idnits 2.17.1 draft-an-savi-mib-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 7 instances of too long lines in the document, the longest one being 35 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 473 has weird spacing: '...n entry conta...' == Line 659 has weird spacing: '...n entry conta...' == Line 896 has weird spacing: '... of the bindi...' == Line 990 has weird spacing: '...315) of the c...' == Line 1044 has weird spacing: '... of the filte...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (July 17, 2017) is 2475 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2131' is defined on line 1305, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1325, but no explicit reference was found in the text == Unused Reference: 'RFC2223' is defined on line 1358, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 1362, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 1376, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Downref: Normative reference to an Informational RFC: RFC 7039 -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 3 errors (**), 0 flaws (~~), 12 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SAVI C. An 3 Internet-Draft J. Yang 4 Intended status: Standards Track J. Wu 5 Expires: January 18, 2018 J. Bi 6 Tsinghua University 7 July 17, 2017 9 Definition of Managed Objects for SAVI Protocol 10 draft-an-savi-mib-13 12 Abstract 14 This memo defines a portion of the Management Information Base (MIB) 15 for use with network management protocols in the Internet community. 16 In particular, it defines objects for managing SAVI (Source Address 17 Validation Improvements) protocol instance. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on January 18, 2018. 36 Copyright Notice 38 Copyright (c) 2017 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. The Internet-Standard Management Framework . . . . . . . . . 3 55 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 58 5.1. The SAVI System Table . . . . . . . . . . . . . . . . . . 4 59 5.2. The SAVI Port Table . . . . . . . . . . . . . . . . . . . 5 60 5.3. The SAVI Binding Table . . . . . . . . . . . . . . . . . 6 61 5.4. The SAVI Filtering Table . . . . . . . . . . . . . . . . 7 62 5.5. The SAVI Counting Table . . . . . . . . . . . . . . . . . 7 63 6. Textual Conventions . . . . . . . . . . . . . . . . . . . . . 8 64 7. Relationship to Other MIB Modules . . . . . . . . . . . . . . 8 65 7.1. Relationship to the INET-ADDRESS-MIB . . . . . . . . . . 8 66 7.2. Relationship to the IF-MIB . . . . . . . . . . . . . . . 9 67 7.3. MIB modules required for IMPORTS . . . . . . . . . . . . 9 68 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9 69 9. Security Considerations . . . . . . . . . . . . . . . . . . . 27 70 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 71 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 28 72 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 73 12.1. Normative References . . . . . . . . . . . . . . . . . . 28 74 12.2. Informative References . . . . . . . . . . . . . . . . . 29 75 12.3. URL References . . . . . . . . . . . . . . . . . . . . . 30 76 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 31 77 Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . 32 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33 80 1. Introduction 82 The Source Address Validation Improvement protocol was developed to 83 complement ingress filtering with finer-grained, standardized IP 84 source address validation(refer to [RFC7039]).A SAVI protocol 85 instance is located on the path of hosts' packets, enforcing the 86 hosts' use of legitimate IP source addresses. 88 SAVI protocol determines whether the IP address obtaining process is 89 legitimate according to IP address assignment method. For links with 90 Stateless Address Auto Configuration (SLAAC), Dynamic Host 91 Configuration Protocol (DHCP), and Secure Neighbor Discovery (SEND), 92 the process is defined in separate documents of SAVI Working Group 93 (refer to [RFC6620], [RFC7513], [RFC7219].) 94 This document defines a MIB module that can be used to manage the 95 SAVI protocol instance. It covers both configuration and status 96 monitoring aspects of SAVI implementations. 98 This document uses terminology from the SAVI Protocol specification. 100 2. The Internet-Standard Management Framework 102 For a detailed overview of the documents that describe the current 103 Internet-Standard Management Framework, please refer to section 7 of 104 RFC 3410 [RFC3410]. 106 Managed objects are accessed via a virtual information store, termed 107 the Management Information Base or MIB. MIB objects are generally 108 accessed through the Simple Network Management Protocol (SNMP). 109 Objects in the MIB are defined using the mechanisms defined in the 110 Structure of Management Information (SMI). This memo specifies a MIB 111 module that is compliant to the SMIv2, which is described in STD 58, 112 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 113 [RFC2580]. 115 3. Conventions 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 119 document are to be interpreted as described in RFC 2119 [RFC2119]. 121 4. Overview 123 The SAVI Protocol MIB module (SAVI-MIB) is conformant to SAVI 124 protocol, and is designed to: 126 o Support centralized management and monitoring of SAVI protocol 127 instance by standard SNMP protocol. 129 o Support configuration and querying of SAVI protocol parameters. 131 o Support configuration and querying of binding entries. Operators 132 may insert and delete manual binding entries. 134 o Support querying of filtering entries. 136 o Support querying of the count of packets dropped because of 137 validation failure for each interface. 139 Based on SAVI protocol, attributes and objects of a SAVI protocol 140 instance can be classified into five categories: 142 o System attributes. These attributes are corresponding to a SAVI 143 protocol instance, such as IP Address Assignment Methods and some 144 constants. 