idnits 2.17.1 draft-ietf-bfd-mib-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 26, 2009) is 5471 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2434' is defined on line 1375, but no explicit reference was found in the text == Outdated reference: A later version (-11) exists of draft-ietf-bfd-base-08 == Outdated reference: A later version (-11) exists of draft-ietf-bfd-v4v6-1hop-08 == Outdated reference: A later version (-09) exists of draft-ietf-bfd-multihop-06 -- Obsolete informational reference (is this intentional?): RFC 2434 (Obsoleted by RFC 5226) Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BFD Working Group T. Nadeau 3 Internet-Draft BT 4 Intended status: Standards Track Z. Ali 5 Expires: October 28, 2009 Cisco Systems, Inc. 6 N. Akiya 7 Cisco Systems G.K. 8 April 26, 2009 10 BFD Management Information Base 11 draft-ietf-bfd-mib-07 13 Status of this Memo 15 This Internet-Draft is submitted to IETF in full conformance with the 16 provisions of BCP 78 and BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on October 28, 2009. 36 Copyright Notice 38 Copyright (c) 2009 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents in effect on the date of 43 publication of this document (http://trustee.ietf.org/license-info). 44 Please review these documents carefully, as they describe your rights 45 and restrictions with respect to this document. 47 Abstract 49 This draft defines a portion of the Management Information Base (MIB) 50 for use with network management protocols in the Internet community. 51 In particular, it describes managed objects for modeling 52 Bidirectional Forwarding Detection (BFD) protocol. 54 Table of Contents 56 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 57 2. The Internet-Standard Management Framework . . . . . . . . . . 3 58 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 5. Brief Description of MIB Objects . . . . . . . . . . . . . . . 3 61 5.1. General Variables . . . . . . . . . . . . . . . . . . . . 4 62 5.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 4 63 5.3. Session Performance Table (bfdSessionPerfTable) . . . . . 4 64 5.4. BFD Session Discriminator Mapping Table 65 (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 4 66 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . . 4 67 6. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . . 4 68 7. Security Considerations . . . . . . . . . . . . . . . . . . . 27 69 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 70 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 71 9.1. Normative References . . . . . . . . . . . . . . . . . . . 29 72 9.2. Informative References . . . . . . . . . . . . . . . . . . 30 73 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 30 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 76 1. Requirements notation 78 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 79 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 80 document are to be interpreted as described in [RFC2119]. 82 2. The Internet-Standard Management Framework 84 For a detailed overview of the documents that describe the current 85 Internet-Standard Management Framework, please refer to section 7 of 86 [RFC3410]. 88 Managed objects are accessed via a virtual information store, termed 89 the Management Information Base or MIB. MIB objects are generally 90 accessed through the Simple Network Management Protocol (SNMP). 91 Objects in the MIB are defined using the mechanisms defined in the 92 Structure of Management Information (SMI). This memo specifies a MIB 93 module that is compliant to the SMIv2, which is described in STD 58, 94 [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. 96 3. Introduction 98 This memo defines an portion of the Management Information Base (MIB) 99 for use with network management protocols in the Internet community. 100 In particular, it describes managed objects to configure and/or 101 monitor Bi-Directional Forwarding Detection for [BFD], [BFD-1HOP] and 102 [BFD-MH], BFD versions 0 and/or 1, on devices supporting this 103 feature. 105 Comments should be made directly to the BFD mailing list at 106 rtg-bfd@ietf.org. 108 4. Terminology 110 This document adopts the definitions, acronyms and mechanisms 111 described in [BFD], [BFD-1HOP] and [BFD-MH]. Unless otherwise 112 stated, the mechanisms described therein will not be re-described 113 here. 115 5. Brief Description of MIB Objects 117 This section describes objects pertaining to BFD. The MIB objects 118 are derived from [BFD] and [BFD-MH]. 120 5.1. General Variables 122 The General Variables are used to identify parameters that are global 123 to the BFD process. 125 5.2. Session Table (bfdSessionTable) 127 The session table is used to identify a BFD session between a pair of 128 nodes. 130 5.3. Session Performance Table (bfdSessionPerfTable) 132 The session performance table is used for collecting BFD performance 133 counts on a per session basis. This table is an AUGMENT to the 134 bfdSessionTable. 136 5.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) 138 The BFD Session Discriminator Mapping Table maps a local 139 discriminator value to associated BFD sessions' BfdSessIndexTC used 140 in the bfdSessionTable. 142 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) 144 The BFD Session IP Mapping Table maps, given bfdSessInterface, 145 bfdSessAddrType, and bfdSessAddr, to an associated BFD sessions' 146 BfdSessIndexTC used in the bfdSessionTable. This table SHOULD 147 contains those BFD sessions are of IP type. 149 6. BFD MIB Module Definitions 151 This MIB module makes references to the following documents. 152 [RFC2579], [RFC2580], [RFC2863], [RFC4001], and [RFC3413]. 