The MAX-ACCESS of the object is READ-ONLY. 329 5.5. The SAVI Counting Table 331 The SAVI Counting Table (saviObjectsCountTable) contains the objects 332 counting packets dropped because of validation failure for each 333 interface. 335 The table is indexed by: 337 o saviObjectsCountIPVersion - IP Version. 339 o saviObjectsCountIfIndex - The index value that uniquely identifies 340 the interface to which this entry is applicable. 342 It contains the following objects: 344 o saviObjectsCountFilterPkts - The count of packets dropped because 345 of validation failure. 347 The MAX-ACCESS of the object is READ-ONLY. 349 6. Textual Conventions 351 The textual conventions used in the SAVI-MIB are as follows. 353 The MODULE-COMPLIANCE,OBJECT-GROUP textual convention is imported 354 from SNMPv2-CONF [RFC2580]. The MODULE-IDENTITY, OBJECT-IDENTITY, 355 OBJECT-TYPE, Unsigned32 textual convention is imported from 356 SNMPv2-SMI [RFC2578]. 358 The MacAddress,TimeInterval,RowStatus textual convention is imported 359 from SNMPv2-TC [RFC2579]. 361 The InetVersion,InetAddressType,InetAddress textual convention is 362 imported from INET-ADDRESS-MIB [RFC4001]. 364 The InterfaceIndex textual convention is imported from IF-MIB 365 [RFC2863]. 367 The ip textual convention is imported from IP-MIB [RFC4293]. 369 7. Relationship to Other MIB Modules 371 7.1. Relationship to the INET-ADDRESS-MIB 373 To support extensibility, IETF defined new textual conventions to 374 represent different IP protocol and different IP address in a unified 375 formation in RFC4001. To support different IP version, a textual 376 convention InetVersion is defined to represent the different version 377 of IP protocol. To support different IP address, a generic Internet 378 address is defined. It consists of two objects: The first one has 379 the syntax InetAddressType, and the second object have the syntax 380 InetAddress. The value of the first object determines how the value 381 of the second is encoded. 383 Since SAVI running mode and parameter is independent of IPv4 and 384 IPv6, so different OID instances should be defined for each protocol. 385 In SAVI-MIB definition, when IP address is used as a part of binding 386 table, it is defined using textual conventions described in INET- 387 ADDRESS-MIB. 389 7.2. Relationship to the IF-MIB 391 The Interfaces MIB [RFC2863] defines generic managed objects for 392 managing interfaces. This document contains the interface-specific 393 extensions for managing SAVI anchors that are modeled as interfaces. 395 The IF-MIB module is required to be supported on the SAVI device. 396 The interface MUST be modeled as an ifEntry, and ifEntry objects such 397 as ifIndex are to be used as per [RFC2863]. 399 An ifIndex [RFC2863] is used as a common index for interfaces in the 400 SAVI-MIB modules. 402 7.3. MIB modules required for IMPORTS 404 The SAVI MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 405 SNMPv2-TC [RFC2579],SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET- 406 ADDRESS-MIB [RFC4001] . 408 8. Definitions 410 SAVI-MIB DEFINITIONS ::=BEGIN 412 IMPORTS 413 MODULE-COMPLIANCE,OBJECT-GROUP 414 FROM SNMPv2-CONF --RFC2580 415 MODULE-IDENTITY, OBJECT-IDENTITY, OBJECT-TYPE, Unsigned32 416 FROM SNMPv2-SMI --RFC2578 417 TEXTUAL-CONVENTION,MacAddress,TimeInterval,RowStatus 418 FROM SNMPv2-TC --RFC2579 419 InterfaceIndex 420 FROM IF-MIB --RFC2863 421 InetVersion,InetAddressType,InetAddress 422 FROM INET-ADDRESS-MIB --RFC4001 423 ip 424 FROM IP-MIB --RFC4293 425 ; 427 saviMIB MODULE-IDENTITY 428 LAST-UPDATED "201512150000Z" 429 ORGANIZATION 430 "IETF SAVI Working Group" 432 CONTACT-INFO 433 "WG charter: 434 http://datatracker.ietf.org/wg/savi/charter/ 436 Editor: 437 Changqing An 438 CERNET 439 Postal: Network Research Center, Tsinghua University 440 Beijing 100084 441 China 442 Email: acq@cernet.edu.cn 444 Jiahai Yang 445 CERNET 446 Postal: Network Research Center, Tsinghua University 447 Beijing 100084 448 China 449 Email: yang@cernet.edu.cn 450 " 452 DESCRIPTION 453 "This MIB Module is designed to support configuration 454 and monitoring of SAVI protocol. 