idnits 2.17.1 draft-ietf-bfd-mib-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 18. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1426. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1437. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1444. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1450. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 31, 2008) is 5646 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2434' is defined on line 1360, but no explicit reference was found in the text == Outdated reference: A later version (-11) exists of draft-ietf-bfd-base-08 == Outdated reference: A later version (-11) exists of draft-ietf-bfd-v4v6-1hop-08 == Outdated reference: A later version (-09) exists of draft-ietf-bfd-multihop-06 -- Obsolete informational reference (is this intentional?): RFC 2434 (Obsoleted by RFC 5226) Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BFD Working Group T. Nadeau 3 Internet-Draft BT 4 Intended status: Standards Track Z. Ali 5 Expires: May 4, 2009 Cisco Systems, Inc. 6 N. Akiya 7 Cisco Systems G.K. 8 October 31, 2008 10 BFD Management Information Base 11 draft-ietf-bfd-mib-06 13 Status of this Memo 15 By submitting this Internet-Draft, each author represents that any 16 applicable patent or other IPR claims of which he or she is aware 17 have been or will be disclosed, and any of which he or she becomes 18 aware will be disclosed, in accordance with Section 6 of BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on May 4, 2009. 38 Abstract 40 This draft defines a portion of the Management Information Base (MIB) 41 for use with network management protocols in the Internet community. 42 In particular, it describes managed objects for modeling 43 Bidirectional Forwarding Detection (BFD) protocol. 45 Table of Contents 47 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 48 2. The Internet-Standard Management Framework . . . . . . . . . . 3 49 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 50 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 5. Brief Description of MIB Objects . . . . . . . . . . . . . . . 3 52 5.1. General Variables . . . . . . . . . . . . . . . . . . . . 4 53 5.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 4 54 5.3. Session Performance Table (bfdSessionPerfTable) . . . . . 4 55 5.4. BFD Session Discriminator Mapping Table 56 (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 4 57 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . . 4 58 6. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . . 4 59 7. Security Considerations . . . . . . . . . . . . . . . . . . . 27 60 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 61 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 62 9.1. Normative References . . . . . . . . . . . . . . . . . . . 29 63 9.2. Informative References . . . . . . . . . . . . . . . . . . 29 64 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 30 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 66 Intellectual Property and Copyright Statements . . . . . . . . . . 32 68 1. Requirements notation 70 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 71 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 72 document are to be interpreted as described in [RFC2119]. 74 2. The Internet-Standard Management Framework 76 For a detailed overview of the documents that describe the current 77 Internet-Standard Management Framework, please refer to section 7 of 78 [RFC3410]. 80 Managed objects are accessed via a virtual information store, termed 81 the Management Information Base or MIB. MIB objects are generally 82 accessed through the Simple Network Management Protocol (SNMP). 83 Objects in the MIB are defined using the mechanisms defined in the 84 Structure of Management Information (SMI). This memo specifies a MIB 85 module that is compliant to the SMIv2, which is described in STD 58, 86 [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. 88 3. Introduction 90 This memo defines an portion of the Management Information Base (MIB) 91 for use with network management protocols in the Internet community. 92 In particular, it describes managed objects to configure and/or 93 monitor Bi-Directional Forwarding Detection for [BFD], [BFD-1HOP] and 94 [BFD-MH], BFD versions 0 and/or 1, on devices supporting this 95 feature. 97 Comments should be made directly to the BFD mailing list at 98 rtg-bfd@ietf.org. 100 4. Terminology 102 This document adopts the definitions, acronyms and mechanisms 103 described in [BFD], [BFD-1HOP] and [BFD-MH]. Unless otherwise 104 stated, the mechanisms described therein will not be re-described 105 here. 107 5. Brief Description of MIB Objects 109 This section describes objects pertaining to BFD. The MIB objects 110 are derived from [BFD] and [BFD-MH]. 112 5.1. General Variables 114 The General Variables are used to identify parameters that are global 115 to the BFD process. 117 5.2. Session Table (bfdSessionTable) 119 The session table is used to identify a BFD session between a pair of 120 nodes. 122 5.3. Session Performance Table (bfdSessionPerfTable) 124 The session performance table is used for collecting BFD performance 125 counts on a per session basis. This table is an AUGMENT to the 126 bfdSessionTable. 128 5.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) 130 The BFD Session Discriminator Mapping Table maps a local 131 discriminator value to associated BFD sessions' BfdSessIndexTC used 132 in the bfdSessionTable. 134 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) 136 The BFD Session IP Mapping Table maps, given bfdSessInterface, 137 bfdSessAddrType, and bfdSessAddr, to an associated BFD sessions' 138 BfdSessIndexTC used in the bfdSessionTable. This table SHOULD 139 contains those BFD sessions are of IP type. 141 6. BFD MIB Module Definitions 143 This MIB module makes references to the following documents. 144 [RFC2579], [RFC2580], [RFC2863], [RFC4001], and [RFC3413]. 