154 BFD-STD-MIB DEFINITIONS ::= BEGIN 156 IMPORTS 157 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 158 mib-2, Integer32, Unsigned32, Counter32, Counter64 159 FROM SNMPv2-SMI 161 TEXTUAL-CONVENTION, TruthValue, RowStatus, 162 StorageType, TimeStamp 163 FROM SNMPv2-TC 165 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 166 FROM SNMPv2-CONF 168 InterfaceIndexOrZero 169 FROM IF-MIB 171 InetAddress, InetAddressType, InetPortNumber 172 FROM INET-ADDRESS-MIB; 174 bfdMib MODULE-IDENTITY 175 LAST-UPDATED "200904261200Z" -- 26 April 2009 12:00:00 EST 176 ORGANIZATION "IETF Bidirectional Forwarding Detection 177 Working Group" 178 CONTACT-INFO 179 "Thomas D. Nadeau 180 BT 181 Email: tom.nadeau@bt.com 183 Zafar Ali 184 Cisco Systems, Inc. 185 Email: zali@cisco.com 187 Nobo Akiya 188 Cisco Systems, G.K. 189 Email: nobo@cisco.com" 190 DESCRIPTION 191 "Bidirectional Forwarding Management Information Base." 192 REVISION "200904261200Z" -- 26 April 2009 12:00:00 EST 193 DESCRIPTION 194 "Initial version. Published as RFC xxxx." 195 -- RFC Ed.: RFC-editor pls fill in xxxx 196 ::= { mib-2 XXX } 197 -- RFC Ed.: assigned by IANA, see section 7.1 for details 199 -- Top level components of this MIB module. 201 bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } 203 bfdObjects OBJECT IDENTIFIER ::= { bfdMIB 1 } 205 bfdConformance OBJECT IDENTIFIER ::= { bfdMIB 2 } 207 bfdScalarObjects OBJECT IDENTIFIER ::= { bfdObjects 1 } 209 -- Textual Conventions 211 BfdSessIndexTC ::= TEXTUAL-CONVENTION 212 DISPLAY-HINT "d" 213 STATUS current 214 DESCRIPTION 215 "An index used to uniquely identify BFD sessions." 216 SYNTAX Unsigned32 (1..4294967295) 218 BfdInterval ::= TEXTUAL-CONVENTION 219 DISPLAY-HINT "d" 220 STATUS current 221 DESCRIPTION 222 "The BFD interval delay in microseconds." 223 SYNTAX Unsigned32 (0..4294967295) 225 BfdMultiplier ::= TEXTUAL-CONVENTION 226 DISPLAY-HINT "d" 227 STATUS current 228 DESCRIPTION 229 "The BFD failure detection multiplier." 230 SYNTAX Unsigned32 (1..255) 232 BfdDiag ::= TEXTUAL-CONVENTION 233 STATUS current 234 DESCRIPTION 235 "A common BFD diagnostic code." 236 SYNTAX INTEGER { 237 noDiagnostic(0), 238 controlDetectionTimeExpired(1), 239 echoFunctionFailed(2), 240 neighborSignaledSessionDown(3), 241 forwardingPlaneReset(4), 242 pathDown(5), 243 concatenatedPathDown(6), 244 administrativelyDown(7), 245 reverseConcatenatedPathDown(8) 246 } 248 -- BFD General Variables 250 -- These parameters apply globally to the Systems' 251 -- BFD Process. 253 bfdAdminStatus OBJECT-TYPE 254 SYNTAX INTEGER { 255 enabled(1), 256 disabled(2) 257 } 258 MAX-ACCESS read-write 259 STATUS current 260 DESCRIPTION 261 "The global administrative status of BFD in this router. 263 The value 'enabled' denotes that the BFD Process is 264 active on at least one interface; 'disabled' disables 265 it on all interfaces." 266 DEFVAL { enabled } 267 ::= { bfdScalarObjects 1 } 269 bfdSessNotificationsEnable OBJECT-TYPE 270 SYNTAX TruthValue 271 MAX-ACCESS read-write 272 STATUS current 273 DESCRIPTION 274 "If this object is set to true(1), then it enables 275 the emission of bfdSessUp and bfdSessDown 276 notifications; otherwise these notifications are not 277 emitted." 278 REFERENCE 279 "See also RFC3413 for explanation that 280 notifications are under the ultimate control of the 281 MIB modules in this document." 282 DEFVAL { false } 283 ::= { bfdScalarObjects 2 } 285 -- BFD Session Table 286 -- The BFD Session Table specifies BFD session specific 287 -- information. 289 bfdSessTable OBJECT-TYPE 290 SYNTAX SEQUENCE OF BfdSessEntry 291 MAX-ACCESS not-accessible 292 STATUS current 293 DESCRIPTION 294 "The BFD Session Table describes the BFD sessions." 295 REFERENCE 296 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 297 BFD Version 1 (draft-ietf-bfd-base-08.txt)" 298 ::= { bfdObjects 2 } 300 bfdSessEntry OBJECT-TYPE 301 SYNTAX BfdSessEntry 302 MAX-ACCESS not-accessible 303 STATUS current 304 DESCRIPTION 305 "The BFD Session Entry describes BFD session." 306 INDEX { bfdSessIndex } 307 ::= { bfdSessTable 1 } 309 BfdSessEntry ::= SEQUENCE { 310 bfdSessIndex BfdSessIndexTC, 311 bfdSessVersionNumber Unsigned32, 312 bfdSessType INTEGER, 313 bfdSessMultiHopUniLinkMode INTEGER, 314 bfdSessDiscriminator Unsigned32, 315 bfdSessRemoteDiscr Unsigned32, 316 bfdSessDestinationUdpPort InetPortNumber, 317 bfdSessSourceUdpPort InetPortNumber, 318 bfdSessEchoSourceUdpPort InetPortNumber, 319 bfdSessAdminStatus INTEGER, 320 bfdSessState INTEGER, 321 bfdSessRemoteHeardFlag TruthValue, 322 bfdSessDiag BfdDiag, 323 bfdSessOperMode INTEGER, 324 bfdSessDemandModeDesiredFlag TruthValue, 325 bfdSessControlPlaneIndepFlag TruthValue, 326 bfdSessInterface InterfaceIndexOrZero, 327 bfdSessAddrType InetAddressType, 328 bfdSessAddr InetAddress, 329 bfdSessGTSM TruthValue, 330 bfdSessGTSMTTL Unsigned32, 331 bfdSessDesiredMinTxInterval BfdInterval, 332 bfdSessReqMinRxInterval BfdInterval, 333 bfdSessReqMinEchoRxInterval BfdInterval, 334 bfdSessDetectMult BfdMultiplier, 335 bfdSessNegotiatedInterval BfdInterval, 336 bfdSessNegotiatedEchoInterval BfdInterval, 337 bfdSessNegotiatedDetectMult BfdMultiplier, 338 bfdSessAuthPresFlag TruthValue, 339 bfdSessAuthenticationType INTEGER, 340 bfdSessAuthenticationKeyID Integer32, 341 bfdSessAuthenticationKey OCTET STRING, 342 bfdSessStorType StorageType, 343 bfdSessRowStatus RowStatus 344 } 346 bfdSessIndex OBJECT-TYPE 347 SYNTAX BfdSessIndexTC 348 MAX-ACCESS not-accessible 349 STATUS current 350 DESCRIPTION 351 "This object contains an index used to represent a 352 unique BFD session on this device." 353 ::= { bfdSessEntry 1 } 355 bfdSessVersionNumber OBJECT-TYPE 356 SYNTAX Unsigned32 (0..7) 357 MAX-ACCESS read-create 358 STATUS current 359 DESCRIPTION 360 "The version number of the BFD protocol that this session 361 is running in. Write access is available for this object 362 to provide ability to set desired version for this 363 BFD session." 