455 " 456 REVISION "201512150000Z" 457 DESCRIPTION 458 "Initial version" 459 ::= {ip xxx} 461 saviObjects OBJECT IDENTIFIER ::= { saviMIB 1 } 463 -- System parameters for SAVI protocol 465 saviObjectsSystemTable OBJECT-TYPE 466 SYNTAX SEQUENCE OF SaviObjectsSystemEntry 467 MAX-ACCESS not-accessible 468 STATUS current 469 DESCRIPTION 470 "The table containing savi system-wide parameters." 471 ::= { saviObjects 1 } 473 saviObjectsSystemEntry OBJECT-TYPE 474 SYNTAX SaviObjectsSystemEntry 475 MAX-ACCESS not-accessible 476 STATUS current 477 DESCRIPTION 478 "An entry containing savi system-wide parameters for a 479 particular IP version. 481 " 482 INDEX { saviObjectsSystemIPVersion } 483 ::= { saviObjectsSystemTable 1 } 485 SaviObjectsSystemEntry ::= 486 SEQUENCE { 487 saviObjectsSystemIPVersion InetVersion, 488 saviObjectsSystemSlaacEnable INTEGER, 489 saviObjectsSystemDhcpEnable INTEGER, 490 saviObjectsSystemSendEnable INTEGER, 491 saviObjectsSystemManualEnable INTEGER, 492 saviObjectsSystemMaxDhcpResponseTime TimeInterval, 493 saviObjectsSystemDataSnoopingInterval TimeInterval, 494 saviObjectsSystemMaxLeaseQueryDelay TimeInterval, 495 saviObjectsSystemOffLinkDelay TimeInterval, 496 saviObjectsSystemDetectionTimeout TimeInterval, 497 saviObjectsSystemTentLT TimeInterval, 498 saviObjectsSystemDefaultLT TimeInterval, 499 saviObjectsSystemTWAIT TimeInterval 500 } 502 saviObjectsSystemIPVersion OBJECT-TYPE 503 SYNTAX InetVersion 504 MAX-ACCESS not-accessible 505 STATUS current 506 DESCRIPTION 507 "The IP version " 508 ::= { saviObjectsSystemEntry 1 } 510 saviObjectsSystemSlaacEnable OBJECT-TYPE 511 SYNTAX INTEGER { 512 enable(1), 513 disable(2) 514 } 515 MAX-ACCESS read-write 516 STATUS current 517 DESCRIPTION 518 "If SAVI for SlAAC is enabled. " 519 ::= { saviObjectsSystemEntry 2 } 521 saviObjectsSystemDhcpEnable OBJECT-TYPE 522 SYNTAX INTEGER { 523 enable(1), 524 disable(2) 525 } 526 MAX-ACCESS read-write 527 STATUS current 528 DESCRIPTION 529 "If SAVI for DHCP is enabled. " 530 ::= { saviObjectsSystemEntry 3 } 532 saviObjectsSystemSendEnable OBJECT-TYPE 533 SYNTAX INTEGER { 534 enable(1), 535 disable(2) 536 } 537 MAX-ACCESS read-write 538 STATUS current 539 DESCRIPTION 540 "If SAVI for SEND is enabled. " 541 ::= { saviObjectsSystemEntry 4 } 543 saviObjectsSystemManualEnable OBJECT-TYPE 544 SYNTAX INTEGER { 545 enable(1), 546 disable(2) 547 } 548 MAX-ACCESS read-write 549 STATUS current 550 DESCRIPTION 551 "If SAVI for MANUAL is enabled. " 552 ::= { saviObjectsSystemEntry 5 } 554 saviObjectsSystemMaxDhcpResponseTime OBJECT-TYPE 555 SYNTAX TimeInterval 556 MAX-ACCESS read-write 557 STATUS current 558 DESCRIPTION 559 "A constant. 560 TimeInterval is defined in RFC 2579, it's a period of time, 561 measured in units of 0.01 seconds, 562 and the value is (0..2147483647). 563 " 564 ::= { saviObjectsSystemEntry 6 } 566 saviObjectsSystemDataSnoopingInterval OBJECT-TYPE 567 SYNTAX TimeInterval 568 MAX-ACCESS read-write 569 STATUS current 570 DESCRIPTION 571 "A constant. 572 TimeInterval is defined in RFC 2579, it's a period of time, 573 measured in units of 0.01 seconds, 574 and the value is (0..2147483647). 575 " 576 ::= { saviObjectsSystemEntry 7 } 578 saviObjectsSystemMaxLeaseQueryDelay OBJECT-TYPE 579 SYNTAX TimeInterval 580 MAX-ACCESS read-write 581 STATUS current 582 DESCRIPTION 583 "A constant. 584 TimeInterval is defined in RFC 2579, it's a period of time, 585 measured in units of 0.01 seconds, 586 and the value is (0..2147483647). 587 " 588 ::= { saviObjectsSystemEntry 8 } 590 saviObjectsSystemOffLinkDelay OBJECT-TYPE 591 SYNTAX TimeInterval 592 MAX-ACCESS read-write 593 STATUS current 594 DESCRIPTION 595 "A constant. 596 TimeInterval is defined in RFC 2579, it's a period of time, 597 measured in units of 0.01 seconds, 598 and the value is (0..2147483647). 599 " 600 ::= { saviObjectsSystemEntry 9 } 602 saviObjectsSystemDetectionTimeout OBJECT-TYPE 603 SYNTAX TimeInterval 604 MAX-ACCESS read-write 605 STATUS current 606 DESCRIPTION 607 "A constant. 