idnits 2.17.1 draft-ietf-bfd-mib-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 8, 2010) is 5162 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 BFD Working Group T. Nadeau 3 Internet-Draft BT 4 Intended status: Standards Track Z. Ali 5 Expires: September 9, 2010 Cisco Systems, Inc. 6 N. Akiya 7 Cisco Systems G.K. 8 March 8, 2010 10 BFD Management Information Base 11 draft-ietf-bfd-mib-09 13 Status of this Memo 15 This Internet-Draft is submitted to IETF in full conformance with the 16 provisions of BCP 78 and BCP 79. This document may contain material 17 from IETF Documents or IETF Contributions published or made publicly 18 available before November 10, 2008. The person(s) controlling the 19 copyright in some of this material may not have granted the IETF 20 Trust the right to allow modifications of such material outside the 21 IETF Standards Process. Without obtaining an adequate license from 22 the person(s) controlling the copyright in such materials, this 23 document may not be modified outside the IETF Standards Process, and 24 derivative works of it may not be created outside the IETF Standards 25 Process, except to format it for publication as an RFC or to 26 translate it into languages other than English. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/1id-abstracts.html 41 The list of Internet-Draft Shadow Directories can be accessed at 42 http://www.ietf.org/shadow.html 44 Copyright and License Notice 46 Copyright (c) 2010 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with 54 respect to this document. Code Components extracted from this 55 document must include Simplified BSD License text as described 56 in Section 4.e of the Trust Legal Provisions and are provided 57 without warranty as described in the Simplified BSD License. 59 Abstract 61 This draft defines a portion of the Management Information Base (MIB) 62 for use with network management protocols in the Internet community. 63 In particular, it describes managed objects for modeling 64 Bidirectional Forwarding Detection (BFD) protocol. 66 Table of Contents 68 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 69 2. The Internet-Standard Management Framework . . . . . . . . . . 3 70 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 71 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 72 5. Brief Description of MIB Objects . . . . . . . . . . . . . . . 3 73 5.1. General Variables . . . . . . . . . . . . . . . . . . . . 4 74 5.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 4 75 5.3. Session Performance Table (bfdSessionPerfTable) . . . . . 4 76 5.4. BFD Session Discriminator Mapping Table 77 (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 4 78 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . . 4 79 6. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . . 4 80 7. Security Considerations . . . . . . . . . . . . . . . . . . . 30 81 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 82 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32 83 9.1. Normative References . . . . . . . . . . . . . . . . . . . 32 84 9.2. Informative References . . . . . . . . . . . . . . . . . . 33 85 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 33 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 88 1. Requirements notation 90 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 91 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 92 document are to be interpreted as described in [RFC2119]. 94 2. The Internet-Standard Management Framework 96 For a detailed overview of the documents that describe the current 97 Internet-Standard Management Framework, please refer to section 7 of 98 [RFC3410]. 100 Managed objects are accessed via a virtual information store, termed 101 the Management Information Base or MIB. MIB objects are generally 102 accessed through the Simple Network Management Protocol (SNMP). 103 Objects in the MIB are defined using the mechanisms defined in the 104 Structure of Management Information (SMI). This memo specifies a MIB 105 module that is compliant to the SMIv2, which is described in STD 58, 106 [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. 108 3. Introduction 110 This memo defines an portion of the Management Information Base (MIB) 111 for use with network management protocols in the Internet community. 112 In particular, it describes managed objects to configure and/or 113 monitor Bi-Directional Forwarding Detection for [BFD], [BFD-1HOP] and 114 [BFD-MH], BFD versions 0 and/or 1, on devices supporting this 115 feature. 117 Comments should be made directly to the BFD mailing list at 118 rtg-bfd@ietf.org. 120 4. Terminology 122 This document adopts the definitions, acronyms and mechanisms 123 described in [BFD], [BFD-1HOP] and [BFD-MH]. Unless otherwise 124 stated, the mechanisms described therein will not be re-described 125 here. 127 5. Brief Description of MIB Objects 129 This section describes objects pertaining to BFD. The MIB objects 130 are derived from [BFD] and [BFD-MH]. 132 5.1. General Variables 134 The General Variables are used to identify parameters that are global 135 to the BFD process. 137 5.2. Session Table (bfdSessionTable) 139 The session table is used to identify a BFD session between a pair of 140 nodes. 142 5.3. Session Performance Table (bfdSessionPerfTable) 144 The session performance table is used for collecting BFD performance 145 counts on a per session basis. This table is an AUGMENT to the 146 bfdSessionTable. 148 5.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) 150 The BFD Session Discriminator Mapping Table maps a local 151 discriminator value to associated BFD sessions' BfdSessIndexTC used 152 in the bfdSessionTable. 154 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) 156 The BFD Session IP Mapping Table maps, given bfdSessInterface, 157 bfdSessAddrType, and bfdSessAddr, to an associated BFD sessions' 158 BfdSessIndexTC used in the bfdSessionTable. This table SHOULD 159 contains those BFD sessions are of IP type. 161 6. BFD MIB Module Definitions 163 This MIB module makes references to the following documents. 164 [RFC2579], [RFC2580], [RFC2863], [RFC4001], and [RFC3413]. 