idnits 2.17.1 draft-dhody-pce-pcep-pathkey-mib-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 2) being 71 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 671: '... It is RECOMMENDED that implementers...' RFC 2119 keyword, line 677: '... RECOMMENDED. Instead, it is RECOMM...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 6, 2010) is 4944 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 5520' is mentioned on line 93, but not defined == Unused Reference: 'RFC5520' is defined on line 731, but no explicit reference was found in the text Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PCE Working Group D. Dhody 3 Internet-Draft U. Palle 4 Intended status: Standards Track Q. Zhao 5 Expires: April 9, 2011 Huawei Technology 6 D. King 7 Old Dog Consulting 8 October 6, 2010 10 Management Information Base for the PCE Communications Protocol (PCEP) 11 for Path-Key-Based Inter-Domain Path Computation 12 draft-dhody-pce-pcep-pathkey-mib-00 14 Abstract 16 This memo defines an experimental portion of the Management 17 Information Base for use with network management protocols in the 18 Internet community. In particular, it describes managed objects for 19 modeling of the Path Computation Element communication Protocol 20 (PCEP)for communications between a Path Computation Client (PCC)and a 21 Path Computation Element (PCE), or between two PCEs when path-key- 22 based inter-domain path computation is requested. 24 Status of this Memo 26 This Internet-Draft is submitted to IETF in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF), its areas, and its working groups. Note that 31 other groups may also distribute working documents as Internet- 32 Drafts. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 The list of current Internet-Drafts can be accessed at 40 http://www.ietf.org/ietf/1id-abstracts.txt. 42 The list of Internet-Draft Shadow Directories can be accessed at 43 http://www.ietf.org/shadow.html. 45 This Internet-Draft will expire on April 9, 2011. 47 Copyright Notice 49 Copyright (c) 2010 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (http://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 This Internet-Draft will expire on April 9, 2011. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. The Internet-Standard Management Framework . . . . . . . . . . 4 69 4. PCEP Pathkey MIB Module Architecture . . . . . . . . . . . . . 4 70 5. Example of the PCEP PathKey MIB module usage . . . . . . . . . 4 71 6. Object definitions . . . . . . . . . . . . . . . . . . . . . . 5 72 6.1. PCE-PCEP-PATHKEY-DRAFT-MIB . . . . . . . . . . . . . . . . 5 73 6.2. Objects for inclusion in module PCE-PCEP-DRAFT-MIB . . . . 15 74 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 75 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 76 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 77 9.1. Normative References . . . . . . . . . . . . . . . . . . . 16 78 9.2. Informative References . . . . . . . . . . . . . . . . . . 17 80 1. Introduction 82 The Path Computation Element (PCE) defined in [RFC4655] is an entity 83 that is capable of computing a network path or route based on a 84 network graph, and applying computational constraints. A Path 85 Computation Client (PCC) may make requests to a PCE for paths to be 86 computed. 88 The PCE communication protocol (PCEP) is designed as a communication 89 protocol between PCCs and PCEs for point-to-point (P2P) path 90 computations and is defined in [RFC5440]. 