364 REFERENCE 365 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 366 BFD Version 1 (draft-ietf-bfd-base-08.txt)" 367 DEFVAL { 1 } 368 ::= { bfdSessEntry 2 } 370 bfdSessType OBJECT-TYPE 371 SYNTAX INTEGER { 372 singleHop(1), 373 multiHopTotallyArbitraryPaths(2), 374 multiHopOutOfBandSignaling(3), 375 multiHopUnidirectionalLinks(4) 376 } 377 MAX-ACCESS read-only 378 STATUS current 379 DESCRIPTION 380 "This object specifies the type of this BFD session." 381 REFERENCE 382 "draft-ietf-bfd-v4v6-1hop-08 and 383 draft-ietf-bfd-multihop-06" 384 ::= { bfdSessEntry 3 } 386 bfdSessMultiHopUniLinkMode OBJECT-TYPE 387 SYNTAX INTEGER { 388 none(1), 389 active(2), 390 passive(3) 391 } 392 MAX-ACCESS read-only 393 STATUS current 394 DESCRIPTION 395 "For bfdSessType of multiHopUnidirectionalLinks(4), this 396 object specifies whether this BFD session is running in 397 active(2) mode or passive(3) mode. For all other BFD 398 bfdSessType BFD sessions, none(1) MUST be specified." 399 REFERENCE 400 "draft-ietf-bfd-multihop-06, Section 3.3" 401 ::= { bfdSessEntry 4 } 403 bfdSessDiscriminator OBJECT-TYPE 404 SYNTAX Unsigned32 (1..4294967295) 405 MAX-ACCESS read-only 406 STATUS current 407 DESCRIPTION 408 "This object specifies the local discriminator for this BFD 409 session, used to uniquely identify it." 410 ::= { bfdSessEntry 5 } 412 bfdSessRemoteDiscr OBJECT-TYPE 413 SYNTAX Unsigned32 (0 | 1..4294967295) 414 MAX-ACCESS read-only 415 STATUS current 416 DESCRIPTION 417 "This object specifies the session discriminator chosen 418 by the remote system for this BFD session. The value may 419 be zero(0) if the remote discriminator is not yet known 420 or if the session is in the down or adminDown(1) state." 421 REFERENCE 422 "draft-ietf-bfd-base-08, Section 6.8.6." 423 ::= { bfdSessEntry 6 } 425 bfdSessDestinationUdpPort OBJECT-TYPE 426 SYNTAX InetPortNumber 427 MAX-ACCESS read-only 428 STATUS current 429 DESCRIPTION 430 "This object specifies the destination UDP port used for 431 this BFD session. The value maybe zero(0) if the session 432 is in adminDown(1) state." 433 REFERENCE 434 "Port 3784 (draft-ietf-bfd-v4v6-1hop-08), 435 Port 3785 (draft-ietf-bfd-v4v6-1hop-08), and 436 Port 4784 (draft-ietf-bfd-multihop-06)" 437 DEFVAL { 0 } 438 ::= { bfdSessEntry 7 } 440 bfdSessSourceUdpPort OBJECT-TYPE 441 SYNTAX InetPortNumber 442 MAX-ACCESS read-create 443 STATUS current 444 DESCRIPTION 445 "This object specifies the source UDP port of BFD control 446 packets for this BFD session. The value maybe zero(0) if 447 the session is in adminDown(1) state." 448 REFERENCE 449 "draft-ietf-bfd-v4v6-1hop-08 and 450 draft-ietf-bfd-multihop-06" 451 DEFVAL { 0 } 452 ::= { bfdSessEntry 8 } 454 bfdSessEchoSourceUdpPort OBJECT-TYPE 455 SYNTAX InetPortNumber 456 MAX-ACCESS read-create 457 STATUS current 458 DESCRIPTION 459 "This object specifies the source UDP port of BFD echo 460 packets for this BFD session. The value maybe zero(0) if 461 the session is not running in the echo mode, or the 462 session is in adminDown(1) state." 463 REFERENCE 464 "draft-ietf-bfd-v4v6-1hop-08 and 465 draft-ietf-bfd-multihop-06" 466 DEFVAL { 0 } 467 ::= { bfdSessEntry 9 } 469 bfdSessAdminStatus OBJECT-TYPE 470 SYNTAX INTEGER { 471 stop(1), 472 start(2) 473 } 474 MAX-ACCESS read-create 475 STATUS current 476 DESCRIPTION 477 "A transition from 'stop' to 'start' will start 478 the BFD state machine for the session. The state 479 machine will have an initial state of down. 480 A transition from 'start' to 'stop' will cause 481 the BFD sesssion to be brought down to 482 adminDown(1). Care should be used in providing 483 write access to this object without adequate 484 authentication." 485 DEFVAL { 2 } 486 ::= { bfdSessEntry 10 } 488 bfdSessState OBJECT-TYPE 489 SYNTAX INTEGER { 490 adminDown(1), 491 down(2), 492 init(3), 493 up(4), 494 failing(5) 495 } 496 MAX-ACCESS read-only 497 STATUS current 498 DESCRIPTION 499 "The perceived state of the BFD session. 500 BFD State failing(5) is only applicable if this BFD 501 session is running version 0. 502 Upon creation of a new BFD session via this MIB, the 503 suggested initial state is down(2)." 504 DEFVAL { 2 } 505 ::= { bfdSessEntry 11 } 507 bfdSessRemoteHeardFlag OBJECT-TYPE 508 SYNTAX TruthValue 509 MAX-ACCESS read-only 510 STATUS current 511 DESCRIPTION 512 "This object specifies status of BFD packet reception from 513 the remote system. Specifically, it is set to true(1) if 514 the local system is actively receiving BFD packets from the 515 remote system, and is set to false(2) if the local system 516 has not received BFD packets recently (within the detection 517 time) or if the local system is attempting to tear down 518 the BFD session." 519 REFERENCE 520 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 521 BFD Version 1 (draft-ietf-bfd-base-08.txt)" 522 DEFVAL { false } 523 ::= { bfdSessEntry 12 } 525 bfdSessDiag OBJECT-TYPE 526 SYNTAX BfdDiag 527 MAX-ACCESS accessible-for-notify 528 STATUS current 529 DESCRIPTION 530 "A diagnostic code specifying the local system's reason 531 for the last transition of the session from up(4) 532 to some other state." 