166 BFD-STD-MIB DEFINITIONS ::= BEGIN 168 IMPORTS 169 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 170 mib-2, Integer32, Unsigned32, Counter32, Counter64 171 FROM SNMPv2-SMI 173 TEXTUAL-CONVENTION, TruthValue, RowStatus, 174 StorageType, TimeStamp 175 FROM SNMPv2-TC 177 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 178 FROM SNMPv2-CONF 180 InterfaceIndexOrZero 181 FROM IF-MIB 183 InetAddress, InetAddressType, InetPortNumber 184 FROM INET-ADDRESS-MIB; 186 bfdMib MODULE-IDENTITY 187 LAST-UPDATED "201003031200Z" -- 3 March 2010 12:00:00 EST 188 ORGANIZATION "IETF Bidirectional Forwarding Detection 189 Working Group" 190 CONTACT-INFO 191 "Thomas D. Nadeau 192 BT 193 Email: tom.nadeau@bt.com 195 Zafar Ali 196 Cisco Systems, Inc. 197 Email: zali@cisco.com 199 Nobo Akiya 200 Cisco Systems, G.K. 201 Email: nobo@cisco.com" 202 DESCRIPTION 203 "Bidirectional Forwarding Management Information Base." 204 REVISION "201003031200Z" -- 3 March 2010 12:00:00 EST 205 DESCRIPTION 206 "Initial version. Published as RFC xxxx." 207 -- RFC Ed.: RFC-editor pls fill in xxxx 208 ::= { mib-2 XXX } 209 -- RFC Ed.: assigned by IANA, see section 7.1 for details 211 -- Top level components of this MIB module. 213 bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } 215 bfdObjects OBJECT IDENTIFIER ::= { bfdMIB 1 } 217 bfdConformance OBJECT IDENTIFIER ::= { bfdMIB 2 } 219 bfdScalarObjects OBJECT IDENTIFIER ::= { bfdObjects 1 } 221 -- Textual Conventions 223 BfdSessIndexTC ::= TEXTUAL-CONVENTION 224 DISPLAY-HINT "d" 225 STATUS current 226 DESCRIPTION 227 "An index used to uniquely identify BFD sessions." 228 SYNTAX Unsigned32 (1..4294967295) 230 BfdInterval ::= TEXTUAL-CONVENTION 231 DISPLAY-HINT "d" 232 STATUS current 233 DESCRIPTION 234 "The BFD interval delay in microseconds." 235 SYNTAX Unsigned32 (0..4294967295) 237 BfdMultiplier ::= TEXTUAL-CONVENTION 238 DISPLAY-HINT "d" 239 STATUS current 240 DESCRIPTION 241 "The BFD failure detection multiplier." 242 SYNTAX Unsigned32 (1..255) 244 BfdDiag ::= TEXTUAL-CONVENTION 245 STATUS current 246 DESCRIPTION 247 "A common BFD diagnostic code." 248 SYNTAX INTEGER { 249 noDiagnostic(0), 250 controlDetectionTimeExpired(1), 251 echoFunctionFailed(2), 252 neighborSignaledSessionDown(3), 253 forwardingPlaneReset(4), 254 pathDown(5), 255 concatenatedPathDown(6), 256 administrativelyDown(7), 257 reverseConcatenatedPathDown(8) 258 } 260 -- BFD General Variables 262 -- These parameters apply globally to the Systems' 263 -- BFD Process. 265 bfdAdminStatus OBJECT-TYPE 266 SYNTAX INTEGER { 267 enabled(1), 268 disabled(2) 269 } 270 MAX-ACCESS read-write 271 STATUS current 272 DESCRIPTION 273 "The global administrative status of BFD in this router. 275 The value 'enabled' denotes that the BFD Process is 276 active on at least one interface; 'disabled' disables 277 it on all interfaces." 278 DEFVAL { enabled } 279 ::= { bfdScalarObjects 1 } 281 bfdSessNotificationsEnable OBJECT-TYPE 282 SYNTAX TruthValue 283 MAX-ACCESS read-write 284 STATUS current 285 DESCRIPTION 286 "If this object is set to true(1), then it enables 287 the emission of bfdSessUp and bfdSessDown 288 notifications; otherwise these notifications are not 289 emitted." 290 REFERENCE 291 "See also RFC3413 for explanation that 292 notifications are under the ultimate control of the 293 MIB modules in this document." 294 DEFVAL { false } 295 ::= { bfdScalarObjects 2 } 297 -- BFD Session Table 298 -- The BFD Session Table specifies BFD session specific 299 -- information. 301 bfdSessTable OBJECT-TYPE 302 SYNTAX SEQUENCE OF BfdSessEntry 303 MAX-ACCESS not-accessible 304 STATUS current 305 DESCRIPTION 306 "The BFD Session Table describes the BFD sessions." 307 REFERENCE 308 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 309 BFD Version 1 (draft-ietf-bfd-base-11.txt)" 310 ::= { bfdObjects 2 } 312 bfdSessEntry OBJECT-TYPE 313 SYNTAX BfdSessEntry 314 MAX-ACCESS not-accessible 315 STATUS current 316 DESCRIPTION 317 "The BFD Session Entry describes BFD session." 318 INDEX { bfdSessIndex } 319 ::= { bfdSessTable 1 } 321 BfdSessEntry ::= SEQUENCE { 322 bfdSessIndex BfdSessIndexTC, 323 bfdSessVersionNumber Unsigned32, 324 bfdSessType INTEGER, 325 bfdSessMultiHopUniLinkMode INTEGER, 326 bfdSessDiscriminator Unsigned32, 327 bfdSessRemoteDiscr Unsigned32, 328 bfdSessDestinationUdpPort InetPortNumber, 329 bfdSessSourceUdpPort InetPortNumber, 330 bfdSessEchoSourceUdpPort InetPortNumber, 331 bfdSessAdminStatus INTEGER, 332 bfdSessState INTEGER, 333 bfdSessRemoteHeardFlag TruthValue, 334 bfdSessDiag BfdDiag, 335 bfdSessOperMode INTEGER, 336 bfdSessDemandModeDesiredFlag TruthValue, 337 bfdSessControlPlaneIndepFlag TruthValue, 338 bfdSessMultipointFlag TruthValue, 339 bfdSessInterface InterfaceIndexOrZero, 340 bfdSessAddrType InetAddressType, 341 bfdSessAddr InetAddress, 342 bfdSessGTSM TruthValue, 343 bfdSessGTSMTTL Unsigned32, 344 bfdSessDesiredMinTxInterval BfdInterval, 345 bfdSessReqMinRxInterval BfdInterval, 346 bfdSessReqMinEchoRxInterval BfdInterval, 347 bfdSessDetectMult BfdMultiplier, 348 bfdSessNegotiatedInterval BfdInterval, 349 bfdSessNegotiatedEchoInterval BfdInterval, 350 bfdSessNegotiatedDetectMult BfdMultiplier, 351 bfdSessAuthPresFlag TruthValue, 352 bfdSessAuthenticationType INTEGER, 353 bfdSessAuthenticationKeyID Integer32, 354 bfdSessAuthenticationKey OCTET STRING, 355 bfdSessStorType StorageType, 356 bfdSessRowStatus RowStatus 357 } 359 bfdSessIndex OBJECT-TYPE 360 SYNTAX BfdSessIndexTC 361 MAX-ACCESS not-accessible 362 STATUS current 363 DESCRIPTION 364 "This object contains an index used to represent a 365 unique BFD session on this device." 366 ::= { bfdSessEntry 1 } 368 bfdSessVersionNumber OBJECT-TYPE 369 SYNTAX Unsigned32 (0..7) 370 MAX-ACCESS read-create 371 STATUS current 372 DESCRIPTION 373 "The version number of the BFD protocol that this session 374 is running in. Write access is available for this object 375 to provide ability to set desired version for this 376 BFD session." 377 REFERENCE 378 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 379 BFD Version 1 (draft-ietf-bfd-base-11.txt)" 380 DEFVAL { 1 } 381 ::= { bfdSessEntry 2 } 383 bfdSessType OBJECT-TYPE 384 SYNTAX INTEGER { 385 singleHop(1), 386 multiHopTotallyArbitraryPaths(2), 387 multiHopOutOfBandSignaling(3), 388 multiHopUnidirectionalLinks(4) 389 } 390 MAX-ACCESS read-only 391 STATUS current 392 DESCRIPTION 393 "This object specifies the type of this BFD session." 394 REFERENCE 395 "draft-ietf-bfd-v4v6-1hop-11 and 396 draft-ietf-bfd-multihop-09" 397 ::= { bfdSessEntry 3 } 399 bfdSessMultiHopUniLinkMode OBJECT-TYPE 400 SYNTAX INTEGER { 401 none(1), 402 active(2), 403 passive(3) 404 } 405 MAX-ACCESS read-only 406 STATUS current 407 DESCRIPTION 408 "For bfdSessType of multiHopUnidirectionalLinks(4), this 409 object specifies whether this BFD session is running in 410 active(2) mode or passive(3) mode. For all other BFD 411 bfdSessType BFD sessions, none(1) MUST be specified." 