146 o Anchor attributes. These attributes are corresponding to a SAVI 147 anchor. Anchor is defined in [RFC7039]. 149 o Binding Status Table. This table contains the state of binding 150 between source address and binding anchor (refer to [RFC6620], 151 [RFC7513], [RFC7219]). 153 o Filtering Table. This table contains the bindings between binding 154 anchor and address, which is used to filter packets (refer to 155 [RFC6620], [RFC7513], [RFC7219]). 157 o Counting Table. This table contains the count of fail packets for 158 each interface. 160 A table is designed for each category of objects. 162 5. Structure of the MIB Module 164 This section presents the structure of the SAVI-MIB module. The MIB 165 objects are derived from the SAVI protocol specification. 167 This MIB is composed of a series of tables meant to form the base for 168 managing SAVI entities. The following subsections describe all 169 tables in the SAVI MIB module. 171 5.1. The SAVI System Table 173 The SAVI System Table (saviObjectsSystemTable) contains the objects 174 which are corresponding to SAVI system-wide parameters. It supports 175 the configuration and collection of SAVI system-wide parameters. 177 There is an entry for each IP stack, IPv4 and IPv6. The table is 178 indexed by: 180 o saviObjectsSystemIPVersion - The IP Version. A textual convention 181 InetVersion defined in RFC4001 is used to represent the different 182 version of IP protocol. 184 It contains the following objects: 186 o saviObjectsSystemSlaacEnable - If SAVI for SlAAC is enabled. 188 o saviObjectsSystemDhcpEnable - If SAVI for DHCP is enabled. 190 o saviObjectsSystemSendEnable - If SAVI for SEND is enabled. 192 o saviObjectsSystemManualEnable - If SAVI for MANUAL is enabled. 194 o saviObjectsSystemMaxDhcpResponseTime - A constant defined in SAVI 195 protocol (refer to [RFC7513]). 197 o saviObjectsSystemDataSnoopingInterval - A constant defined in SAVI 198 protocol (refer to [RFC7513]). 200 o saviObjectsSystemMaxLeaseQueryDelay - A constant defined in SAVI 201 protocol (refer to [RFC7513]). 203 o saviObjectsSystemOffLinkDelay - A constant defined in SAVI 204 protocol (refer to [RFC7513]). 206 o saviObjectsSystemDetectionTimeout - A constant defined in SAVI 207 protocol (refer to [RFC7513]). 209 o saviObjectsSystemTentLT - A constant defined in SAVI protocol 210 (refer to [RFC6620]). 212 o saviObjectsSystemDefaultLT - A constant defined in SAVI protocol 213 (refer to [RFC6620]). 215 o saviObjectsSystemTWAIT - A constant defined in SAVI protocol 216 (refer to [RFC6620]). 218 The MAX-ACCESS of these objects is READ-WRITE. Network Operators may 219 do configuration by setting these objects. 221 5.2. The SAVI Port Table 223 The SAVI Port Table (saviObjectsPortTable) contains the objects which 224 are corresponding to SAVI running parameters of each anchor. It 225 supports the configuration and collection of SAVI parameters of each 226 anchor. 228 There is an entry for each IP stack, IPv4 and IPv6. The table is 229 indexed by: 231 o saviObjectsPortIPVersion - The IP Version. 233 o saviObjectsPortIfIndex - The index value that uniquely identifies 234 the interface to which this entry is applicable. 236 It contains the following objects: 238 o saviObjectsPortValidatingAttr - An attribute defined in SAVI 239 protocol (refer to [RFC7513]). 241 o saviObjectsPortDhcpTrustAttr - An attribute defined in SAVI 242 protocol (refer to [RFC7513]). 244 o saviObjectsPortTrustAttr - An attribute defined in SAVI protocol 245 (refer to [RFC7513]). 247 o saviObjectsPortDhcpSnoopingAttr - An attribute defined in SAVI 248 protocol (refer to [RFC7513]). 250 o saviObjectsPortDataSnoopingAttr - An attribute defined in SAVI 251 protocol (refer to [RFC7513]). 253 o saviObjectsPortFilteringNum - The max filtering number of the 254 Port. 256 The MAX-ACCESS of these objects is READ-WRITE. Network Operators may 257 configure by setting these objects. 259 5.3. The SAVI Binding Table 261 The SAVI Binding Table (saviObjectsBindingTable) contains the objects 262 which are corresponding to Binding State Table (BST) defined in SAVI 263 protocol. It contains the binding parameters and state of each 264 binding entry. It supports the collection of binding entries. And 265 an entry can be inserted or deleted if it is a manual binding entry. 267 The table is indexed by: 269 o saviObjectsBindingIpAddressType - IP address type. A textual 270 convention InetAddressType defined in RFC4001 is used to represent 271 the different kind of IP address. 273 o saviObjectsBindingMethod - which IP address assignment method is 274 used to create the binding entry - manual(1), slaac(2), dhcp(3), 275 send(4). 277 o saviObjectsBindingIfIndex - The index value that uniquely 278 identifies the interface to which this entry is applicable. 280 o saviObjectsBindingIpAddress - The binding source IP address. A 281 textual convention InetAddress defined in RFC4001 is used to 282 define this object. 284 The SAVI Binding Table contains the following objects: 286 o saviObjectsBindingMacAddr - The binding source mac address. 288 o saviObjectsBindingState - The state of the binding entry. 290 o saviObjectsBindingLifetime - The remaining lifetime of the entry. 292 o saviObjectsBindingCreationtime - The value of the local clock when 293 the entry was firstly created. 295 o saviObjectsBindingTID - The Transaction ID (TID) (refer to RFC2131 296 and RFC3315) of the corresponding DHCP transaction. 298 o saviObjectsBindingRowStatus - The status of this row, by which new 299 entries may be created, or old entries be deleted from this table. 300 As defined in RFC2579, the RowStatus textual convention is used to 301 manage the creation and deletion of conceptual rows. For SAVI 302 Binding Table, an entry can be created or deleted only when 303 saviObjectsBindingMethod=manual. 305 The MAX-ACCESS of these objects is READ-CREATE. Network Operators 306 may create or delete an entry by setting these objects. 