608 TimeInterval is defined in RFC 2579, it's a period of time, 609 measured in units of 0.01 seconds, 610 and the value is (0..2147483647). 611 " 612 ::= { saviObjectsSystemEntry 10 } 614 saviObjectsSystemTentLT OBJECT-TYPE 615 SYNTAX TimeInterval 616 MAX-ACCESS read-write 617 STATUS current 618 DESCRIPTION 619 "A constant. 620 TimeInterval is defined in RFC 2579, it's a period of time, 621 measured in units of 0.01 seconds, 622 and the value is (0..2147483647). 623 " 624 ::= { saviObjectsSystemEntry 11 } 626 saviObjectsSystemDefaultLT OBJECT-TYPE 627 SYNTAX TimeInterval 628 MAX-ACCESS read-write 629 STATUS current 630 DESCRIPTION 631 "A constant. 632 TimeInterval is defined in RFC 2579, it's a period of time, 633 measured in units of 0.01 seconds, 634 and the value is (0..2147483647). 635 " 636 ::= { saviObjectsSystemEntry 12 } 638 saviObjectsSystemTWAIT OBJECT-TYPE 639 SYNTAX TimeInterval 640 MAX-ACCESS read-write 641 STATUS current 642 DESCRIPTION 643 "A constant. 644 TimeInterval is defined in RFC 2579, it's a period of time, 645 measured in units of 0.01 seconds, 646 and the value is (0..2147483647). 647 " 648 ::= { saviObjectsSystemEntry 13 } 650 -- Port parameters for SAVI protocol 652 saviObjectsPortTable OBJECT-TYPE 653 SYNTAX SEQUENCE OF SaviObjectsPortEntry 654 MAX-ACCESS not-accessible 655 STATUS current 656 DESCRIPTION 657 "The table containing SAVI parameters of each anchor." 658 ::= { saviObjects 2 } 660 saviObjectsPortEntry OBJECT-TYPE 661 SYNTAX SaviObjectsPortEntry 662 MAX-ACCESS not-accessible 663 STATUS current 664 DESCRIPTION 665 "An entry containing SAVI running parameters of an anchor." 666 INDEX { 667 saviObjectsPortIPVersion, 668 saviObjectsPortIfIndex 669 } 671 ::= { saviObjectsPortTable 1 } 673 SaviObjectsPortEntry ::= 674 SEQUENCE { 675 saviObjectsPortIPVersion InetVersion, 676 saviObjectsPortIfIndex InterfaceIndex, 677 saviObjectsPortValidatingAttr INTEGER, 678 saviObjectsPortDhcpTrustAttr INTEGER, 679 saviObjectsPortTrustAttr INTEGER, 680 saviObjectsPortDhcpSnoopingAttr INTEGER, 681 saviObjectsPortDataSnoopingAttr INTEGER, 682 saviObjectsPortFilteringNum Unsigned32 683 } 685 saviObjectsPortIPVersion OBJECT-TYPE 686 SYNTAX InetVersion 687 MAX-ACCESS not-accessible 688 STATUS current 689 DESCRIPTION 690 "The IP version " 691 ::= { saviObjectsPortEntry 1 } 693 saviObjectsPortIfIndex OBJECT-TYPE 694 SYNTAX InterfaceIndex 695 MAX-ACCESS not-accessible 696 STATUS current 697 DESCRIPTION 698 "The index value that uniquely identifies the interface to 699 which this entry is applicable. The interface identified by 700 a particular value of this index is the same interface as 701 identified by the same value of the IF-MIB's ifIndex. 702 " 703 ::= { saviObjectsPortEntry 2 } 705 saviObjectsPortValidatingAttr OBJECT-TYPE 706 SYNTAX INTEGER { 707 enable(1), 708 disable(2) 709 } 710 MAX-ACCESS read-write 711 STATUS current 712 DESCRIPTION 713 "An attribute defined in SAVI protocol. 714 enable(1), the attribute is set. 715 disable(2), the attribute is not set. 716 " 718 ::= { saviObjectsPortEntry 3 } 720 saviObjectsPortDhcpTrustAttr OBJECT-TYPE 721 SYNTAX INTEGER { 722 enable(1), 723 disable(2) 724 } 725 MAX-ACCESS read-write 726 STATUS current 727 DESCRIPTION 728 "An attribute defined in SAVI protocol. 729 enable(1), the attribute is set. 730 disable(2), the attribute is not set. 731 " 732 ::= { saviObjectsPortEntry 4 } 734 saviObjectsPortTrustAttr OBJECT-TYPE 735 SYNTAX INTEGER { 736 enable(1), 737 disable(2) 738 } 739 MAX-ACCESS read-write 740 STATUS current 741 DESCRIPTION 742 "An attribute defined in SAVI protocol. 743 enable(1), the attribute is set. 744 disable(2), the attribute is not set. 745 " 746 ::= { saviObjectsPortEntry 5 } 748 saviObjectsPortDhcpSnoopingAttr OBJECT-TYPE 749 SYNTAX INTEGER { 750 enable(1), 751 disable(2) 752 } 753 MAX-ACCESS read-write 754 STATUS current 755 DESCRIPTION 756 "An attribute defined in SAVI protocol. 757 enable(1), the attribute is set. 758 disable(2), the attribute is not set. 759 " 760 ::= { saviObjectsPortEntry 6 } 762 saviObjectsPortDataSnoopingAttr OBJECT-TYPE 763 SYNTAX INTEGER { 764 enable(1), 765 disable(2) 767 } 768 MAX-ACCESS read-write 769 STATUS current 770 DESCRIPTION 771 "An attribute defined in SAVI protocol. 