412 REFERENCE 413 "draft-ietf-bfd-multihop-09, Section 3.3" 414 ::= { bfdSessEntry 4 } 416 bfdSessDiscriminator OBJECT-TYPE 417 SYNTAX Unsigned32 (1..4294967295) 418 MAX-ACCESS read-only 419 STATUS current 420 DESCRIPTION 421 "This object specifies the local discriminator for this BFD 422 session, used to uniquely identify it." 423 ::= { bfdSessEntry 5 } 425 bfdSessRemoteDiscr OBJECT-TYPE 426 SYNTAX Unsigned32 (0 | 1..4294967295) 427 MAX-ACCESS read-only 428 STATUS current 429 DESCRIPTION 430 "This object specifies the session discriminator chosen 431 by the remote system for this BFD session. The value may 432 be zero(0) if the remote discriminator is not yet known 433 or if the session is in the down or adminDown(1) state." 434 REFERENCE 435 "draft-ietf-bfd-base-11, Section 6.8.6." 436 ::= { bfdSessEntry 6 } 438 bfdSessDestinationUdpPort OBJECT-TYPE 439 SYNTAX InetPortNumber 440 MAX-ACCESS read-only 441 STATUS current 442 DESCRIPTION 443 "This object specifies the destination UDP port used for 444 this BFD session. The value maybe zero(0) if the session 445 is in adminDown(1) state." 446 REFERENCE 447 "Port 3784 (draft-ietf-bfd-v4v6-1hop-11), 448 Port 3785 (draft-ietf-bfd-v4v6-1hop-11), and 449 Port 4784 (draft-ietf-bfd-multihop-09)" 450 DEFVAL { 0 } 451 ::= { bfdSessEntry 7 } 453 bfdSessSourceUdpPort OBJECT-TYPE 454 SYNTAX InetPortNumber 455 MAX-ACCESS read-create 456 STATUS current 457 DESCRIPTION 458 "This object specifies the source UDP port of BFD control 459 packets for this BFD session. The value maybe zero(0) if 460 the session is in adminDown(1) state." 461 REFERENCE 462 "draft-ietf-bfd-v4v6-1hop-11 and 463 draft-ietf-bfd-multihop-09" 464 DEFVAL { 0 } 465 ::= { bfdSessEntry 8 } 467 bfdSessEchoSourceUdpPort OBJECT-TYPE 468 SYNTAX InetPortNumber 469 MAX-ACCESS read-create 470 STATUS current 471 DESCRIPTION 472 "This object specifies the source UDP port of BFD echo 473 packets for this BFD session. The value maybe zero(0) if 474 the session is not running in the echo mode, or the 475 session is in adminDown(1) state." 476 REFERENCE 477 "draft-ietf-bfd-v4v6-1hop-11 and 478 draft-ietf-bfd-multihop-09" 479 DEFVAL { 0 } 480 ::= { bfdSessEntry 9 } 482 bfdSessAdminStatus OBJECT-TYPE 483 SYNTAX INTEGER { 484 stop(1), 485 start(2) 486 } 487 MAX-ACCESS read-create 488 STATUS current 489 DESCRIPTION 490 "A transition from 'stop' to 'start' will start 491 the BFD state machine for the session. The state 492 machine will have an initial state of down. 493 A transition from 'start' to 'stop' will cause 494 the BFD sesssion to be brought down to 495 adminDown(1). Care should be used in providing 496 write access to this object without adequate 497 authentication." 498 DEFVAL { 2 } 499 ::= { bfdSessEntry 10 } 501 bfdSessState OBJECT-TYPE 502 SYNTAX INTEGER { 503 adminDown(1), 504 down(2), 505 init(3), 506 up(4), 507 failing(5) 508 } 509 MAX-ACCESS read-only 510 STATUS current 511 DESCRIPTION 512 "The perceived state of the BFD session. 513 BFD State failing(5) is only applicable if this BFD 514 session is running version 0. 516 Upon creation of a new BFD session via this MIB, the 517 suggested initial state is down(2)." 518 DEFVAL { 2 } 519 ::= { bfdSessEntry 11 } 521 bfdSessRemoteHeardFlag OBJECT-TYPE 522 SYNTAX TruthValue 523 MAX-ACCESS read-only 524 STATUS current 525 DESCRIPTION 526 "This object specifies status of BFD packet reception from 527 the remote system. Specifically, it is set to true(1) if 528 the local system is actively receiving BFD packets from the 529 remote system, and is set to false(2) if the local system 530 has not received BFD packets recently (within the detection 531 time) or if the local system is attempting to tear down 532 the BFD session." 533 REFERENCE 534 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 535 BFD Version 1 (draft-ietf-bfd-base-11.txt)" 536 DEFVAL { false } 537 ::= { bfdSessEntry 12 } 539 bfdSessDiag OBJECT-TYPE 540 SYNTAX BfdDiag 541 MAX-ACCESS accessible-for-notify 542 STATUS current 543 DESCRIPTION 544 "A diagnostic code specifying the local system's reason 545 for the last transition of the session from up(4) 546 to some other state." 547 ::= { bfdSessEntry 13 } 549 bfdSessOperMode OBJECT-TYPE 550 SYNTAX INTEGER { 551 asyncModeWEchoFunction(1), 552 asynchModeWOEchoFunction(2), 553 demandModeWEchoFunction(3), 554 demandModeWOEchoFunction(4) 555 } 556 MAX-ACCESS read-only 557 STATUS current 558 DESCRIPTION 559 "This object specifies current operating mode that BFD 560 session is operating in." 561 ::= { bfdSessEntry 14 } 563 bfdSessDemandModeDesiredFlag OBJECT-TYPE 564 SYNTAX TruthValue 565 MAX-ACCESS read-create 566 STATUS current 567 DESCRIPTION 568 "This object indicates that the local system's 569 desire to use Demand mode. Specifically, it is set 570 to true(1) if the local system wishes to use 571 Demand mode or false(2) if not" 572 DEFVAL { false } 573 ::= { bfdSessEntry 15 } 575 bfdSessControlPlaneIndepFlag OBJECT-TYPE 576 SYNTAX TruthValue 577 MAX-ACCESS read-only 578 STATUS current 579 DESCRIPTION 580 "This object indicates that the local system's 581 ability to continue to function through a disruption of 582 the control plane. Specifically, it is set 583 to true(1) if the local system BFD implementation is 584 independent of the control plane. Otherwise, the 585 value is set to false(2)" 586 DEFVAL { false } 587 ::= { bfdSessEntry 16 } 589 bfdSessMultipointFlag OBJECT-TYPE 590 SYNTAX TruthValue 591 MAX-ACCESS read-only 592 STATUS current 593 DESCRIPTION 594 "This object indicates the Multipoint (M) bit for this 595 session. It is set to true(1) if Multipoint (M) bit is 596 set to 1. Otherwise, the value is set to false(2)" 597 DEFVAL { false } 598 ::= { bfdSessEntry 17 } 600 bfdSessInterface OBJECT-TYPE 601 SYNTAX InterfaceIndexOrZero 602 MAX-ACCESS read-create 603 STATUS current 604 DESCRIPTION 605 "This object contains an interface index used to indicate 606 the interface which this BFD session is running on. This 607 value can be zero if there is no interface associated 608 with this BFD session." 609 ::= { bfdSessEntry 18 } 611 bfdSessAddrType OBJECT-TYPE 612 SYNTAX InetAddressType 613 MAX-ACCESS read-create 614 STATUS current 615 DESCRIPTION 616 "This object specifies IP address type of the neighboring IP 617 address which is being monitored with this BFD session. 