308 5.4. The SAVI Filtering Table 310 The SAVI Filtering Table (saviObjectsFilteringTable) contains the 311 objects which are corresponding to Filtering Table (FT) defined in 312 SAVI protocol. It supports the collection of filtering entries. 314 The table is indexed by: 316 o saviObjectsFilteringIpAddressType - IP address type. 318 o saviObjectsFilteringIfIndex - The index value that uniquely 319 identifies the interface to which this entry is applicable. 321 o saviObjectsFilteringIpAddress - The source IP address. 323 It contains the following objects: 325 o saviObjectsFilteringMacAddr - The source mac address. 327 The MAX-ACCESS of the object is READ-ONLY. 329 5.5. The SAVI Counting Table 331 The SAVI Counting Table (saviObjectsCountTable) contains the objects 332 counting packets dropped because of validation failure for each 333 interface. 335 The table is indexed by: 337 o saviObjectsCountIPVersion - IP Version. 339 o saviObjectsCountIfIndex - The index value that uniquely identifies 340 the interface to which this entry is applicable. 342 It contains the following objects: 344 o saviObjectsCountFilterPkts - The count of packets dropped because 345 of validation failure. 347 o saviObjectsCountFilterOctets - The count of octets dropped because 348 of validation failure. 350 The MAX-ACCESS of the object is READ-ONLY. 352 6. Textual Conventions 354 The textual conventions used in the SAVI-MIB are as follows. 356 The MODULE-COMPLIANCE,OBJECT-GROUP textual convention is imported 357 from SNMPv2-CONF [RFC2580]. The MODULE-IDENTITY, OBJECT-IDENTITY, 358 OBJECT-TYPE, Unsigned32 textual convention is imported from 359 SNMPv2-SMI [RFC2578]. 361 The MacAddress,TimeInterval,RowStatus textual convention is imported 362 from SNMPv2-TC [RFC2579]. 364 The InetVersion,InetAddressType,InetAddress textual convention is 365 imported from INET-ADDRESS-MIB [RFC4001]. 367 The InterfaceIndex textual convention is imported from IF-MIB 368 [RFC2863]. 370 The ip textual convention is imported from IP-MIB [RFC4293]. 372 7. Relationship to Other MIB Modules 374 7.1. Relationship to the INET-ADDRESS-MIB 376 To support extensibility, IETF defined new textual conventions to 377 represent different IP protocol and different IP address in a unified 378 formation in RFC4001. To support different IP version, a textual 379 convention InetVersion is defined to represent the different version 380 of IP protocol. To support different IP address, a generic Internet 381 address is defined. It consists of two objects: The first one has 382 the syntax InetAddressType, and the second object have the syntax 383 InetAddress. The value of the first object determines how the value 384 of the second is encoded. 386 Since SAVI running mode and parameter is independent of IPv4 and 387 IPv6, so different OID instances should be defined for each protocol. 388 In SAVI-MIB definition, when IP address is used as a part of binding 389 table, it is defined using textual conventions described in INET- 390 ADDRESS-MIB. 392 7.2. Relationship to the IF-MIB 394 The Interfaces MIB [RFC2863] defines generic managed objects for 395 managing interfaces. This document contains the interface-specific 396 extensions for managing SAVI anchors that are modeled as interfaces. 398 The IF-MIB module is required to be supported on the SAVI device. 399 The interface MUST be modeled as an ifEntry, and ifEntry objects such 400 as ifIndex are to be used as per [RFC2863]. 402 An ifIndex [RFC2863] is used as a common index for interfaces in the 403 SAVI-MIB modules. 405 7.3. MIB modules required for IMPORTS 407 The SAVI MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 408 SNMPv2-TC [RFC2579],SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET- 409 ADDRESS-MIB [RFC4001] . 411 8. Definitions 413 SAVI-MIB DEFINITIONS ::=BEGIN 415 IMPORTS 416 MODULE-COMPLIANCE,OBJECT-GROUP 417 FROM SNMPv2-CONF --RFC2580 418 MODULE-IDENTITY, OBJECT-IDENTITY, OBJECT-TYPE, Unsigned32 419 FROM SNMPv2-SMI --RFC2578 420 TEXTUAL-CONVENTION,MacAddress,TimeInterval,RowStatus 421 FROM SNMPv2-TC --RFC2579 422 InterfaceIndex 423 FROM IF-MIB --RFC2863 424 InetVersion,InetAddressType,InetAddress 425 FROM INET-ADDRESS-MIB --RFC4001 426 ip 427 FROM IP-MIB --RFC4293 428 ; 430 saviMIB MODULE-IDENTITY 431 LAST-UPDATED "201707070000Z" 432 ORGANIZATION 433 "IETF SAVI Working Group" 434 CONTACT-INFO 435 "WG charter: 436 http://datatracker.ietf.org/wg/savi/charter/ 438 Editor: 439 Changqing An 440 CERNET 441 Postal: Network Research Center, Tsinghua University 442 Beijing 100084 443 China 444 Email: acq@cernet.edu.cn 445 " 447 DESCRIPTION 448 "This MIB Module is designed to support configuration 449 and monitoring of SAVI protocol. 450 " 451 REVISION "201707070000Z" 452 DESCRIPTION 453 "Initial version" 454 ::= {ip XXX} 456 saviObjects OBJECT IDENTIFIER ::= { saviMIB 1 } 458 -- System parameters for SAVI protocol 460 saviObjectsSystemTable OBJECT-TYPE 461 SYNTAX SEQUENCE OF SaviObjectsSystemEntry 462 MAX-ACCESS not-accessible 463 STATUS current 464 DESCRIPTION 465 "The table containing savi system-wide parameters." 466 ::= { saviObjects 1 } 468 saviObjectsSystemEntry OBJECT-TYPE 469 SYNTAX SaviObjectsSystemEntry 470 MAX-ACCESS not-accessible 471 STATUS current 472 DESCRIPTION 473 "An entry containing savi system-wide parameters for a 474 particular IP version. 