146 BFD-STD-MIB DEFINITIONS ::= BEGIN 148 IMPORTS 149 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 150 mib-2, Integer32, Unsigned32, Counter32, Counter64 151 FROM SNMPv2-SMI 153 TEXTUAL-CONVENTION, TruthValue, RowStatus, 154 StorageType, TimeStamp 155 FROM SNMPv2-TC 157 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 158 FROM SNMPv2-CONF 160 InterfaceIndexOrZero 161 FROM IF-MIB 163 InetAddress, InetAddressType, InetPortNumber 164 FROM INET-ADDRESS-MIB; 166 bfdMib MODULE-IDENTITY 167 LAST-UPDATED "200810311200Z" -- 31 October 2008 12:00:00 EST 168 ORGANIZATION "IETF Bidirectional Forwarding Detection 169 Working Group" 170 CONTACT-INFO 171 "Thomas D. Nadeau 172 BT 173 Email: tom.nadeau@bt.com 175 Zafar Ali 176 Cisco Systems, Inc. 177 Email: zali@cisco.com 179 Nobo Akiya 180 Cisco Systems, G.K. 181 Email: nobo@cisco.com" 182 DESCRIPTION 183 "Bidirectional Forwarding Management Information Base." 184 REVISION "200810311200Z" -- 31 October 2008 12:00:00 EST 185 DESCRIPTION 186 "Initial version. Published as RFC xxxx." 187 -- RFC Ed.: RFC-editor pls fill in xxxx 188 ::= { mib-2 XXX } 189 -- RFC Ed.: assigned by IANA, see section 7.1 for details 191 -- Top level components of this MIB module. 193 bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } 195 bfdObjects OBJECT IDENTIFIER ::= { bfdMIB 1 } 197 bfdConformance OBJECT IDENTIFIER ::= { bfdMIB 2 } 199 bfdScalarObjects OBJECT IDENTIFIER ::= { bfdObjects 1 } 201 -- Textual Conventions 203 BfdSessIndexTC ::= TEXTUAL-CONVENTION 204 DISPLAY-HINT "d" 205 STATUS current 206 DESCRIPTION 207 "An index used to uniquely identify BFD sessions." 208 SYNTAX Unsigned32 (1..4294967295) 210 BfdInterval ::= TEXTUAL-CONVENTION 211 DISPLAY-HINT "d" 212 STATUS current 213 DESCRIPTION 214 "The BFD interval delay in microseconds." 215 SYNTAX Unsigned32 (0..4294967295) 217 BfdDiag ::= TEXTUAL-CONVENTION 218 STATUS current 219 DESCRIPTION 220 "A common BFD diagnostic code." 221 SYNTAX INTEGER { 222 noDiagnostic(0), 223 controlDetectionTimeExpired(1), 224 echoFunctionFailed(2), 225 neighborSignaledSessionDown(3), 226 forwardingPlaneReset(4), 227 pathDown(5), 228 concatenatedPathDown(6), 229 administrativelyDown(7), 230 reverseConcatenatedPathDown(8) 231 } 233 -- BFD General Variables 235 -- These parameters apply globally to the Systems' 236 -- BFD Process. 238 bfdAdminStatus OBJECT-TYPE 239 SYNTAX INTEGER { 240 enabled(1), 241 disabled(2) 242 } 243 MAX-ACCESS read-write 244 STATUS current 245 DESCRIPTION 246 "The global administrative status of BFD in this router. 247 The value 'enabled' denotes that the BFD Process is 248 active on at least one interface; 'disabled' disables 249 it on all interfaces." 250 DEFVAL { enabled } 251 ::= { bfdScalarObjects 1 } 253 bfdSessNotificationsEnable OBJECT-TYPE 254 SYNTAX TruthValue 255 MAX-ACCESS read-write 256 STATUS current 257 DESCRIPTION 258 "If this object is set to true(1), then it enables 259 the emission of bfdSessUp and bfdSessDown 260 notifications; otherwise these notifications are not 261 emitted." 262 REFERENCE 263 "See also RFC3413 for explanation that 264 notifications are under the ultimate control of the 265 MIB modules in this document." 266 DEFVAL { false } 267 ::= { bfdScalarObjects 2 } 269 -- BFD Session Table 270 -- The BFD Session Table specifies BFD session specific 271 -- information. 273 bfdSessTable OBJECT-TYPE 274 SYNTAX SEQUENCE OF BfdSessEntry 275 MAX-ACCESS not-accessible 276 STATUS current 277 DESCRIPTION 278 "The BFD Session Table describes the BFD sessions." 279 REFERENCE 280 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 281 BFD Version 1 (draft-ietf-bfd-base-08.txt)" 282 ::= { bfdObjects 2 } 284 bfdSessEntry OBJECT-TYPE 285 SYNTAX BfdSessEntry 286 MAX-ACCESS not-accessible 287 STATUS current 288 DESCRIPTION 289 "The BFD Session Entry describes BFD session." 290 INDEX { bfdSessIndex } 291 ::= { bfdSessTable 1 } 293 BfdSessEntry ::= SEQUENCE { 294 bfdSessIndex BfdSessIndexTC, 295 bfdSessVersionNumber Unsigned32, 296 bfdSessType INTEGER, 297 bfdSessMultiHopUniLinkMode INTEGER, 298 bfdSessDiscriminator Unsigned32, 299 bfdSessRemoteDiscr Unsigned32, 300 bfdSessDestinationUdpPort InetPortNumber, 301 bfdSessSourceUdpPort InetPortNumber, 302 bfdSessEchoSourceUdpPort InetPortNumber, 303 bfdSessAdminStatus INTEGER, 304 bfdSessState INTEGER, 305 bfdSessRemoteHeardFlag TruthValue, 306 bfdSessDiag BfdDiag, 307 bfdSessOperMode INTEGER, 308 bfdSessDemandModeDesiredFlag TruthValue, 309 bfdSessControlPlaneIndepFlag TruthValue, 310 bfdSessInterface InterfaceIndexOrZero, 311 bfdSessAddrType InetAddressType, 312 bfdSessAddr InetAddress, 313 bfdSessGTSM TruthValue, 314 bfdSessGTSMTTL Unsigned32, 315 bfdSessDesiredMinTxInterval BfdInterval, 316 bfdSessReqMinRxInterval BfdInterval, 317 bfdSessReqMinEchoRxInterval BfdInterval, 318 bfdSessDetectMult Unsigned32, 319 bfdSessNegotiatedInterval BfdInterval, 320 bfdSessNegotiatedEchoInterval BfdInterval, 321 bfdSessNegotiatedDetectMult Unsigned32, 322 bfdSessAuthPresFlag TruthValue, 323 bfdSessAuthenticationType INTEGER, 324 bfdSessAuthenticationKeyID Integer32, 325 bfdSessAuthenticationKey OCTET STRING, 326 bfdSessStorType StorageType, 327 bfdSessRowStatus RowStatus 328 } 330 bfdSessIndex OBJECT-TYPE 331 SYNTAX BfdSessIndexTC 332 MAX-ACCESS not-accessible 333 STATUS current 334 DESCRIPTION 335 "This object contains an index used to represent a 336 unique BFD session on this device." 337 ::= { bfdSessEntry 1 } 339 bfdSessVersionNumber OBJECT-TYPE 340 SYNTAX Unsigned32 (0..7) 341 MAX-ACCESS read-create 342 STATUS current 343 DESCRIPTION 344 "The version number of the BFD protocol that this session 345 is running in. Write access is available for this object 346 to provide ability to set desired version for this 347 BFD session." 348 REFERENCE 349 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 350 BFD Version 1 (draft-ietf-bfd-base-08.txt)" 351 DEFVAL { 1 } 352 ::= { bfdSessEntry 2 } 354 bfdSessType OBJECT-TYPE 355 SYNTAX INTEGER { 356 singleHop(1), 357 multiHopTotallyArbitraryPaths(2), 358 multiHopOutOfBandSignaling(3), 359 multiHopUnidirectionalLinks(4) 360 } 361 MAX-ACCESS read-only 362 STATUS current 363 DESCRIPTION 364 "This object specifies the type of this BFD session." 