619 Only values unknown(0), ipv4(1), ipv6(2), or ipv6z(4) 620 have to be supported. 622 A value of unknown(0) is allowed only when 623 the outgoing interface is of type point-to-point, or 624 when the BFD session is not associated with a specific 625 interface. 627 If any other unsupported values are attempted in a set 628 operation, the agent MUST return an inconsistentValue 629 error." 630 ::= { bfdSessEntry 19 } 632 bfdSessAddr OBJECT-TYPE 633 SYNTAX InetAddress 634 MAX-ACCESS read-create 635 STATUS current 636 DESCRIPTION 637 "This object specifies the neighboring IP address which is 638 being monitored with this BFD session. 639 It can also be used to enabled BFD on a specific 640 interface. The value is set to zero when BFD session is not 641 associated with a specific interface." 642 ::= { bfdSessEntry 20 } 644 bfdSessGTSM OBJECT-TYPE 645 SYNTAX TruthValue 646 MAX-ACCESS read-create 647 STATUS current 648 DESCRIPTION 649 "Setting the value of this object to true(1) will enable GTSM 650 protection of the BFD session. GTSM MUST be enabled on a 651 singleHop(1) session if no authentication is in use." 652 REFERENCE 653 "RFC 5082 - The Generalized TTL Security Mechanism (GTSM). 654 draft-ietf-bfd-v4v6-1hop-11, Sec. 5" 655 DEFVAL { false } 656 ::= { bfdSessEntry 21 } 658 bfdSessGTSMTTL OBJECT-TYPE 659 SYNTAX Unsigned32 (0..255) 660 MAX-ACCESS read-create 661 STATUS current 662 DESCRIPTION 663 "This object is valid only when bfdSessGTSM protection is 664 enabled on the system. This object specifies the minimum 665 allowed TTL for received BFD control packets. For 666 singleHop(1) session, if GTSM protection is enabled, 667 this object SHOULD be set to maximum TTL allowed for 668 single hop." 669 REFERENCE 670 "RFC 5082 - The Generalized TTL Security Mechanism (GTSM). 671 draft-ietf-bfd-v4v6-1hop-11, Sec. 5" 672 DEFVAL { 0 } 673 ::= { bfdSessEntry 22 } 675 bfdSessDesiredMinTxInterval OBJECT-TYPE 676 SYNTAX BfdInterval 677 MAX-ACCESS read-create 678 STATUS current 679 DESCRIPTION 680 "This object specifies the minimum interval, in 681 microseconds, that the local system would like to use when 682 transmitting BFD Control packets." 683 ::= { bfdSessEntry 23 } 685 bfdSessReqMinRxInterval OBJECT-TYPE 686 SYNTAX BfdInterval 687 MAX-ACCESS read-create 688 STATUS current 689 DESCRIPTION 690 "This object specifies the minimum interval, in 691 microseconds, between received BFD Control packets the 692 local system is capable of supporting." 693 ::= { bfdSessEntry 24 } 695 bfdSessReqMinEchoRxInterval OBJECT-TYPE 696 SYNTAX BfdInterval 697 MAX-ACCESS read-create 698 STATUS current 699 DESCRIPTION 700 "This object specifies the minimum interval, in 701 microseconds, between received BFD Echo packets that this 702 system is capable of supporting." 703 ::= { bfdSessEntry 25 } 705 bfdSessDetectMult OBJECT-TYPE 706 SYNTAX BfdMultiplier 707 MAX-ACCESS read-create 708 STATUS current 709 DESCRIPTION 710 "This object specifies the Detect time multiplier." 711 ::= { bfdSessEntry 26 } 713 bfdSessNegotiatedInterval OBJECT-TYPE 714 SYNTAX BfdInterval 715 MAX-ACCESS read-only 716 STATUS current 717 DESCRIPTION 718 "This object specifies the negotiated interval, in 719 microseconds, that the local system is transmitting 720 BFD Control packets." 721 ::= { bfdSessEntry 27 } 723 bfdSessNegotiatedEchoInterval OBJECT-TYPE 724 SYNTAX BfdInterval 725 MAX-ACCESS read-only 726 STATUS current 727 DESCRIPTION 728 "This object specifies the negotiated interval, in 729 microseconds, that the local system is transmitting 730 BFD echo packets. Value is expected to be zero if 731 the sessions is not running in echo mode." 732 ::= { bfdSessEntry 28 } 734 bfdSessNegotiatedDetectMult OBJECT-TYPE 735 SYNTAX BfdMultiplier 736 MAX-ACCESS read-only 737 STATUS current 738 DESCRIPTION 739 "This object specifies the Detect time multiplier." 740 ::= { bfdSessEntry 29 } 742 bfdSessAuthPresFlag OBJECT-TYPE 743 SYNTAX TruthValue 744 MAX-ACCESS read-only 745 STATUS current 746 DESCRIPTION 747 "This object indicates that the local system's 748 desire to use Authentication. Specifically, it is set 749 to true(1) if the local system wishes the session 750 to be authenticated or false(2) if not." 751 REFERENCE 752 "draft-ietf-bfd-base-11, Sections 4.2 - 4.4" 753 DEFVAL { false } 754 ::= { bfdSessEntry 30 } 756 bfdSessAuthenticationType OBJECT-TYPE 757 SYNTAX INTEGER { 758 reserved(0), 759 simplePassword(1), 760 keyedMD5(2), 761 meticulousKeyedMD5(3), 762 keyedSHA1(4), 763 meticulousKeyedSHA1(5) 764 } 765 MAX-ACCESS read-create 766 STATUS current 767 DESCRIPTION 768 "The Authentication Type used for this BFD session. 769 This field is valid only when the Authentication 770 Present bit is set. Max-access to this object as well as 771 other authentication related objects are set to 772 read-create in order to support management of a single 773 key ID at a time, key rotation is not handled. Key update 774 in practice must be done by atomic update using a set 775 containing all affected objects in the same varBindList 776 or otherwise risk the session dropping." 777 REFERENCE 778 "draft-ietf-bfd-base-11, Sections 4.2 - 4.4" 779 ::= { bfdSessEntry 31 } 781 bfdSessAuthenticationKeyID OBJECT-TYPE 782 SYNTAX Integer32 (-1 | 0..255) 783 MAX-ACCESS read-create 784 STATUS current 785 DESCRIPTION 786 "The authentication key ID in use for this session. This 787 object permits multiple keys to be active simultaneously. 789 When bfdSessAuthPresFlag is false(2), then the value 790 of this object MUST be -1. The value -1 indicates that 791 no Authentication Key ID will be present in the optional 792 BFD Authentication Section." 793 REFERENCE 794 "draft-ietf-bfd-base-11, Sections 4.2 - 4.4" 795 DEFVAL { -1 } 796 ::= { bfdSessEntry 32 } 798 bfdSessAuthenticationKey OBJECT-TYPE 799 SYNTAX OCTET STRING (SIZE (0..252)) 800 MAX-ACCESS read-create 801 STATUS current 802 DESCRIPTION 803 "The authentication key. When the 804 bfdSessAuthenticationType is simplePassword(1), the value 805 of this object is the password present in the BFD packets. 807 When the bfdSessAuthentication type is one of the keyed 808 authentication types, this value is used in the 809 computation of the key present in the BFD authentication 810 packet." 