475 " 476 INDEX { saviObjectsSystemIPVersion } 477 ::= { saviObjectsSystemTable 1 } 479 SaviObjectsSystemEntry ::= 480 SEQUENCE { 481 saviObjectsSystemIPVersion InetVersion, 482 saviObjectsSystemSlaacEnable INTEGER, 483 saviObjectsSystemDhcpEnable INTEGER, 484 saviObjectsSystemSendEnable INTEGER, 485 saviObjectsSystemManualEnable INTEGER, 486 saviObjectsSystemMaxDhcpResponseTime TimeInterval, 487 saviObjectsSystemDataSnoopingInterval TimeInterval, 488 saviObjectsSystemMaxLeaseQueryDelay TimeInterval, 489 saviObjectsSystemOffLinkDelay TimeInterval, 490 saviObjectsSystemDetectionTimeout TimeInterval, 491 saviObjectsSystemTentLT TimeInterval, 492 saviObjectsSystemDefaultLT TimeInterval, 493 saviObjectsSystemTWAIT TimeInterval 494 } 496 saviObjectsSystemIPVersion OBJECT-TYPE 497 SYNTAX InetVersion 498 MAX-ACCESS not-accessible 499 STATUS current 500 DESCRIPTION 501 "The IP version " 502 ::= { saviObjectsSystemEntry 1 } 504 saviObjectsSystemSlaacEnable OBJECT-TYPE 505 SYNTAX INTEGER { 506 enable(1), 507 disable(2) 508 } 509 MAX-ACCESS read-write 510 STATUS current 511 DESCRIPTION 512 "If SAVI for SlAAC is enabled. " 513 ::= { saviObjectsSystemEntry 2 } 515 saviObjectsSystemDhcpEnable OBJECT-TYPE 516 SYNTAX INTEGER { 517 enable(1), 518 disable(2) 519 } 520 MAX-ACCESS read-write 521 STATUS current 522 DESCRIPTION 523 "If SAVI for DHCP is enabled. " 524 ::= { saviObjectsSystemEntry 3 } 526 saviObjectsSystemSendEnable OBJECT-TYPE 527 SYNTAX INTEGER { 528 enable(1), 529 disable(2) 530 } 531 MAX-ACCESS read-write 532 STATUS current 533 DESCRIPTION 534 "If SAVI for SEND is enabled. " 535 ::= { saviObjectsSystemEntry 4 } 537 saviObjectsSystemManualEnable OBJECT-TYPE 538 SYNTAX INTEGER { 539 enable(1), 540 disable(2) 541 } 542 MAX-ACCESS read-write 543 STATUS current 544 DESCRIPTION 545 "If SAVI for MANUAL is enabled. " 546 ::= { saviObjectsSystemEntry 5 } 548 saviObjectsSystemMaxDhcpResponseTime OBJECT-TYPE 549 SYNTAX TimeInterval 550 MAX-ACCESS read-write 551 STATUS current 552 DESCRIPTION 553 "A constant. 554 TimeInterval is defined in RFC 2579, it's a period of time, 555 measured in units of 0.01 seconds, 556 and the value is (0..2147483647). 557 " 558 ::= { saviObjectsSystemEntry 6 } 560 saviObjectsSystemDataSnoopingInterval OBJECT-TYPE 561 SYNTAX TimeInterval 562 MAX-ACCESS read-write 563 STATUS current 564 DESCRIPTION 565 "A constant. 566 TimeInterval is defined in RFC 2579, it's a period of time, 567 measured in units of 0.01 seconds, 568 and the value is (0..2147483647). 569 " 570 ::= { saviObjectsSystemEntry 7 } 572 saviObjectsSystemMaxLeaseQueryDelay OBJECT-TYPE 573 SYNTAX TimeInterval 574 MAX-ACCESS read-write 575 STATUS current 576 DESCRIPTION 577 "A constant. 578 TimeInterval is defined in RFC 2579, it's a period of time, 579 measured in units of 0.01 seconds, 580 and the value is (0..2147483647). 581 " 582 ::= { saviObjectsSystemEntry 8 } 584 saviObjectsSystemOffLinkDelay OBJECT-TYPE 585 SYNTAX TimeInterval 586 MAX-ACCESS read-write 587 STATUS current 588 DESCRIPTION 589 "A constant. 590 TimeInterval is defined in RFC 2579, it's a period of time, 591 measured in units of 0.01 seconds, 592 and the value is (0..2147483647). 593 " 594 ::= { saviObjectsSystemEntry 9 } 596 saviObjectsSystemDetectionTimeout OBJECT-TYPE 597 SYNTAX TimeInterval 598 MAX-ACCESS read-write 599 STATUS current 600 DESCRIPTION 601 "A constant. 602 TimeInterval is defined in RFC 2579, it's a period of time, 603 measured in units of 0.01 seconds, 604 and the value is (0..2147483647). 605 " 606 ::= { saviObjectsSystemEntry 10 } 608 saviObjectsSystemTentLT OBJECT-TYPE 609 SYNTAX TimeInterval 610 MAX-ACCESS read-write 611 STATUS current 612 DESCRIPTION 613 "A constant. 614 TimeInterval is defined in RFC 2579, it's a period of time, 615 measured in units of 0.01 seconds, 616 and the value is (0..2147483647). 617 " 618 ::= { saviObjectsSystemEntry 11 } 620 saviObjectsSystemDefaultLT OBJECT-TYPE 621 SYNTAX TimeInterval 622 MAX-ACCESS read-write 623 STATUS current 624 DESCRIPTION 625 "A constant. 626 TimeInterval is defined in RFC 2579, it's a period of time, 627 measured in units of 0.01 seconds, 628 and the value is (0..2147483647). 629 " 630 ::= { saviObjectsSystemEntry 12 } 632 saviObjectsSystemTWAIT OBJECT-TYPE 633 SYNTAX TimeInterval 634 MAX-ACCESS read-write 635 STATUS current 636 DESCRIPTION 637 "A constant. 638 TimeInterval is defined in RFC 2579, it's a period of time, 639 measured in units of 0.01 seconds, 640 and the value is (0..2147483647). 641 " 642 ::= { saviObjectsSystemEntry 13 } 644 -- Preference parameters for SAVI protocol 646 saviObjectsPreferenceTable OBJECT-TYPE 647 SYNTAX SEQUENCE OF SaviObjectsPreferenceEntry 648 MAX-ACCESS not-accessible 649 STATUS current 650 DESCRIPTION 651 "The table containing savi preference parameters." 652 ::= { saviObjects 2 } 654 saviObjectsPreferenceEntry OBJECT-TYPE 655 SYNTAX SaviObjectsPreferenceEntry 656 MAX-ACCESS not-accessible 657 STATUS current 658 DESCRIPTION 659 "An entry containing savi system-wide parameters for a 660 particular IP version. 661 " 662 INDEX { saviObjectsPreferenceIPVersion } 663 ::= { saviObjectsPreferenceTable 1 } 665 SaviObjectsPreferenceEntry ::= 666 SEQUENCE { 667 saviObjectsPreferenceIPVersion InetVersion, 668 saviObjectsPreferenceSlaac INTEGER, 669 saviObjectsPreferenceDhcp INTEGER, 670 saviObjectsPreferenceSend INTEGER, 671 saviObjectsPreferenceManual INTEGER 672 } 674 saviObjectsPreferenceIPVersion OBJECT-TYPE 675 SYNTAX InetVersion 676 MAX-ACCESS not-accessible 677 STATUS current 678 DESCRIPTION 679 "The IP version " 680 ::= { saviObjectsPreferenceEntry 1 } 682 saviObjectsPreferenceSlaac OBJECT-TYPE 683 SYNTAX INTEGER 684 MAX-ACCESS read-write 685 STATUS current 686 DESCRIPTION 687 "Preference of SAVI-SLAAC. " 688 ::= { saviObjectsPreferenceEntry 2 } 690 saviObjectsPreferenceDhcp OBJECT-TYPE 691 SYNTAX INTEGER 692 MAX-ACCESS read-write 693 STATUS current 694 DESCRIPTION 695 "Preference of SAVI-DHCP." 696 ::= { saviObjectsPreferenceEntry 3 } 698 saviObjectsPreferenceSend OBJECT-TYPE 699 SYNTAX INTEGER 700 MAX-ACCESS read-write 701 STATUS current 702 DESCRIPTION 703 "Preference of SAVI-SEND. " 704 ::= { saviObjectsPreferenceEntry 4 } 706 saviObjectsPreferenceManual OBJECT-TYPE 707 SYNTAX INTEGER 708 MAX-ACCESS read-write 709 STATUS current 710 DESCRIPTION 711 "Preference of SAVI-MANUAL. " 712 ::= { saviObjectsPreferenceEntry 5 } 714 -- Port parameters for SAVI protocol 716 saviObjectsPortTable OBJECT-TYPE 717 SYNTAX SEQUENCE OF SaviObjectsPortEntry 718 MAX-ACCESS not-accessible 719 STATUS current 720 DESCRIPTION 721 "The table containing SAVI parameters of each anchor." 