365 REFERENCE 366 "draft-ietf-bfd-v4v6-1hop-08 and 367 draft-ietf-bfd-multihop-06" 368 ::= { bfdSessEntry 3 } 370 bfdSessMultiHopUniLinkMode OBJECT-TYPE 371 SYNTAX INTEGER { 372 none(1), 373 active(2), 374 passive(3) 375 } 376 MAX-ACCESS read-only 377 STATUS current 378 DESCRIPTION 379 "For bfdSessType of multiHopUnidirectionalLinks(4), this 380 object specifies whether this BFD session is running in 381 active(2) mode or passive(3) mode. For all other BFD 382 bfdSessType BFD sessions, none(1) MUST be specified." 383 REFERENCE 384 "draft-ietf-bfd-multihop-06, Section 3.3" 385 ::= { bfdSessEntry 4 } 387 bfdSessDiscriminator OBJECT-TYPE 388 SYNTAX Unsigned32 (1..4294967295) 389 MAX-ACCESS read-only 390 STATUS current 391 DESCRIPTION 392 "This object specifies the local discriminator for this BFD 393 session, used to uniquely identify it." 394 ::= { bfdSessEntry 5 } 396 bfdSessRemoteDiscr OBJECT-TYPE 397 SYNTAX Unsigned32 (0 | 1..4294967295) 398 MAX-ACCESS read-only 399 STATUS current 400 DESCRIPTION 401 "This object specifies the session discriminator chosen 402 by the remote system for this BFD session. The value may 403 be zero(0) if the remote discriminator is not yet known 404 or if the session is in the down or adminDown(1) state." 405 REFERENCE 406 "draft-ietf-bfd-base-08, Section 6.8.6." 407 ::= { bfdSessEntry 6 } 409 bfdSessDestinationUdpPort OBJECT-TYPE 410 SYNTAX InetPortNumber 411 MAX-ACCESS read-only 412 STATUS current 413 DESCRIPTION 414 "This object specifies the destination UDP port used for 415 this BFD session. The value maybe zero(0) if the session 416 is in adminDown(1) state." 417 REFERENCE 418 "Port 3784 (draft-ietf-bfd-v4v6-1hop-08), 419 Port 3785 (draft-ietf-bfd-v4v6-1hop-08), and 420 Port 4784 (draft-ietf-bfd-multihop-06)" 421 DEFVAL { 0 } 422 ::= { bfdSessEntry 7 } 424 bfdSessSourceUdpPort OBJECT-TYPE 425 SYNTAX InetPortNumber 426 MAX-ACCESS read-create 427 STATUS current 428 DESCRIPTION 429 "This object specifies the source UDP port of BFD control 430 packets for this BFD session. The value maybe zero(0) if 431 the session is in adminDown(1) state." 432 REFERENCE 433 "draft-ietf-bfd-v4v6-1hop-08 and 434 draft-ietf-bfd-multihop-06" 435 DEFVAL { 0 } 436 ::= { bfdSessEntry 8 } 438 bfdSessEchoSourceUdpPort OBJECT-TYPE 439 SYNTAX InetPortNumber 440 MAX-ACCESS read-create 441 STATUS current 442 DESCRIPTION 443 "This object specifies the source UDP port of BFD echo 444 packets for this BFD session. The value maybe zero(0) if 445 the session is not running in the echo mode, or the 446 session is in adminDown(1) state." 447 REFERENCE 448 "draft-ietf-bfd-v4v6-1hop-08 and 449 draft-ietf-bfd-multihop-06" 450 DEFVAL { 0 } 451 ::= { bfdSessEntry 9 } 453 bfdSessAdminStatus OBJECT-TYPE 454 SYNTAX INTEGER { 455 stop(1), 456 start(2) 457 } 458 MAX-ACCESS read-create 459 STATUS current 460 DESCRIPTION 461 "A transition from 'stop' to 'start' will start 462 the BFD state machine for the session. The state 463 machine will have an initial state of down. 464 A transition from 'start' to 'stop' will cause 465 the BFD sesssion to be brought down to 466 adminDown(1). Care should be used in providing 467 write access to this object without adequate 468 authentication." 469 DEFVAL { 2 } 470 ::= { bfdSessEntry 10 } 472 bfdSessState OBJECT-TYPE 473 SYNTAX INTEGER { 474 adminDown(1), 475 down(2), 476 init(3), 477 up(4), 478 failing(5) 479 } 480 MAX-ACCESS read-only 481 STATUS current 482 DESCRIPTION 483 "The perceived state of the BFD session. 484 BFD State failing(5) is only applicable if this BFD 485 session is running version 0. 486 Upon creation of a new BFD session via this MIB, the 487 suggested initial state is down(2)." 488 DEFVAL { 2 } 489 ::= { bfdSessEntry 11 } 491 bfdSessRemoteHeardFlag OBJECT-TYPE 492 SYNTAX TruthValue 493 MAX-ACCESS read-only 494 STATUS current 495 DESCRIPTION 496 "This object specifies status of BFD packet reception from 497 the remote system. Specifically, it is set to true(1) if 498 the local system is actively receiving BFD packets from the 499 remote system, and is set to false(2) if the local system 500 has not received BFD packets recently (within the detection 501 time) or if the local system is attempting to tear down 502 the BFD session." 503 REFERENCE 504 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 505 BFD Version 1 (draft-ietf-bfd-base-08.txt)" 506 DEFVAL { false } 507 ::= { bfdSessEntry 12 } 509 bfdSessDiag OBJECT-TYPE 510 SYNTAX BfdDiag 511 MAX-ACCESS accessible-for-notify 512 STATUS current 513 DESCRIPTION 514 "A diagnostic code specifying the local system's reason 515 for the last transition of the session from up(4) 516 to some other state." 517 ::= { bfdSessEntry 13 } 519 bfdSessOperMode OBJECT-TYPE 520 SYNTAX INTEGER { 521 asyncModeWEchoFun(1), 522 asynchModeWOEchoFun(2), 523 demandModeWEchoFunction(3), 524 demandModeWOEchoFunction(4) 525 } 526 MAX-ACCESS read-only 527 STATUS current 528 DESCRIPTION 529 "This object specifies current operating mode that BFD 530 session is operating in." 531 ::= { bfdSessEntry 14 } 533 bfdSessDemandModeDesiredFlag OBJECT-TYPE 534 SYNTAX TruthValue 535 MAX-ACCESS read-create 536 STATUS current 537 DESCRIPTION 538 "This object indicates that the local system's 539 desire to use Demand mode. Specifically, it is set 540 to true(1) if the local system wishes to use 541 Demand mode or false(2) if not" 543 DEFVAL { false } 544 ::= { bfdSessEntry 15 } 546 bfdSessControlPlaneIndepFlag OBJECT-TYPE 547 SYNTAX TruthValue 548 MAX-ACCESS read-only 549 STATUS current 550 DESCRIPTION 551 "This object indicates that the local system's 552 ability to continue to function through a disruption of 553 the control plane. Specifically, it is set 554 to true(1) if the local system BFD implementation is 555 independent of the control plane. Otherwise, the 556 value is set to false(2)" 557 DEFVAL { false } 558 ::= { bfdSessEntry 16 } 560 bfdSessInterface OBJECT-TYPE 561 SYNTAX InterfaceIndexOrZero 562 MAX-ACCESS read-create 563 STATUS current 564 DESCRIPTION 565 "This object contains an interface index used to indicate 566 the interface which this BFD session is running on. This 567 value can be zero if there is no interface associated 568 with this BFD session." 