533 ::= { bfdSessEntry 13 } 535 bfdSessOperMode OBJECT-TYPE 536 SYNTAX INTEGER { 537 asyncModeWEchoFun(1), 538 asynchModeWOEchoFun(2), 539 demandModeWEchoFunction(3), 540 demandModeWOEchoFunction(4) 541 } 542 MAX-ACCESS read-only 543 STATUS current 544 DESCRIPTION 545 "This object specifies current operating mode that BFD 546 session is operating in." 547 ::= { bfdSessEntry 14 } 549 bfdSessDemandModeDesiredFlag OBJECT-TYPE 550 SYNTAX TruthValue 551 MAX-ACCESS read-create 552 STATUS current 553 DESCRIPTION 554 "This object indicates that the local system's 555 desire to use Demand mode. Specifically, it is set 556 to true(1) if the local system wishes to use 557 Demand mode or false(2) if not" 558 DEFVAL { false } 559 ::= { bfdSessEntry 15 } 561 bfdSessControlPlaneIndepFlag OBJECT-TYPE 562 SYNTAX TruthValue 563 MAX-ACCESS read-only 564 STATUS current 565 DESCRIPTION 566 "This object indicates that the local system's 567 ability to continue to function through a disruption of 568 the control plane. Specifically, it is set 569 to true(1) if the local system BFD implementation is 570 independent of the control plane. Otherwise, the 571 value is set to false(2)" 572 DEFVAL { false } 573 ::= { bfdSessEntry 16 } 575 bfdSessInterface OBJECT-TYPE 576 SYNTAX InterfaceIndexOrZero 577 MAX-ACCESS read-create 578 STATUS current 579 DESCRIPTION 580 "This object contains an interface index used to indicate 581 the interface which this BFD session is running on. This 582 value can be zero if there is no interface associated 583 with this BFD session." 584 ::= { bfdSessEntry 17 } 586 bfdSessAddrType OBJECT-TYPE 587 SYNTAX InetAddressType 588 MAX-ACCESS read-create 589 STATUS current 590 DESCRIPTION 591 "This object specifies IP address type of the neighboring IP 592 address which is being monitored with this BFD session. 594 Only values unknown(0), ipv4(1), ipv6(2), or ipv6z(4) 595 have to be supported. 597 A value of unknown(0) is allowed only when 598 the outgoing interface is of type point-to-point, or 599 when the BFD session is not associated with a specific 600 interface. 602 If any other unsupported values are attempted in a set 603 operation, the agent MUST return an inconsistentValue 604 error." 605 ::= { bfdSessEntry 18 } 607 bfdSessAddr OBJECT-TYPE 608 SYNTAX InetAddress 609 MAX-ACCESS read-create 610 STATUS current 611 DESCRIPTION 612 "This object specifies the neighboring IP address which is 613 being monitored with this BFD session. 614 It can also be used to enabled BFD on a specific 615 interface. The value is set to zero when BFD session is not 616 associated with a specific interface." 617 ::= { bfdSessEntry 19 } 619 bfdSessGTSM OBJECT-TYPE 620 SYNTAX TruthValue 621 MAX-ACCESS read-create 622 STATUS current 623 DESCRIPTION 624 "Setting the value of this object to true(1) will enable GTSM 625 protection of the BFD session. GTSM MUST be enabled on a 626 singleHop(1) session if no authentication is in use." 627 REFERENCE 628 "RFC 5082 - The Generalized TTL Security Mechanism (GTSM). 629 draft-ietf-bfd-v4v6-1hop-08, Sec. 5" 630 DEFVAL { false } 631 ::= { bfdSessEntry 20 } 633 bfdSessGTSMTTL OBJECT-TYPE 634 SYNTAX Unsigned32 (0..255) 635 MAX-ACCESS read-create 636 STATUS current 637 DESCRIPTION 638 "This object is valid only when bfdSessGTSM protection is 639 enabled on the system. This object specifies the minimum 640 allowed TTL for received BFD control packets. For 641 singleHop(1) session, if GTSM protection is enabled, 642 this object SHOULD be set to maximum TTL allowed for 643 single hop." 644 REFERENCE 645 "RFC 5082 - The Generalized TTL Security Mechanism (GTSM). 646 draft-ietf-bfd-v4v6-1hop-08, Sec. 5" 648 DEFVAL { 0 } 649 ::= { bfdSessEntry 21 } 651 bfdSessDesiredMinTxInterval OBJECT-TYPE 652 SYNTAX BfdInterval 653 MAX-ACCESS read-create 654 STATUS current 655 DESCRIPTION 656 "This object specifies the minimum interval, in 657 microseconds, that the local system would like to use when 658 transmitting BFD Control packets." 659 ::= { bfdSessEntry 22 } 661 bfdSessReqMinRxInterval OBJECT-TYPE 662 SYNTAX BfdInterval 663 MAX-ACCESS read-create 664 STATUS current 665 DESCRIPTION 666 "This object specifies the minimum interval, in 667 microseconds, between received BFD Control packets the 668 local system is capable of supporting." 669 ::= { bfdSessEntry 23 } 671 bfdSessReqMinEchoRxInterval OBJECT-TYPE 672 SYNTAX BfdInterval 673 MAX-ACCESS read-create 674 STATUS current 675 DESCRIPTION 676 "This object specifies the minimum interval, in 677 microseconds, between received BFD Echo packets that this 678 system is capable of supporting." 679 ::= { bfdSessEntry 24 } 681 bfdSessDetectMult OBJECT-TYPE 682 SYNTAX BfdMultiplier 683 MAX-ACCESS read-create 684 STATUS current 685 DESCRIPTION 686 "This object specifies the Detect time multiplier." 687 ::= { bfdSessEntry 25 } 689 bfdSessNegotiatedInterval OBJECT-TYPE 690 SYNTAX BfdInterval 691 MAX-ACCESS read-only 692 STATUS current 693 DESCRIPTION 694 "This object specifies the negotiated interval, in 695 microseconds, that the local system is transmitting 696 BFD Control packets." 697 ::= { bfdSessEntry 26 } 699 bfdSessNegotiatedEchoInterval OBJECT-TYPE 700 SYNTAX BfdInterval 701 MAX-ACCESS read-only 702 STATUS current 703 DESCRIPTION 704 "This object specifies the negotiated interval, in 705 microseconds, that the local system is transmitting 706 BFD echo packets. Value is expected to be zero if 707 the sessions is not running in echo mode." 708 ::= { bfdSessEntry 27 } 710 bfdSessNegotiatedDetectMult OBJECT-TYPE 711 SYNTAX BfdMultiplier 712 MAX-ACCESS read-only 713 STATUS current 714 DESCRIPTION 715 "This object specifies the Detect time multiplier." 716 ::= { bfdSessEntry 28 } 718 bfdSessAuthPresFlag OBJECT-TYPE 719 SYNTAX TruthValue 720 MAX-ACCESS read-only 721 STATUS current 722 DESCRIPTION 723 "This object indicates that the local system's 724 desire to use Authentication. Specifically, it is set 725 to true(1) if the local system wishes the session 726 to be authenticated or false(2) if not." 727 REFERENCE 728 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 729 DEFVAL { false } 730 ::= { bfdSessEntry 29 } 732 bfdSessAuthenticationType OBJECT-TYPE 733 SYNTAX INTEGER { 734 reserved(0), 735 simplePassword(1), 736 keyedMD5(2), 737 meticulousKeyedMD5(3), 738 keyedSHA1(4), 739 meticulousKeyedSHA1(5) 740 } 741 MAX-ACCESS read-only 742 STATUS current 743 DESCRIPTION 744 "The Authentication Type used for this BFD session. 