92 If confidentiality is required between domains, Path-Key-Based 93 mechanism is described in [RFC 5520]. For preserving the 94 confidentiality of the "Confidential Path Segment (CPS)";the PCE 95 returns a path containing a loose hop in place of the segment that 96 must be kept confidential. 98 [PCE-PCEP-DRAFT-MIB] defines a portion of the Management Information 99 Base (MIB) for use with network management protocols in the Internet 100 community for P2P path computations. 102 This memo defines an experimental portion of the Management 103 Information Base for use with network management protocols in the 104 Internet community. In particular, it describes managed objects for 105 modeling of Path Computation Element communication Protocol 106 (PCEP)[RFC5440] for communications between a Path Computation Client 107 (PCC)and a Path Computation Element (PCE), or between two PCEs in 108 path-key-based inter-domain path computations. 110 Some objects maybe moved to [PCE-PCEP-DRAFT-MIB] after consensus with 111 the authors and working group, these are defined in section 6.2. 113 2. Terminology 115 The following terminology is used in this document. 117 CPS: Confidential Path Segment. A segment of a path that contains 118 nodes and links that the AS policy requires to not be disclosed 119 outside the AS. 121 Domain: Any collection of network elements within a common sphere of 122 address management or path computational responsibility. Examples 123 of domains include Interior Gateway Protocol (IGP) areas and 124 Autonomous Systems (ASs). 126 IGP: Interior Gateway Protocol. Either of the two routing 127 protocols, Open Shortest Path First (OSPF) or Intermediate System 128 to Intermediate System (IS-IS). 130 PCC: Path Computation Client: any client application requesting a 131 path computation to be performed by a Path Computation Element. 133 PCE: Path Computation Element. An entity (component, application, 134 or network node) that is capable of computing a network path or 135 route based on a network graph and applying computational 136 constraints. 138 P2P: Point-to-Point 140 3. The Internet-Standard Management Framework 142 For a detailed overview of the documents that describe the current 143 Internet-Standard Management Framework, please refer to section 7 of 144 RFC 3410 [RFC3410]. 146 Managed objects are accessed via a virtual information store, termed 147 the Management Information Base or MIB. MIB objects are generally 148 accessed through the Simple Network Management Protocol (SNMP). 149 Objects in the MIB are defined using the mechanisms defined in the 150 Structure of Management Information (SMI). This memo specifies a MIB 151 module that is compliant to the SMIv2, which is described in STD 152 58,RFC 2578 [RFC2578] and STD 58, RFC 2580 [RFC2580]. 154 4. PCEP Pathkey MIB Module Architecture 156 The PCEP Pathkey MIB will contain the following information: 158 o PCEP Pathkey counters, timers and configurations 160 o PCEP Pathkey table of CPS related information. 162 5. Example of the PCEP PathKey MIB module usage 164 In this section we provide an example (pcePcepPathKeyTable 1) of 165 using the MIB objects described in Section 6 (Object definitions) to 166 monitor. While this example is not meant to illustrate every 167 permutation of the MIB, it is intended as an aid to understanding 168 some of the key concepts. It is meant to be read after going through 169 the MIB itself. 