811 REFERENCE 812 "draft-ietf-bfd-base-11, Sections 4.2 - 4.4" 813 ::= { bfdSessEntry 33 } 815 bfdSessStorType OBJECT-TYPE 816 SYNTAX StorageType 817 MAX-ACCESS read-create 818 STATUS current 819 DESCRIPTION 820 "This variable indicates the storage type for this 821 object. Conceptual rows having the value 822 'permanent' need not allow write-access to any 823 columnar objects in the row." 824 ::= { bfdSessEntry 33 } 826 bfdSessRowStatus OBJECT-TYPE 827 SYNTAX RowStatus 828 MAX-ACCESS read-create 829 STATUS current 830 DESCRIPTION 831 "This variable is used to create, modify, and/or 832 delete a row in this table. When a row in this 833 table has a row in the active(1) state, no 834 objects in this row can be modified except the 835 bfdSessRowStatus and bfdSessStorageType." 836 ::= { bfdSessEntry 34 } 838 -- BFD Session Performance Table 840 bfdSessPerfTable OBJECT-TYPE 841 SYNTAX SEQUENCE OF BfdSessPerfEntry 842 MAX-ACCESS not-accessible 843 STATUS current 844 DESCRIPTION 845 "This table specifies BFD Session performance counters." 846 ::= { bfdObjects 3 } 848 bfdSessPerfEntry OBJECT-TYPE 849 SYNTAX BfdSessPerfEntry 850 MAX-ACCESS not-accessible 851 STATUS current 852 DESCRIPTION 853 "An entry in this table is created by a BFD-enabled node for 854 every BFD Session. bfdCounterDiscontinuityTime is used to 855 indicate potential discontinuity for all counter objects 856 in this table." 857 AUGMENTS { bfdSessEntry } 858 ::= { bfdSessPerfTable 1 } 860 BfdSessPerfEntry ::= SEQUENCE { 861 bfdSessPerfCtrlPktIn Counter32, 862 bfdSessPerfCtrlPktOut Counter32, 863 bfdSessPerfCtrlPktDrop Counter32, 864 bfdSessPerfCtrlPktDropLastTime Timestamp, 865 bfdSessPerfEchoPktIn Counter32, 866 bfdSessPerfEchoPktOut Counter32, 867 bfdSessPerfEchoPktDrop Counter32, 868 bfdSessPerfEchoPktDropLastTime Timestamp, 869 bfdSessUpTime TimeStamp, 870 bfdSessPerfLastSessDownTime TimeStamp, 871 bfdSessPerfLastCommLostDiag BfdDiag, 872 bfdSessPerfSessUpCount Counter32, 873 bfdSessPerfDiscTime TimeStamp, 875 -- High Capacity Counters 876 bfdSessPerfCtrlPktInHC Counter64, 877 bfdSessPerfCtrlPktOutHC Counter64, 878 bfdSessPerfCtrlPktDropHC Counter64, 879 bfdSessPerfEchoPktInHC Counter64, 880 bfdSessPerfEchoPktOutHC Counter64, 881 bfdSessPerfEchoPktDropHC Counter64 882 } 884 -- Ed Note: should we add per-diag code counts here, 886 bfdSessPerfCtrlPktIn OBJECT-TYPE 887 SYNTAX Counter32 888 MAX-ACCESS read-only 889 STATUS current 890 DESCRIPTION 891 "The total number of BFD control messages received for this 892 BFD session." 893 ::= { bfdSessPerfEntry 1 } 895 bfdSessPerfCtrlPktOut OBJECT-TYPE 896 SYNTAX Counter32 897 MAX-ACCESS read-only 898 STATUS current 899 DESCRIPTION 900 "The total number of BFD control messages sent for this BFD 901 session." 902 ::= { bfdSessPerfEntry 2 } 904 bfdSessPerfCtrlPktDrop OBJECT-TYPE 905 SYNTAX Counter32 906 MAX-ACCESS read-only 907 STATUS current 908 DESCRIPTION 909 "The total number of BFD control messages received for this 910 session yet dropped for being invalid." 911 ::= { bfdSessPerfEntry 3 } 913 bfdSessPerfCtrlPktDropLastTime OBJECT-TYPE 914 SYNTAX TimeStamp 915 MAX-ACCESS read-only 916 STATUS current 917 DESCRIPTION 918 "The value of sysUpTime on the most recent occasion at 919 which received BFD control message for this session was 920 dropped. If no such up event exists, this object contains 921 a zero value." 922 ::= { bfdSessPerfEntry 4 } 924 bfdSessPerfEchoPktIn OBJECT-TYPE 925 SYNTAX Counter32 926 MAX-ACCESS read-only 927 STATUS current 928 DESCRIPTION 929 "The total number of BFD echo messages received for this 930 BFD session." 931 ::= { bfdSessPerfEntry 5 } 933 bfdSessPerfEchoPktOut OBJECT-TYPE 934 SYNTAX Counter32 935 MAX-ACCESS read-only 936 STATUS current 937 DESCRIPTION 938 "The total number of BFD echo messages sent for this BFD 939 session." 940 ::= { bfdSessPerfEntry 6 } 942 bfdSessPerfEchoPktDrop OBJECT-TYPE 943 SYNTAX Counter32 944 MAX-ACCESS read-only 945 STATUS current 946 DESCRIPTION 947 "The total number of BFD echo messages received for this 948 session yet dropped for being invalid." 949 ::= { bfdSessPerfEntry 7 } 951 bfdSessPerfEchoPktDropLastTime OBJECT-TYPE 952 SYNTAX TimeStamp 953 MAX-ACCESS read-only 954 STATUS current 955 DESCRIPTION 956 "The value of sysUpTime on the most recent occasion at 957 which received BFD echo message for this session was 958 dropped. If no such up event exists, this object contains 959 a zero value." 960 ::= { bfdSessPerfEntry 8 } 962 bfdSessUpTime OBJECT-TYPE 963 SYNTAX TimeStamp 964 MAX-ACCESS read-only 965 STATUS current 966 DESCRIPTION 967 "The value of sysUpTime on the most recent occasion at which 968 the session came up. If no such up event exists this object 969 contains a zero value." 970 ::= { bfdSessPerfEntry 9 } 972 bfdSessPerfLastSessDownTime OBJECT-TYPE 973 SYNTAX TimeStamp 974 MAX-ACCESS read-only 975 STATUS current 976 DESCRIPTION 977 "The value of sysUpTime on the most recent occasion at 978 which the last time communication was lost with the 979 neighbor. If no such down event exist this object 980 contains a zero value." 981 ::= { bfdSessPerfEntry 10 } 983 bfdSessPerfLastCommLostDiag OBJECT-TYPE 984 SYNTAX BfdDiag 985 MAX-ACCESS read-only 986 STATUS current 987 DESCRIPTION 988 "The BFD diag code for the last time communication was lost 989 with the neighbor. If no such down event exists this object 990 contains a zero value." 991 ::= { bfdSessPerfEntry 11 } 993 bfdSessPerfSessUpCount OBJECT-TYPE 994 SYNTAX Counter32 995 MAX-ACCESS read-only 996 STATUS current 997 DESCRIPTION 998 "The number of times this session has gone into the Up 999 state since the system last rebooted." 1000 ::= { bfdSessPerfEntry 12 } 1002 bfdSessPerfDiscTime OBJECT-TYPE 1003 SYNTAX TimeStamp 1004 MAX-ACCESS read-only 1005 STATUS current 1006 DESCRIPTION 1007 "The value of sysUpTime on the most recent occasion at 1008 which any one or more of the session counters suffered 1009 a discontinuity. 1010 The relevant counters are the specific instances associated 1011 with this BFD session of any Counter32 object contained in 1012 the BfdSessPerfTable. If no such discontinuities have 1013 occurred since the last re-initialization of the local 1014 management subsystem, then this object contains a zero 1015 value." 1016 ::= { bfdSessPerfEntry 13 } 1018 bfdSessPerfCtrlPktInHC OBJECT-TYPE 1019 SYNTAX Counter64 1020 MAX-ACCESS read-only 1021 STATUS current 1022 DESCRIPTION 1023 "This value represents the total number of BFD control 1024 messages received for this BFD session. It MUST be equal 1025 to the least significant 32 bits of bfdSessPerfCtrlPktIn 1026 if bfdSessPerfCtrlPktInHC is supported according to 1027 the rules spelled out in RFC2863." 