idnits 2.17.1 draft-ietf-bfd-mib-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 8, 2010) is 5013 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'BFD-TC' is defined on line 1597, but no explicit reference was found in the text == Outdated reference: A later version (-08) exists of draft-ietf-bfd-tc-mib-01 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group T. Nadeau 2 Internet Draft BT 3 Intended status: Standards Track Z. Ali 4 Expires: January 8, 2011 Cisco Systems, Inc. 5 N. Akiya 6 Cisco Systems G.K. 7 July 8, 2010 9 BFD Management Information Base 10 draft-ietf-bfd-mib-10 12 Status of this Memo 14 This Internet-Draft is submitted to IETF in full conformance with the 15 provisions of BCP 78 and BCP 79. This document may contain material 16 from IETF Documents or IETF Contributions published or made publicly 17 available before November 10, 2008. The person(s) controlling the 18 copyright in some of this material may not have granted the IETF 19 Trust the right to allow modifications of such material outside the 20 IETF Standards Process. Without obtaining an adequate license from 21 the person(s) controlling the copyright in such materials, this 22 document may not be modified outside the IETF Standards Process, and 23 derivative works of it may not be created outside the IETF Standards 24 Process, except to format it for publication as an RFC or to 25 translate it into languages other than English. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF), its areas, and its working groups. Note that 29 other groups may also distribute working documents as Internet- 30 Drafts. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 The list of current Internet-Drafts can be accessed at 38 http://www.ietf.org/1id-abstracts.html 40 The list of Internet-Draft Shadow Directories can be accessed at 41 http://www.ietf.org/shadow.html 43 Copyright and License Notice 45 Copyright (c) 2010 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with 53 respect to this document. Code Components extracted from this 54 document must include Simplified BSD License text as described 55 in Section 4.e of the Trust Legal Provisions and are provided 56 without warranty as described in the Simplified BSD License. 58 Abstract 60 This draft defines a portion of the Management Information Base (MIB) 61 for use with network management protocols in the Internet community. 62 In particular, it describes managed objects for modeling 63 Bidirectional Forwarding Detection (BFD) protocol. 65 Table of Contents 67 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 68 2. The Internet-Standard Management Framework . . . . . . . . . . 3 69 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 70 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 71 5. Brief Description of MIB Objects . . . . . . . . . . . . . . . 3 72 5.1. General Variables . . . . . . . . . . . . . . . . . . . . 4 73 5.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 4 74 5.3. Session Performance Table (bfdSessionPerfTable) . . . . . 4 75 5.4. BFD Session Discriminator Mapping Table 76 (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 4 77 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . . 4 78 6. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . . 4 79 7. Security Considerations . . . . . . . . . . . . . . . . . . . 31 80 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 81 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 33 82 9.1. Normative References . . . . . . . . . . . . . . . . . . . 33 83 9.2. Informative References . . . . . . . . . . . . . . . . . . 34 84 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 34 85 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 87 1. Requirements notation 89 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 90 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 91 document are to be interpreted as described in [RFC2119]. 93 2. The Internet-Standard Management Framework 94 For a detailed overview of the documents that describe the current 95 Internet-Standard Management Framework, please refer to section 7 of 96 [RFC3410]. 98 Managed objects are accessed via a virtual information store, termed 99 the Management Information Base or MIB. MIB objects are generally 100 accessed through the Simple Network Management Protocol (SNMP). 101 Objects in the MIB are defined using the mechanisms defined in the 102 Structure of Management Information (SMI). This memo specifies a MIB 103 module that is compliant to the SMIv2, which is described in STD 58, 104 [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. 106 3. Introduction 108 This memo defines an portion of the Management Information Base (MIB) 109 for use with network management protocols in the Internet community. 110 In particular, it describes managed objects to configure and/or 111 monitor Bi-Directional Forwarding Detection for [BFD], [BFD-1HOP] and 112 [BFD-MH], BFD versions 0 and/or 1, on devices supporting this 113 feature. 115 Comments should be made directly to the BFD mailing list at 116 rtg-bfd@ietf.org. 118 4. Terminology 120 This document adopts the definitions, acronyms and mechanisms 121 described in [BFD], [BFD-1HOP] and [BFD-MH]. Unless otherwise 122 stated, the mechanisms described therein will not be re-described 123 here. 125 5. Brief Description of MIB Objects 127 This section describes objects pertaining to BFD. The MIB objects 128 are derived from [BFD] and [BFD-MH]. 130 5.1. General Variables 132 The General Variables are used to identify parameters that are global 133 to the BFD process. 135 5.2. Session Table (bfdSessionTable) 137 The session table is used to identify a BFD session between a pair of 138 nodes. 140 5.3. Session Performance Table (bfdSessionPerfTable) 142 The session performance table is used for collecting BFD performance 143 counters on a per session basis. This table is an AUGMENT to the 144 bfdSessionTable. 146 5.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) 148 The BFD Session Discriminator Mapping Table maps a local 149 discriminator value to associated BFD session's BfdSessIndexTC used 150 in the bfdSessionTable. 152 5.5. BFD Session IP Mapping Table (bfdSessIpMapTable) 154 The BFD Session IP Mapping Table maps, given bfdSessInterface, 155 bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, and 156 bfdSessDstAddr, to an associated BFD session's BfdSessIndexTC 157 used in the bfdSessionTable. This table SHOULD contains those 158 BFD sessions that are of IP type. 160 6. BFD MIB Module Definitions 162 This MIB module makes references to the following documents. 163 [RFC2579], [RFC2580], [RFC2863], [RFC4001], and [RFC3413]. 