569 ::= { bfdSessEntry 17 } 571 bfdSessAddrType OBJECT-TYPE 572 SYNTAX InetAddressType 573 MAX-ACCESS read-create 574 STATUS current 575 DESCRIPTION 576 "This object specifies IP address type of the neighboring IP 577 address which is being monitored with this BFD session. 579 Only values unknown(0), ipv4(1), ipv6(2), or ipv6z(4) 580 have to be supported. 582 A value of unknown(0) is allowed only when 583 the outgoing interface is of type point-to-point, or 584 when the BFD session is not associated with a specific 585 interface. 587 If any other unsupported values are attempted in a set 588 operation, the agent MUST return an inconsistentValue 589 error." 590 ::= { bfdSessEntry 18 } 592 bfdSessAddr OBJECT-TYPE 593 SYNTAX InetAddress 594 MAX-ACCESS read-create 595 STATUS current 596 DESCRIPTION 597 "This object specifies the neighboring IP address which is 598 being monitored with this BFD session. 599 It can also be used to enabled BFD on a specific 600 interface. The value is set to zero when BFD session is not 601 associated with a specific interface." 602 ::= { bfdSessEntry 19 } 604 bfdSessGTSM OBJECT-TYPE 605 SYNTAX TruthValue 606 MAX-ACCESS read-create 607 STATUS current 608 DESCRIPTION 609 "Setting the value of this object to true(1) will enable GTSM 610 protection of the BFD session. GTSM MUST be enabled on a 611 singleHop(1) session if no authentication is in use." 612 REFERENCE 613 "RFC 5082 - The Generalized TTL Security Mechanism (GTSM). 614 draft-ietf-bfd-v4v6-1hop-08, Sec. 5" 615 DEFVAL { false } 616 ::= { bfdSessEntry 20 } 618 bfdSessGTSMTTL OBJECT-TYPE 619 SYNTAX Unsigned32 (0..255) 620 MAX-ACCESS read-create 621 STATUS current 622 DESCRIPTION 623 "This object is valid only when bfdSessGTSM protection is 624 enabled on the system. This object specifies the minimum 625 allowed TTL for received BFD control packets. For 626 singleHop(1) session, if GTSM protection is enabled, 627 this object SHOULD be set to maximum TTL allowed for 628 single hop." 629 REFERENCE 630 "RFC 5082 - The Generalized TTL Security Mechanism (GTSM). 631 draft-ietf-bfd-v4v6-1hop-08, Sec. 5" 632 DEFVAL { 0 } 633 ::= { bfdSessEntry 21 } 635 bfdSessDesiredMinTxInterval OBJECT-TYPE 636 SYNTAX BfdInterval 637 MAX-ACCESS read-create 638 STATUS current 639 DESCRIPTION 640 "This object specifies the minimum interval, in 641 microseconds, that the local system would like to use when 642 transmitting BFD Control packets." 643 ::= { bfdSessEntry 22 } 645 bfdSessReqMinRxInterval OBJECT-TYPE 646 SYNTAX BfdInterval 647 MAX-ACCESS read-create 648 STATUS current 649 DESCRIPTION 650 "This object specifies the minimum interval, in 651 microseconds, between received BFD Control packets the 652 local system is capable of supporting." 653 ::= { bfdSessEntry 23 } 655 bfdSessReqMinEchoRxInterval OBJECT-TYPE 656 SYNTAX BfdInterval 657 MAX-ACCESS read-create 658 STATUS current 659 DESCRIPTION 660 "This object specifies the minimum interval, in 661 microseconds, between received BFD Echo packets that this 662 system is capable of supporting." 663 ::= { bfdSessEntry 24 } 665 bfdSessDetectMult OBJECT-TYPE 666 SYNTAX Unsigned32 667 MAX-ACCESS read-create 668 STATUS current 669 DESCRIPTION 670 "This object specifies the Detect time multiplier." 671 ::= { bfdSessEntry 25 } 673 bfdSessNegotiatedInterval OBJECT-TYPE 674 SYNTAX BfdInterval 675 MAX-ACCESS read-only 676 STATUS current 677 DESCRIPTION 678 "This object specifies the negotiated interval, in 679 microseconds, that the local system is transmitting 680 BFD Control packets." 681 ::= { bfdSessEntry 26 } 683 bfdSessNegotiatedEchoInterval OBJECT-TYPE 684 SYNTAX BfdInterval 685 MAX-ACCESS read-only 686 STATUS current 687 DESCRIPTION 688 "This object specifies the negotiated interval, in 689 microseconds, that the local system is transmitting 690 BFD echo packets. Value is expected to be zero if 691 the sessions is not running in echo mode." 692 ::= { bfdSessEntry 27 } 694 bfdSessNegotiatedDetectMult OBJECT-TYPE 695 SYNTAX Unsigned32 696 MAX-ACCESS read-only 697 STATUS current 698 DESCRIPTION 699 "This object specifies the Detect time multiplier." 700 ::= { bfdSessEntry 28 } 702 bfdSessAuthPresFlag OBJECT-TYPE 703 SYNTAX TruthValue 704 MAX-ACCESS read-only 705 STATUS current 706 DESCRIPTION 707 "This object indicates that the local system's 708 desire to use Authentication. Specifically, it is set 709 to true(1) if the local system wishes the session 710 to be authenticated or false(2) if not." 711 REFERENCE 712 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 713 DEFVAL { false } 714 ::= { bfdSessEntry 29 } 716 bfdSessAuthenticationType OBJECT-TYPE 717 SYNTAX INTEGER { 718 reserved(0), 719 simplePassword(1), 720 keyedMD5(2), 721 meticulousKeyedMD5(3), 722 keyedSHA1(4), 723 meticulousKeyedSHA1(5) 724 } 725 MAX-ACCESS read-only 726 STATUS current 727 DESCRIPTION 728 "The Authentication Type used for this BFD session. 729 This field is valid only when the Authentication 730 Present bit is set." 731 REFERENCE 732 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 733 ::= { bfdSessEntry 30 } 735 bfdSessAuthenticationKeyID OBJECT-TYPE 736 SYNTAX Integer32 (-1 | 0..255) 737 MAX-ACCESS read-only 738 STATUS current 739 DESCRIPTION 740 "The authentication key ID in use for this session. This 741 object permits multiple keys to be active simultaneously. 743 When bfdSessAuthPresFlag is false(2), then the value 744 of this object MUST be -1. The value -1 indicates that 745 no Authentication Key ID will be present in the optional 746 BFD Authentication Section." 