1028 ::= { bfdSessPerfEntry 14 } 1030 bfdSessPerfCtrlPktOutHC OBJECT-TYPE 1031 SYNTAX Counter64 1032 MAX-ACCESS read-only 1033 STATUS current 1034 DESCRIPTION 1035 "This value represents the total number of 1036 total number of BFD control messages transmitted for this 1037 BFD session. It MUST be equal to the 1038 least significant 32 bits of bfdSessPerfCtrlPktOut 1039 if bfdSessPerfCtrlPktOutHC is supported according to 1040 the rules spelled out in RFC2863." 1041 ::= { bfdSessPerfEntry 15 } 1043 bfdSessPerfCtrlPktDropHC OBJECT-TYPE 1044 SYNTAX Counter64 1045 MAX-ACCESS read-only 1046 STATUS current 1047 DESCRIPTION 1048 "This value represents the total number of BFD control 1049 messages received for this BFD session yet dropped for 1050 being invalid. It MUST be equal to the least significant 1051 32 bits of bfdSessPerfCtrlPktDrop if 1052 bfdSessPerfCtrlPktDropHC is supported according to the 1053 rules spelled out in RFC2863." 1054 ::= { bfdSessPerfEntry 16 } 1056 bfdSessPerfEchoPktInHC OBJECT-TYPE 1057 SYNTAX Counter64 1058 MAX-ACCESS read-only 1059 STATUS current 1060 DESCRIPTION 1061 "This value represents the total number of BFD echo messages 1062 received for this BFD session. It MUST be equal to the 1063 least significant 32 bits of bfdSessPerfEchoPktIn 1064 if bfdSessPerfEchoPktInHC is supported according to 1065 the rules spelled out in RFC2863." 1066 ::= { bfdSessPerfEntry 17 } 1068 bfdSessPerfEchoPktOutHC OBJECT-TYPE 1069 SYNTAX Counter64 1070 MAX-ACCESS read-only 1071 STATUS current 1072 DESCRIPTION 1073 "This value represents the total number of 1074 total number of BFD echo messages transmitted for this 1075 BFD session. It MUST be equal to the 1076 least significant 32 bits of bfdSessPerfEchoPktOut 1077 if bfdSessPerfEchoPktOutHC is supported according to 1078 the rules spelled out in RFC2863." 1079 ::= { bfdSessPerfEntry 18 } 1081 bfdSessPerfEchoPktInDropHC OBJECT-TYPE 1082 SYNTAX Counter64 1083 MAX-ACCESS read-only 1084 STATUS current 1085 DESCRIPTION 1086 "This value represents the total number of BFD echo 1087 messages received for this BFD session yet dropped 1088 for being invalid. It MUST be equal to the least 1089 significant 32 bits of bfdSessPerfEchoPktDrop if 1090 bfdSessPerfEchoPktDropHC is supported according to 1091 the rules spelled out in RFC2863." 1093 ::= { bfdSessPerfEntry 19 } 1095 -- BFD Session Discriminator Mapping Table 1097 bfdSessDiscMapTable OBJECT-TYPE 1098 SYNTAX SEQUENCE OF BfdSessDiscMapEntry 1099 MAX-ACCESS not-accessible 1100 STATUS current 1101 DESCRIPTION 1102 "The BFD Session Discriminator Mapping Table maps a 1103 local discriminator value to associated BFD sessions' 1104 BfdSessIndexTC used in the bfdSessionTable." 1105 ::= { bfdObjects 4 } 1107 bfdSessDiscMapEntry OBJECT-TYPE 1108 SYNTAX BfdSessDiscMapEntry 1109 MAX-ACCESS not-accessible 1110 STATUS current 1111 DESCRIPTION 1112 "The BFD Session Discriminator Map Entry describes 1113 BFD session that is mapped to this BfdSessIndexTC." 1114 INDEX { bfdSessDiscriminator } 1115 ::= { bfdSessDiscMapTable 1 } 1117 BfdSessDiscMapEntry ::= SEQUENCE { 1118 bfdSessDiscMapIndex BfdSessIndexTC 1119 } 1121 bfdSessDiscMapIndex OBJECT-TYPE 1122 SYNTAX BfdSessIndexTC 1123 MAX-ACCESS read-only 1124 STATUS current 1125 DESCRIPTION 1126 "This object specifies the BfdIndex referred to by 1127 the indexes of this row. In essence, a mapping is 1128 provided between these indexes and the BfdSessTable." 1129 ::= { bfdSessDiscMapEntry 1 } 1131 -- BFD Session IP Mapping Table 1133 bfdSessIpMapTable OBJECT-TYPE 1134 SYNTAX SEQUENCE OF BfdSessIpMapEntry 1135 MAX-ACCESS not-accessible 1136 STATUS current 1137 DESCRIPTION 1138 "The BFD Session IP Mapping Table maps given 1139 bfdSessInterface, bfdSessAddrType, and bfdSessAddr 1140 to an associated BFD sessions' BfdSessIndexTC used in 1141 the bfdSessionTable. This table SHOULD contains those 1142 BFD sessions of singleHop(1) type." 1143 ::= { bfdObjects 5 } 1145 bfdSessIpMapEntry OBJECT-TYPE 1146 SYNTAX BfdSessIpMapEntry 1147 MAX-ACCESS not-accessible 1148 STATUS current 1149 DESCRIPTION 1150 "The BFD Session IP Map Entry describes 1151 BFD session that is mapped to this BfdSessIndexTC." 1152 INDEX { 1153 bfdSessInterface, 1154 bfdSessAddrType, 1155 bfdSessAddr 1156 } 1157 ::= { bfdSessIpMapTable 1 } 1159 BfdSessIpMapEntry ::= SEQUENCE { 1160 bfdSessIpMapIndex BfdSessIndexTC 1161 } 1163 bfdSessIpMapIndex OBJECT-TYPE 1164 SYNTAX BfdSessIndexTC 1165 MAX-ACCESS read-only 1166 STATUS current 1167 DESCRIPTION 1168 "This object specifies the BfdIndex referred to by 1169 the indexes of this row. In essence, a mapping is 1170 provided between these indexes and the BfdSessTable." 1171 ::= { bfdSessIpMapEntry 1 } 1173 -- Notification Configuration 1175 bfdSessUp NOTIFICATION-TYPE 1176 OBJECTS { 1177 bfdSessDiag, -- low range value 1178 bfdSessDiag -- high range value 1179 } 1180 STATUS current 1181 DESCRIPTION 1182 "This notification is generated when the 1183 bfdSessState object for one or more contiguous 1184 entries in bfdSessTable are about to enter the up(4) 1185 state from some other state. The included values of 1186 bfdSessDiag MUST both be set equal to this 1187 new state (i.e: up(4)). The two instances of 1188 bfdSessDiag in this notification indicate the range 1189 of indexes that are affected. Note that all the indexes 1190 of the two ends of the range can be derived from the 1191 instance identifiers of these two objects. For the 1192 cases where a contiguous range of sessions 1193 have transitioned into the up(4) state at roughly 1194 the same time, the device SHOULD issue a single 1195 notification for each range of contiguous indexes in 1196 an effort to minimize the emission of a large number 1197 of notifications. If a notification has to be 1198 issued for just a single bfdSessEntry, then 1199 the instance identifier (and values) of the two 1200 bfdSessDiag objects MUST be the identical." 