722 ::= { saviObjects 3 } 724 saviObjectsPortEntry OBJECT-TYPE 725 SYNTAX SaviObjectsPortEntry 726 MAX-ACCESS not-accessible 727 STATUS current 728 DESCRIPTION 729 "An entry containing SAVI running parameters of an anchor." 730 INDEX { 731 saviObjectsPortIPVersion, 732 saviObjectsPortIfIndex 733 } 734 ::= { saviObjectsPortTable 1 } 736 SaviObjectsPortEntry ::= 737 SEQUENCE { 738 saviObjectsPortIPVersion InetVersion, 739 saviObjectsPortIfIndex InterfaceIndex, 740 saviObjectsPortValidatingAttr INTEGER, 741 saviObjectsPortDhcpTrustAttr INTEGER, 742 saviObjectsPortTrustAttr INTEGER, 743 saviObjectsPortDhcpSnoopingAttr INTEGER, 744 saviObjectsPortDataSnoopingAttr INTEGER, 745 saviObjectsPortFilteringNum Unsigned32 746 } 748 saviObjectsPortIPVersion OBJECT-TYPE 749 SYNTAX InetVersion 750 MAX-ACCESS not-accessible 751 STATUS current 752 DESCRIPTION 753 "The IP version " 754 ::= { saviObjectsPortEntry 1 } 756 saviObjectsPortIfIndex OBJECT-TYPE 757 SYNTAX InterfaceIndex 758 MAX-ACCESS not-accessible 759 STATUS current 760 DESCRIPTION 761 "The index value that uniquely identifies the interface to 762 which this entry is applicable. The interface identified by 763 a particular value of this index is the same interface as 764 identified by the same value of the IF-MIB's ifIndex. 765 " 766 ::= { saviObjectsPortEntry 2 } 768 saviObjectsPortValidatingAttr OBJECT-TYPE 769 SYNTAX INTEGER { 770 enable(1), 771 disable(2) 772 } 773 MAX-ACCESS read-write 774 STATUS current 775 DESCRIPTION 776 "An attribute defined in SAVI protocol. 777 enable(1), the attribute is set. 778 disable(2), the attribute is not set. 779 " 780 ::= { saviObjectsPortEntry 3 } 782 saviObjectsPortDhcpTrustAttr OBJECT-TYPE 783 SYNTAX INTEGER { 784 enable(1), 785 disable(2) 786 } 787 MAX-ACCESS read-write 788 STATUS current 789 DESCRIPTION 790 "An attribute defined in SAVI protocol. 791 enable(1), the attribute is set. 792 disable(2), the attribute is not set. 793 " 794 ::= { saviObjectsPortEntry 4 } 796 saviObjectsPortTrustAttr OBJECT-TYPE 797 SYNTAX INTEGER { 798 enable(1), 799 disable(2) 800 } 801 MAX-ACCESS read-write 802 STATUS current 803 DESCRIPTION 804 "An attribute defined in SAVI protocol. 805 enable(1), the attribute is set. 806 disable(2), the attribute is not set. 807 " 809 ::= { saviObjectsPortEntry 5 } 811 saviObjectsPortDhcpSnoopingAttr OBJECT-TYPE 812 SYNTAX INTEGER { 813 enable(1), 814 disable(2) 815 } 816 MAX-ACCESS read-write 817 STATUS current 818 DESCRIPTION 819 "An attribute defined in SAVI protocol. 820 enable(1), the attribute is set. 821 disable(2), the attribute is not set. 822 " 823 ::= { saviObjectsPortEntry 6 } 825 saviObjectsPortDataSnoopingAttr OBJECT-TYPE 826 SYNTAX INTEGER { 827 enable(1), 828 disable(2) 829 } 830 MAX-ACCESS read-write 831 STATUS current 832 DESCRIPTION 833 "An attribute defined in SAVI protocol. 834 enable(1), the attribute is set. 835 disable(2), the attribute is not set. 836 " 837 ::= { saviObjectsPortEntry 7 } 839 saviObjectsPortFilteringNum OBJECT-TYPE 840 SYNTAX Unsigned32 841 MAX-ACCESS read-write 842 STATUS current 843 DESCRIPTION 844 "The max filtering number of the Port." 845 ::= { saviObjectsPortEntry 8 } 847 -- Binding Status Table for SAVI protocol 849 saviObjectsBindingTable OBJECT-TYPE 850 SYNTAX SEQUENCE OF SaviObjectsBindingEntry 851 MAX-ACCESS not-accessible 852 STATUS current 853 DESCRIPTION 854 "The table containing the state of binding 855 between source address and anchor. 856 " 857 ::= { saviObjects 4 } 859 saviObjectsBindingEntry OBJECT-TYPE 860 SYNTAX SaviObjectsBindingEntry 861 MAX-ACCESS not-accessible 862 STATUS current 863 DESCRIPTION 864 "An entry containing the state of binding between source 865 address and anchor. 866 Entries are keyed on the source IP address type, 867 binding type, anchor, and source IP address. 868 " 869 INDEX { 870 saviObjectsBindingIpAddressType, 871 saviObjectsBindingMethod, 872 saviObjectsBindingIfIndex, 873 saviObjectsBindingIpAddress 874 } 875 ::= { saviObjectsBindingTable 1 } 877 SaviObjectsBindingEntry ::= 878 SEQUENCE { 879 saviObjectsBindingIpAddressType InetAddressType, 880 saviObjectsBindingMethod INTEGER, 881 saviObjectsBindingIfIndex InterfaceIndex, 882 saviObjectsBindingIpAddress InetAddress, 883 saviObjectsBindingMacAddr MacAddress, 884 saviObjectsBindingState INTEGER, 885 saviObjectsBindingLifetime TimeInterval, 886 saviObjectsBindingCreationtime DateAndTime, 887 saviObjectsBindingTID INTEGER, 888 saviObjectsBindingRowStatus RowStatus 889 } 891 saviObjectsBindingIpAddressType OBJECT-TYPE 892 SYNTAX InetAddressType 893 MAX-ACCESS not-accessible 894 STATUS current 895 DESCRIPTION 896 "IP address type of the binding source IP." 897 ::= { saviObjectsBindingEntry 1 } 899 saviObjectsBindingMethod OBJECT-TYPE 900 SYNTAX INTEGER { 901 manual(1), 902 slaac(2), 903 dhcp(3), 904 send(4) 905 } 906 MAX-ACCESS not-accessible 907 STATUS current 908 DESCRIPTION 909 "IP address assignment methods." 910 ::= { saviObjectsBindingEntry 2 } 912 saviObjectsBindingIfIndex OBJECT-TYPE 913 SYNTAX InterfaceIndex 914 MAX-ACCESS not-accessible 915 STATUS current 916 DESCRIPTION 917 "The index value that uniquely identifies the interface to 918 which this entry is applicable. The interface identified by 919 a particular value of this index is the same interface as 920 identified by the same value of the IF-MIB's ifIndex. 921 " 922 ::= { saviObjectsBindingEntry 3 } 924 saviObjectsBindingIpAddress OBJECT-TYPE 925 SYNTAX InetAddress 926 MAX-ACCESS not-accessible 927 STATUS current 928 DESCRIPTION 929 "The binding source IP address" 930 ::= { saviObjectsBindingEntry 4 } 932 saviObjectsBindingMacAddr OBJECT-TYPE 933 SYNTAX MacAddress 934 MAX-ACCESS read-create 935 STATUS current 936 DESCRIPTION 937 "The binding source mac address." 