747 REFERENCE 748 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 749 DEFVAL { -1 } 750 ::= { bfdSessEntry 31 } 752 bfdSessAuthenticationKey OBJECT-TYPE 753 SYNTAX OCTET STRING (SIZE (0..252)) 754 MAX-ACCESS read-only 755 STATUS current 756 DESCRIPTION 757 "The authentication key. When the 758 bfdSessAuthenticationType is simplePassword(1), the value 759 of this object is the password present in the BFD packets. 761 When the bfdSessAuthentication type is one of the keyed 762 authentication types, this value is used in the 763 computation of the key present in the BFD authentication 764 packet." 765 REFERENCE 766 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 767 ::= { bfdSessEntry 32 } 769 bfdSessStorType OBJECT-TYPE 770 SYNTAX StorageType 771 MAX-ACCESS read-create 772 STATUS current 773 DESCRIPTION 774 "This variable indicates the storage type for this 775 object. Conceptual rows having the value 776 'permanent' need not allow write-access to any 777 columnar objects in the row." 778 ::= { bfdSessEntry 33 } 780 bfdSessRowStatus OBJECT-TYPE 781 SYNTAX RowStatus 782 MAX-ACCESS read-create 783 STATUS current 784 DESCRIPTION 785 "This variable is used to create, modify, and/or 786 delete a row in this table. When a row in this 787 table has a row in the active(1) state, no 788 objects in this row can be modified except the 789 bfdSessRowStatus and bfdSessStorageType." 790 ::= { bfdSessEntry 34 } 792 -- BFD Session Performance Table 794 bfdSessPerfTable OBJECT-TYPE 795 SYNTAX SEQUENCE OF BfdSessPerfEntry 796 MAX-ACCESS not-accessible 797 STATUS current 798 DESCRIPTION 799 "This table specifies BFD Session performance counters." 800 ::= { bfdObjects 3 } 802 bfdSessPerfEntry OBJECT-TYPE 803 SYNTAX BfdSessPerfEntry 804 MAX-ACCESS not-accessible 805 STATUS current 806 DESCRIPTION 807 "An entry in this table is created by a BFD-enabled node for 808 every BFD Session. bfdCounterDiscontinuityTime is used to 809 indicate potential discontinuity for all counter objects 810 in this table." 811 AUGMENTS { bfdSessEntry } 812 ::= { bfdSessPerfTable 1 } 814 BfdSessPerfEntry ::= SEQUENCE { 815 bfdSessPerfPktIn Counter32, 816 bfdSessPerfPktOut Counter32, 817 bfdSessUpTime TimeStamp, 818 bfdSessPerfLastSessDownTime TimeStamp, 819 bfdSessPerfLastCommLostDiag BfdDiag, 820 bfdSessPerfSessUpCount Counter32, 821 bfdSessPerfDiscTime TimeStamp, 823 -- High Capacity Counters 824 bfdSessPerfPktInHC Counter64, 825 bfdSessPerfPktOutHC Counter64 826 } 828 -- Ed Note: should we add per-diag code counts here, 830 bfdSessPerfPktIn OBJECT-TYPE 831 SYNTAX Counter32 832 MAX-ACCESS read-only 833 STATUS current 834 DESCRIPTION 835 "The total number of BFD messages received for this BFD 836 session." 837 ::= { bfdSessPerfEntry 1 } 839 bfdSessPerfPktOut OBJECT-TYPE 840 SYNTAX Counter32 841 MAX-ACCESS read-only 842 STATUS current 843 DESCRIPTION 844 "The total number of BFD messages sent for this BFD 845 session." 846 ::= { bfdSessPerfEntry 2 } 848 bfdSessUpTime OBJECT-TYPE 849 SYNTAX TimeStamp 850 MAX-ACCESS read-only 851 STATUS current 852 DESCRIPTION 853 "The value of sysUpTime on the most recent occasion at which 854 the session came up. If no such up event exists this object 855 contains a zero value." 856 ::= { bfdSessPerfEntry 3 } 858 bfdSessPerfLastSessDownTime OBJECT-TYPE 859 SYNTAX TimeStamp 860 MAX-ACCESS read-only 861 STATUS current 862 DESCRIPTION 863 "The value of sysUpTime on the most recent occasion at 864 which the last time communication was lost with the 865 neighbor. If no such down event exist this object 866 contains a zero value." 867 ::= { bfdSessPerfEntry 4 } 869 bfdSessPerfLastCommLostDiag OBJECT-TYPE 870 SYNTAX BfdDiag 871 MAX-ACCESS read-only 872 STATUS current 873 DESCRIPTION 874 "The BFD diag code for the last time communication was lost 875 with the neighbor. If no such down event exists this object 876 contains a zero value." 877 ::= { bfdSessPerfEntry 5 } 879 bfdSessPerfSessUpCount OBJECT-TYPE 880 SYNTAX Counter32 881 MAX-ACCESS read-only 882 STATUS current 883 DESCRIPTION 884 "The number of times this session has gone into the Up 885 state since the system last rebooted." 886 ::= { bfdSessPerfEntry 6 } 888 bfdSessPerfDiscTime OBJECT-TYPE 889 SYNTAX TimeStamp 890 MAX-ACCESS read-only 891 STATUS current 892 DESCRIPTION 893 "The value of sysUpTime on the most recent occasion at 894 which any one or more of the session counters suffered 895 a discontinuity. 896 The relevant counters are the specific instances associated 897 with this BFD session of any Counter32 object contained in 898 the BfdSessPerfTable. If no such discontinuities have 899 occurred since the last re-initialization of the local 900 management subsystem, then this object contains a zero 901 value." 902 ::= { bfdSessPerfEntry 7 } 904 bfdSessPerfPktInHC OBJECT-TYPE 905 SYNTAX Counter64 906 MAX-ACCESS read-only 907 STATUS current 908 DESCRIPTION 909 "This value represents the total number of BFD messages 910 received for this BFD session. It MUST be equal to the 911 least significant 32 bits of bfdSessPerfPktIn 912 if bfdSessPerfPktInHC is supported according to 913 the rules spelled out in RFC2863." 914 ::= { bfdSessPerfEntry 8 } 916 bfdSessPerfPktOutHC OBJECT-TYPE 917 SYNTAX Counter64 918 MAX-ACCESS read-only 919 STATUS current 920 DESCRIPTION 921 "This value represents the total number of 922 total number of BFD messages transmitted for this 923 BFD session. It MUST be equal to the 924 least significant 32 bits of bfdSessPerfPktIn 925 if bfdSessPerfPktOutHC is supported according to 926 the rules spelled out in RFC2863." 927 ::= { bfdSessPerfEntry 9 } 929 -- BFD Session Discriminator Mapping Table 931 bfdSessDiscMapTable OBJECT-TYPE 932 SYNTAX SEQUENCE OF BfdSessDiscMapEntry 933 MAX-ACCESS not-accessible 934 STATUS current 935 DESCRIPTION 936 "The BFD Session Discriminator Mapping Table maps a 937 local discriminator value to associated BFD sessions' 938 BfdSessIndexTC used in the bfdSessionTable." 939 ::= { bfdObjects 4 } 941 bfdSessDiscMapEntry OBJECT-TYPE 942 SYNTAX BfdSessDiscMapEntry 943 MAX-ACCESS not-accessible 944 STATUS current 945 DESCRIPTION 946 "The BFD Session Discriminator Map Entry describes 947 BFD session that is mapped to this BfdSessIndexTC." 