1201 ::= { bfdNotifications 1 } 1203 bfdSessDown NOTIFICATION-TYPE 1204 OBJECTS { 1205 bfdSessDiag, -- low range value 1206 bfdSessDiag -- high range value 1207 } 1208 STATUS current 1209 DESCRIPTION 1210 "This notification is generated when the 1211 bfdSessState object for one or more contiguous 1212 entries in bfdSessTable are about to enter the down(2) 1213 or adminDown(1) states from some other state. The included 1214 values of bfdSessDiag MUST both be set equal to this new 1215 state (i.e: down(2) or adminDown(1)). The two instances 1216 of bfdSessDiag in this notification indicate the range 1217 of indexes that are affected. Note that all the indexes 1218 of the two ends of the range can be derived from the 1219 instance identifiers of these two objects. For 1220 cases where a contiguous range of sessions 1221 have transitioned into the down(2) or adminDown(1) states 1222 at roughly the same time, the device SHOULD issue a single 1223 notification for each range of contiguous indexes in 1224 an effort to minimize the emission of a large number 1225 of notifications. If a notification has to be 1226 issued for just a single bfdSessEntry, then 1227 the instance identifier (and values) of the two 1228 bfdSessDiag objects MUST be the identical." 1229 ::= { bfdNotifications 2 } 1231 -- Ed Note: We need to add notification for changes 1232 -- when the two ends automatically negotiate to a new detection time 1233 -- value or when detection multiplier changes. 1234 -- Similarly, changes in the operating mode (bfdSessOperMode) 1235 -- also need to be notified. 1237 -- Module compliance. 1239 bfdGroups 1240 OBJECT IDENTIFIER ::= { bfdConformance 1 } 1242 bfdCompliances 1243 OBJECT IDENTIFIER ::= { bfdConformance 2 } 1245 -- Compliance requirement for fully compliant implementations. 1247 bfdModuleFullCompliance MODULE-COMPLIANCE 1248 STATUS current 1249 DESCRIPTION "Compliance statement for agents that provide full 1250 support for BFD-MIB. Such devices can 1251 then be monitored and also be configured using 1252 this MIB module." 1253 MODULE -- This module. 1254 MANDATORY-GROUPS { 1255 bfdSessionGroup, 1256 bfdSessionReadOnlyGroup, 1257 bfdSessionPerfGroup, 1258 bfdSessionPerfHCGroup, 1259 bfdNotificationGroup 1260 } 1262 GROUP bfdSessionPerfHCGroup 1263 DESCRIPTION "This group is mandatory for those bfdPerfTable 1264 entries for which any of the objects 1265 bfdSessPerfPktInHC or bfdSessPerfPktOutHC 1266 wraps around too quickly 1267 based on the criteria specified in RFC 2863 for 1268 high-capacity counters." 1270 GROUP bfdNotificationGroup 1271 DESCRIPTION "This group is only mandatory for those 1272 implementations which can efficiently implement 1273 the notifications contained in this group." 1275 OBJECT bfdSessAddrType 1276 SYNTAX InetAddressType { 1277 unknown(0), 1278 ipv4(1), 1279 ipv6(2), 1280 ipv6z(4) 1281 } 1282 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1283 support are required." 1285 OBJECT bfdSessAddr 1286 SYNTAX InetAddress (SIZE (0|4|16|20)) 1287 DESCRIPTION "An implementation is only required to support 1288 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1290 ::= { bfdCompliances 1 } 1292 -- Units of conformance. 1294 bfdSessionGroup OBJECT-GROUP 1295 OBJECTS { 1296 bfdSessNotificationsEnable, 1297 bfdAdminStatus, 1298 bfdSessVersionNumber, 1299 bfdSessSourceUdpPort, 1300 bfdSessEchoSourceUdpPort, 1301 bfdSessAdminStatus, 1302 bfdSessDiag, 1303 bfdSessDemandModeDesiredFlag, 1304 bfdSessInterface, 1305 bfdSessAddrType, 1306 bfdSessAddr, 1307 bfdSessGTSM, 1308 bfdSessGTSMTTL, 1309 bfdSessDesiredMinTxInterval, 1310 bfdSessReqMinRxInterval, 1311 bfdSessReqMinEchoRxInterval, 1312 bfdSessDetectMult, 1313 bfdSessAuthPresFlag, 1314 bfdSessAuthenticationType, 1315 bfdSessAuthenticationKeyID, 1316 bfdSessAuthenticationKey, 1317 bfdSessStorType, 1318 bfdSessRowStatus 1319 } 1320 STATUS current 1321 DESCRIPTION 1322 "Collection of objects needed for BFD sessions." 1323 ::= { bfdGroups 1 } 1325 bfdSessionReadOnlyGroup OBJECT-GROUP 1326 OBJECTS { 1327 bfdSessType, 1328 bfdSessMultiHopUniLinkMode, 1329 bfdSessDiscriminator, 1330 bfdSessRemoteDiscr, 1331 bfdSessDestinationUdpPort, 1332 bfdSessState, 1333 bfdSessRemoteHeardFlag, 1334 bfdSessOperMode, 1335 bfdSessControlPlaneIndepFlag, 1336 bfdSessMultipointFlag, 1337 bfdSessNegotiatedInterval, 1338 bfdSessNegotiatedEchoInterval, 1339 bfdSessNegotiatedDetectMult, 1340 bfdSessDiscMapIndex, 1341 bfdSessIpMapIndex 1342 } 1343 STATUS current 1344 DESCRIPTION 1345 "Collection of read-only objects needed for BFD sessions." 1346 ::= { bfdGroups 2 } 1348 bfdSessionPerfGroup OBJECT-GROUP 1349 OBJECTS { 1350 bfdSessPerfCtrlPktIn, 1351 bfdSessPerfCtrlPktOut, 1352 bfdSessPerfCtrlPktDrop, 1353 bfdSessPerfCtrlPktDropLastTime, 1354 bfdSessPerfEchoPktIn, 1355 bfdSessPerfEchoPktOut, 1356 bfdSessPerfEchoPktDrop, 1357 bfdSessPerfEchoPktDropLastTime, 1358 bfdSessUpTime, 1359 bfdSessPerfLastSessDownTime, 1360 bfdSessPerfLastCommLostDiag, 1361 bfdSessPerfSessUpCount, 1362 bfdSessPerfDiscTime 1363 } 1364 STATUS current 1365 DESCRIPTION 1366 "Collection of objects needed to monitor the 1367 performance of BFD sessions." 1368 ::= { bfdGroups 3 } 1370 bfdSessionPerfHCGroup OBJECT-GROUP 1371 OBJECTS { 1372 bfdSessPerfCtrlPktInHC, 1373 bfdSessPerfCtrlPktOutHC, 1374 bfdSessPerfCtrlPktDropHC, 1375 bfdSessPerfEchoPktInHC, 1376 bfdSessPerfEchoPktOutHC, 1377 bfdSessPerfEchoPktDropHC 1378 } 1379 STATUS current 1380 DESCRIPTION 1381 "Collection of objects needed to monitor the 1382 performance of BFD sessions for which the 1383 values of bfdSessPerfPktIn, bfdSessPerfPktOut 1384 wrap around too quickly." 1385 ::= { bfdGroups 4 } 1387 bfdNotificationGroup NOTIFICATION-GROUP 1388 NOTIFICATIONS { 1389 bfdSessUp, 1390 bfdSessDown 1391 } 1392 STATUS current 1393 DESCRIPTION 1394 "Set of notifications implemented in this 1395 module." 1396 ::= { bfdGroups 5 } 1398 END 1400 7. Security Considerations 1402 As BFD may be tied into the stability of the network infrastructure 1403 (such as routing protocols), the effects of an attack on a BFD 1404 session may be very serious. This ultimately has denial-of-service 1405 effects, as links may be declared to be down (or falsely declared to 1406 be up.) As such, improper manipulation of the objects represented by 1407 this MIB may result in denial of service to a large number of end- 1408 users. 