idnits 2.17.1 draft-ietf-bfd-mib-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 17, 2013) is 3965 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-08) exists of draft-ietf-bfd-tc-mib-01 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Nadeau 3 Internet-Draft Juniper Networks 4 Intended status: Standards Track Z. Ali 5 Expires: December 19, 2013 N. Akiya 6 Cisco Systems 7 June 17, 2013 9 BFD Management Information Base 10 draft-ietf-bfd-mib-13 12 Abstract 14 This draft defines a portion of the Management Information Base (MIB) 15 for use with network management protocols in the Internet community. 16 In particular, it describes managed objects for modeling 17 Bidirectional Forwarding Detection (BFD) protocol. 19 Requirements Language 21 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 22 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 23 document are to be interpreted as described in BCP 14, RFC 2119 24 [RFC2119]. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on December 19, 2013. 43 Copyright Notice 45 Copyright (c) 2013 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. The Internet-Standard Management Framework . . . . . . . . . 2 61 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 4. Brief Description of MIB Objects . . . . . . . . . . . . . . 3 64 4.1. General Variables . . . . . . . . . . . . . . . . . . . . 3 65 4.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 3 66 4.3. Session Performance Table (bfdSessionPerfTable) . . . . . 3 67 4.4. BFD Session Discriminator Mapping Table 68 (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . . 3 69 4.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . 3 70 5. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . 4 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 72 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 73 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 74 8.1. Normative References . . . . . . . . . . . . . . . . . . 36 75 8.2. Informative References . . . . . . . . . . . . . . . . . 37 76 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 37 78 1. The Internet-Standard Management Framework 80 For a detailed overview of the documents that describe the current 81 Internet-Standard Management Framework, please refer to section 7 of 82 RFC 3410 [RFC3410]. 84 Managed objects are accessed via a virtual information store, termed 85 the Management Information Base or MIB. MIB objects are generally 86 accessed through the Simple Network Management Protocol (SNMP). 87 Objects in the MIB are defined using the mechanisms defined in the 88 Structure of Management Information (SMI). This memo specifies a MIB 89 module that is compliant to the SMIv2, which is described in STD 58, 90 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 91 [RFC2580]. 93 2. Introduction 94 This memo defines an portion of the Management Information Base (MIB) 95 for use with network management protocols in the Internet community. 96 In particular, it describes managed objects to configure and/or 97 monitor Bi-Directional Forwarding Detection for [RFC5880], [RFC5881] 98 and [RFC5883], BFD versions 0 and/or 1, on devices supporting this 99 feature. 101 Comments should be made directly to the BFD mailing list at rtg- 102 bfd@ietf.org. 104 3. Terminology 106 This document adopts the definitions, acronyms and mechanisms 107 described in [RFC5880], [RFC5881] and [RFC5883]. Unless otherwise 108 stated, the mechanisms described therein will not be re-described 109 here. 111 4. Brief Description of MIB Objects 113 This section describes objects pertaining to BFD. The MIB objects 114 are derived from [RFC5880], [RFC5881] and [RFC5883], and also include 115 textual conventions defined in [I-D.ietf-bfd-tc-mib]. 117 4.1. General Variables 119 The General Variables are used to identify parameters that are global 120 to the BFD process. 