772 enable(1), the attribute is set. 773 disable(2), the attribute is not set. 774 " 775 ::= { saviObjectsPortEntry 7 } 777 saviObjectsPortFilteringNum OBJECT-TYPE 778 SYNTAX Unsigned32 779 MAX-ACCESS read-write 780 STATUS current 781 DESCRIPTION 782 "The max filtering number of the Port." 783 ::= { saviObjectsPortEntry 8 } 785 -- Binding Status Table for SAVI protocol 787 saviObjectsBindingTable OBJECT-TYPE 788 SYNTAX SEQUENCE OF SaviObjectsBindingEntry 789 MAX-ACCESS not-accessible 790 STATUS current 791 DESCRIPTION 792 "The table containing the state of binding 793 between source address and anchor. 794 " 795 ::= { saviObjects 3 } 797 saviObjectsBindingEntry OBJECT-TYPE 798 SYNTAX SaviObjectsBindingEntry 799 MAX-ACCESS not-accessible 800 STATUS current 801 DESCRIPTION 802 "An entry containing the state of binding between source 803 address and anchor. 804 Entries are keyed on the source IP address type, 805 binding type, anchor, and source IP address. 806 " 807 INDEX { 808 saviObjectsBindingIpAddressType, 809 saviObjectsBindingType, 810 saviObjectsBindingIfIndex, 811 saviObjectsBindingIpAddress 812 } 814 ::= { saviObjectsBindingTable 1 } 816 SaviObjectsBindingEntry ::= 817 SEQUENCE { 818 saviObjectsBindingIpAddressType InetAddressType, 819 saviObjectsBindingType INTEGER, 820 saviObjectsBindingIfIndex InterfaceIndex, 821 saviObjectsBindingIpAddress InetAddress, 822 saviObjectsBindingMacAddr MacAddress, 823 saviObjectsBindingState INTEGER, 824 saviObjectsBindingLifetime TimeInterval, 825 saviObjectsBindingCreationtime DateAndTime, 826 saviObjectsBindingTID INTEGER, 827 saviObjectsBindingRowStatus RowStatus 828 } 830 saviObjectsBindingIpAddressType OBJECT-TYPE 831 SYNTAX InetAddressType 832 MAX-ACCESS not-accessible 833 STATUS current 834 DESCRIPTION 835 "IP address type of the binding source IP." 836 ::= { saviObjectsBindingEntry 1 } 838 saviObjectsBindingType OBJECT-TYPE 839 SYNTAX INTEGER { 840 manual(1), 841 slaac(2), 842 dhcp(3), 843 send(4) 844 } 845 MAX-ACCESS not-accessible 846 STATUS current 847 DESCRIPTION 848 "IP address assignment methods." 849 ::= { saviObjectsBindingEntry 2 } 851 saviObjectsBindingIfIndex OBJECT-TYPE 852 SYNTAX InterfaceIndex 853 MAX-ACCESS not-accessible 854 STATUS current 855 DESCRIPTION 856 "The index value that uniquely identifies the interface to 857 which this entry is applicable. The interface identified by 858 a particular value of this index is the same interface as 859 identified by the same value of the IF-MIB's ifIndex. 860 " 861 ::= { saviObjectsBindingEntry 3 } 863 saviObjectsBindingIpAddress OBJECT-TYPE 864 SYNTAX InetAddress 865 MAX-ACCESS not-accessible 866 STATUS current 867 DESCRIPTION 868 "The binding source IP address" 869 ::= { saviObjectsBindingEntry 4 } 871 saviObjectsBindingMacAddr OBJECT-TYPE 872 SYNTAX MacAddress 873 MAX-ACCESS read-create 874 STATUS current 875 DESCRIPTION 876 "The binding source mac address." 877 ::= { saviObjectsBindingEntry 5 } 879 saviObjectsBindingState OBJECT-TYPE 880 SYNTAX INTEGER { 881 NO_BIND(1), 882 INIT_BIND(2), 883 BOUND(3), 884 DETECTION(4), 885 RECOVERY(5), 886 VERIFY(6), 887 TENTATIVE(7), 888 VALID(8), 889 TESTING_TP-LT(9), 890 TESTING_VP(10), 891 TESTING_VP-1(11), 892 TENTATIVE_NUD(12), 893 TENTATIVE_DAD(13) 894 } 895 MAX-ACCESS read-create 896 STATUS current 897 DESCRIPTION 898 "The state of the binding entry. " 899 ::= { saviObjectsBindingEntry 6 } 901 saviObjectsBindingLifetime OBJECT-TYPE 902 SYNTAX TimeInterval 903 MAX-ACCESS read-create 904 STATUS current 905 DESCRIPTION 906 "The remaining lifetime of the entry. 907 TimeInterval is defined in RFC 2579, it's a period of time, 908 measured in units of 0.01 seconds, 909 and the value is (0..2147483647). 910 If saviObjectsBindingType=manual, a value of 2147483647 911 represents infinity. 912 " 913 ::= { saviObjectsBindingEntry 7 } 915 saviObjectsBindingCreationtime OBJECT-TYPE 916 SYNTAX DateAndTime 917 MAX-ACCESS read-create 918 STATUS current 919 DESCRIPTION 920 "The value of the local clock when the entry was firstly created. 