938 ::= { saviObjectsBindingEntry 5 } 940 saviObjectsBindingState OBJECT-TYPE 941 SYNTAX INTEGER { 942 NO_BIND(1), 943 INIT_BIND(2), 944 BOUND(3), 945 DETECTION(4), 946 RECOVERY(5), 947 VERIFY(6), 948 TENTATIVE(7), 949 VALID(8), 950 TESTING_TP-LT(9), 951 TESTING_VP(10), 952 TESTING_VP-1(11), 953 TENTATIVE_NUD(12), 954 TENTATIVE_DAD(13) 955 } 956 MAX-ACCESS read-create 957 STATUS current 958 DESCRIPTION 959 "The state of the binding entry. " 960 ::= { saviObjectsBindingEntry 6 } 962 saviObjectsBindingLifetime OBJECT-TYPE 963 SYNTAX TimeInterval 964 MAX-ACCESS read-create 965 STATUS current 966 DESCRIPTION 967 "The remaining lifetime of the entry. 968 TimeInterval is defined in RFC 2579, it's a period of time, 969 measured in units of 0.01 seconds, 970 and the value is (0..2147483647). 971 If saviObjectsBindingMethod=manual, a value of 2147483647 972 represents infinity. 973 " 974 ::= { saviObjectsBindingEntry 7 } 976 saviObjectsBindingCreationtime OBJECT-TYPE 977 SYNTAX DateAndTime 978 MAX-ACCESS read-create 979 STATUS current 980 DESCRIPTION 981 "The value of the local clock when the entry was firstly created. 982 " 983 ::= { saviObjectsBindingEntry 8 } 985 saviObjectsBindingTID OBJECT-TYPE 986 SYNTAX INTEGER 987 MAX-ACCESS read-create 988 STATUS current 989 DESCRIPTION 990 "The Transaction ID (TID) (refer to RFC2131 and RFC3315) of the corresponding DHCP transaction. 991 " 992 ::= { saviObjectsBindingEntry 9 } 994 saviObjectsBindingRowStatus OBJECT-TYPE 995 SYNTAX RowStatus 996 MAX-ACCESS read-create 997 STATUS current 998 DESCRIPTION 999 "The status of this row, by which new entries may be 1000 created, or old entries deleted from this table. 1001 An Entry can be created or deleted only when 1002 saviObjectsBindingMethod=manual. 1003 " 1004 ::= { saviObjectsBindingEntry 10 } 1006 -- Filtering Table for SAVI protocol 1008 saviObjectsFilteringTable OBJECT-TYPE 1009 SYNTAX SEQUENCE OF SaviObjectsFilteringEntry 1010 MAX-ACCESS not-accessible 1011 STATUS current 1012 DESCRIPTION 1013 "The table containing the filtering entries." 1014 ::= { saviObjects 5 } 1016 saviObjectsFilteringEntry OBJECT-TYPE 1017 SYNTAX SaviObjectsFilteringEntry 1018 MAX-ACCESS not-accessible 1019 STATUS current 1020 DESCRIPTION 1021 "An entry containing the filtering parameters. 1022 Entries are keyed on the source IP address type, 1023 anchor, and source IP address. 1024 " 1025 INDEX { saviObjectsFilteringIpAddressType, 1026 saviObjectsFilteringIfIndex, 1027 saviObjectsFilteringIpAddress 1028 } 1029 ::= { saviObjectsFilteringTable 1 } 1031 SaviObjectsFilteringEntry ::= 1032 SEQUENCE { 1033 saviObjectsFilteringIpAddressType InetAddressType, 1034 saviObjectsFilteringIfIndex InterfaceIndex, 1035 saviObjectsFilteringIpAddress InetAddress, 1036 saviObjectsFilteringMacAddr MacAddress 1037 } 1039 saviObjectsFilteringIpAddressType OBJECT-TYPE 1040 SYNTAX InetAddressType 1041 MAX-ACCESS not-accessible 1042 STATUS current 1043 DESCRIPTION 1044 "IP address type of the filtering source IP" 1045 ::= { saviObjectsFilteringEntry 1 } 1047 saviObjectsFilteringIfIndex OBJECT-TYPE 1048 SYNTAX InterfaceIndex 1049 MAX-ACCESS not-accessible 1050 STATUS current 1051 DESCRIPTION 1052 "The index value that uniquely identifies the interface to 1053 which this entry is applicable. The interface identified by 1054 a particular value of this index is the same interface as 1055 identified by the same value of the IF-MIB's ifIndex. 1056 " 1057 ::= { saviObjectsFilteringEntry 2 } 1059 saviObjectsFilteringIpAddress OBJECT-TYPE 1060 SYNTAX InetAddress 1061 MAX-ACCESS not-accessible 1062 STATUS current 1063 DESCRIPTION 1064 "The filtering source IP address." 1065 ::= { saviObjectsFilteringEntry 3 } 1067 saviObjectsFilteringMacAddr OBJECT-TYPE 1068 SYNTAX MacAddress 1069 MAX-ACCESS read-only 1070 STATUS current 1071 DESCRIPTION 1072 "The filtering source mac address." 1073 ::= { saviObjectsFilteringEntry 4 } 1075 --Count of packets dropped because of validation failure for each interface. 1077 saviObjectsCountTable OBJECT-TYPE 1078 SYNTAX SEQUENCE OF saviObjectsCountEntry 1079 MAX-ACCESS not-accessible 1080 STATUS current 1081 DESCRIPTION 1082 "The table containing count of packets dropped because of validation failure." 1083 ::= { saviObjects 6 } 1085 saviObjectsCountEntry OBJECT-TYPE 1086 SYNTAX saviObjectsCountEntry 1087 MAX-ACCESS not-accessible 1088 STATUS current 1089 DESCRIPTION 1090 "An entry containing count of packets dropped because of validation failure for each interface." 1091 INDEX { saviObjectsCountIPVersion, 1092 saviObjectsCountIfIndex 1093 } 1094 ::= { saviObjectsCountTable 1 } 1096 saviObjectsCountEntry ::= 1097 SEQUENCE { 1098 saviObjectsCountIPVersion InetVersion, 1099 saviObjectsCountIfIndex InterfaceIndex, 1100 saviObjectsCountFilterPkts Counter64, 1101 saviObjectsCountFilterOctets Counter64 1102 } 1104 saviObjectsCountIPVersion OBJECT-TYPE 1105 SYNTAX InetVersion 1106 MAX-ACCESS not-accessible 1107 STATUS current 1108 DESCRIPTION 1109 "The IP version " 1110 ::= { saviObjectsCountEntry 1 } 1112 saviObjectsCountIfIndex OBJECT-TYPE 1113 SYNTAX InterfaceIndex 1114 MAX-ACCESS not-accessible 1115 STATUS current 1116 DESCRIPTION 1117 "The Interface." 1118 ::= { saviObjectsCountEntry 2 } 1120 saviObjectsCountFilterPkts OBJECT-TYPE 1121 SYNTAX Counter64 1122 MAX-ACCESS read-only 1123 STATUS current 1124 DESCRIPTION 1125 "The count of Pkts dropped." 1126 ::= { saviObjectsCountEntry 3 } 1128 saviObjectsCountFilterOctets OBJECT-TYPE 1129 SYNTAX Counter64 1130 MAX-ACCESS read-only 1131 STATUS current 1132 DESCRIPTION 1133 "The count of Octets dropped." 1135 ::= { saviObjectsCountEntry 4 } 1137 -- Conformance information 1138 saviConformance OBJECT IDENTIFIER ::= { saviMIB 2 } 1139 saviCompliances OBJECT IDENTIFIER ::= { saviConformance 1 } 1141 -- Compliance statements 1142 saviCompliance MODULE-COMPLIANCE 1143 STATUS current 1144 DESCRIPTION 1145 "The compliance statement for entities which implement SAVI 1146 protocol. 