171 pcePcepPathKeyTable 1 of the PCE-PCEP-PATHKEY-DRAFT-MIB module : 172 { 173 pcePcepPathKey (4512), 174 pcePcepPathKeyPath (10.1.1.1 S 175 10.1.1.2 S), 176 pcePcepPathKeyRequestSource (x.x.x.x), 177 pcePcepPathKeyRequestId (10), 178 pcePcepPathKeyRetrieved (1), 179 pcePcepPathKeyRetrieveSource (y.y.y.y), 180 pcePcepPathKeyDiscardTime (10), 181 pcePcepPathKeyReuseTime (30) 182 } 184 6. Object definitions 186 6.1. PCE-PCEP-PATHKEY-DRAFT-MIB 188 This MIB module makes references to the following documents. 190 [RFC2578], [RFC2580], [RFC3411], [RFC2863], [RFC3813]. 192 PCE-PCEP-PATHKEY-DRAFT-MIB DEFINITIONS ::= BEGIN 194 IMPORTS 195 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 196 Unsigned32, 197 Counter32, 198 OCTET STRING, 199 experimental 200 FROM SNMPv2-SMI -- [RFC2578] 202 PcePcepIdentifier, 203 FROM PCE-TC-STD-MIB 205 MODULE-COMPLIANCE, 206 OBJECT-GROUP, 207 NOTIFICATION-GROUP 208 FROM SNMPv2-CONF; -- [RFC2580] 210 pcePcepPathkeyDraftMIB MODULE-IDENTITY 211 LAST-UPDATED "201009171200Z" --Sep 17, 2010 212 ORGANIZATION "Path Computation Element (PCE) Working Group" 213 CONTACT-INFO " 215 Dhruv Dhody 216 Udayasree Palle 217 Quintin Zhao 218 Huawei Technology 219 Daniel King 220 OldDog Consulting 222 EMail: dhruvd@huawei.com 223 EMail: udayasreepalle@huawei.com 224 EMail: qzhao@huawei.com 225 EMail: daniel@oldog.co.uk 226 EMail comments directly to the PCE WG Mailing List at pce@ietf.org 227 WG-URL: http://www.ietf.org/html.charters/pce-charter.html 228 " 230 DESCRIPTION 232 "This MIB module defines a collection of objects for managing PCE 233 communication protocol(PCEP) for Path-Key-Based Inter-Domain Path 234 Computation" 236 -- Revision history 237 REVISION 238 "201009171200Z" -- 17 Sep 2010 12:00:00 EST 239 DESCRIPTION 241 "draft-00 version" 242 ::= { experimental 9999 } -- 244 -- Notifications -- 246 pcePcepPathKeyNotifications OBJECT IDENTIFIER ::= 247 { pcePcepPathKeyDraftMIB 0 } 249 pcePcepPathKeyMIBObjects OBJECT IDENTIFIER ::= 250 { pcePcepPathKeyDraftMIB 1 } 251 pcePcepPathKeyConformance OBJECT IDENTIFIER ::= 252 { pcePcepPathKeyDraftMIB 2 } 254 pcePcepPathKeyObjects OBJECT IDENTIFIER ::= 255 { pcePcepPathKeyMIBObjects 1 } 257 -- 259 -- PCE Pathkey Objects 261 -- 263 pcePcepPathKeyDiscardTimer OBJECT-TYPE 264 SYNTAX Unsigned32 265 UNITS "minutes" 266 MAX-ACCESS read-create 267 STATUS mandatory 268 DESCRIPTION 269 "The value which indicates a period of time after the 270 expiration of which a PCE discard unwanted path-keys." 271 ::= { pcePcepPathKeyObjects 1 } 273 pcePcepPathKeyReUseTimer OBJECT-TYPE 274 SYNTAX Unsigned32 275 UNITS "minutes" 276 MAX-ACCESS read-create 277 STATUS mandatory 278 DESCRIPTION 279 "The value which indicates a period of time which 280 should expire before an old path-key could be 281 reused for a new CPS." 282 ::= { pcePcepPathKeyObjects 2 } 284 pcePcepPathKeyRetainStatus OBJECT-TYPE 285 SYNTAX INTEGER { 286 enabled(1), 287 disabled(2) 288 } 289 MAX-ACCESS read-create 290 STATUS optional 291 DESCRIPTION 292 "The path-key retain status of this PCE to retain the 293 path-key and CPS for debugging purposes." 