921 " 922 ::= { saviObjectsBindingEntry 8 } 924 saviObjectsBindingTID OBJECT-TYPE 925 SYNTAX INTEGER 926 MAX-ACCESS read-create 927 STATUS current 928 DESCRIPTION 929 "The Transaction ID (TID) (refer to RFC2131 and RFC3315) of the corresponding DHCP transaction. 930 " 931 ::= { saviObjectsBindingEntry 9 } 933 saviObjectsBindingRowStatus OBJECT-TYPE 934 SYNTAX RowStatus 935 MAX-ACCESS read-create 936 STATUS current 937 DESCRIPTION 938 "The status of this row, by which new entries may be 939 created, or old entries deleted from this table. 940 An Entry can be created or deleted only when 941 saviObjectsBindingType=manual. 942 " 943 ::= { saviObjectsBindingEntry 10 } 945 -- Filtering Table for SAVI protocol 947 saviObjectsFilteringTable OBJECT-TYPE 948 SYNTAX SEQUENCE OF SaviObjectsFilteringEntry 949 MAX-ACCESS not-accessible 950 STATUS current 951 DESCRIPTION 952 "The table containing the filtering entries." 953 ::= { saviObjects 4 } 955 saviObjectsFilteringEntry OBJECT-TYPE 956 SYNTAX SaviObjectsFilteringEntry 957 MAX-ACCESS not-accessible 958 STATUS current 959 DESCRIPTION 960 "An entry containing the filtering parameters. 961 Entries are keyed on the source IP address type, 962 anchor, and source IP address. 963 " 964 INDEX { saviObjectsFilteringIpAddressType, 965 saviObjectsFilteringIfIndex, 966 saviObjectsFilteringIpAddress 967 } 968 ::= { saviObjectsFilteringTable 1 } 970 SaviObjectsFilteringEntry ::= 971 SEQUENCE { 972 saviObjectsFilteringIpAddressType InetAddressType, 973 saviObjectsFilteringIfIndex InterfaceIndex, 974 saviObjectsFilteringIpAddress InetAddress, 975 saviObjectsFilteringMacAddr MacAddress 976 } 978 saviObjectsFilteringIpAddressType OBJECT-TYPE 979 SYNTAX InetAddressType 980 MAX-ACCESS not-accessible 981 STATUS current 982 DESCRIPTION 983 "IP address type of the filtering source IP" 984 ::= { saviObjectsFilteringEntry 1 } 986 saviObjectsFilteringIfIndex OBJECT-TYPE 987 SYNTAX InterfaceIndex 988 MAX-ACCESS not-accessible 989 STATUS current 990 DESCRIPTION 991 "The index value that uniquely identifies the interface to 992 which this entry is applicable. The interface identified by 993 a particular value of this index is the same interface as 994 identified by the same value of the IF-MIB's ifIndex. 995 " 996 ::= { saviObjectsFilteringEntry 2 } 998 saviObjectsFilteringIpAddress OBJECT-TYPE 999 SYNTAX InetAddress 1000 MAX-ACCESS not-accessible 1001 STATUS current 1002 DESCRIPTION 1003 "The filtering source IP address." 1004 ::= { saviObjectsFilteringEntry 3 } 1006 saviObjectsFilteringMacAddr OBJECT-TYPE 1007 SYNTAX MacAddress 1008 MAX-ACCESS read-only 1009 STATUS current 1010 DESCRIPTION 1011 "The filtering source mac address." 1012 ::= { saviObjectsFilteringEntry 4 } 1014 --Count of packets dropped because of validation failure for each interface. 1016 saviObjectsCountTable OBJECT-TYPE 1017 SYNTAX SEQUENCE OF saviObjectsCountEntry 1018 MAX-ACCESS not-accessible 1019 STATUS current 1020 DESCRIPTION 1021 "The table containing count of packets dropped because of validation failure." 1022 ::= { saviObjects 5 } 1024 saviObjectsCountEntry OBJECT-TYPE 1025 SYNTAX saviObjectsCountEntry 1026 MAX-ACCESS not-accessible 1027 STATUS current 1028 DESCRIPTION 1029 "An entry containing count of packets dropped because of validation failure for each interface." 1030 INDEX { saviObjectsCountIPVersion, 1031 saviObjectsCountIfIndex 1032 } 1033 ::= { saviObjectsCountTable 1 } 1035 saviObjectsCountEntry ::= 1036 SEQUENCE { 1037 saviObjectsCountIPVersion InetVersion, 1038 saviObjectsCountIfIndex InterfaceIndex, 1039 saviObjectsCountFilterPkts Counter64 1040 } 1042 saviObjectsCountIPVersion OBJECT-TYPE 1043 SYNTAX InetVersion 1044 MAX-ACCESS not-accessible 1045 STATUS current 1046 DESCRIPTION 1047 "The IP version " 1049 ::= { saviObjectsCountEntry 1 } 1051 saviObjectsCountIfIndex OBJECT-TYPE 1052 SYNTAX InterfaceIndex 1053 MAX-ACCESS not-accessible 1054 STATUS current 1055 DESCRIPTION 1056 "The Interface." 