948 INDEX { bfdSessDiscriminator } 949 ::= { bfdSessDiscMapTable 1 } 951 BfdSessDiscMapEntry ::= SEQUENCE { 952 bfdSessDiscMapIndex BfdSessIndexTC 953 } 955 bfdSessDiscMapIndex OBJECT-TYPE 956 SYNTAX BfdSessIndexTC 957 MAX-ACCESS read-only 958 STATUS current 959 DESCRIPTION 960 "This object specifies the BfdIndex referred to by 961 the indexes of this row. In essence, a mapping is 962 provided between these indexes and the BfdSessTable." 963 ::= { bfdSessDiscMapEntry 1 } 965 -- BFD Session IP Mapping Table 967 bfdSessIpMapTable OBJECT-TYPE 968 SYNTAX SEQUENCE OF BfdSessIpMapEntry 969 MAX-ACCESS not-accessible 970 STATUS current 971 DESCRIPTION 972 "The BFD Session IP Mapping Table maps given 973 bfdSessInterface, bfdSessAddrType, and bfdSessAddr 974 to an associated BFD sessions' BfdSessIndexTC used in 975 the bfdSessionTable. This table SHOULD contains those 976 BFD sessions of singleHop(1) type." 978 ::= { bfdObjects 5 } 980 bfdSessIpMapEntry OBJECT-TYPE 981 SYNTAX BfdSessIpMapEntry 982 MAX-ACCESS not-accessible 983 STATUS current 984 DESCRIPTION 985 "The BFD Session IP Map Entry describes 986 BFD session that is mapped to this BfdSessIndexTC." 987 INDEX { 988 bfdSessInterface, 989 bfdSessAddrType, 990 bfdSessAddr 991 } 992 ::= { bfdSessIpMapTable 1 } 994 BfdSessIpMapEntry ::= SEQUENCE { 995 bfdSessIpMapIndex BfdSessIndexTC 996 } 998 bfdSessIpMapIndex OBJECT-TYPE 999 SYNTAX BfdSessIndexTC 1000 MAX-ACCESS read-only 1001 STATUS current 1002 DESCRIPTION 1003 "This object specifies the BfdIndex referred to by 1004 the indexes of this row. In essence, a mapping is 1005 provided between these indexes and the BfdSessTable." 1006 ::= { bfdSessIpMapEntry 1 } 1008 -- Notification Configuration 1010 bfdSessUp NOTIFICATION-TYPE 1011 OBJECTS { 1012 bfdSessDiag, -- low range value 1013 bfdSessDiag -- high range value 1014 } 1015 STATUS current 1016 DESCRIPTION 1017 "This notification is generated when the 1018 bfdSessState object for one or more contiguous 1019 entries in bfdSessTable are about to enter the up(4) 1020 state from some other state. The included values of 1021 bfdSessDiag MUST both be set equal to this 1022 new state (i.e: up(4)). The two instances of 1023 bfdSessDiag in this notification indicate the range 1024 of indexes that are affected. Note that all the indexes 1025 of the two ends of the range can be derived from the 1026 instance identifiers of these two objects. For the 1027 cases where a contiguous range of sessions 1028 have transitioned into the up(4) state at roughly 1029 the same time, the device SHOULD issue a single 1030 notification for each range of contiguous indexes in 1031 an effort to minimize the emission of a large number 1032 of notifications. If a notification has to be 1033 issued for just a single bfdSessEntry, then 1034 the instance identifier (and values) of the two 1035 bfdSessDiag objects MUST be the identical." 1036 ::= { bfdNotifications 1 } 1038 bfdSessDown NOTIFICATION-TYPE 1039 OBJECTS { 1040 bfdSessDiag, -- low range value 1041 bfdSessDiag -- high range value 1042 } 1043 STATUS current 1044 DESCRIPTION 1045 "This notification is generated when the 1046 bfdSessState object for one or more contiguous 1047 entries in bfdSessTable are about to enter the down(2) 1048 or adminDown(1) states from some other state. The included 1049 values of bfdSessDiag MUST both be set equal to this new 1050 state (i.e: down(2) or adminDown(1)). The two instances 1051 of bfdSessDiag in this notification indicate the range 1052 of indexes that are affected. Note that all the indexes 1053 of the two ends of the range can be derived from the 1054 instance identifiers of these two objects. For 1055 cases where a contiguous range of sessions 1056 have transitioned into the down(2) or adminDown(1) states 1057 at roughly the same time, the device SHOULD issue a single 1058 notification for each range of contiguous indexes in 1059 an effort to minimize the emission of a large number 1060 of notifications. If a notification has to be 1061 issued for just a single bfdSessEntry, then 1062 the instance identifier (and values) of the two 1063 bfdSessDiag objects MUST be the identical." 1064 ::= { bfdNotifications 2 } 1066 -- Ed Note: We need to add notification for changes 1067 -- when the two ends automatically negotiate to a new detection time 1068 -- value or when detection multiplier changes. 1069 -- Similarly, changes in the operating mode (bfdSessOperMode) 1070 -- also need to be notified. 1072 -- Module compliance. 1074 bfdGroups 1075 OBJECT IDENTIFIER ::= { bfdConformance 1 } 1077 bfdCompliances 1078 OBJECT IDENTIFIER ::= { bfdConformance 2 } 1080 -- Compliance requirement for fully compliant implementations. 1082 bfdModuleFullCompliance MODULE-COMPLIANCE 1083 STATUS current 1084 DESCRIPTION "Compliance statement for agents that provide full 1085 support for BFD-MIB. Such devices can 1086 then be monitored and also be configured using 1087 this MIB module." 1088 MODULE -- This module. 1089 MANDATORY-GROUPS { 1090 bfdSessionGroup, 1091 bfdSessionReadOnlyGroup, 1092 bfdSessionPerfGroup, 1093 bfdSessionPerfHCGroup, 1094 bfdNotificationGroup 1095 } 1097 GROUP bfdSessionPerfHCGroup 1098 DESCRIPTION "This group is mandatory for those bfdPerfTable 1099 entries for which any of the objects 1100 bfdSessPerfPktInHC or bfdSessPerfPktOutHC 1101 wraps around too quickly 1102 based on the criteria specified in RFC 2863 for 1103 high-capacity counters." 1105 GROUP bfdNotificationGroup 1106 DESCRIPTION "This group is only mandatory for those 1107 implementations which can efficiently implement 1108 the notifications contained in this group." 1110 OBJECT bfdSessAddrType 1111 SYNTAX InetAddressType { 1112 unknown(0), 1113 ipv4(1), 1114 ipv6(2), 1115 ipv6z(4) 1116 } 1117 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1118 support are required." 