1147 " 1148 MODULE 1149 MANDATORY-GROUPS { 1150 systemGroup, 1151 portGroup, 1152 bindingGroup, 1153 filteringGroup 1154 } 1155 ::= { saviCompliances 1} 1157 saviGroups OBJECT IDENTIFIER ::= { saviConformance 2 } 1159 --Units of conformance 1161 systemGroup OBJECT-GROUP 1162 OBJECTS { 1163 saviObjectsSystemSlaacEnable, 1164 saviObjectsSystemDhcpEnable, 1165 saviObjectsSystemSendEnable, 1166 saviObjectsSystemManualEnable, 1167 saviObjectsSystemMaxDhcpResponseTime, 1168 saviObjectsSystemDataSnoopingInterval, 1169 saviObjectsSystemMaxLeaseQueryDelay, 1170 saviObjectsSystemOffLinkDelay, 1171 saviObjectsSystemDetectionTimeout, 1172 saviObjectsSystemTentLT, 1173 saviObjectsSystemDefaultLT, 1174 saviObjectsSystemTWAIT 1175 } 1176 STATUS current 1177 DESCRIPTION 1178 "The system group contains objects corrsponding to savi system 1179 parameters. 1180 " 1181 ::= {saviGroups 1} 1183 portGroup OBJECT-GROUP 1184 OBJECTS { 1185 saviObjectsPortValidatingAttr, 1186 saviObjectsPortDhcpTrustAttr, 1187 saviObjectsPortTrustAttr, 1188 saviObjectsPortDhcpSnoopingAttr, 1189 saviObjectsPortDataSnoopingAttr, 1190 saviObjectsPortFilteringNum 1191 } 1192 STATUS current 1193 DESCRIPTION 1194 "The if group contains objects corresponding to the savi running 1195 parameters of each anchor. 1196 " 1197 ::= {saviGroups 2} 1199 bindingGroup OBJECT-GROUP 1200 OBJECTS { 1201 saviObjectsBindingMacAddr, 1202 saviObjectsBindingState, 1203 saviObjectsBindingLifetime, 1204 saviObjectsBindingCreationtime, 1205 saviObjectsBindingTID, 1206 saviObjectsBindingRowStatus 1207 } 1208 STATUS current 1209 DESCRIPTION 1210 "The binding group contains the binding 1211 information of anchor and soure ip address. 1212 " 1213 ::= {saviGroups 3} 1215 filteringGroup OBJECT-GROUP 1216 OBJECTS { 1217 saviObjectsFilteringMacAddr 1218 } 1219 STATUS current 1220 DESCRIPTION 1221 "The filtering group contains the filtering 1222 information of anchor and soure ip address. 1223 " 1224 ::= {saviGroups 4} 1226 END 1227 9. Security Considerations 1229 There are a number of management objects defined in this MIB module 1230 with a MAX-ACCESS clause of read-write and/or read-create. Such 1231 objects may be considered sensitive or vulnerable in some network 1232 environments. The support for SET operations in a non-secure 1233 environment without proper protection can have a negative effect on 1234 network operations. These are the tables and objects and their 1235 sensitivity/vulnerability: 1237 o saviObjectsSystemTable - Unauthorized changes to the writable 1238 objects under saviObjectsSystemTable MAY disrupt allocation of 1239 resources in the network. For example, a device's SAVI system 1240 mode be changed by set operation to SAVI-DISABLE will give chance 1241 to IP source address spoofing. 1243 o saviObjectsPortTable - Unauthorized changes to the writable 1244 objects under saviObjectsPortTable MAY disrupt allocation of 1245 resources in the network. For example, an anchor's ValidatingAttr 1246 be changed by set operation to DISABLE will give chance to IP 1247 source address spoofing. 1249 o saviObjectsBindingTable - Unauthorized changes to the writable 1250 objects under this table MAY disrupt allocation of resources in 1251 the network. For example, a manual binding entry is inserted to 1252 the BST will give chance to IP source address spoofing. 1254 Some of the readable objects in this MIB module (i.e., objects with a 1255 MAX-ACCESS other than not-accessible) may be considered sensitive or 1256 vulnerable in some network environments. It is thus important to 1257 control even GET and/or NOTIFY access to these objects and possibly 1258 to even encrypt the values of these objects when sending them over 1259 the network via SNMP. These are the tables and objects and their 1260 sensitivity/vulnerability: 1262 o saviObjectsBindingTable, saviObjectsFilteringTable - The IP 1263 address and binding anchor information will be helpful to some 1264 attacks. 1266 SNMP versions prior to SNMPv3 did not include adequate security. 1267 Even if the network itself is secure (for example by using IPsec), 1268 there is no control as to who on the secure network is allowed to 1269 access and GET/SET (read/change/create/delete) the objects in this 1270 MIB module. 1272 It is RECOMMENDED that implementers consider the security features as 1273 provided by the SNMPv3 framework (see [RFC3410], section 8), 1274 including full support for the SNMPv3 cryptographic mechanisms (for 1275 authentication and privacy). 1277 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1278 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1279 enable cryptographic security. It is then a customer/operator 1280 responsibility to ensure that the SNMP entity giving access to an 1281 instance of this MIB module is properly configured to give access to 1282 the objects only to those principals (users) that have legitimate 1283 rights to indeed GET or SET (change/create/delete) them. 1285 10. IANA Considerations 1287 The MIB module in this document uses the following IANA-assigned 1288 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1290 Descriptor OBJECT IDENTIFIER value 1291 ---------- ----------------------- 1292 SAVI-MIB { ip XXX } 1294 11. Contributors 1296 12. References 1298 12.1. Normative References 1300 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1301 Requirement Levels", BCP 14, RFC 2119, 1302 DOI 10.17487/RFC2119, March 1997, 1303 . 1305 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", 1306 RFC 2131, DOI 10.17487/RFC2131, March 1997, 1307 . 1309 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1310 Schoenwaelder, Ed., "Structure of Management Information 1311 Version 2 (SMIv2)", STD 58, RFC 2578, 1312 DOI 10.17487/RFC2578, April 1999, 1313 . 1315 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1316 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1317 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 1318 . 1320 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1321 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 1322 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 1323 . 1325 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 1326 C., and M. Carney, "Dynamic Host Configuration Protocol 1327 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 1328 2003, . 