1057 ::= { saviObjectsCountEntry 2 } 1059 saviObjectsCountFilterPkts OBJECT-TYPE 1060 SYNTAX Counter64 1061 MAX-ACCESS read-write 1062 STATUS current 1063 DESCRIPTION 1064 "The count of Pkts dropped." 1065 ::= { saviObjectsCountEntry 3 } 1067 -- Conformance information 1068 saviConformance OBJECT IDENTIFIER ::= { saviMIB 2 } 1069 saviCompliances OBJECT IDENTIFIER ::= { saviConformance 1 } 1071 -- Compliance statements 1072 saviCompliance MODULE-COMPLIANCE 1073 STATUS current 1074 DESCRIPTION 1075 "The compliance statement for entities which implement SAVI 1076 protocol. 1077 " 1078 MODULE 1079 MANDATORY-GROUPS { 1080 systemGroup, 1081 portGroup, 1082 bindingGroup, 1083 filteringGroup 1084 } 1085 ::= { saviCompliances 1} 1087 saviGroups OBJECT IDENTIFIER ::= { saviConformance 2 } 1089 --Units of conformance 1091 systemGroup OBJECT-GROUP 1092 OBJECTS { 1093 saviObjectsSystemSlaacEnable, 1094 saviObjectsSystemDhcpEnable, 1095 saviObjectsSystemSendEnable, 1096 saviObjectsSystemManualEnable, 1097 saviObjectsSystemMaxDhcpResponseTime, 1098 saviObjectsSystemDataSnoopingInterval, 1099 saviObjectsSystemMaxLeaseQueryDelay, 1100 saviObjectsSystemOffLinkDelay, 1101 saviObjectsSystemDetectionTimeout, 1102 saviObjectsSystemTentLT, 1103 saviObjectsSystemDefaultLT, 1104 saviObjectsSystemTWAIT 1105 } 1106 STATUS current 1107 DESCRIPTION 1108 "The system group contains objects corrsponding to savi system 1109 parameters. 1110 " 1111 ::= {saviGroups 1} 1113 portGroup OBJECT-GROUP 1114 OBJECTS { 1115 saviObjectsPortValidatingAttr, 1116 saviObjectsPortDhcpTrustAttr, 1117 saviObjectsPortTrustAttr, 1118 saviObjectsPortDhcpSnoopingAttr, 1119 saviObjectsPortDataSnoopingAttr, 1120 saviObjectsPortFilteringNum 1121 } 1122 STATUS current 1123 DESCRIPTION 1124 "The if group contains objects corresponding to the savi running 1125 parameters of each anchor. 1126 " 1127 ::= {saviGroups 2} 1129 bindingGroup OBJECT-GROUP 1130 OBJECTS { 1131 saviObjectsBindingMacAddr, 1132 saviObjectsBindingState, 1133 saviObjectsBindingLifetime, 1134 saviObjectsBindingCreationtime, 1135 saviObjectsBindingTID, 1136 saviObjectsBindingRowStatus 1137 } 1138 STATUS current 1139 DESCRIPTION 1140 "The binding group contains the binding 1141 information of anchor and soure ip address. 1142 " 1143 ::= {saviGroups 3} 1145 filteringGroup OBJECT-GROUP 1146 OBJECTS { 1147 saviObjectsFilteringMacAddr 1148 } 1149 STATUS current 1150 DESCRIPTION 1151 "The filtering group contains the filtering 1152 information of anchor and soure ip address. 1153 " 1154 ::= {saviGroups 4} 1156 END 1158 9. Security Considerations 1160 There are a number of management objects defined in this MIB module 1161 with a MAX-ACCESS clause of read-write and/or read-create. Such 1162 objects may be considered sensitive or vulnerable in some network 1163 environments. The support for SET operations in a non-secure 1164 environment without proper protection can have a negative effect on 1165 network operations. These are the tables and objects and their 1166 sensitivity/vulnerability: 1168 o saviObjectsSystemTable - Unauthorized changes to the writable 1169 objects under saviObjectsSystemTable MAY disrupt allocation of 1170 resources in the network. For example, a device's SAVI system 1171 mode be changed by set operation to SAVI-DISABLE will give chance 1172 to IP source address spoofing. 1174 o saviObjectsPortTable - Unauthorized changes to the writable 1175 objects under saviObjectsPortTable MAY disrupt allocation of 1176 resources in the network. For example, an anchor's ValidatingAttr 1177 be changed by set operation to DISABLE will give chance to IP 1178 source address spoofing. 1180 o saviObjectsBindingTable - Unauthorized changes to the writable 1181 objects under this table MAY disrupt allocation of resources in 1182 the network. For example, a manual binding entry is inserted to 1183 the BST will give chance to IP source address spoofing. 