294 ::= { pcePcepPathKeyObjects 3 } 296 pcePcepPathKeysGenerated OBJECT-TYPE 297 SYNTAX Counter32 298 MAX-ACCESS read-only 299 STATUS mandatory 300 DESCRIPTION 301 "The number of path-keys generated by this PCE." 302 ::= { pcePcepPathKeyObjects 4 } 304 pcePcepPathKeyExpandUnknown OBJECT-TYPE 305 SYNTAX Counter32 306 MAX-ACCESS read-only 307 STATUS mandatory 308 DESCRIPTION 309 "The number of attempts to expand an unknown 310 path-key." 311 ::= { pcePcepPathKeyObjects 5 } 313 pcePcepPathKeyExpandExpired OBJECT-TYPE 314 SYNTAX Counter32 315 MAX-ACCESS read-only 316 STATUS mandatory 317 DESCRIPTION 318 "The number of attempts to expand an expired 319 path-key." 320 ::= { pcePcepPathKeyObjects 6 } 322 pcePcepPathKeyExpandSame OBJECT-TYPE 323 SYNTAX Counter32 324 MAX-ACCESS read-only 325 STATUS optional 326 DESCRIPTION 327 "The number of attempts to expand the same 328 path-key." 329 ::= { pcePcepPathKeyObjects 7 } 331 pcePcepPathKeyExpiredNoExpansion OBJECT-TYPE 332 SYNTAX Counter32 333 MAX-ACCESS read-only 334 STATUS optional 335 DESCRIPTION 336 "The number of path-keys expired without any attempt 337 to expand it." 338 ::= { pcePcepPathKeyObjects 8 } 340 pcePcepPathKeyExpansionSuccess OBJECT-TYPE 341 SYNTAX Counter32 342 MAX-ACCESS read-only 343 STATUS optional 344 DESCRIPTION 345 "The number of path-key expansion requests (PCReq) 346 which had successful retrieval." 347 ::= { pcePcepPathKeyObjects 9 } 349 pcePcepPathKeyExpansionFailures OBJECT-TYPE 350 SYNTAX Counter32 351 MAX-ACCESS read-only 352 STATUS optional 353 DESCRIPTION 354 "The number of path-key expansion requests (PCReq) 355 which had failed retrieval." 356 ::= { pcePcepPathKeyObjects 10 } 358 pcePcepPathKeyConfig OBJECT-TYPE 359 SYNTAX INTEGER { 360 enabled(1), 361 disabled(2) 362 } 363 MAX-ACCESS read-create 364 STATUS mandatory 365 DESCRIPTION 366 "The path-key based inter domain computation 367 configuration." 368 ::= { pcePcepPathKeyObjects 11 } 370 pcePcepPathKeyTable OBJECT-TYPE 371 SYNTAX SEQUENCE OF pcePcepPathKeyEntry 372 MAX-ACCESS not-accessible 373 STATUS current 374 DESCRIPTION 375 "This table contains information about the 376 Pathkey CPS of PCE." 377 ::= { pcePcepPathKeyObjects 12 } 379 pcePcepPathKeyEntry OBJECT-TYPE 380 SYNTAX pcePcepPathKeyEntry 381 MAX-ACCESS not-accessible 382 STATUS current 383 DESCRIPTION 384 "An entry in this table represents a path-key and CPS. 385 An entry is only created when a path-key generated by 386 PCE during inter-domain computation." 388 INDEX { pcePcepPathKey } 390 ::= { pcePcepPathKeyTable 1 } 392 pcePcepPathKeyEntry ::= SEQUENCE { 393 pcePcepPathKey Unsigned32, 394 pcePcepPathKeyPath OCTET STRING, 395 pcePcepPathKeyRequestSource PcePcepIdentifier, 396 pcePcepPathKeyRequestId Unsigned32, 397 pcePcepPathKeyRetrieved INTEGER, 398 pcePcepPathKeyRetrieveSource PcePcepIdentifier, 399 pcePcepPathKeyDiscardTime Unsigned32, 400 pcePcepPathKeyReuseTime Unsigned32, 401 } 403 pcePcepPathKey OBJECT-TYPE 404 SYNTAX Unsigned32 405 MAX-ACCESS read-only 406 STATUS mandatory 407 DESCRIPTION 408 "The path-key value to identify a CPS." 409 ::= { pcePcepPathKeyEntry 1 } 411 pcePcepPathKeyPath OBJECT-TYPE 412 SYNTAX OCTET STRING (SIZE (0..1024)) 413 MAX-ACCESS read-only 414 STATUS mandatory 415 DESCRIPTION 416 "The CPS associated with the pathkey . 417 This field is a displayable string in the 418 format of XXX.XXX.XXX.XXX S/L 419 repeated for each hop address. The S/L character 420 stands for Strict/Loose route. 421 This field is meaningless unless pcePcepPathKey 422 is not empty." 