1410 There are a number of management objects defined in this MIB module 1411 with a MAX-ACCESS clause of read-write and/or read-create. Such 1412 objects may be considered sensitive or vulnerable in some network 1413 environments. The support for SET operations in a non-secure 1414 environment without proper protection can have a negative effect on 1415 network operations. These are the tables and objects and their 1416 sensitivity/vulnerability: 1418 o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from 1419 start to stop, can cause significant disruption of the 1420 connectivity to those portions of the Internet reached via the 1421 applicable remote BFD peer. 1423 o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, 1424 bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change 1425 of this object can cause connections to be disrupted for extremely 1426 long time periods when otherwise they would be restored in a 1427 relatively short period of time. 1429 There are a number of management objects defined in this MIB module 1430 with a MAX-ACCESS clause of read-write and/or read-create. Such 1431 objects may be considered sensitive or vulnerable in some network 1432 environments. It is thus important to control even GET and/or NOTIFY 1433 access to these objects and possibly to even encrypt the values of 1434 these objects when sending them over the network via SNMP. 1436 o The bfdSessTable may be used to directly configure BFD sessions. 1437 The bfdSessMapTable can be used indirectly in the same way. 1438 Unauthorized access to objects in this table could result in 1439 disruption of traffic on the network. This is especially true if 1440 an unauthorized user configures enough tables to invoke a denial 1441 of service attack on the device where they are configured, or on a 1442 remote device where the sessions terminate. 1444 Some of the readable objects in this MIB module (i.e., objects with a 1445 MAX-ACCESS other than not-accessible) may be considered sensitive or 1446 vulnerable in some network environments. It is thus important to 1447 control even GET and/or NOTIFY access to these objects and possibly 1448 to even encrypt the values of these objects when sending them over 1449 the network via SNMP. These are the tables and objects and their 1450 sensitivity/vulnerability: 1452 o The bfdSessPerfTable both allows access to the performance 1453 characteristics of BFD sessions. Network administrators not 1454 wishing to show this information should consider this table 1455 sensitive. 1457 The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and 1458 bfdSessAuthenticationKey objects hold security methods and associated 1459 security keys of BFD sessions. These objects SHOULD be considered 1460 highly sensitive objects. In order for these sensitive information 1461 from being improperly accessed, implementors MAY wish to disallow 1462 read and create access to these objects. 1464 SNMP versions prior to SNMPv3 did not include adequate security. 1465 Even if the network itself is secure "for example by using IPSec", 1466 even then, there is no control as to who on the secure network is 1467 allowed to access and GET/SET "read/change/create/delete" the objects 1468 in these MIB modules. 1470 It is RECOMMENDED that implementers consider the security features as 1471 provided by the SNMPv3 framework "see [RFC3410], section 8", 1472 including full support for the SNMPv3 cryptographic mechanisms "for 1473 authentication and privacy". 1475 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1476 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1477 enable cryptographic security. It is then a customer/operator 1478 responsibility to ensure that the SNMP entity giving access to an 1479 instance of this MIB module, is properly configured to give access to 1480 the objects only to those principals "users" that have legitimate 1481 rights to indeed GET or SET "change/create/delete" them. 1483 8. IANA Considerations 1485 The MIB module in this document uses the following IANA-assigned 1486 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1488 Descriptor OBJECT IDENTIFIER value 1489 ---------- ----------------------- 1491 bfdMib { mib-2 XXX } 1493 [Editor's Note (to be removed prior to publication): the IANA is 1494 requested to assign a value for "XXX" under the 'mib-2' subtree and 1495 to record the assignment in the SMI Numbers registry. When the 1496 assignment has been made, the RFC Editor is asked to replace "XXX" 1497 (here and in the MIB module) with the assigned value and to remove 1498 this note.] 1500 This document also requests IANA to manage the registry for the 1501 BfdDiag object. 1503 9. References 1505 9.1. Normative References 1507 [BFD] Katz, D. and D. Ward, "Bidirectional Forwarding 1508 Detection", ID Document: draft-ietf-bfd-base-11.txt, 1509 January 2010. 1511 [BFD-1HOP] 1512 Katz, D. and D. Ward, "BFD for IPv4 and IPv6 (Single 1513 Hop)", ID Document: draft-ietf-bfd-v4v6-1hop-11.txt, 1514 January 2010. 1516 [BFD-MH] Katz, D. and D. Ward, "BFD for Multihop Paths", 1517 ID Document: draft-ietf-bfd-multihop-09.txt, January 2010. 1519 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1520 Schoenwaelder, Ed., "Structure of Management Information 1521 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1523 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1524 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1525 STD 58, RFC 2579, April 1999. 1527 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1528 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1529 April 1999. 1531 9.2. Informative References 1533 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1534 Requirement Levels", BCP 14, RFC 2119, March 1997. 1536 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1537 MIB", RFC 2863, June 2000. 1539 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1540 "Introduction and Applicability Statements for Internet- 1541 Standard Management Framework", RFC 3410, December 2002. 1543 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 1544 Management Protocol (SNMP) Applications", STD 62, 1545 RFC 3413, December 2002. 1547 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1548 Schoenwaelder, "Textual Conventions for Internet Network 1549 Addresses", RFC 4001, February 2005. 1551 Appendix A. Acknowledgments 1553 We would like to thank David Ward, Jeffrey Haas, Reshad Rahman, David 1554 Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara 1555 Sreenivasa for their comments and suggestions. 1557 Authors' Addresses 1559 Thomas D. Nadeau 1560 BT 1561 BT Centre 1562 81 Newgate Street 1563 London EC1A 7AJ 1564 United Kingdom 1566 Email: tom.nadeau@bt.com 1568 Zafar Ali 1569 Cisco Systems, Inc. 1570 2000 Innovation Drive 1571 Kanata, Ontario K2K 3E8 1572 Canada 1574 Email: zali@cisco.com 1576 Nobo Akiya 1577 Cisco Systems G.K. 1578 Shinjuku Mitsui Building 1579 2-1-1 Nishi-Shinjuku, Shinjuku-Ku 1580 Tokyo 163-0409 1581 Japan 1583 Email: nobo@cisco.com