165 BFD-STD-MIB DEFINITIONS ::= BEGIN 167 IMPORTS 168 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 169 mib-2, Integer32, Unsigned32, Counter32, Counter64 170 FROM SNMPv2-SMI 172 TruthValue, RowStatus, StorageType, TimeStamp 173 FROM SNMPv2-TC 175 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 176 FROM SNMPv2-CONF 178 InterfaceIndexOrZero 179 FROM IF-MIB 181 InetAddress, InetAddressType, InetPortNumber 182 FROM INET-ADDRESS-MIB 184 BfdSessIndexTC, BfdIntervalTC, BfdMultiplierTC, BfdDiagTC, 185 BfdSessTypeTC, BfdSessOperModeTC, BfdCtrlDestPortNumberTC, 186 BfdCtrlSourcePortNumberTC, BfdSessStateTC, 187 BfdSessAuthenticationTypeTC, BfdSessionAuthenticationKeyTC 188 FROM BFD-TC-STD-MIB; 190 bfdMib MODULE-IDENTITY 191 LAST-UPDATED "201007081200Z" -- 8 July 2010 12:00:00 EST 192 ORGANIZATION "IETF Bidirectional Forwarding Detection 193 Working Group" 194 CONTACT-INFO 195 "Thomas D. Nadeau 196 BT 197 Email: tnadeau@lucidvision.com 199 Zafar Ali 200 Cisco Systems, Inc. 201 Email: zali@cisco.com 203 Nobo Akiya 204 Cisco Systems, G.K. 205 Email: nobo@cisco.com" 206 DESCRIPTION 207 "Bidirectional Forwarding Management Information Base." 208 REVISION "201007081200Z" -- 8 July 2010 12:00:00 EST 209 DESCRIPTION 210 "Initial version. Published as RFC xxxx." 211 -- RFC Ed.: RFC-editor pls fill in xxxx 212 ::= { mib-2 XXX } 213 -- RFC Ed.: assigned by IANA, see section 7.1 for details 215 -- Top level components of this MIB module. 217 bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } 219 bfdObjects OBJECT IDENTIFIER ::= { bfdMIB 1 } 221 bfdConformance OBJECT IDENTIFIER ::= { bfdMIB 2 } 223 bfdScalarObjects OBJECT IDENTIFIER ::= { bfdObjects 1 } 225 -- BFD General Variables 227 -- These parameters apply globally to the Systems' 228 -- BFD Process. 230 bfdAdminStatus OBJECT-TYPE 231 SYNTAX INTEGER { 232 enabled(1), 233 disabled(2) 234 } 235 MAX-ACCESS read-write 236 STATUS current 237 DESCRIPTION 238 "The global administrative status of BFD in this router. 239 The value 'enabled' denotes that the BFD Process is 240 active on at least one interface; 'disabled' disables 241 it on all interfaces." 242 DEFVAL { enabled } 243 ::= { bfdScalarObjects 1 } 245 bfdSessNotificationsEnable OBJECT-TYPE 246 SYNTAX TruthValue 247 MAX-ACCESS read-write 248 STATUS current 249 DESCRIPTION 250 "If this object is set to true(1), then it enables 251 the emission of bfdSessUp and bfdSessDown 252 notifications; otherwise these notifications are not 253 emitted." 254 REFERENCE 255 "See also RFC3413 for explanation that 256 notifications are under the ultimate control of the 257 MIB modules in this document." 258 DEFVAL { false } 259 ::= { bfdScalarObjects 2 } 261 -- BFD Session Table 262 -- The BFD Session Table specifies BFD session specific 263 -- information. 265 bfdSessTable OBJECT-TYPE 266 SYNTAX SEQUENCE OF BfdSessEntry 267 MAX-ACCESS not-accessible 268 STATUS current 269 DESCRIPTION 270 "The BFD Session Table describes the BFD sessions." 271 REFERENCE 272 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 273 BFD Version 1 (RFC5880)" 274 ::= { bfdObjects 2 } 276 bfdSessEntry OBJECT-TYPE 277 SYNTAX BfdSessEntry 278 MAX-ACCESS not-accessible 279 STATUS current 280 DESCRIPTION 281 "The BFD Session Entry describes BFD session." 282 INDEX { bfdSessIndex } 283 ::= { bfdSessTable 1 } 285 BfdSessEntry ::= SEQUENCE { 286 bfdSessIndex BfdSessIndexTC, 287 bfdSessVersionNumber Unsigned32, 288 bfdSessType BfdSessTypeTC, 289 bfdSessDiscriminator Unsigned32, 290 bfdSessRemoteDiscr Unsigned32, 291 bfdSessDestinationUdpPort BfdCtrlDestPortNumberTC, 292 bfdSessSourceUdpPort BfdCtrlSourcePortNumberTC, 293 bfdSessEchoSourceUdpPort InetPortNumber, 294 bfdSessAdminStatus INTEGER, 295 bfdSessState BfdSessStateTC, 296 bfdSessRemoteHeardFlag TruthValue, 297 bfdSessDiag BfdDiagTC, 298 bfdSessOperMode BfdSessOperModeTC, 299 bfdSessDemandModeDesiredFlag TruthValue, 300 bfdSessControlPlaneIndepFlag TruthValue, 301 bfdSessMultipointFlag TruthValue, 302 bfdSessInterface InterfaceIndexOrZero, 303 bfdSessSrcAddrType InetAddressType, 304 bfdSessSrcAddr InetAddress, 305 bfdSessDstAddrType InetAddressType, 306 bfdSessDstAddr InetAddress, 307 bfdSessGTSM TruthValue, 308 bfdSessGTSMTTL Unsigned32, 309 bfdSessDesiredMinTxInterval BfdIntervalTC, 310 bfdSessReqMinRxInterval BfdIntervalTC, 311 bfdSessReqMinEchoRxInterval BfdIntervalTC, 312 bfdSessDetectMult BfdMultiplierTC, 313 bfdSessNegotiatedInterval BfdIntervalTC, 314 bfdSessNegotiatedEchoInterval BfdIntervalTC, 315 bfdSessNegotiatedDetectMult BfdMultiplierTC, 316 bfdSessAuthPresFlag TruthValue, 317 bfdSessAuthenticationType BfdSessAuthenticationTypeTC, 318 bfdSessAuthenticationKeyID Integer32, 319 bfdSessAuthenticationKey BfdSessionAuthenticationKeyTC, 320 bfdSessStorType StorageType, 321 bfdSessRowStatus RowStatus 322 } 324 bfdSessIndex OBJECT-TYPE 325 SYNTAX BfdSessIndexTC 326 MAX-ACCESS not-accessible 327 STATUS current 328 DESCRIPTION 329 "This object contains an index used to represent a 330 unique BFD session on this device." 331 ::= { bfdSessEntry 1 } 333 bfdSessVersionNumber OBJECT-TYPE 334 SYNTAX Unsigned32 (0..7) 335 MAX-ACCESS read-create 336 STATUS current 337 DESCRIPTION 338 "The version number of the BFD protocol that this session 339 is running in. Write access is available for this object 340 to provide ability to set desired version for this 341 BFD session." 342 REFERENCE 343 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 344 BFD Version 1 (RFC5880)" 345 DEFVAL { 1 } 346 ::= { bfdSessEntry 2 } 348 bfdSessType OBJECT-TYPE 349 SYNTAX BfdSessTypeTC 350 MAX-ACCESS read-create 351 STATUS current 352 DESCRIPTION 353 "This object specifies the type of this BFD session." 354 ::= { bfdSessEntry 3 } 356 bfdSessDiscriminator OBJECT-TYPE 357 SYNTAX Unsigned32 (1..4294967295) 358 MAX-ACCESS read-only 359 STATUS current 360 DESCRIPTION 361 "This object specifies the local discriminator for this BFD 362 session, used to uniquely identify it." 363 ::= { bfdSessEntry 4 } 365 bfdSessRemoteDiscr OBJECT-TYPE 366 SYNTAX Unsigned32 (0 | 1..4294967295) 367 MAX-ACCESS read-only 368 STATUS current 369 DESCRIPTION 370 "This object specifies the session discriminator chosen 371 by the remote system for this BFD session. The value may 372 be zero(0) if the remote discriminator is not yet known 373 or if the session is in the down or adminDown(1) state." 374 REFERENCE 375 "RFC5880, Section 6.8.6" 376 ::= { bfdSessEntry 5 } 378 bfdSessDestinationUdpPort OBJECT-TYPE 379 SYNTAX BfdCtrlDestPortNumberTC 380 MAX-ACCESS read-create 381 STATUS current 382 DESCRIPTION 383 "This object specifies the destination UDP port number 384 used for this BFD session's control packets. The value 385 may be zero(0) if the session is in adminDown(1) state." 386 DEFVAL { 0 } 387 ::= { bfdSessEntry 6 } 389 bfdSessSourceUdpPort OBJECT-TYPE 390 SYNTAX BfdCtrlSourcePortNumberTC 391 MAX-ACCESS read-create 392 STATUS current 393 DESCRIPTION 394 "This object specifies the source UDP port number used 395 for this BFD session's control packets. The value may be 396 zero(0) if the session is in adminDown(1) state. Upon 397 creation of a new BFD session via this MIB, the value of 398 zero(0) specified would permit the implementation to 399 chose its own source port number." 