745 This field is valid only when the Authentication 746 Present bit is set." 747 REFERENCE 748 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 749 ::= { bfdSessEntry 30 } 751 bfdSessAuthenticationKeyID OBJECT-TYPE 752 SYNTAX Integer32 (-1 | 0..255) 753 MAX-ACCESS read-only 754 STATUS current 755 DESCRIPTION 756 "The authentication key ID in use for this session. This 757 object permits multiple keys to be active simultaneously. 759 When bfdSessAuthPresFlag is false(2), then the value 760 of this object MUST be -1. The value -1 indicates that 761 no Authentication Key ID will be present in the optional 762 BFD Authentication Section." 763 REFERENCE 764 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 765 DEFVAL { -1 } 766 ::= { bfdSessEntry 31 } 768 bfdSessAuthenticationKey OBJECT-TYPE 769 SYNTAX OCTET STRING (SIZE (0..252)) 770 MAX-ACCESS read-only 771 STATUS current 772 DESCRIPTION 773 "The authentication key. When the 774 bfdSessAuthenticationType is simplePassword(1), the value 775 of this object is the password present in the BFD packets. 777 When the bfdSessAuthentication type is one of the keyed 778 authentication types, this value is used in the 779 computation of the key present in the BFD authentication 780 packet." 781 REFERENCE 782 "draft-ietf-bfd-base-08, Sections 4.2 - 4.4" 783 ::= { bfdSessEntry 32 } 785 bfdSessStorType OBJECT-TYPE 786 SYNTAX StorageType 787 MAX-ACCESS read-create 788 STATUS current 789 DESCRIPTION 790 "This variable indicates the storage type for this 791 object. Conceptual rows having the value 792 'permanent' need not allow write-access to any 793 columnar objects in the row." 794 ::= { bfdSessEntry 33 } 796 bfdSessRowStatus OBJECT-TYPE 797 SYNTAX RowStatus 798 MAX-ACCESS read-create 799 STATUS current 800 DESCRIPTION 801 "This variable is used to create, modify, and/or 802 delete a row in this table. When a row in this 803 table has a row in the active(1) state, no 804 objects in this row can be modified except the 805 bfdSessRowStatus and bfdSessStorageType." 806 ::= { bfdSessEntry 34 } 808 -- BFD Session Performance Table 810 bfdSessPerfTable OBJECT-TYPE 811 SYNTAX SEQUENCE OF BfdSessPerfEntry 812 MAX-ACCESS not-accessible 813 STATUS current 814 DESCRIPTION 815 "This table specifies BFD Session performance counters." 816 ::= { bfdObjects 3 } 818 bfdSessPerfEntry OBJECT-TYPE 819 SYNTAX BfdSessPerfEntry 820 MAX-ACCESS not-accessible 821 STATUS current 822 DESCRIPTION 823 "An entry in this table is created by a BFD-enabled node for 824 every BFD Session. bfdCounterDiscontinuityTime is used to 825 indicate potential discontinuity for all counter objects 826 in this table." 827 AUGMENTS { bfdSessEntry } 828 ::= { bfdSessPerfTable 1 } 830 BfdSessPerfEntry ::= SEQUENCE { 831 bfdSessPerfPktIn Counter32, 832 bfdSessPerfPktOut Counter32, 833 bfdSessUpTime TimeStamp, 834 bfdSessPerfLastSessDownTime TimeStamp, 835 bfdSessPerfLastCommLostDiag BfdDiag, 836 bfdSessPerfSessUpCount Counter32, 837 bfdSessPerfDiscTime TimeStamp, 839 -- High Capacity Counters 840 bfdSessPerfPktInHC Counter64, 841 bfdSessPerfPktOutHC Counter64 842 } 844 -- Ed Note: should we add per-diag code counts here, 846 bfdSessPerfPktIn OBJECT-TYPE 847 SYNTAX Counter32 848 MAX-ACCESS read-only 849 STATUS current 850 DESCRIPTION 851 "The total number of BFD messages received for this BFD 852 session." 853 ::= { bfdSessPerfEntry 1 } 855 bfdSessPerfPktOut OBJECT-TYPE 856 SYNTAX Counter32 857 MAX-ACCESS read-only 858 STATUS current 859 DESCRIPTION 860 "The total number of BFD messages sent for this BFD 861 session." 862 ::= { bfdSessPerfEntry 2 } 864 bfdSessUpTime OBJECT-TYPE 865 SYNTAX TimeStamp 866 MAX-ACCESS read-only 867 STATUS current 868 DESCRIPTION 869 "The value of sysUpTime on the most recent occasion at which 870 the session came up. If no such up event exists this object 871 contains a zero value." 872 ::= { bfdSessPerfEntry 3 } 874 bfdSessPerfLastSessDownTime OBJECT-TYPE 875 SYNTAX TimeStamp 876 MAX-ACCESS read-only 877 STATUS current 878 DESCRIPTION 879 "The value of sysUpTime on the most recent occasion at 880 which the last time communication was lost with the 881 neighbor. If no such down event exist this object 882 contains a zero value." 883 ::= { bfdSessPerfEntry 4 } 885 bfdSessPerfLastCommLostDiag OBJECT-TYPE 886 SYNTAX BfdDiag 887 MAX-ACCESS read-only 888 STATUS current 889 DESCRIPTION 890 "The BFD diag code for the last time communication was lost 891 with the neighbor. If no such down event exists this object 892 contains a zero value." 893 ::= { bfdSessPerfEntry 5 } 895 bfdSessPerfSessUpCount OBJECT-TYPE 896 SYNTAX Counter32 897 MAX-ACCESS read-only 898 STATUS current 899 DESCRIPTION 900 "The number of times this session has gone into the Up 901 state since the system last rebooted." 902 ::= { bfdSessPerfEntry 6 } 904 bfdSessPerfDiscTime OBJECT-TYPE 905 SYNTAX TimeStamp 906 MAX-ACCESS read-only 907 STATUS current 908 DESCRIPTION 909 "The value of sysUpTime on the most recent occasion at 910 which any one or more of the session counters suffered 911 a discontinuity. 912 The relevant counters are the specific instances associated 913 with this BFD session of any Counter32 object contained in 914 the BfdSessPerfTable. If no such discontinuities have 915 occurred since the last re-initialization of the local 916 management subsystem, then this object contains a zero 917 value." 918 ::= { bfdSessPerfEntry 7 } 920 bfdSessPerfPktInHC OBJECT-TYPE 921 SYNTAX Counter64 922 MAX-ACCESS read-only 923 STATUS current 924 DESCRIPTION 925 "This value represents the total number of BFD messages 926 received for this BFD session. It MUST be equal to the 927 least significant 32 bits of bfdSessPerfPktIn 928 if bfdSessPerfPktInHC is supported according to 929 the rules spelled out in RFC2863." 