122 4.2. Session Table (bfdSessionTable) 124 The session table is used to identify a BFD session between a pair of 125 nodes. 127 4.3. Session Performance Table (bfdSessionPerfTable) 129 The session performance table is used for collecting BFD performance 130 counters on a per session basis. This table is an AUGMENT to the 131 bfdSessionTable. 133 4.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) 135 The BFD Session Discriminator Mapping Table maps a local 136 discriminator value to associated BFD session's BfdSessIndexTC used 137 in the bfdSessionTable. 139 4.5. BFD Session IP Mapping Table (bfdSessIpMapTable) 140 The BFD Session IP Mapping Table maps, given bfdSessInterface, 141 bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, and 142 bfdSessDstAddr, to an associated BFD session's BfdSessIndexTC used in 143 the bfdSessionTable. This table SHOULD contains those BFD sessions 144 that are of IP type. 146 5. BFD MIB Module Definitions 148 This MIB module makes references to the following documents. 149 [RFC2579], [RFC2580], [RFC2863], [RFC4001], and [RFC3413]. 151 BFD-STD-MIB DEFINITIONS ::= BEGIN 153 IMPORTS 154 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 155 mib-2, Integer32, Unsigned32, Counter32, Counter64 156 FROM SNMPv2-SMI 158 TruthValue, RowStatus, StorageType, TimeStamp 159 FROM SNMPv2-TC 161 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 162 FROM SNMPv2-CONF 164 InterfaceIndexOrZero 165 FROM IF-MIB 167 InetAddress, InetAddressType, InetPortNumber 168 FROM INET-ADDRESS-MIB 170 BfdSessIndexTC, BfdIntervalTC, BfdMultiplierTC, BfdDiagTC, 171 BfdSessTypeTC, BfdSessOperModeTC, BfdCtrlDestPortNumberTC, 172 BfdCtrlSourcePortNumberTC, BfdSessStateTC, 173 BfdSessAuthenticationTypeTC, BfdSessionAuthenticationKeyTC 174 FROM BFD-TC-STD-MIB; 176 bfdMIB MODULE-IDENTITY 177 LAST-UPDATED "201306171200Z" -- 17 June 2013 12:00:00 EST 178 ORGANIZATION "IETF Bidirectional Forwarding Detection 179 Working Group" 180 CONTACT-INFO 181 "Thomas D. Nadeau 182 Juniper Networks 183 Email: tnadeau@lucidvision.com 185 Zafar Ali 186 Cisco Systems, Inc. 187 Email: zali@cisco.com 188 Nobo Akiya 189 Cisco Systems, Inc. 190 Email: nobo@cisco.com" 191 DESCRIPTION 192 "Bidirectional Forwarding Management Information Base." 193 REVISION "201306171200Z" -- 17 June 2013 12:00:00 EST 194 DESCRIPTION 195 "Initial version. Published as RFC xxxx." 196 -- RFC Ed.: RFC-editor pls fill in xxxx 197 ::= { mib-2 XXX } 198 -- RFC Ed.: assigned by IANA, see section 7.1 for details 200 -- Top level components of this MIB module. 202 bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } 204 bfdObjects OBJECT IDENTIFIER ::= { bfdMIB 1 } 206 bfdConformance OBJECT IDENTIFIER ::= { bfdMIB 2 } 208 bfdScalarObjects OBJECT IDENTIFIER ::= { bfdObjects 1 } 210 -- BFD General Variables 212 -- These parameters apply globally to the Systems' 213 -- BFD Process. 215 bfdAdminStatus OBJECT-TYPE 216 SYNTAX INTEGER { 217 enabled(1), 218 disabled(2) 219 } 220 MAX-ACCESS read-write 221 STATUS current 222 DESCRIPTION 223 "The global administrative status of BFD in this device. 224 The value 'enabled' denotes that the BFD Process is 225 active on at least one interface; 'disabled' disables 226 it on all interfaces." 227 DEFVAL { enabled } 228 ::= { bfdScalarObjects 1 } 230 bfdSessNotificationsEnable OBJECT-TYPE 231 SYNTAX TruthValue 232 MAX-ACCESS read-write 233 STATUS current 234 DESCRIPTION 235 "If this object is set to true(1), then it enables 236 the emission of bfdSessUp and bfdSessDown 237 notifications; otherwise these notifications are not 238 emitted." 239 REFERENCE 240 "See also RFC3413 for explanation that 241 notifications are under the ultimate control of the 242 MIB modules in this document." 