400 DEFVAL { 0 } 401 ::= { bfdSessEntry 7 } 403 bfdSessEchoSourceUdpPort OBJECT-TYPE 404 SYNTAX InetPortNumber 405 MAX-ACCESS read-create 406 STATUS current 407 DESCRIPTION 408 "This object specifies the source UDP port number used for 409 this BFD session's echo packets. The value may be zero(0) 410 if the session is not running in the echo mode, or the 411 session is in adminDown(1) state. Upon creation of a new 412 BFD session via this MIB, the value of zero(0) would 413 permit the implementation to chose its own source port 414 number." 415 DEFVAL { 0 } 416 ::= { bfdSessEntry 8 } 418 bfdSessAdminStatus OBJECT-TYPE 419 SYNTAX INTEGER { 420 stop(1), 421 start(2) 422 } 423 MAX-ACCESS read-create 424 STATUS current 425 DESCRIPTION 426 "A transition from 'stop' to 'start' will start 427 the BFD state machine for the session. The state 428 machine will have an initial state of down. 429 A transition from 'start' to 'stop' will cause 430 the BFD sesssion to be brought down to 431 adminDown(1). Care should be used in providing 432 write access to this object without adequate 433 authentication." 434 DEFVAL { 2 } 435 ::= { bfdSessEntry 9 } 437 bfdSessState OBJECT-TYPE 438 SYNTAX BfdSessStateTC 439 MAX-ACCESS read-only 440 STATUS current 441 DESCRIPTION 442 "BFD session state." 443 DEFVAL { 2 } 444 ::= { bfdSessEntry 10 } 446 bfdSessRemoteHeardFlag OBJECT-TYPE 447 SYNTAX TruthValue 448 MAX-ACCESS read-only 449 STATUS current 450 DESCRIPTION 451 "This object specifies status of BFD packet reception from 452 the remote system. Specifically, it is set to true(1) if 453 the local system is actively receiving BFD packets from the 454 remote system, and is set to false(2) if the local system 455 has not received BFD packets recently (within the detection 456 time) or if the local system is attempting to tear down 457 the BFD session." 458 REFERENCE 459 "BFD Version 0 (draft-katz-ward-bfd-02.txt) and 460 BFD Version 1 (RFC5880)" 461 DEFVAL { false } 462 ::= { bfdSessEntry 11 } 464 bfdSessDiag OBJECT-TYPE 465 SYNTAX BfdDiagTC 466 MAX-ACCESS read-only 467 STATUS current 468 DESCRIPTION 469 "A diagnostic code specifying the local system's reason 470 for the last transition of the session from up(4) 471 to some other state." 472 ::= { bfdSessEntry 12 } 474 bfdSessOperMode OBJECT-TYPE 475 SYNTAX BfdSessOperModeTC 476 MAX-ACCESS read-create 477 STATUS current 478 DESCRIPTION 479 "This object specifies current operating mode that BFD 480 session is operating in." 482 ::= { bfdSessEntry 13 } 484 bfdSessDemandModeDesiredFlag OBJECT-TYPE 485 SYNTAX TruthValue 486 MAX-ACCESS read-create 487 STATUS current 488 DESCRIPTION 489 "This object indicates that the local system's 490 desire to use Demand mode. Specifically, it is set 491 to true(1) if the local system wishes to use 492 Demand mode or false(2) if not" 493 DEFVAL { false } 494 ::= { bfdSessEntry 14 } 496 bfdSessControlPlaneIndepFlag OBJECT-TYPE 497 SYNTAX TruthValue 498 MAX-ACCESS read-create 499 STATUS current 500 DESCRIPTION 501 "This object indicates that the local system's 502 ability to continue to function through a disruption of 503 the control plane. Specifically, it is set 504 to true(1) if the local system BFD implementation is 505 independent of the control plane. Otherwise, the 506 value is set to false(2)" 507 DEFVAL { false } 508 ::= { bfdSessEntry 15 } 510 bfdSessMultipointFlag OBJECT-TYPE 511 SYNTAX TruthValue 512 MAX-ACCESS read-create 513 STATUS current 514 DESCRIPTION 515 "This object indicates the Multipoint (M) bit for this 516 session. It is set to true(1) if Multipoint (M) bit is 517 set to 1. Otherwise, the value is set to false(2)" 518 DEFVAL { false } 519 ::= { bfdSessEntry 16 } 521 bfdSessInterface OBJECT-TYPE 522 SYNTAX InterfaceIndexOrZero 523 MAX-ACCESS read-create 524 STATUS current 525 DESCRIPTION 526 "This object contains an interface index used to indicate 527 the interface which this BFD session is running on. This 528 value can be zero if there is no interface associated 529 with this BFD session." 530 ::= { bfdSessEntry 17 } 532 bfdSessSrcAddrType OBJECT-TYPE 533 SYNTAX InetAddressType 534 MAX-ACCESS read-create 535 STATUS current 536 DESCRIPTION 537 "This object specifies IP address type of the source IP 538 address of this BFD session. Only values unknown(0), 539 ipv4(1), ipv6(2), or ipv6z(4) have to be supported. 540 The value of unknown(0) is allowed only when the session 541 is singleHop(1) and the source IP address of this BFD 542 session is drived from the outgoing interface, or when 543 the BFD session is not associated with a specific 544 interface. If any other unsupported values are attempted 545 in a set operation, the agent MUST return an 546 inconsistentValue error." 547 ::= { bfdSessEntry 18 } 549 bfdSessSrcAddr OBJECT-TYPE 550 SYNTAX InetAddress 551 MAX-ACCESS read-create 552 STATUS current 553 DESCRIPTION 554 "This object specifies the source IP address of this BFD 555 session." 556 ::= { bfdSessEntry 19 } 558 bfdSessDstAddrType OBJECT-TYPE 559 SYNTAX InetAddressType 560 MAX-ACCESS read-create 561 STATUS current 562 DESCRIPTION 563 "This object specifies IP address type of the neighboring IP 564 address which is being monitored with this BFD session. 565 Only values unknown(0), ipv4(1), ipv6(2), or ipv6z(4) 566 have to be supported. The value of unknown(0) is allowed 567 only when the session is singleHop(1) and the outgoing 568 interface is of type point-to-point, or when the BFD 569 session is not associated with a specific interface. If any 570 other unsupported values are attempted in a set operation, 571 the agent MUST return an inconsistentValue error." 572 ::= { bfdSessEntry 20 } 574 bfdSessDstAddr OBJECT-TYPE 575 SYNTAX InetAddress 576 MAX-ACCESS read-create 577 STATUS current 578 DESCRIPTION 579 "This object specifies the neighboring IP address which is 580 being monitored with this BFD session." 581 ::= { bfdSessEntry 21 } 583 bfdSessGTSM OBJECT-TYPE 584 SYNTAX TruthValue 585 MAX-ACCESS read-create 586 STATUS current 587 DESCRIPTION 588 "Setting the value of this object to true(1) will enable GTSM 589 protection of the BFD session. GTSM MUST be enabled on a 590 singleHop(1) session if no authentication is in use." 591 REFERENCE 592 "RFC5082, The Generalized TTL Security Mechanism (GTSM). 593 RFC5881, Section 5" 594 DEFVAL { false } 595 ::= { bfdSessEntry 22 } 597 bfdSessGTSMTTL OBJECT-TYPE 598 SYNTAX Unsigned32 (0..255) 599 MAX-ACCESS read-create 600 STATUS current 601 DESCRIPTION 602 "This object is valid only when bfdSessGTSM protection is 603 enabled on the system. This object specifies the minimum 604 allowed TTL for received BFD control packets. For 605 singleHop(1) session, if GTSM protection is enabled, 606 this object SHOULD be set to maximum TTL allowed for 607 single hop. The value of zero(0) indicates that 608 bfdSessGTSM is disabled." 