930 ::= { bfdSessPerfEntry 8 } 932 bfdSessPerfPktOutHC OBJECT-TYPE 933 SYNTAX Counter64 934 MAX-ACCESS read-only 935 STATUS current 936 DESCRIPTION 937 "This value represents the total number of 938 total number of BFD messages transmitted for this 939 BFD session. It MUST be equal to the 940 least significant 32 bits of bfdSessPerfPktIn 941 if bfdSessPerfPktOutHC is supported according to 942 the rules spelled out in RFC2863." 943 ::= { bfdSessPerfEntry 9 } 945 -- BFD Session Discriminator Mapping Table 947 bfdSessDiscMapTable OBJECT-TYPE 948 SYNTAX SEQUENCE OF BfdSessDiscMapEntry 949 MAX-ACCESS not-accessible 950 STATUS current 951 DESCRIPTION 952 "The BFD Session Discriminator Mapping Table maps a 953 local discriminator value to associated BFD sessions' 954 BfdSessIndexTC used in the bfdSessionTable." 955 ::= { bfdObjects 4 } 957 bfdSessDiscMapEntry OBJECT-TYPE 958 SYNTAX BfdSessDiscMapEntry 959 MAX-ACCESS not-accessible 960 STATUS current 961 DESCRIPTION 962 "The BFD Session Discriminator Map Entry describes 963 BFD session that is mapped to this BfdSessIndexTC." 964 INDEX { bfdSessDiscriminator } 965 ::= { bfdSessDiscMapTable 1 } 967 BfdSessDiscMapEntry ::= SEQUENCE { 968 bfdSessDiscMapIndex BfdSessIndexTC 969 } 971 bfdSessDiscMapIndex OBJECT-TYPE 972 SYNTAX BfdSessIndexTC 973 MAX-ACCESS read-only 974 STATUS current 975 DESCRIPTION 976 "This object specifies the BfdIndex referred to by 977 the indexes of this row. In essence, a mapping is 978 provided between these indexes and the BfdSessTable." 979 ::= { bfdSessDiscMapEntry 1 } 981 -- BFD Session IP Mapping Table 983 bfdSessIpMapTable OBJECT-TYPE 984 SYNTAX SEQUENCE OF BfdSessIpMapEntry 985 MAX-ACCESS not-accessible 986 STATUS current 987 DESCRIPTION 988 "The BFD Session IP Mapping Table maps given 989 bfdSessInterface, bfdSessAddrType, and bfdSessAddr 990 to an associated BFD sessions' BfdSessIndexTC used in 991 the bfdSessionTable. This table SHOULD contains those 992 BFD sessions of singleHop(1) type." 993 ::= { bfdObjects 5 } 995 bfdSessIpMapEntry OBJECT-TYPE 996 SYNTAX BfdSessIpMapEntry 997 MAX-ACCESS not-accessible 998 STATUS current 999 DESCRIPTION 1000 "The BFD Session IP Map Entry describes 1001 BFD session that is mapped to this BfdSessIndexTC." 1002 INDEX { 1003 bfdSessInterface, 1004 bfdSessAddrType, 1005 bfdSessAddr 1006 } 1007 ::= { bfdSessIpMapTable 1 } 1009 BfdSessIpMapEntry ::= SEQUENCE { 1010 bfdSessIpMapIndex BfdSessIndexTC 1011 } 1013 bfdSessIpMapIndex OBJECT-TYPE 1014 SYNTAX BfdSessIndexTC 1015 MAX-ACCESS read-only 1016 STATUS current 1017 DESCRIPTION 1018 "This object specifies the BfdIndex referred to by 1019 the indexes of this row. In essence, a mapping is 1020 provided between these indexes and the BfdSessTable." 1021 ::= { bfdSessIpMapEntry 1 } 1023 -- Notification Configuration 1025 bfdSessUp NOTIFICATION-TYPE 1026 OBJECTS { 1027 bfdSessDiag, -- low range value 1028 bfdSessDiag -- high range value 1029 } 1030 STATUS current 1031 DESCRIPTION 1032 "This notification is generated when the 1033 bfdSessState object for one or more contiguous 1034 entries in bfdSessTable are about to enter the up(4) 1035 state from some other state. The included values of 1036 bfdSessDiag MUST both be set equal to this 1037 new state (i.e: up(4)). The two instances of 1038 bfdSessDiag in this notification indicate the range 1039 of indexes that are affected. Note that all the indexes 1040 of the two ends of the range can be derived from the 1041 instance identifiers of these two objects. For the 1042 cases where a contiguous range of sessions 1043 have transitioned into the up(4) state at roughly 1044 the same time, the device SHOULD issue a single 1045 notification for each range of contiguous indexes in 1046 an effort to minimize the emission of a large number 1047 of notifications. If a notification has to be 1048 issued for just a single bfdSessEntry, then 1049 the instance identifier (and values) of the two 1050 bfdSessDiag objects MUST be the identical." 1051 ::= { bfdNotifications 1 } 1053 bfdSessDown NOTIFICATION-TYPE 1054 OBJECTS { 1055 bfdSessDiag, -- low range value 1056 bfdSessDiag -- high range value 1057 } 1058 STATUS current 1059 DESCRIPTION 1060 "This notification is generated when the 1061 bfdSessState object for one or more contiguous 1062 entries in bfdSessTable are about to enter the down(2) 1063 or adminDown(1) states from some other state. The included 1064 values of bfdSessDiag MUST both be set equal to this new 1065 state (i.e: down(2) or adminDown(1)). The two instances 1066 of bfdSessDiag in this notification indicate the range 1067 of indexes that are affected. Note that all the indexes 1068 of the two ends of the range can be derived from the 1069 instance identifiers of these two objects. For 1070 cases where a contiguous range of sessions 1071 have transitioned into the down(2) or adminDown(1) states 1072 at roughly the same time, the device SHOULD issue a single 1073 notification for each range of contiguous indexes in 1074 an effort to minimize the emission of a large number 1075 of notifications. If a notification has to be 1076 issued for just a single bfdSessEntry, then 1077 the instance identifier (and values) of the two 1078 bfdSessDiag objects MUST be the identical." 1079 ::= { bfdNotifications 2 } 1081 -- Ed Note: We need to add notification for changes 1082 -- when the two ends automatically negotiate to a new detection time 1083 -- value or when detection multiplier changes. 1084 -- Similarly, changes in the operating mode (bfdSessOperMode) 1085 -- also need to be notified. 1087 -- Module compliance. 