1330 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1331 Schoenwaelder, "Textual Conventions for Internet Network 1332 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 1333 . 1335 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS 1336 SAVI: First-Come, First-Served Source Address Validation 1337 Improvement for Locally Assigned IPv6 Addresses", 1338 RFC 6620, DOI 10.17487/RFC6620, May 2012, 1339 . 1341 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., 1342 "Source Address Validation Improvement (SAVI) Framework", 1343 RFC 7039, DOI 10.17487/RFC7039, October 2013, 1344 . 1346 [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor 1347 Discovery (SEND) Source Address Validation Improvement 1348 (SAVI)", RFC 7219, DOI 10.17487/RFC7219, May 2014, 1349 . 1351 [RFC7513] Bi, J., Wu, J., Yao, G., and F. Baker, "Source Address 1352 Validation Improvement (SAVI) Solution for DHCP", 1353 RFC 7513, DOI 10.17487/RFC7513, May 2015, 1354 . 1356 12.2. Informative References 1358 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 1359 RFC 2223, DOI 10.17487/RFC2223, October 1997, 1360 . 1362 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1363 DOI 10.17487/RFC2629, June 1999, 1364 . 1366 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1367 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 1368 . 1370 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1371 "Introduction and Applicability Statements for Internet- 1372 Standard Management Framework", RFC 3410, 1373 DOI 10.17487/RFC3410, December 2002, 1374 . 1376 [RFC4181] Heard, C., Ed., "Guidelines for Authors and Reviewers of 1377 MIB Documents", BCP 111, RFC 4181, DOI 10.17487/RFC4181, 1378 September 2005, . 1380 [RFC4293] Routhier, S., Ed., "Management Information Base for the 1381 Internet Protocol (IP)", RFC 4293, DOI 10.17487/RFC4293, 1382 April 2006, . 1384 12.3. URL References 1386 [idguidelines] 1387 IETF Internet Drafts editor, 1388 "http://www.ietf.org/ietf/1id-guidelines.txt". 1390 [idnits] IETF Internet Drafts editor, 1391 "http://www.ietf.org/ID-Checklist.html". 1393 [ietf] IETF Tools Team, "http://tools.ietf.org". 1395 [ops] the IETF OPS Area, "http://www.ops.ietf.org". 1397 [xml2rfc] XML2RFC tools and documentation, 1398 "http://xml.resource.org". 1400 Appendix A. Change Log 1402 From draft 00 to draft 01 1404 o Change the value range of object saviObjectsSystemMode and add a 1405 new value savi-send(6). 1407 From draft 01 to draft 02 1409 o Change saviObjectsTrustStatus into two booleans, one is 1410 saviObjectsDhcpTrustStatus, another is saviObjectsRaTrustStatus. 1412 o Change the character string saviObjectsIf to saviObjectsPort 1413 globally. 1415 o Change saviObjectsBindingState according to the latest version of 1416 solution drafts. 1418 From draft 02 to draft 03 1420 o Add a new object saviObjectsPortBindRecoveryAttr, and change the 1421 object saviObjectsPortRaTrustStatus to saviObjectsPortTrustAttr 1422 according to the latest version of solution drafts and RFC. 1424 o Change the value range and meaning of saviObjectsBindingState 1425 according to the latest version of solution drafts and RFC. 1427 o Change the value range of object saviObjectsBindingType, add a new 1428 value send(4), and change the value static(1) to manual(1). 1430 From draft 03 to draft 04 1432 o Add three new objects according to the latest version of solution 1433 drafts and RFC, i.e. saviObjectsSystemTentLT, 1434 saviObjectsSystemDefaultLT, saviObjectsSystemTWAIT. 1436 From draft 04 to draft 05 1438 o Add two new objects according to the latest version of solution 1439 drafts and RFC, i.e. saviObjectsBindingCreationtime, 1440 saviObjectsBindingTID. 1442 From draft 05 to draft 06 1444 o Add three new objects, saviObjectsSystemDadTimeout, 1445 saviObjectsPortDhcpSnoopingAttr and 1446 saviObjectsPortDataSnoopingAttr. 1448 o Replace object saviObjectsSystemBindRecoveryInterval with 1449 saviObjectsSystemDataSnoopingInterval. 1451 o Replace object saviObjectsPortSAVISAVIAttr with 1452 saviObjectsPortTrustAttr. 1454 o Delete object saviObjectsPortBindRecoveryAttr. 1456 From draft 06 to draft 07 1458 o Replace object saviObjectsSystemDadTimeout with 1459 saviObjectsSystemDetectionTimeout. 1461 From draft 07 to draft 08 1463 o Add a new table to count the fail packets of each interface. 1465 From draft 08 to draft 09 1467 o Change the value range and meaning of saviObjectsBindingState 1468 according to the latest version of solution RFC. 1470 From draft 09 to draft 10 1472 o Replace object saviObjectsSystemMode with 1473 saviObjectsSystemSlaacEnable, saviObjectsSystemDhcpEnable, 1474 saviObjectsSystemSendEnable, saviObjectsManualEnable. 1476 From draft 10 to draft 11 1478 o Add a new table SaviObjectsPreferenceTable to reflect the 1479 preference of each savi method. 1481 From draft 11 to draft 12 1483 o Replace object saviObjectsBindingType with 1484 saviObjectsBindingMethod. 1486 From draft 12 to draft 13 1488 o Add a new object saviObjectsCountFilterOctets to count the octets 1489 dropped by SAVI protocol. 1491 Appendix B. Open Issues 1493 Note to RFC Editor: please remove this appendix before publication as 1494 an RFC. 1496 Authors' Addresses 1498 Changqing An 1499 Tsinghua University 1500 Institute for Network Sciences and Cyberspace, Tsinghua University 1501 Beijing 100084 1502 China 1504 Phone: +86 10 62603113 1505 EMail: acq@cernet.edu.cn 1507 Jiahai Yang 1508 Tsinghua University 1509 Institute for Network Sciences and Cyberspace, Tsinghua University 1510 Beijing 100084 1511 China 1513 Phone: +86 10 62783492 1514 EMail: yang@cernet.edu.cn 1516 Jianping Wu 1517 Tsinghua University 1518 Institute for Network Sciences and Cyberspace, Tsinghua University 1519 Beijing 100084 1520 China 1522 EMail: jianping@cernet.edu.cn 1524 Jun Bi 1525 Tsinghua University 1526 Institute for Network Sciences and Cyberspace, Tsinghua University 1527 Beijing 100084 1528 China 1530 EMail: junbi@cernet.edu.cn