609 REFERENCE 610 "RFC5082, The Generalized TTL Security Mechanism (GTSM). 611 RFC5881, Section 5" 612 DEFVAL { 0 } 613 ::= { bfdSessEntry 23 } 615 bfdSessDesiredMinTxInterval OBJECT-TYPE 616 SYNTAX BfdIntervalTC 617 MAX-ACCESS read-create 618 STATUS current 619 DESCRIPTION 620 "This object specifies the minimum interval, in 621 microseconds, that the local system would like to use 622 when transmitting BFD Control packets. The value of 623 zero(0) is reserved, and should not be used." 624 REFERENCE 625 "RFC5880, Section 4.1" 626 ::= { bfdSessEntry 24 } 628 bfdSessReqMinRxInterval OBJECT-TYPE 629 SYNTAX BfdIntervalTC 630 MAX-ACCESS read-create 631 STATUS current 632 DESCRIPTION 633 "This object specifies the minimum interval, in 634 microseconds, between received BFD Control packets the 635 local system is capable of supporting. The value of 636 zero(0) can be specified when the transmitting system 637 does not want the remote system to send any periodic BFD 638 control packets." 639 REFERENCE 640 "RFC5880, Section 4.1" 641 ::= { bfdSessEntry 25 } 643 bfdSessReqMinEchoRxInterval OBJECT-TYPE 644 SYNTAX BfdIntervalTC 645 MAX-ACCESS read-create 646 STATUS current 647 DESCRIPTION 648 "This object specifies the minimum interval, in 649 microseconds, between received BFD Echo packets that this 650 system is capable of supporting. Value must be zero(0) if 651 this is a multihop BFD session." 652 ::= { bfdSessEntry 26 } 654 bfdSessDetectMult OBJECT-TYPE 655 SYNTAX BfdMultiplierTC 656 MAX-ACCESS read-create 657 STATUS current 658 DESCRIPTION 659 "This object specifies the Detect time multiplier." 660 ::= { bfdSessEntry 27 } 662 bfdSessNegotiatedInterval OBJECT-TYPE 663 SYNTAX BfdIntervalTC 664 MAX-ACCESS read-only 665 STATUS current 666 DESCRIPTION 667 "This object specifies the negotiated interval, in 668 microseconds, that the local system is transmitting 669 BFD Control packets." 670 ::= { bfdSessEntry 28 } 672 bfdSessNegotiatedEchoInterval OBJECT-TYPE 673 SYNTAX BfdIntervalTC 674 MAX-ACCESS read-only 675 STATUS current 676 DESCRIPTION 677 "This object specifies the negotiated interval, in 678 microseconds, that the local system is transmitting 679 BFD echo packets. Value is expected to be zero if 680 the sessions is not running in echo mode." 681 ::= { bfdSessEntry 29 } 683 bfdSessNegotiatedDetectMult OBJECT-TYPE 684 SYNTAX BfdMultiplierTC 685 MAX-ACCESS read-only 686 STATUS current 687 DESCRIPTION 688 "This object specifies the Detect time multiplier." 689 ::= { bfdSessEntry 30 } 691 bfdSessAuthPresFlag OBJECT-TYPE 692 SYNTAX TruthValue 693 MAX-ACCESS read-create 694 STATUS current 695 DESCRIPTION 696 "This object indicates that the local system's 697 desire to use Authentication. Specifically, it is set 698 to true(1) if the local system wishes the session 699 to be authenticated or false(2) if not." 700 REFERENCE 701 "RFC5880, Sections 4.2 - 4.4" 702 DEFVAL { false } 703 ::= { bfdSessEntry 31 } 705 bfdSessAuthenticationType OBJECT-TYPE 706 SYNTAX BfdSessAuthenticationTypeTC 707 MAX-ACCESS read-create 708 STATUS current 709 DESCRIPTION 710 "The Authentication Type used for this BFD session. 711 This field is valid only when the Authentication 712 Present bit is set. Max-access to this object as well as 713 other authentication related objects are set to 714 read-create in order to support management of a single 715 key ID at a time, key rotation is not handled. Key update 716 in practice must be done by atomic update using a set 717 containing all affected objects in the same varBindList 718 or otherwise risk the session dropping. Value -1 719 indicates that no authentication is in use for this 720 session." 721 REFERENCE 722 "RFC5880, Sections 4.2 - 4.4" 723 DEFVAL { -1 } 724 ::= { bfdSessEntry 32 } 726 bfdSessAuthenticationKeyID OBJECT-TYPE 727 SYNTAX Integer32 (-1 | 0..255) 728 MAX-ACCESS read-create 729 STATUS current 730 DESCRIPTION 731 "The authentication key ID in use for this session. This 732 object permits multiple keys to be active simultaneously. 733 When bfdSessAuthPresFlag is false(2), then the value 734 of this object MUST be -1. The value -1 indicates that 735 no Authentication Key ID will be present in the optional 736 BFD Authentication Section." 737 REFERENCE 738 "RFC5880, Sections 4.2 - 4.4" 739 DEFVAL { -1 } 740 ::= { bfdSessEntry 33 } 742 bfdSessAuthenticationKey OBJECT-TYPE 743 SYNTAX BfdSessionAuthenticationKeyTC 744 MAX-ACCESS read-create 745 STATUS current 746 DESCRIPTION 747 "The authentication key. When the 748 bfdSessAuthenticationType is simplePassword(1), the value 749 of this object is the password present in the BFD packets. 751 When the bfdSessAuthentication type is one of the keyed 752 authentication types, this value is used in the 753 computation of the key present in the BFD authentication 754 packet." 755 REFERENCE 756 "RFC5880, Sections 4.2 - 4.4" 757 ::= { bfdSessEntry 34 } 759 bfdSessStorType OBJECT-TYPE 760 SYNTAX StorageType 761 MAX-ACCESS read-create 762 STATUS current 763 DESCRIPTION 764 "This variable indicates the storage type for this 765 object. Conceptual rows having the value 766 'permanent' need not allow write-access to any 767 columnar objects in the row." 768 ::= { bfdSessEntry 35 } 770 bfdSessRowStatus OBJECT-TYPE 771 SYNTAX RowStatus 772 MAX-ACCESS read-create 773 STATUS current 774 DESCRIPTION 775 "This variable is used to create, modify, and/or 776 delete a row in this table. When a row in this 777 table has a row in the active(1) state, no 778 objects in this row can be modified except the 779 bfdSessRowStatus and bfdSessStorageType." 780 ::= { bfdSessEntry 36 } 782 -- BFD Session Performance Table 784 bfdSessPerfTable OBJECT-TYPE 785 SYNTAX SEQUENCE OF BfdSessPerfEntry 786 MAX-ACCESS not-accessible 787 STATUS current 788 DESCRIPTION 789 "This table specifies BFD Session performance counters." 790 ::= { bfdObjects 3 } 792 bfdSessPerfEntry OBJECT-TYPE 793 SYNTAX BfdSessPerfEntry 794 MAX-ACCESS not-accessible 795 STATUS current 796 DESCRIPTION 797 "An entry in this table is created by a BFD-enabled node 798 for every BFD Session. bfdSessPerfDiscTime is used to 799 indicate potential discontinuity for all counter objects 800 in this table." 801 AUGMENTS { bfdSessEntry } 802 ::= { bfdSessPerfTable 1 } 804 BfdSessPerfEntry ::= SEQUENCE { 805 bfdSessPerfCtrlPktIn Counter32, 806 bfdSessPerfCtrlPktOut Counter32, 807 bfdSessPerfCtrlPktDrop Counter32, 808 bfdSessPerfCtrlPktDropLastTime TimeStamp, 809 bfdSessPerfEchoPktIn Counter32, 810 bfdSessPerfEchoPktOut Counter32, 811 bfdSessPerfEchoPktDrop Counter32, 812 bfdSessPerfEchoPktDropLastTime TimeStamp, 813 bfdSessUpTime TimeStamp, 814 bfdSessPerfLastSessDownTime TimeStamp, 815 bfdSessPerfLastCommLostDiag BfdDiagTC, 816 bfdSessPerfSessUpCount Counter32, 817 bfdSessPerfDiscTime TimeStamp, 819 -- High Capacity Counters 820 bfdSessPerfCtrlPktInHC Counter64, 821 bfdSessPerfCtrlPktOutHC Counter64, 822 bfdSessPerfCtrlPktDropHC Counter64, 823 bfdSessPerfEchoPktInHC Counter64, 824 bfdSessPerfEchoPktOutHC Counter64, 825 bfdSessPerfEchoPktDropHC Counter64 826 } 828 -- Ed Note: should we add per-diag code counts here, 830 bfdSessPerfCtrlPktIn OBJECT-TYPE 831 SYNTAX Counter32 832 MAX-ACCESS read-only 833 STATUS current 834 DESCRIPTION 835 "The total number of BFD control messages received for this 836 BFD session. This value MUST be equal to the least 837 significant 32 bits of bfdSessPerfCtrlPktInHC." 