423 ::= { pcePcepPathKeyEntry 2 } 425 pcePcepPathKeyRequestSource OBJECT-TYPE 426 SYNTAX PcePcepIdentifier 427 MAX-ACCESS read-only 428 STATUS mandatory 429 DESCRIPTION 430 "Source that issued the original request that led 431 to the creation of the path-key." 432 ::= { pcePcepPathKeyEntry 3 } 434 pcePcepPathKeyRequestId OBJECT-TYPE 435 SYNTAX Unsigned32 436 MAX-ACCESS read-only 437 STATUS mandatory 438 DESCRIPTION 439 "The request ID of the original PCReq that led 440 to the creation of the path-key." 441 ::= { pcePcepPathKeyEntry 4 } 443 pcePcepPathKeyRetrieved OBJECT-TYPE 444 SYNTAX INTEGER { 445 TRUE(1), 446 FALSE(2) 447 } 448 MAX-ACCESS read-only 449 STATUS mandatory 450 DESCRIPTION 451 "It specifies whether the path-key is retrieved 452 or not." 454 pcePcepPathKeyRetrieveSource OBJECT-TYPE 455 SYNTAX PcePcepIdentifier 456 MAX-ACCESS read-only 457 STATUS mandatory 458 DESCRIPTION 459 "If the path-key is retrieved then by which 460 PCC." 461 ::= { pcePcepPathKeyEntry 6 } 463 pcePcepPathKeyDiscardTime OBJECT-TYPE 464 SYNTAX Unsigned32 465 MAX-ACCESS read-only 466 STATUS mandatory 467 DESCRIPTION 468 "The time after which the path segment associated 469 with the path-key will be discarded." 470 ::= { pcePcepPathKeyEntry 7 } 472 pcePcepPathKeyReuseTime OBJECT-TYPE 473 SYNTAX Unsigned32 474 MAX-ACCESS read-only 475 STATUS mandatory 476 DESCRIPTION 477 "The time after which the path-key will be available 478 for re-use." 479 ::= { pcePcepPathKeyEntry 8 } 481 --- 482 --- Notifications 484 --- 486 pcePcepPathKeyExpandUnknownNtf NOTIFICATION-TYPE 487 OBJECTS { 488 pcePcepPathKeyExpandUnknown 489 } 490 STATUS mandatory 491 DESCRIPTION 492 "This notification is sent when an attempt to expand an 493 unknown path-key is made. The value of the counter 494 pcePcepPathKeyExpandUnknown is also increased at this 495 time." 496 ::= { pcePcepPathKeyNotifications 1 } 498 pcePcepPathKeyExpandExpiredNtf NOTIFICATION-TYPE 499 OBJECTS { 500 pcePcepPathKeyExpandExpired 501 } 502 STATUS mandatory 503 DESCRIPTION 504 "This notification is sent when an attempt to expand an 505 expired path-key is made. The value of the counter 506 pcePcepPathKeyExpandExpired is also increased at this 507 time." 508 ::= { pcePcepPathKeyNotifications 2 } 510 pcePcepPathKeyExpandSameNtf NOTIFICATION-TYPE 511 OBJECTS { 512 pcePcepPathKeyExpandSame 513 } 514 STATUS optional 515 DESCRIPTION 516 "This notification is sent when a duplicate attempt to 517 expand the same path-key is made. The value of the 518 counter pcePcepPathKeyExpandSame is also increased at 519 this time." 520 ::= { pcePcepPathKeyNotifications 3 } 522 pcePcepPathKeyExpandSameNtf NOTIFICATION-TYPE 523 OBJECTS { 524 pcePcepPathKeyExpiredNoExpansion 525 } 526 STATUS optional 527 DESCRIPTION 528 "This notification is sent when path-key expires without 529 any attempt to expand it. The value of the counter 530 pcePcepPathKeyExpiredNoExpansion is also increased at 531 this time." 532 ::= { pcePcepPathKeyNotifications 4 } 534 --**************************************************************** 535 -- Module Conformance Statement 536 --**************************************************************** 538 pcePcepPathKeyGroups 539 OBJECT IDENTIFIER ::= { pcePcepPathKeyConformance 1 } 541 pcePcepPathKeyCompliances 542 OBJECT IDENTIFIER ::= { pcePcepPathKeyConformance 2 } 544 -- 545 -- Full Compliance 546 -- 548 pcePcepPathKeyModuleFullCompliance MODULE-COMPLIANCE 549 STATUS current 550 DESCRIPTION 551 "The Module is implemented with support 552 for read-create and read-write. In other 553 words, both monitoring and configuration 554 are available when using this MODULE-COMPLIANCE." 