1185 Some of the readable objects in this MIB module (i.e., objects with a 1186 MAX-ACCESS other than not-accessible) may be considered sensitive or 1187 vulnerable in some network environments. It is thus important to 1188 control even GET and/or NOTIFY access to these objects and possibly 1189 to even encrypt the values of these objects when sending them over 1190 the network via SNMP. These are the tables and objects and their 1191 sensitivity/vulnerability: 1193 o saviObjectsBindingTable, saviObjectsFilteringTable - The IP 1194 address and binding anchor information will be helpful to some 1195 attacks. 1197 SNMP versions prior to SNMPv3 did not include adequate security. 1198 Even if the network itself is secure (for example by using IPsec), 1199 there is no control as to who on the secure network is allowed to 1200 access and GET/SET (read/change/create/delete) the objects in this 1201 MIB module. 1203 It is RECOMMENDED that implementers consider the security features as 1204 provided by the SNMPv3 framework (see [RFC3410], section 8), 1205 including full support for the SNMPv3 cryptographic mechanisms (for 1206 authentication and privacy). 1208 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1209 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1210 enable cryptographic security. It is then a customer/operator 1211 responsibility to ensure that the SNMP entity giving access to an 1212 instance of this MIB module is properly configured to give access to 1213 the objects only to those principals (users) that have legitimate 1214 rights to indeed GET or SET (change/create/delete) them. 1216 10. IANA Considerations 1218 The MIB module in this document uses the following IANA-assigned 1219 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1221 Descriptor OBJECT IDENTIFIER value 1222 ---------- ----------------------- 1223 SAVI-MIB { ip XXX } 1225 11. Contributors 1227 12. References 1229 12.1. Normative References 1231 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1232 Requirement Levels", BCP 14, RFC 2119, 1233 DOI 10.17487/RFC2119, March 1997, 1234 . 1236 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1237 Schoenwaelder, Ed., "Structure of Management Information 1238 Version 2 (SMIv2)", STD 58, RFC 2578, 1239 DOI 10.17487/RFC2578, April 1999, 1240 . 1242 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1243 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1244 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 1245 . 1247 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1248 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 1249 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 1250 . 1252 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1253 Schoenwaelder, "Textual Conventions for Internet Network 1254 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 1255 . 1257 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS 1258 SAVI: First-Come, First-Served Source Address Validation 1259 Improvement for Locally Assigned IPv6 Addresses", 1260 RFC 6620, DOI 10.17487/RFC6620, May 2012, 1261 . 1263 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 1264 RFC 2131, DOI 10.17487/RFC2131, March 1997, 1265 . 1267 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1268 C., and M. Carney, "Dynamic Host Configuration Protocol 1269 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1270 2003, . 1272 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., 1273 "Source Address Validation Improvement (SAVI) Framework", 1274 RFC 7039, DOI 10.17487/RFC7039, October 2013, 1275 . 1277 [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor 1278 Discovery (SEND) Source Address Validation Improvement 1279 (SAVI)", RFC 7219, DOI 10.17487/RFC7219, May 2014, 1280 . 1282 [RFC7513] Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address 1283 Validation Improvement (SAVI) Solution for DHCP", 1284 RFC 7513, DOI 10.17487/RFC7513, May 2015, 1285 . 1287 12.2. Informative References 1289 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 1290 RFC 2223, DOI 10.17487/RFC2223, October 1997, 1291 . 1293 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1294 "Introduction and Applicability Statements for Internet- 1295 Standard Management Framework", RFC 3410, 1296 DOI 10.17487/RFC3410, December 2002, 1297 . 