838 ::= { bfdSessPerfEntry 1 } 840 bfdSessPerfCtrlPktOut OBJECT-TYPE 841 SYNTAX Counter32 842 MAX-ACCESS read-only 843 STATUS current 844 DESCRIPTION 845 "The total number of BFD control messages sent for this BFD 846 session. This value MUST be equal to the least significant 847 32 bits of bfdSessPerfCtrlPktOutHC." 848 ::= { bfdSessPerfEntry 2 } 850 bfdSessPerfCtrlPktDrop OBJECT-TYPE 851 SYNTAX Counter32 852 MAX-ACCESS read-only 853 STATUS current 854 DESCRIPTION 855 "The total number of BFD control messages received for this 856 session yet dropped for being invalid. This value MUST be 857 equal to the least significant 32 bits of 858 bfdSessPerfCtrlPktDropHC." 859 ::= { bfdSessPerfEntry 3 } 861 bfdSessPerfCtrlPktDropLastTime OBJECT-TYPE 862 SYNTAX TimeStamp 863 MAX-ACCESS read-only 864 STATUS current 865 DESCRIPTION 866 "The value of sysUpTime on the most recent occasion at 867 which received BFD control message for this session was 868 dropped. If no such up event exists, this object contains 869 a zero value." 870 ::= { bfdSessPerfEntry 4 } 872 bfdSessPerfEchoPktIn OBJECT-TYPE 873 SYNTAX Counter32 874 MAX-ACCESS read-only 875 STATUS current 876 DESCRIPTION 877 "The total number of BFD echo messages received for this 878 BFD session. This value MUST be equal to the least 879 significant 32 bits of bfdSessPerfEchoPktInHC." 880 ::= { bfdSessPerfEntry 5 } 882 bfdSessPerfEchoPktOut OBJECT-TYPE 883 SYNTAX Counter32 884 MAX-ACCESS read-only 885 STATUS current 886 DESCRIPTION 887 "The total number of BFD echo messages sent for this BFD 888 session. This value MUST be equal to the least significant 889 32 bits of bfdSessPerfEchoPktOutHC." 890 ::= { bfdSessPerfEntry 6 } 892 bfdSessPerfEchoPktDrop OBJECT-TYPE 893 SYNTAX Counter32 894 MAX-ACCESS read-only 895 STATUS current 896 DESCRIPTION 897 "The total number of BFD echo messages received for this 898 session yet dropped for being invalid. This value MUST be 899 equal to the least significant 32 bits of 900 bfdSessPerfEchoPktDropHC." 901 ::= { bfdSessPerfEntry 7 } 903 bfdSessPerfEchoPktDropLastTime OBJECT-TYPE 904 SYNTAX TimeStamp 905 MAX-ACCESS read-only 906 STATUS current 907 DESCRIPTION 908 "The value of sysUpTime on the most recent occasion at 909 which received BFD echo message for this session was 910 dropped. If no such up event exists, this object contains 911 a zero value." 912 ::= { bfdSessPerfEntry 8 } 914 bfdSessUpTime OBJECT-TYPE 915 SYNTAX TimeStamp 916 MAX-ACCESS read-only 917 STATUS current 918 DESCRIPTION 919 "The value of sysUpTime on the most recent occasion at which 920 the session came up. If no such up event exists this object 921 contains a zero value." 922 ::= { bfdSessPerfEntry 9 } 924 bfdSessPerfLastSessDownTime OBJECT-TYPE 925 SYNTAX TimeStamp 926 MAX-ACCESS read-only 927 STATUS current 928 DESCRIPTION 929 "The value of sysUpTime on the most recent occasion at 930 which the last time communication was lost with the 931 neighbor. If no such down event exist this object 932 contains a zero value." 933 ::= { bfdSessPerfEntry 10 } 935 bfdSessPerfLastCommLostDiag OBJECT-TYPE 936 SYNTAX BfdDiagTC 937 MAX-ACCESS read-only 938 STATUS current 939 DESCRIPTION 940 "The BFD diag code for the last time communication was lost 941 with the neighbor. If no such down event exists this object 942 contains a zero value." 943 ::= { bfdSessPerfEntry 11 } 945 bfdSessPerfSessUpCount OBJECT-TYPE 946 SYNTAX Counter32 947 MAX-ACCESS read-only 948 STATUS current 949 DESCRIPTION 950 "The number of times this session has gone into the Up 951 state since the system last rebooted." 952 ::= { bfdSessPerfEntry 12 } 954 bfdSessPerfDiscTime OBJECT-TYPE 955 SYNTAX TimeStamp 956 MAX-ACCESS read-only 957 STATUS current 958 DESCRIPTION 959 "The value of sysUpTime on the most recent occasion at 960 which any one or more of the session counters suffered 961 a discontinuity. 962 The relevant counters are the specific instances associated 963 with this BFD session of any Counter32 object contained in 964 the BfdSessPerfTable. If no such discontinuities have 965 occurred since the last re-initialization of the local 966 management subsystem, then this object contains a zero 967 value." 968 ::= { bfdSessPerfEntry 13 } 970 bfdSessPerfCtrlPktInHC OBJECT-TYPE 971 SYNTAX Counter64 972 MAX-ACCESS read-only 973 STATUS current 974 DESCRIPTION 975 "This value represents the total number of BFD control 976 messages received for this BFD session." 977 ::= { bfdSessPerfEntry 14 } 979 bfdSessPerfCtrlPktOutHC OBJECT-TYPE 980 SYNTAX Counter64 981 MAX-ACCESS read-only 982 STATUS current 983 DESCRIPTION 984 "This value represents the total number of BFD control 985 messages transmitted for this BFD session." 986 ::= { bfdSessPerfEntry 15 } 988 bfdSessPerfCtrlPktDropHC OBJECT-TYPE 989 SYNTAX Counter64 990 MAX-ACCESS read-only 991 STATUS current 992 DESCRIPTION 993 "This value represents the total number of BFD control 994 messages received for this BFD session yet dropped for 995 being invalid." 996 ::= { bfdSessPerfEntry 16 } 998 bfdSessPerfEchoPktInHC OBJECT-TYPE 999 SYNTAX Counter64 1000 MAX-ACCESS read-only 1001 STATUS current 1002 DESCRIPTION 1003 "This value represents the total number of BFD echo 1004 messages received for this BFD session." 1005 ::= { bfdSessPerfEntry 17 } 1007 bfdSessPerfEchoPktOutHC OBJECT-TYPE 1008 SYNTAX Counter64 1009 MAX-ACCESS read-only 1010 STATUS current 1011 DESCRIPTION 1012 "This value represents the total number of BFD echo 1013 messages transmitted for this BFD session." 1014 ::= { bfdSessPerfEntry 18 } 1016 bfdSessPerfEchoPktDropHC OBJECT-TYPE 1017 SYNTAX Counter64 1018 MAX-ACCESS read-only 1019 STATUS current 1020 DESCRIPTION 1021 "This value represents the total number of BFD echo 1022 messages received for this BFD session yet dropped 1023 for being invalid." 1024 ::= { bfdSessPerfEntry 19 } 1026 -- BFD Session Discriminator Mapping Table 1028 bfdSessDiscMapTable OBJECT-TYPE 1029 SYNTAX SEQUENCE OF BfdSessDiscMapEntry 1030 MAX-ACCESS not-accessible 1031 STATUS current 1032 DESCRIPTION 1033 "The BFD Session Discriminator Mapping Table maps a 1034 local discriminator value to associated BFD session's 1035 BfdSessIndexTC used in the bfdSessionTable." 1036 ::= { bfdObjects 4 } 1038 bfdSessDiscMapEntry OBJECT-TYPE 1039 SYNTAX BfdSessDiscMapEntry 1040 MAX-ACCESS not-accessible 1041 STATUS current 1042 DESCRIPTION 1043 "The BFD Session Discriminator Map Entry describes 1044 BFD session that is mapped to this BfdSessIndexTC." 