556 MODULE -- this module 557 MANDATORY-GROUPS { pcePcepPathKeyGeneralGroup, 558 pcePcepPathKeyNotificationsGroup 559 } 561 ::= { pcePcepPathKeyCompliances 1 } 563 -- 564 -- Read-Only Compliance 565 -- 567 pcePcepPathKeyModuleReadOnlyCompliance MODULE-COMPLIANCE 568 STATUS current 569 DESCRIPTION 570 "The Module is implemented with support 571 for read-only. In other words, only monitoring 572 is available by implementing this MODULE-COMPLIANCE." 574 MODULE -- this module 575 MANDATORY-GROUPS { pcePcepPathKeyGeneralGroup, 576 } 577 ::= { pcePcepPathKeyCompliances 2 } 579 -- units of conformance 581 pcePcepPathKeyGeneralGroup OBJECT-GROUP 582 OBJECTS { 583 pcePcepPathKeyDiscardTimer, 584 pcePcepPathKeyReUseTimer, 585 pcePcepPathKeysGenerated, 586 pcePcepPathKeyExpandUnknown, 587 pcePcepPathKeyExpandExpired, 588 pcePcepPathKeyConfig, 589 pcePcepPathKey, 590 pcePcepPathKeyPath, 591 pcePcepPathKeyRequestSource, 592 pcePcepPathKeyRequestId, 593 pcePcepPathKeyRetrieved, 594 pcePcepPathKeyRetrieveSource, 595 pcePcepPathKeyDiscardTime, 596 pcePcepPathKeyReuseTime 597 } 598 STATUS current 599 DESCRIPTION 600 "Objects that apply to all PCEP Pathkey MIB 601 implementations." 603 ::= { pcePcepPathKeyGroups 1 } 605 pcePcepPathKeyNotificationsGroup NOTIFICATION-GROUP 606 NOTIFICATIONS { pcePcepPathKeyExpandUnknownNtf, 607 pcePcepPathKeyExpandExpiredNtf 608 } 609 STATUS current 611 DESCRIPTION 612 "The notifications for a PCEP Pathkey MIB implementation." 613 ::= { pcePcepPathKeyGroups 2 } 615 END 617 6.2. Objects for inclusion in module PCE-PCEP-DRAFT-MIB 619 Following object maybe moved to [PCE-PCEP-DRAFT-MIB] after consensus 620 with the authors and working group. 622 pcePcepPathKeyConfig 624 7. IANA Considerations 626 TBD 628 8. Security Considerations 630 This MIB module can be used for configuration of certain objects, and 631 anything that can be configured can be incorrectly configured, with 632 potentially disastrous results. 634 There are a number of management objects defined in this MIB module 635 with a MAX-ACCESS clause of read-create. Such objects may be 636 considered sensitive or vulnerable in some network environments. The 637 support for SET operations in a non-secure environment without proper 638 protection can have a negatie effect on network operations. These 639 are the tables and objects and their sensitivity/vulnerability: 641 o pcePcepPathKeyDiscardTimer: Setting this value incorrectly may 642 cause the expiration of Pathkey before attempt to retrieve the 643 CPS. 645 o pcePcepPathKeyReUseTimer: Setting this value incorrectly may cause 646 the re-use of pathkey which may not guarantee the uniqueness of 647 path-key values. 649 The user of the PCE-PCEP-PATHKEY-DRAFT-MIB module must therefore be 650 aware that support for SET operations in a non-secure environment 651 without proper protection can have a negative effect on network 652 operations. 654 The readable objects in the PCE-PCEP-PATHKEY-DRAFT-MIB module (i.e., 655 those with MAX-ACCESS other than not-accessible) may be considered 656 sensitive in some environments since, collectively, they provide 657 information about the amount and frequency of path computation 658 requests and responses within the network and can reveal some aspects 659 of their configuration. 