1089 bfdGroups 1090 OBJECT IDENTIFIER ::= { bfdConformance 1 } 1092 bfdCompliances 1093 OBJECT IDENTIFIER ::= { bfdConformance 2 } 1095 -- Compliance requirement for fully compliant implementations. 1097 bfdModuleFullCompliance MODULE-COMPLIANCE 1098 STATUS current 1099 DESCRIPTION "Compliance statement for agents that provide full 1100 support for BFD-MIB. Such devices can 1101 then be monitored and also be configured using 1102 this MIB module." 1103 MODULE -- This module. 1104 MANDATORY-GROUPS { 1105 bfdSessionGroup, 1106 bfdSessionReadOnlyGroup, 1107 bfdSessionPerfGroup, 1108 bfdSessionPerfHCGroup, 1109 bfdNotificationGroup 1110 } 1112 GROUP bfdSessionPerfHCGroup 1113 DESCRIPTION "This group is mandatory for those bfdPerfTable 1114 entries for which any of the objects 1115 bfdSessPerfPktInHC or bfdSessPerfPktOutHC 1116 wraps around too quickly 1117 based on the criteria specified in RFC 2863 for 1118 high-capacity counters." 1120 GROUP bfdNotificationGroup 1121 DESCRIPTION "This group is only mandatory for those 1122 implementations which can efficiently implement 1123 the notifications contained in this group." 1125 OBJECT bfdSessAddrType 1126 SYNTAX InetAddressType { 1127 unknown(0), 1128 ipv4(1), 1129 ipv6(2), 1130 ipv6z(4) 1131 } 1132 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1133 support are required." 1135 OBJECT bfdSessAddr 1136 SYNTAX InetAddress (SIZE (0|4|16|20)) 1137 DESCRIPTION "An implementation is only required to support 1138 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1140 ::= { bfdCompliances 1 } 1142 -- Units of conformance. 1144 bfdSessionGroup OBJECT-GROUP 1145 OBJECTS { 1146 bfdSessNotificationsEnable, 1147 bfdAdminStatus, 1148 bfdSessVersionNumber, 1149 bfdSessSourceUdpPort, 1150 bfdSessEchoSourceUdpPort, 1151 bfdSessAdminStatus, 1152 bfdSessDiag, 1153 bfdSessDemandModeDesiredFlag, 1154 bfdSessInterface, 1155 bfdSessAddrType, 1156 bfdSessAddr, 1157 bfdSessGTSM, 1158 bfdSessGTSMTTL, 1159 bfdSessDesiredMinTxInterval, 1160 bfdSessReqMinRxInterval, 1161 bfdSessReqMinEchoRxInterval, 1162 bfdSessDetectMult, 1163 bfdSessStorType, 1164 bfdSessRowStatus 1165 } 1166 STATUS current 1167 DESCRIPTION 1168 "Collection of objects needed for BFD sessions." 1169 ::= { bfdGroups 1 } 1171 bfdSessionReadOnlyGroup OBJECT-GROUP 1172 OBJECTS { 1173 bfdSessType, 1174 bfdSessMultiHopUniLinkMode, 1175 bfdSessDiscriminator, 1176 bfdSessRemoteDiscr, 1177 bfdSessDestinationUdpPort, 1178 bfdSessState, 1179 bfdSessRemoteHeardFlag, 1180 bfdSessOperMode, 1181 bfdSessControlPlaneIndepFlag, 1182 bfdSessNegotiatedInterval, 1183 bfdSessNegotiatedEchoInterval, 1184 bfdSessNegotiatedDetectMult, 1185 bfdSessAuthPresFlag, 1186 bfdSessAuthenticationType, 1187 bfdSessAuthenticationKeyID, 1188 bfdSessAuthenticationKey, 1189 bfdSessDiscMapIndex, 1190 bfdSessIpMapIndex 1191 } 1192 STATUS current 1193 DESCRIPTION 1194 "Collection of read-only objects needed for BFD sessions." 1195 ::= { bfdGroups 2 } 1197 bfdSessionPerfGroup OBJECT-GROUP 1198 OBJECTS { 1199 bfdSessPerfPktIn, 1200 bfdSessPerfPktOut, 1201 bfdSessUpTime, 1202 bfdSessPerfLastSessDownTime, 1203 bfdSessPerfLastCommLostDiag, 1204 bfdSessPerfSessUpCount, 1205 bfdSessPerfDiscTime 1206 } 1207 STATUS current 1208 DESCRIPTION 1209 "Collection of objects needed to monitor the 1210 performance of BFD sessions." 1211 ::= { bfdGroups 3 } 1213 bfdSessionPerfHCGroup OBJECT-GROUP 1214 OBJECTS { 1215 bfdSessPerfPktInHC, 1216 bfdSessPerfPktOutHC 1217 } 1218 STATUS current 1219 DESCRIPTION 1220 "Collection of objects needed to monitor the 1221 performance of BFD sessions for which the 1222 values of bfdSessPerfPktIn, bfdSessPerfPktOut 1223 wrap around too quickly." 1224 ::= { bfdGroups 4 } 1226 bfdNotificationGroup NOTIFICATION-GROUP 1227 NOTIFICATIONS { 1228 bfdSessUp, 1229 bfdSessDown 1230 } 1231 STATUS current 1232 DESCRIPTION 1233 "Set of notifications implemented in this 1234 module." 1235 ::= { bfdGroups 5 } 1237 END 1239 7. Security Considerations 1241 As BFD may be tied into the stability of the network infrastructure 1242 (such as routing protocols), the effects of an attack on a BFD 1243 session may be very serious. This ultimately has denial-of-service 1244 effects, as links may be declared to be down (or falsely declared to 1245 be up.) As such, improper manipulation of the objects represented by 1246 this MIB may result in denial of service to a large number of end- 1247 users. 1249 There are a number of management objects defined in this MIB module 1250 with a MAX-ACCESS clause of read-write and/or read-create. Such 1251 objects may be considered sensitive or vulnerable in some network 1252 environments. The support for SET operations in a non-secure 1253 environment without proper protection can have a negative effect on 1254 network operations. These are the tables and objects and their 1255 sensitivity/vulnerability: 1257 o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from 1258 start to stop, can cause significant disruption of the 1259 connectivity to those portions of the Internet reached via the 1260 applicable remote BFD peer. 1262 o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, 1263 bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change 1264 of this object can cause connections to be disrupted for extremely 1265 long time periods when otherwise they would be restored in a 1266 relatively short period of time. 1268 There are a number of management objects defined in this MIB module 1269 with a MAX-ACCESS clause of read-write and/or read-create. Such 1270 objects may be considered sensitive or vulnerable in some network 1271 environments. It is thus important to control even GET and/or NOTIFY 1272 access to these objects and possibly to even encrypt the values of 1273 these objects when sending them over the network via SNMP. 1275 o The bfdSessTable may be used to directly configure BFD sessions. 