243 DEFVAL { false } 244 ::= { bfdScalarObjects 2 } 246 -- BFD Session Table 247 -- The BFD Session Table specifies BFD session specific 248 -- information. 250 bfdSessTable OBJECT-TYPE 251 SYNTAX SEQUENCE OF BfdSessEntry 252 MAX-ACCESS not-accessible 253 STATUS current 254 DESCRIPTION 255 "The BFD Session Table describes the BFD sessions." 256 REFERENCE 257 "Katz, D. and D. Ward, Bidirectional Forwarding 258 Detection (BFD), RFC 5880, June 2012." 259 ::= { bfdObjects 2 } 261 bfdSessEntry OBJECT-TYPE 262 SYNTAX BfdSessEntry 263 MAX-ACCESS not-accessible 264 STATUS current 265 DESCRIPTION 266 "The BFD Session Entry describes BFD session." 267 INDEX { bfdSessIndex } 268 ::= { bfdSessTable 1 } 270 BfdSessEntry ::= SEQUENCE { 271 bfdSessIndex BfdSessIndexTC, 272 bfdSessVersionNumber Unsigned32, 273 bfdSessType BfdSessTypeTC, 274 bfdSessDiscriminator Unsigned32, 275 bfdSessRemoteDiscr Unsigned32, 276 bfdSessDestinationUdpPort BfdCtrlDestPortNumberTC, 277 bfdSessSourceUdpPort BfdCtrlSourcePortNumberTC, 278 bfdSessEchoSourceUdpPort InetPortNumber, 279 bfdSessAdminStatus INTEGER, 280 bfdSessState BfdSessStateTC, 281 bfdSessRemoteHeardFlag TruthValue, 282 bfdSessDiag BfdDiagTC, 283 bfdSessOperMode BfdSessOperModeTC, 284 bfdSessDemandModeDesiredFlag TruthValue, 285 bfdSessControlPlaneIndepFlag TruthValue, 286 bfdSessMultipointFlag TruthValue, 287 bfdSessInterface InterfaceIndexOrZero, 288 bfdSessSrcAddrType InetAddressType, 289 bfdSessSrcAddr InetAddress, 290 bfdSessDstAddrType InetAddressType, 291 bfdSessDstAddr InetAddress, 292 bfdSessGTSM TruthValue, 293 bfdSessGTSMTTL Unsigned32, 294 bfdSessDesiredMinTxInterval BfdIntervalTC, 295 bfdSessReqMinRxInterval BfdIntervalTC, 296 bfdSessReqMinEchoRxInterval BfdIntervalTC, 297 bfdSessDetectMult BfdMultiplierTC, 298 bfdSessNegotiatedInterval BfdIntervalTC, 299 bfdSessNegotiatedEchoInterval BfdIntervalTC, 300 bfdSessNegotiatedDetectMult BfdMultiplierTC, 301 bfdSessAuthPresFlag TruthValue, 302 bfdSessAuthenticationType BfdSessAuthenticationTypeTC, 303 bfdSessAuthenticationKeyID Integer32, 304 bfdSessAuthenticationKey BfdSessionAuthenticationKeyTC, 305 bfdSessStorageType StorageType, 306 bfdSessRowStatus RowStatus 307 } 309 bfdSessIndex OBJECT-TYPE 310 SYNTAX BfdSessIndexTC 311 MAX-ACCESS not-accessible 312 STATUS current 313 DESCRIPTION 314 "This object contains an index used to represent a 315 unique BFD session on this device." 316 ::= { bfdSessEntry 1 } 318 bfdSessVersionNumber OBJECT-TYPE 319 SYNTAX Unsigned32 (0..7) 320 MAX-ACCESS read-create 321 STATUS current 322 DESCRIPTION 323 "The version number of the BFD protocol that this session 324 is running in. Write access is available for this object 325 to provide ability to set desired version for this 326 BFD session." 327 REFERENCE 328 "Katz, D. and D. Ward, Bidirectional Forwarding 329 Detection (BFD), RFC 5880, June 2012." 330 DEFVAL { 1 } 331 ::= { bfdSessEntry 2 } 333 bfdSessType OBJECT-TYPE 334 SYNTAX BfdSessTypeTC 335 MAX-ACCESS read-create 336 STATUS current 337 DESCRIPTION 338 "This object specifies the type of this BFD session." 339 ::= { bfdSessEntry 3 } 341 bfdSessDiscriminator OBJECT-TYPE 342 SYNTAX Unsigned32 (1..4294967295) 343 MAX-ACCESS read-only 344 STATUS current 345 DESCRIPTION 346 "This object specifies the local discriminator for this BFD 347 session, used to uniquely identify it." 348 ::= { bfdSessEntry 4 } 350 bfdSessRemoteDiscr OBJECT-TYPE 351 SYNTAX Unsigned32 (0 | 1..4294967295) 352 MAX-ACCESS read-only 353 STATUS current 354 DESCRIPTION 355 "This object specifies the session discriminator chosen 356 by the remote system for this BFD session. The value may 357 be zero(0) if the remote discriminator is not yet known 358 or if the session is in the down or adminDown(1) state." 359 REFERENCE 360 "Section 6.8.6, from Katz, D. and D. Ward, Bidirectional 361 Forwarding Detection (BFD), RFC 5880, June 2012." 