1120 OBJECT bfdSessAddr 1121 SYNTAX InetAddress (SIZE (0|4|16|20)) 1122 DESCRIPTION "An implementation is only required to support 1123 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1125 ::= { bfdCompliances 1 } 1127 -- Units of conformance. 1129 bfdSessionGroup OBJECT-GROUP 1130 OBJECTS { 1131 bfdSessNotificationsEnable, 1132 bfdAdminStatus, 1133 bfdSessVersionNumber, 1134 bfdSessSourceUdpPort, 1135 bfdSessEchoSourceUdpPort, 1136 bfdSessAdminStatus, 1137 bfdSessDiag, 1138 bfdSessDemandModeDesiredFlag, 1139 bfdSessInterface, 1140 bfdSessAddrType, 1141 bfdSessAddr, 1142 bfdSessGTSM, 1143 bfdSessGTSMTTL, 1144 bfdSessDesiredMinTxInterval, 1145 bfdSessReqMinRxInterval, 1146 bfdSessReqMinEchoRxInterval, 1147 bfdSessDetectMult, 1148 bfdSessStorType, 1149 bfdSessRowStatus 1150 } 1151 STATUS current 1152 DESCRIPTION 1153 "Collection of objects needed for BFD sessions." 1154 ::= { bfdGroups 1 } 1156 bfdSessionReadOnlyGroup OBJECT-GROUP 1157 OBJECTS { 1158 bfdSessType, 1159 bfdSessMultiHopUniLinkMode, 1160 bfdSessDiscriminator, 1161 bfdSessRemoteDiscr, 1162 bfdSessDestinationUdpPort, 1163 bfdSessState, 1164 bfdSessRemoteHeardFlag, 1165 bfdSessOperMode, 1166 bfdSessControlPlaneIndepFlag, 1167 bfdSessNegotiatedInterval, 1168 bfdSessNegotiatedEchoInterval, 1169 bfdSessNegotiatedDetectMult, 1170 bfdSessAuthPresFlag, 1171 bfdSessAuthenticationType, 1172 bfdSessAuthenticationKeyID, 1173 bfdSessAuthenticationKey, 1174 bfdSessDiscMapIndex, 1175 bfdSessIpMapIndex 1176 } 1177 STATUS current 1178 DESCRIPTION 1179 "Collection of read-only objects needed for BFD sessions." 1180 ::= { bfdGroups 2 } 1182 bfdSessionPerfGroup OBJECT-GROUP 1183 OBJECTS { 1184 bfdSessPerfPktIn, 1185 bfdSessPerfPktOut, 1186 bfdSessUpTime, 1187 bfdSessPerfLastSessDownTime, 1188 bfdSessPerfLastCommLostDiag, 1189 bfdSessPerfSessUpCount, 1190 bfdSessPerfDiscTime 1191 } 1192 STATUS current 1193 DESCRIPTION 1194 "Collection of objects needed to monitor the 1195 performance of BFD sessions." 1196 ::= { bfdGroups 3 } 1198 bfdSessionPerfHCGroup OBJECT-GROUP 1199 OBJECTS { 1200 bfdSessPerfPktInHC, 1201 bfdSessPerfPktOutHC 1202 } 1203 STATUS current 1204 DESCRIPTION 1205 "Collection of objects needed to monitor the 1206 performance of BFD sessions for which the 1207 values of bfdSessPerfPktIn, bfdSessPerfPktOut 1208 wrap around too quickly." 1209 ::= { bfdGroups 4 } 1211 bfdNotificationGroup NOTIFICATION-GROUP 1212 NOTIFICATIONS { 1213 bfdSessUp, 1214 bfdSessDown 1215 } 1216 STATUS current 1217 DESCRIPTION 1218 "Set of notifications implemented in this 1219 module." 1220 ::= { bfdGroups 5 } 1222 END 1224 7. Security Considerations 1226 As BFD may be tied into the stability of the network infrastructure 1227 (such as routing protocols), the effects of an attack on a BFD 1228 session may be very serious. This ultimately has denial-of-service 1229 effects, as links may be declared to be down (or falsely declared to 1230 be up.) As such, improper manipulation of the objects represented by 1231 this MIB may result in denial of service to a large number of end- 1232 users. 1234 There are a number of management objects defined in this MIB module 1235 with a MAX-ACCESS clause of read-write and/or read-create. Such 1236 objects may be considered sensitive or vulnerable in some network 1237 environments. The support for SET operations in a non-secure 1238 environment without proper protection can have a negative effect on 1239 network operations. These are the tables and objects and their 1240 sensitivity/vulnerability: 1242 o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from 1243 start to stop, can cause significant disruption of the 1244 connectivity to those portions of the Internet reached via the 1245 applicable remote BFD peer. 1247 o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, 1248 bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change 1249 of this object can cause connections to be disrupted for extremely 1250 long time periods when otherwise they would be restored in a 1251 relatively short period of time. 1253 There are a number of management objects defined in this MIB module 1254 with a MAX-ACCESS clause of read-write and/or read-create. Such 1255 objects may be considered sensitive or vulnerable in some network 1256 environments. It is thus important to control even GET and/or NOTIFY 1257 access to these objects and possibly to even encrypt the values of 1258 these objects when sending them over the network via SNMP. 1260 o The bfdSessTable may be used to directly configure BFD sessions. 1261 The bfdSessMapTable can be used indirectly in the same way. 1262 Unauthorized access to objects in this table could result in 1263 disruption of traffic on the network. This is especially true if 1264 an unauthorized user configures enough tables to invoke a denial 1265 of service attack on the device where they are configured, or on a 1266 remote device where the sessions terminate. 1268 Some of the readable objects in this MIB module (i.e., objects with a 1269 MAX-ACCESS other than not-accessible) may be considered sensitive or 1270 vulnerable in some network environments. It is thus important to 1271 control even GET and/or NOTIFY access to these objects and possibly 1272 to even encrypt the values of these objects when sending them over 1273 the network via SNMP. These are the tables and objects and their 1274 sensitivity/vulnerability: 1276 o The bfdSessPerfTable both allows access to the performance 1277 characteristics of BFD sessions. Network administrators not 1278 wishing to show this information should consider this table 1279 sensitive. 1281 The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and 1282 bfdSessAuthenticationKey objects hold security methods and associated 1283 security keys of BFD sessions. These objects SHOULD be considered 1284 highly sensitive objects. In order for these sensitive information 1285 from being improperly accessed, implementors MAY wish to disallow 1286 read access to these objects. 1288 SNMP versions prior to SNMPv3 did not include adequate security. 