1045 INDEX { bfdSessDiscriminator } 1046 ::= { bfdSessDiscMapTable 1 } 1048 BfdSessDiscMapEntry ::= SEQUENCE { 1049 bfdSessDiscMapIndex BfdSessIndexTC 1050 } 1052 bfdSessDiscMapIndex OBJECT-TYPE 1053 SYNTAX BfdSessIndexTC 1054 MAX-ACCESS read-only 1055 STATUS current 1056 DESCRIPTION 1057 "This object specifies the BfdSessIndexTC referred to by 1058 the indices of this row. In essence, a mapping is 1059 provided between these indexes and the BfdSessTable." 1060 ::= { bfdSessDiscMapEntry 1 } 1062 -- BFD Session IP Mapping Table 1064 bfdSessIpMapTable OBJECT-TYPE 1065 SYNTAX SEQUENCE OF BfdSessIpMapEntry 1066 MAX-ACCESS not-accessible 1067 STATUS current 1068 DESCRIPTION 1069 "The BFD Session IP Mapping Table maps given 1070 bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, 1071 bfdSessDstAddrType and bfdSessDstAddr 1072 to an associated BFD session's BfdSessIndexTC used in 1073 the bfdSessionTable." 1074 ::= { bfdObjects 5 } 1076 bfdSessIpMapEntry OBJECT-TYPE 1077 SYNTAX BfdSessIpMapEntry 1078 MAX-ACCESS not-accessible 1079 STATUS current 1080 DESCRIPTION 1081 "The BFD Session IP Map Entry describes 1082 BFD session that is mapped to this BfdSessIndexTC." 1083 INDEX { 1084 bfdSessInterface, 1085 bfdSessSrcAddrType, 1086 bfdSessSrcAddr, 1087 bfdSessDstAddrType, 1088 bfdSessDstAddr 1089 } 1090 ::= { bfdSessIpMapTable 1 } 1092 BfdSessIpMapEntry ::= SEQUENCE { 1093 bfdSessIpMapIndex BfdSessIndexTC 1094 } 1096 bfdSessIpMapIndex OBJECT-TYPE 1097 SYNTAX BfdSessIndexTC 1098 MAX-ACCESS read-only 1099 STATUS current 1100 DESCRIPTION 1101 "This object specifies the BfdSessIndexTC referred to by 1102 the indexes of this row. In essence, a mapping is 1103 provided between these indexes and the BfdSessTable." 1104 ::= { bfdSessIpMapEntry 1 } 1106 -- Notification Configuration 1108 bfdSessUp NOTIFICATION-TYPE 1109 OBJECTS { 1110 bfdSessDiag, -- low range value 1111 bfdSessDiag -- high range value 1112 } 1113 STATUS current 1114 DESCRIPTION 1115 "This notification is generated when the 1116 bfdSessState object for one or more contiguous 1117 entries in bfdSessTable are about to enter the up(4) 1118 state from some other state. The included values of 1119 bfdSessDiag MUST both be set equal to this 1120 new state (i.e: up(4)). The two instances of 1121 bfdSessDiag in this notification indicate the range 1122 of indexes that are affected. Note that all the indexes 1123 of the two ends of the range can be derived from the 1124 instance identifiers of these two objects. For the 1125 cases where a contiguous range of sessions 1126 have transitioned into the up(4) state at roughly 1127 the same time, the device SHOULD issue a single 1128 notification for each range of contiguous indexes in 1129 an effort to minimize the emission of a large number 1130 of notifications. If a notification has to be 1131 issued for just a single bfdSessEntry, then 1132 the instance identifier (and values) of the two 1133 bfdSessDiag objects MUST be the identical." 1134 ::= { bfdNotifications 1 } 1136 bfdSessDown NOTIFICATION-TYPE 1137 OBJECTS { 1138 bfdSessDiag, -- low range value 1139 bfdSessDiag -- high range value 1140 } 1141 STATUS current 1142 DESCRIPTION 1143 "This notification is generated when the 1144 bfdSessState object for one or more contiguous 1145 entries in bfdSessTable are about to enter the down(2) 1146 or adminDown(1) states from some other state. The included 1147 values of bfdSessDiag MUST both be set equal to this new 1148 state (i.e: down(2) or adminDown(1)). The two instances 1149 of bfdSessDiag in this notification indicate the range 1150 of indexes that are affected. Note that all the indexes 1151 of the two ends of the range can be derived from the 1152 instance identifiers of these two objects. For 1153 cases where a contiguous range of sessions 1154 have transitioned into the down(2) or adminDown(1) states 1155 at roughly the same time, the device SHOULD issue a single 1156 notification for each range of contiguous indexes in 1157 an effort to minimize the emission of a large number 1158 of notifications. If a notification has to be 1159 issued for just a single bfdSessEntry, then 1160 the instance identifier (and values) of the two 1161 bfdSessDiag objects MUST be the identical." 1162 ::= { bfdNotifications 2 } 1164 -- Ed Note: We need to add notification for changes 1165 -- when the two ends automatically negotiate to a new detection time 1166 -- value or when detection multiplier changes. 1168 -- Module compliance. 1170 bfdGroups 1171 OBJECT IDENTIFIER ::= { bfdConformance 1 } 1173 bfdCompliances 1174 OBJECT IDENTIFIER ::= { bfdConformance 2 } 1176 -- Compliance requirement for fully compliant implementations. 1178 bfdModuleFullCompliance MODULE-COMPLIANCE 1179 STATUS current 1180 DESCRIPTION 1181 "Compliance statement for agents that provide full 1182 support for the BFD-MIB module. Such devices can 1183 then be monitored and also be configured using 1184 this MIB module." 1186 MODULE -- This module. 1188 MANDATORY-GROUPS { 1189 bfdSessionGroup, 1190 bfdSessionReadOnlyGroup, 1191 bfdSessionPerfGroup, 1192 bfdNotificationGroup 1193 } 1195 GROUP bfdSessionPerfHCGroup 1196 DESCRIPTION "This group is mandatory for all systems that 1197 are able to support the Counter64 date type." 1199 OBJECT bfdSessSrcAddrType 1200 SYNTAX InetAddressType { unknown(0), ipv4(1), 1201 ipv6(2), ipv6z(4) } 1202 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1203 support are required." 1205 OBJECT bfdSessSrcAddr 1206 SYNTAX InetAddress (SIZE (0|4|16|20)) 1207 DESCRIPTION "An implementation is only required to support 1208 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1210 OBJECT bfdSessDstAddrType 1211 SYNTAX InetAddressType { unknown(0), ipv4(1), 1212 ipv6(2), ipv6z(4) } 1213 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1214 support are required." 1216 OBJECT bfdSessDstAddr 1217 SYNTAX InetAddress (SIZE (0|4|16|20)) 1218 DESCRIPTION "An implementation is only required to support 1219 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1221 OBJECT bfdSessRowStatus 1222 SYNTAX RowStatus { active(1), notInService(2) } 1223 WRITE-SYNTAX RowStatus { active(1), notInService(2), 1224 createAndGo(4), destroy(6) } 1225 DESCRIPTION "Support for createAndWait and notReady is not 1226 required." 1228 ::= { bfdCompliances 1 } 1230 bfdModuleReadOnlyCompliance MODULE-COMPLIANCE 1231 STATUS current 1232 DESCRIPTION 1233 "Compliance requirement for implementations that only 1234 provide read-only support for BFD-MIB. Such devices 1235 can then be monitored but cannot be configured using 1236 this MIB module." 1238 MODULE -- This module. 1240 MANDATORY-GROUPS { 1241 bfdSessionGroup, 1242 bfdSessionReadOnlyGroup, 1243 bfdSessionPerfGroup, 1244 bfdNotificationGroup 1245 } 1247 GROUP bfdSessionPerfHCGroup 1248 DESCRIPTION "This group is mandatory for all systems that 1249 are able to support the Counter64 date type." 1251 OBJECT bfdSessVersionNumber 1252 MIN-ACCESS read-only 1253 DESCRIPTION "Write access is not required." 