1299 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1300 DOI 10.17487/RFC2629, June 1999, 1301 . 1303 [RFC4181] Heard, C., Ed., "Guidelines for Authors and Reviewers of 1304 MIB Documents", BCP 111, RFC 4181, DOI 10.17487/RFC4181, 1305 September 2005, . 1307 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1308 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 1309 . 1311 [RFC4293] Routhier, S., Ed., "Management Information Base for the 1312 Internet Protocol (IP)", RFC 4293, DOI 10.17487/RFC4293, 1313 April 2006, . 1315 12.3. URL References 1317 [idguidelines] 1318 IETF Internet Drafts editor, 1319 "http://www.ietf.org/ietf/1id-guidelines.txt". 1321 [idnits] IETF Internet Drafts editor, 1322 "http://www.ietf.org/ID-Checklist.html". 1324 [xml2rfc] XML2RFC tools and documentation, 1325 "http://xml.resource.org". 1327 [ops] the IETF OPS Area, "http://www.ops.ietf.org". 1329 [ietf] IETF Tools Team, "http://tools.ietf.org". 1331 Appendix A. Change Log 1333 From draft 00 to draft 01 1335 o Change the value range of object saviObjectsSystemMode and add a 1336 new value savi-send(6). 1338 From draft 01 to draft 02 1340 o Change saviObjectsTrustStatus into two booleans, one is 1341 saviObjectsDhcpTrustStatus, another is saviObjectsRaTrustStatus. 1343 o Change the character string saviObjectsIf to saviObjectsPort 1344 globally. 1346 o Change saviObjectsBindingState according to the latest version of 1347 solution drafts. 1349 From draft 02 to draft 03 1351 o Add a new object saviObjectsPortBindRecoveryAttr, and change the 1352 object saviObjectsPortRaTrustStatus to saviObjectsPortTrustAttr 1353 according to the latest version of solution drafts and RFC. 1355 o Change the value range and meaning of saviObjectsBindingState 1356 according to the latest version of solution drafts and RFC. 1358 o Change the value range of object saviObjectsBindingType, add a new 1359 value send(4), and change the value static(1) to manual(1). 1361 From draft 03 to draft 04 1363 o Add three new objects according to the latest version of solution 1364 drafts and RFC, i.e. saviObjectsSystemTentLT, 1365 saviObjectsSystemDefaultLT, saviObjectsSystemTWAIT. 1367 From draft 04 to draft 05 1369 o Add two new objects according to the latest version of solution 1370 drafts and RFC, i.e. saviObjectsBindingCreationtime, 1371 saviObjectsBindingTID. 1373 From draft 05 to draft 06 1375 o Add three new objects, saviObjectsSystemDadTimeout, 1376 saviObjectsPortDhcpSnoopingAttr and 1377 saviObjectsPortDataSnoopingAttr. 1379 o Replace object saviObjectsSystemBindRecoveryInterval with 1380 saviObjectsSystemDataSnoopingInterval. 1382 o Replace object saviObjectsPortSAVISAVIAttr with 1383 saviObjectsPortTrustAttr. 1385 o Delete object saviObjectsPortBindRecoveryAttr. 1387 From draft 06 to draft 07 1389 o Replace object saviObjectsSystemDadTimeout with 1390 saviObjectsSystemDetectionTimeout. 1392 From draft 07 to draft 08 1394 o Add a new table to count the fail packets of each interface. 1396 From draft 08 to draft 09 1398 o Change the value range and meaning of saviObjectsBindingState 1399 according to the latest version of solution RFC. 1401 From draft 09 to draft 10 1403 o Replace object saviObjectsSystemMode with 1404 saviObjectsSystemSlaacEnable, saviObjectsSystemDhcpEnable, 1405 saviObjectsSystemSendEnable, saviObjectsManualEnable. 1407 Appendix B. Open Issues 1409 Note to RFC Editor: please remove this appendix before publication as 1410 an RFC. 1412 Authors' Addresses 1414 Changqing An 1415 CERNET 1416 Network Research Center, Tsinghua University 1417 Beijing 100084 1418 China 1420 Phone: +86 10 62603113 1421 EMail: acq@cernet.edu.cn 1422 Jiahai Yang 1423 CERNET 1424 Network Research Center, Tsinghua University 1425 Beijing 100084 1426 China 1428 Phone: +86 10 62783492 1429 EMail: yang@cernet.edu.cn 1431 Jianping Wu 1432 CERNET 1433 Network Research Center, Tsinghua University 1434 Beijing 100084 1435 China 1437 EMail: jianping@cernet.edu.cn 1439 Jun Bi 1440 CERNET 1441 Network Research Center, Tsinghua University 1442 Beijing 100084 1443 China 1445 EMail: junbi@cernet.edu.cn