1289 Even if the network itself is secure "for example by using IPSec", 1290 even then, there is no control as to who on the secure network is 1291 allowed to access and GET/SET "read/change/create/delete" the objects 1292 in these MIB modules. 1294 It is RECOMMENDED that implementers consider the security features as 1295 provided by the SNMPv3 framework "see [RFC3410], section 8", 1296 including full support for the SNMPv3 cryptographic mechanisms "for 1297 authentication and privacy". 1299 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1300 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1301 enable cryptographic security. It is then a customer/operator 1302 responsibility to ensure that the SNMP entity giving access to an 1303 instance of this MIB module, is properly configured to give access to 1304 the objects only to those principals "users" that have legitimate 1305 rights to indeed GET or SET "change/create/delete" them. 1307 8. IANA Considerations 1309 The MIB module in this document uses the following IANA-assigned 1310 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1312 Descriptor OBJECT IDENTIFIER value 1313 ---------- ----------------------- 1315 bfdMib { mib-2 XXX } 1317 [Editor's Note (to be removed prior to publication): the IANA is 1318 requested to assign a value for "XXX" under the 'mib-2' subtree and 1319 to record the assignment in the SMI Numbers registry. When the 1320 assignment has been made, the RFC Editor is asked to replace "XXX" 1321 (here and in the MIB module) with the assigned value and to remove 1322 this note.] 1324 This document also requests IANA to manage the registry for the 1325 BfdDiag object. 1327 9. References 1329 9.1. Normative References 1331 [BFD] Katz, D. and D. Ward, "Bidirectional Forwarding 1332 Detection", ID Document: draft-ietf-bfd-base-08.txt, 1333 March 2008. 1335 [BFD-1HOP] 1336 Katz, D. and D. Ward, "BFD for IPv4 and IPv6 (Single 1337 Hop)", ID Document: draft-ietf-bfd-v4v6-1hop-08.txt, 1338 March 2008. 1340 [BFD-MH] Katz, D. and D. Ward, "BFD for Multihop Paths", 1341 ID Document: draft-ietf-bfd-multihop-06.txt, January 2008. 1343 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1344 Schoenwaelder, Ed., "Structure of Management Information 1345 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1347 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1348 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1349 STD 58, RFC 2579, April 1999. 1351 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1352 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1353 April 1999. 1355 9.2. Informative References 1357 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1358 Requirement Levels", BCP 14, RFC 2119, March 1997. 1360 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1361 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 1362 October 1998. 1364 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1365 MIB", RFC 2863, June 2000. 1367 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1368 "Introduction and Applicability Statements for Internet- 1369 Standard Management Framework", RFC 3410, December 2002. 1371 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 1372 Management Protocol (SNMP) Applications", STD 62, 1373 RFC 3413, December 2002. 1375 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1376 Schoenwaelder, "Textual Conventions for Internet Network 1377 Addresses", RFC 4001, February 2005. 1379 Appendix A. Acknowledgments 1381 We would like to thank David Ward, Jeffrey Haas, Reshad Rahman, David 1382 Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara 1383 Sreenivasa for their comments and suggestions. 1385 Authors' Addresses 1387 Thomas D. Nadeau 1388 BT 1389 BT Centre 1390 81 Newgate Street 1391 London EC1A 7AJ 1392 United Kingdom 1394 Email: tom.nadeau@bt.com 1396 Zafar Ali 1397 Cisco Systems, Inc. 1398 2000 Innovation Drive 1399 Kanata, Ontario K2K 3E8 1400 Canada 1402 Email: zali@cisco.com 1403 Nobo Akiya 1404 Cisco Systems G.K. 1405 Shinjuku Mitsui Building 1406 2-1-1 Nishi-Shinjuku, Shinjuku-Ku 1407 Tokyo 163-0409 1408 Japan 1410 Email: nobo@cisco.com 1412 Full Copyright Statement 1414 Copyright (C) The IETF Trust (2008). 1416 This document is subject to the rights, licenses and restrictions 1417 contained in BCP 78, and except as set forth therein, the authors 1418 retain all their rights. 1420 This document and the information contained herein are provided on an 1421 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1422 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1423 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1424 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1425 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1426 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1428 Intellectual Property 1430 The IETF takes no position regarding the validity or scope of any 1431 Intellectual Property Rights or other rights that might be claimed to 1432 pertain to the implementation or use of the technology described in 1433 this document or the extent to which any license under such rights 1434 might or might not be available; nor does it represent that it has 1435 made any independent effort to identify any such rights. Information 1436 on the procedures with respect to rights in RFC documents can be 1437 found in BCP 78 and BCP 79. 1439 Copies of IPR disclosures made to the IETF Secretariat and any 1440 assurances of licenses to be made available, or the result of an 1441 attempt made to obtain a general license or permission for the use of 1442 such proprietary rights by implementers or users of this 1443 specification can be obtained from the IETF on-line IPR repository at 1444 http://www.ietf.org/ipr. 1446 The IETF invites any interested party to bring to its attention any 1447 copyrights, patents or patent applications, or other proprietary 1448 rights that may cover technology that may be required to implement 1449 this standard. Please address the information to the IETF at 1450 ietf-ipr@ietf.org.