1255 OBJECT bfdSessType 1256 MIN-ACCESS read-only 1257 DESCRIPTION "Write access is not required." 1259 OBJECT bfdSessDestinationUdpPort 1260 MIN-ACCESS read-only 1261 DESCRIPTION "Write access is not required." 1263 OBJECT bfdSessSourceUdpPort 1264 MIN-ACCESS read-only 1265 DESCRIPTION "Write access is not required." 1266 OBJECT bfdSessEchoSourceUdpPort 1267 MIN-ACCESS read-only 1268 DESCRIPTION "Write access is not required." 1270 OBJECT bfdSessAdminStatus 1271 MIN-ACCESS read-only 1272 DESCRIPTION "Write access is not required." 1274 OBJECT bfdSessOperMode 1275 MIN-ACCESS read-only 1276 DESCRIPTION "Write access is not required." 1278 OBJECT bfdSessDemandModeDesiredFlag 1279 MIN-ACCESS read-only 1280 DESCRIPTION "Write access is not required." 1282 OBJECT bfdSessControlPlaneIndepFlag 1283 MIN-ACCESS read-only 1284 DESCRIPTION "Write access is not required." 1286 OBJECT bfdSessMultipointFlag 1287 MIN-ACCESS read-only 1288 DESCRIPTION "Write access is not required." 1290 OBJECT bfdSessInterface 1291 MIN-ACCESS read-only 1292 DESCRIPTION "Write access is not required." 1294 OBJECT bfdSessSrcAddrType 1295 SYNTAX InetAddressType { unknown(0), ipv4(1), 1296 ipv6(2), ipv6z(4) } 1297 MIN-ACCESS read-only 1298 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1299 support are required." 1301 OBJECT bfdSessSrcAddr 1302 SYNTAX InetAddress (SIZE (0|4|16|20)) 1303 MIN-ACCESS read-only 1304 DESCRIPTION "An implementation is only required to support 1305 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1307 OBJECT bfdSessDstAddrType 1308 SYNTAX InetAddressType { unknown(0), ipv4(1), 1309 ipv6(2), ipv6z(4) } 1310 MIN-ACCESS read-only 1311 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1312 support are required." 1314 OBJECT bfdSessDstAddr 1315 SYNTAX InetAddress (SIZE (0|4|16|20)) 1316 MIN-ACCESS read-only 1317 DESCRIPTION "An implementation is only required to support 1318 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1320 OBJECT bfdSessGTSM 1321 MIN-ACCESS read-only 1322 DESCRIPTION "Write access is not required." 1324 OBJECT bfdSessGTSMTTL 1325 MIN-ACCESS read-only 1326 DESCRIPTION "Write access is not required." 1328 OBJECT bfdSessDesiredMinTxInterval 1329 MIN-ACCESS read-only 1330 DESCRIPTION "Write access is not required." 1332 OBJECT bfdSessReqMinRxInterval 1333 MIN-ACCESS read-only 1334 DESCRIPTION "Write access is not required." 1336 OBJECT bfdSessReqMinEchoRxInterval 1337 MIN-ACCESS read-only 1338 DESCRIPTION "Write access is not required." 1340 OBJECT bfdSessDetectMult 1341 MIN-ACCESS read-only 1342 DESCRIPTION "Write access is not required." 1344 OBJECT bfdSessAuthPresFlag 1345 MIN-ACCESS read-only 1346 DESCRIPTION "Write access is not required." 1348 OBJECT bfdSessAuthenticationType 1349 MIN-ACCESS read-only 1350 DESCRIPTION "Write access is not required." 1352 OBJECT bfdSessAuthenticationKeyID 1353 MIN-ACCESS read-only 1354 DESCRIPTION "Write access is not required." 1356 OBJECT bfdSessAuthenticationKey 1357 MIN-ACCESS read-only 1358 DESCRIPTION "Write access is not required." 1360 OBJECT bfdSessStorType 1361 MIN-ACCESS read-only 1362 DESCRIPTION "Write access is not required." 1363 OBJECT bfdSessRowStatus 1364 SYNTAX RowStatus { active(1) } 1365 MIN-ACCESS read-only 1366 DESCRIPTION "Write access is not required." 1368 ::= { bfdCompliances 2 } 1370 -- Units of conformance. 1372 bfdSessionGroup OBJECT-GROUP 1373 OBJECTS { 1374 bfdAdminStatus, 1375 bfdSessNotificationsEnable, 1376 bfdSessVersionNumber, 1377 bfdSessType, 1378 bfdSessDestinationUdpPort, 1379 bfdSessSourceUdpPort, 1380 bfdSessEchoSourceUdpPort, 1381 bfdSessAdminStatus, 1382 bfdSessOperMode, 1383 bfdSessDemandModeDesiredFlag, 1384 bfdSessControlPlaneIndepFlag, 1385 bfdSessMultipointFlag, 1386 bfdSessInterface, 1387 bfdSessSrcAddrType, 1388 bfdSessSrcAddr, 1389 bfdSessDstAddrType, 1390 bfdSessDstAddr, 1391 bfdSessGTSM, 1392 bfdSessGTSMTTL, 1393 bfdSessDesiredMinTxInterval, 1394 bfdSessReqMinRxInterval, 1395 bfdSessReqMinEchoRxInterval, 1396 bfdSessDetectMult, 1397 bfdSessAuthPresFlag, 1398 bfdSessAuthenticationType, 1399 bfdSessAuthenticationKeyID, 1400 bfdSessAuthenticationKey, 1401 bfdSessStorType, 1402 bfdSessRowStatus 1403 } 1404 STATUS current 1405 DESCRIPTION 1406 "Collection of objects needed for BFD sessions." 1407 ::= { bfdGroups 1 } 1409 bfdSessionReadOnlyGroup OBJECT-GROUP 1410 OBJECTS { 1411 bfdSessDiscriminator, 1412 bfdSessRemoteDiscr, 1413 bfdSessState, 1414 bfdSessRemoteHeardFlag, 1415 bfdSessDiag, 1416 bfdSessNegotiatedInterval, 1417 bfdSessNegotiatedEchoInterval, 1418 bfdSessNegotiatedDetectMult, 1419 bfdSessDiscMapIndex, 1420 bfdSessIpMapIndex 1421 } 1422 STATUS current 1423 DESCRIPTION 1424 "Collection of read-only objects needed for BFD sessions." 1425 ::= { bfdGroups 2 } 1427 bfdSessionPerfGroup OBJECT-GROUP 1428 OBJECTS { 1429 bfdSessPerfCtrlPktIn, 1430 bfdSessPerfCtrlPktOut, 1431 bfdSessPerfCtrlPktDrop, 1432 bfdSessPerfCtrlPktDropLastTime, 1433 bfdSessPerfEchoPktIn, 1434 bfdSessPerfEchoPktOut, 1435 bfdSessPerfEchoPktDrop, 1436 bfdSessPerfEchoPktDropLastTime, 1437 bfdSessUpTime, 1438 bfdSessPerfLastSessDownTime, 1439 bfdSessPerfLastCommLostDiag, 1440 bfdSessPerfSessUpCount, 1441 bfdSessPerfDiscTime 1442 } 1443 STATUS current 1444 DESCRIPTION 1445 "Collection of objects needed to monitor the 1446 performance of BFD sessions." 1447 ::= { bfdGroups 3 } 1449 bfdSessionPerfHCGroup OBJECT-GROUP 1450 OBJECTS { 1451 bfdSessPerfCtrlPktInHC, 1452 bfdSessPerfCtrlPktOutHC, 1453 bfdSessPerfCtrlPktDropHC, 1454 bfdSessPerfEchoPktInHC, 1455 bfdSessPerfEchoPktOutHC, 1456 bfdSessPerfEchoPktDropHC 1457 } 1458 STATUS current 1459 DESCRIPTION 1460 "Collection of objects needed to monitor the 1461 performance of BFD sessions for which the 1462 values of bfdSessPerfPktIn, bfdSessPerfPktOut 1463 wrap around too quickly." 1464 ::= { bfdGroups 4 } 1466 bfdNotificationGroup NOTIFICATION-GROUP 1467 NOTIFICATIONS { 1468 bfdSessUp, 1469 bfdSessDown 1470 } 1471 STATUS current 1472 DESCRIPTION 1473 "Set of notifications implemented in this 1474 module." 1475 ::= { bfdGroups 5 } 1477 END 1479 7. Security Considerations 1481 As BFD may be tied into the stability of the network infrastructure 1482 (such as routing protocols), the effects of an attack on a BFD 1483 session may be very serious. This ultimately has denial-of-service 1484 effects, as links may be declared to be down (or falsely declared to 1485 be up.) As such, improper manipulation of the objects represented by 1486 this MIB may result in denial of service to a large number of end- 1487 users. 