661 In such environments it is important to control also GET and NOTIFY 662 access to these objects and possibly even to encrypt their values 663 when sending them over the network via SNMP. 665 SNMP versions prior to SNMPv3 did not include adequate security. 666 Even if the network itself is secure (for example by using IPsec), 667 even then, there is no control as to who on the secure network is 668 allowed to access and GET/SET (read/change/create/delete) the objects 669 in this MIB module. 671 It is RECOMMENDED that implementers consider the security features as 672 provided by the SNMPv3 framework (see [RFC3410], section 8), 673 including full support for the SNMPv3 cryptographic mechanisms (for 674 authentication and privacy). 676 Further, deployment of SNMP versions prior to SNMPv3 is NOT 677 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 678 enable cryptographic security. It is then a customer/operator 679 responsibility to ensure that the SNMP entity giving access to an 680 instance of this MIB module is properly configured to give access to 681 the objects only to those principals (users) that have legitimate 682 rights to indeed GET or SET (change/create/delete) them. 684 9. References 686 9.1. Normative References 688 [RFC2578] McCloghrie, k., Perkins, D., Schoenwaelder, J., 689 Case, J., Rose, M., and S. Waldbusser, 690 "Structure of Management Information Version 2 691 (SMIv2)", April 1999. 693 [RFC2580] McCloghrie, k., Perkins, D., Schoenwaelder, J., 694 Case, J., Rose, M., and S. Waldbusser, 695 "Conformance Statements for SMIv2", April 1999. 697 [RFC2863] McCloghrie, k. and F. Kastenholz, "The 698 Interfaces Group MIB", June 2000. 700 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 701 Architecture for Describing Simple Network 702 Management Protocol (SNMP) Management 703 Frameworks", December 2002. 705 [RFC3813] Srinivasan, C., Viswanathan, A., and T. Nadeau, 706 "MPLS Multiprotocol Label Switching (MPLS) 707 Label Switch Router Management Information 708 Base", June 2004. 710 [RFC5440] Ayyangar, A ., Farrel, A ., Oki, E., Atlas, A., 711 Dolganow, A., Ikejiri, Y., Kumaki, K., Vasseur, 712 J., and J. Roux, "Path Computation Element 713 (PCE) communication Protocol (PCEP)", 714 March 2009. 716 9.2. Informative References 718 [PCE-PCEP-DRAFT-MIB] Kiran Koushik, A S., Stephan, E., Zhao, Q., and 719 D. King, "PCE communication protocol(PCEP) 720 Management Information Base", July 2010. 722 [RFC3410] Case, J ., Mundy, R., Partain, D., and B. 723 Stewart, "Introduction and Applicability 724 Statements for Internet-Standard Management 725 Framework", December 2002. 727 [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path 728 Computation Element (PCE)-Based Architecture", 729 August 2006. 731 [RFC5520] Bradford, R., Vasseur, JP., and A. Farrel, 732 "Preserving Topology Confidentiality in Inter- 733 Domain Path Computation Using a Path-Key-Based 734 Mechanism", April 2009. 736 Authors' Addresses 738 Dhruv Dhody 739 Huawei Technology 740 Leela Palace 741 Bangalore, Karnataka 560008 742 INDIA 744 EMail: dhruvd@huawei.com 745 Udayasree Palle 746 Huawei Technology 747 Leela Palace 748 Bangalore, Karnataka 560008 749 INDIA 751 EMail: Udayasreepalle@huawei.com 753 Quintin Zhao 754 Huawei Technology 755 125 Nagog Technology Park 756 Acton, MA 01719 757 US 759 EMail: qzhao@huawei.com 761 Daniel King 762 Old Dog Consulting 763 UK 765 EMail: daniel@olddog.co.uk