1276 The bfdSessMapTable can be used indirectly in the same way. 1277 Unauthorized access to objects in this table could result in 1278 disruption of traffic on the network. This is especially true if 1279 an unauthorized user configures enough tables to invoke a denial 1280 of service attack on the device where they are configured, or on a 1281 remote device where the sessions terminate. 1283 Some of the readable objects in this MIB module (i.e., objects with a 1284 MAX-ACCESS other than not-accessible) may be considered sensitive or 1285 vulnerable in some network environments. It is thus important to 1286 control even GET and/or NOTIFY access to these objects and possibly 1287 to even encrypt the values of these objects when sending them over 1288 the network via SNMP. These are the tables and objects and their 1289 sensitivity/vulnerability: 1291 o The bfdSessPerfTable both allows access to the performance 1292 characteristics of BFD sessions. Network administrators not 1293 wishing to show this information should consider this table 1294 sensitive. 1296 The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and 1297 bfdSessAuthenticationKey objects hold security methods and associated 1298 security keys of BFD sessions. These objects SHOULD be considered 1299 highly sensitive objects. In order for these sensitive information 1300 from being improperly accessed, implementors MAY wish to disallow 1301 read access to these objects. 1303 SNMP versions prior to SNMPv3 did not include adequate security. 1304 Even if the network itself is secure "for example by using IPSec", 1305 even then, there is no control as to who on the secure network is 1306 allowed to access and GET/SET "read/change/create/delete" the objects 1307 in these MIB modules. 1309 It is RECOMMENDED that implementers consider the security features as 1310 provided by the SNMPv3 framework "see [RFC3410], section 8", 1311 including full support for the SNMPv3 cryptographic mechanisms "for 1312 authentication and privacy". 1314 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1315 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1316 enable cryptographic security. It is then a customer/operator 1317 responsibility to ensure that the SNMP entity giving access to an 1318 instance of this MIB module, is properly configured to give access to 1319 the objects only to those principals "users" that have legitimate 1320 rights to indeed GET or SET "change/create/delete" them. 1322 8. IANA Considerations 1324 The MIB module in this document uses the following IANA-assigned 1325 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1327 Descriptor OBJECT IDENTIFIER value 1328 ---------- ----------------------- 1330 bfdMib { mib-2 XXX } 1332 [Editor's Note (to be removed prior to publication): the IANA is 1333 requested to assign a value for "XXX" under the 'mib-2' subtree and 1334 to record the assignment in the SMI Numbers registry. When the 1335 assignment has been made, the RFC Editor is asked to replace "XXX" 1336 (here and in the MIB module) with the assigned value and to remove 1337 this note.] 1339 This document also requests IANA to manage the registry for the 1340 BfdDiag object. 1342 9. References 1344 9.1. Normative References 1346 [BFD] Katz, D. and D. Ward, "Bidirectional Forwarding 1347 Detection", ID Document: draft-ietf-bfd-base-08.txt, 1348 March 2008. 1350 [BFD-1HOP] 1351 Katz, D. and D. Ward, "BFD for IPv4 and IPv6 (Single 1352 Hop)", ID Document: draft-ietf-bfd-v4v6-1hop-08.txt, 1353 March 2008. 1355 [BFD-MH] Katz, D. and D. Ward, "BFD for Multihop Paths", 1356 ID Document: draft-ietf-bfd-multihop-06.txt, January 2008. 1358 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1359 Schoenwaelder, Ed., "Structure of Management Information 1360 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1362 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1363 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1364 STD 58, RFC 2579, April 1999. 1366 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1367 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1368 April 1999. 1370 9.2. Informative References 1372 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1373 Requirement Levels", BCP 14, RFC 2119, March 1997. 1375 [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1376 IANA Considerations Section in RFCs", BCP 26, RFC 2434, 1377 October 1998. 1379 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1380 MIB", RFC 2863, June 2000. 1382 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1383 "Introduction and Applicability Statements for Internet- 1384 Standard Management Framework", RFC 3410, December 2002. 1386 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 1387 Management Protocol (SNMP) Applications", STD 62, 1388 RFC 3413, December 2002. 1390 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1391 Schoenwaelder, "Textual Conventions for Internet Network 1392 Addresses", RFC 4001, February 2005. 1394 Appendix A. Acknowledgments 1396 We would like to thank David Ward, Jeffrey Haas, Reshad Rahman, David 1397 Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara 1398 Sreenivasa for their comments and suggestions. 1400 Authors' Addresses 1402 Thomas D. Nadeau 1403 BT 1404 BT Centre 1405 81 Newgate Street 1406 London EC1A 7AJ 1407 United Kingdom 1409 Email: tom.nadeau@bt.com 1410 Zafar Ali 1411 Cisco Systems, Inc. 1412 2000 Innovation Drive 1413 Kanata, Ontario K2K 3E8 1414 Canada 1416 Email: zali@cisco.com 1418 Nobo Akiya 1419 Cisco Systems G.K. 1420 Shinjuku Mitsui Building 1421 2-1-1 Nishi-Shinjuku, Shinjuku-Ku 1422 Tokyo 163-0409 1423 Japan 1425 Email: nobo@cisco.com