1489 There are a number of management objects defined in this MIB module 1490 with a MAX-ACCESS clause of read-write and/or read-create. Such 1491 objects may be considered sensitive or vulnerable in some network 1492 environments. The support for SET operations in a non-secure 1493 environment without proper protection can have a negative effect on 1494 network operations. These are the tables and objects and their 1495 sensitivity/vulnerability: 1497 o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from 1498 start to stop, can cause significant disruption of the 1499 connectivity to those portions of the Internet reached via the 1500 applicable remote BFD peer. 1502 o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, 1503 bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change 1504 of this object can cause connections to be disrupted for extremely 1505 long time periods when otherwise they would be restored in a 1506 relatively short period of time. 1508 There are a number of management objects defined in this MIB module 1509 with a MAX-ACCESS clause of read-write and/or read-create. Such 1510 objects may be considered sensitive or vulnerable in some network 1511 environments. It is thus important to control even GET and/or NOTIFY 1512 access to these objects and possibly to even encrypt the values of 1513 these objects when sending them over the network via SNMP. 1515 o The bfdSessTable may be used to directly configure BFD sessions. 1516 The bfdSessMapTable can be used indirectly in the same way. 1517 Unauthorized access to objects in this table could result in 1518 disruption of traffic on the network. This is especially true if 1519 an unauthorized user configures enough tables to invoke a denial 1520 of service attack on the device where they are configured, or on a 1521 remote device where the sessions terminate. 1523 Some of the readable objects in this MIB module (i.e., objects with a 1524 MAX-ACCESS other than not-accessible) may be considered sensitive or 1525 vulnerable in some network environments. It is thus important to 1526 control even GET and/or NOTIFY access to these objects and possibly 1527 to even encrypt the values of these objects when sending them over 1528 the network via SNMP. These are the tables and objects and their 1529 sensitivity/vulnerability: 1531 o The bfdSessPerfTable both allows access to the performance 1532 characteristics of BFD sessions. Network administrators not 1533 wishing to show this information should consider this table 1534 sensitive. 1536 The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and 1537 bfdSessAuthenticationKey objects hold security methods and associated 1538 security keys of BFD sessions. These objects SHOULD be considered 1539 highly sensitive objects. In order for these sensitive information 1540 from being improperly accessed, implementors MAY wish to disallow 1541 read and create access to these objects. 1543 SNMP versions prior to SNMPv3 did not include adequate security. 1544 Even if the network itself is secure "for example by using IPSec", 1545 even then, there is no control as to who on the secure network is 1546 allowed to access and GET/SET "read/change/create/delete" the objects 1547 in these MIB modules. 1549 It is RECOMMENDED that implementers consider the security features as 1550 provided by the SNMPv3 framework "see [RFC3410], section 8", 1551 including full support for the SNMPv3 cryptographic mechanisms "for 1552 authentication and privacy". 1554 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1555 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1556 enable cryptographic security. It is then a customer/operator 1557 responsibility to ensure that the SNMP entity giving access to an 1558 instance of this MIB module, is properly configured to give access to 1559 the objects only to those principals "users" that have legitimate 1560 rights to indeed GET or SET "change/create/delete" them. 1562 8. IANA Considerations 1564 The MIB module in this document uses the following IANA-assigned 1565 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1567 Descriptor OBJECT IDENTIFIER value 1568 ---------- ----------------------- 1570 bfdMib { mib-2 XXX } 1572 [Editor's Note (to be removed prior to publication): the IANA is 1573 requested to assign a value for "XXX" under the 'mib-2' subtree and 1574 to record the assignment in the SMI Numbers registry. When the 1575 assignment has been made, the RFC Editor is asked to replace "XXX" 1576 (here and in the MIB module) with the assigned value and to remove 1577 this note.] 1579 This document also requests IANA to manage the registry for the 1580 BfdDiagTC object. 1582 9. References 1584 9.1. Normative References 1586 [BFD] Katz, D. and D. Ward, "Bidirectional Forwarding 1587 Detection (BFD)", RFC 5880, June 2010. 1589 [BFD-1HOP] Katz, D. and D. Ward, "Bidirectional Forwarding 1590 Detection (BFD) for IPv4 and IPv6 (Single Hop)", 1591 RFC 5881, June 2010. 1593 [BFD-MH] Katz, D. and D. Ward, "Bidirectional Forwarding 1594 Detection (BFD) for Multihop Paths", RFC 5883, 1595 June 2010. 1597 [BFD-TC] Nadeau, T., Ali, Z. and N. Akiya, "Definitions of Textual 1598 Conventions (TCs) for Bidirectional Forwarding Detection 1599 (BFD) Management", 1600 ID Document: draft-ietf-bfd-tc-mib-01.txt, June 2010. 1602 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1603 Schoenwaelder, Ed., "Structure of Management Information 1604 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1606 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1607 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1608 STD 58, RFC 2579, April 1999. 1610 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1611 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1612 April 1999. 1614 9.2. Informative References 1616 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1617 Requirement Levels", BCP 14, RFC 2119, March 1997. 1619 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1620 MIB", RFC 2863, June 2000. 1622 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1623 "Introduction and Applicability Statements for Internet- 1624 Standard Management Framework", RFC 3410, December 2002. 1626 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 1627 Management Protocol (SNMP) Applications", STD 62, 1628 RFC 3413, December 2002. 1630 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1631 Schoenwaelder, "Textual Conventions for Internet Network 1632 Addresses", RFC 4001, February 2005. 1634 Appendix A. Acknowledgments 1636 We would like to thank David Ward, Jeffrey Haas, Reshad Rahman, David 1637 Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara 1638 Sreenivasa for their comments and suggestions. 1640 Authors' Addresses 1642 Thomas D. Nadeau 1643 BT 1644 BT Centre 1645 81 Newgate Street 1646 London EC1A 7AJ 1647 United Kingdom 1649 Email: tnadeau@lucidvision.com 1650 Zafar Ali 1651 Cisco Systems, Inc. 1652 2000 Innovation Drive 1653 Kanata, Ontario K2K 3E8 1654 Canada 1656 Email: zali@cisco.com 1658 Nobo Akiya 1659 Cisco Systems G.K. 1660 Shinjuku Mitsui Building 1661 2-1-1 Nishi-Shinjuku, Shinjuku-Ku 1662 Tokyo 163-0409 1663 Japan 1665 Email: nobo@cisco.com