362 ::= { bfdSessEntry 5 } 364 bfdSessDestinationUdpPort OBJECT-TYPE 365 SYNTAX BfdCtrlDestPortNumberTC 366 MAX-ACCESS read-create 367 STATUS current 368 DESCRIPTION 369 "This object specifies the destination UDP port number 370 used for this BFD session's control packets. The value 371 may be zero(0) if the session is in adminDown(1) state." 372 DEFVAL { 0 } 373 ::= { bfdSessEntry 6 } 375 bfdSessSourceUdpPort OBJECT-TYPE 376 SYNTAX BfdCtrlSourcePortNumberTC 377 MAX-ACCESS read-create 378 STATUS current 379 DESCRIPTION 380 "This object specifies the source UDP port number used 381 for this BFD session's control packets. The value may be 382 zero(0) if the session is in adminDown(1) state. Upon 383 creation of a new BFD session via this MIB, the value of 384 zero(0) specified would permit the implementation to 385 choose its own source port number." 386 DEFVAL { 0 } 387 ::= { bfdSessEntry 7 } 389 bfdSessEchoSourceUdpPort OBJECT-TYPE 390 SYNTAX InetPortNumber 391 MAX-ACCESS read-create 392 STATUS current 393 DESCRIPTION 394 "This object specifies the source UDP port number used for 395 this BFD session's echo packets. The value may be zero(0) 396 if the session is not running in the echo mode, or the 397 session is in adminDown(1) state. Upon creation of a new 398 BFD session via this MIB, the value of zero(0) would 399 permit the implementation to choose its own source port 400 number." 401 DEFVAL { 0 } 402 ::= { bfdSessEntry 8 } 404 bfdSessAdminStatus OBJECT-TYPE 405 SYNTAX INTEGER { 406 stop(1), 407 start(2) 408 } 409 MAX-ACCESS read-create 410 STATUS current 411 DESCRIPTION 412 "A transition from 'stop' to 'start' will start 413 the BFD state machine for the session. The state 414 machine will have an initial state of down. 415 A transition from 'start' to 'stop' will cause 416 the BFD session to be brought down to 417 adminDown(1). Care should be used in providing 418 write access to this object without adequate 419 authentication." 420 DEFVAL { 2 } 421 ::= { bfdSessEntry 9 } 423 bfdSessState OBJECT-TYPE 424 SYNTAX BfdSessStateTC 425 MAX-ACCESS read-only 426 STATUS current 427 DESCRIPTION 428 "BFD session state." 430 DEFVAL { 2 } 431 ::= { bfdSessEntry 10 } 433 bfdSessRemoteHeardFlag OBJECT-TYPE 434 SYNTAX TruthValue 435 MAX-ACCESS read-only 436 STATUS current 437 DESCRIPTION 438 "This object specifies status of BFD packet reception from 439 the remote system. Specifically, it is set to true(1) if 440 the local system is actively receiving BFD packets from the 441 remote system, and is set to false(2) if the local system 442 has not received BFD packets recently (within the detection 443 time) or if the local system is attempting to tear down 444 the BFD session." 445 REFERENCE 446 "Katz, D. and D. Ward, Bidirectional 447 Forwarding Detection (BFD), RFC 5880, June 2012." 448 DEFVAL { false } 449 ::= { bfdSessEntry 11 } 451 bfdSessDiag OBJECT-TYPE 452 SYNTAX BfdDiagTC 453 MAX-ACCESS read-only 454 STATUS current 455 DESCRIPTION 456 "A diagnostic code specifying the local system's reason 457 for the last transition of the session from up(4) 458 to some other state." 459 ::= { bfdSessEntry 12 } 461 bfdSessOperMode OBJECT-TYPE 462 SYNTAX BfdSessOperModeTC 463 MAX-ACCESS read-create 464 STATUS current 465 DESCRIPTION 466 "This object specifies current operating mode that BFD 467 session is operating in." 468 ::= { bfdSessEntry 13 } 470 bfdSessDemandModeDesiredFlag OBJECT-TYPE 471 SYNTAX TruthValue 472 MAX-ACCESS read-create 473 STATUS current 474 DESCRIPTION 475 "This object indicates that the local system's 476 desire to use Demand mode. Specifically, it is set 477 to true(1) if the local system wishes to use 478 Demand mode or false(2) if not" 479 DEFVAL { false } 480 ::= { bfdSessEntry 14 } 482 bfdSessControlPlaneIndepFlag OBJECT-TYPE 483 SYNTAX TruthValue 484 MAX-ACCESS read-create 485 STATUS current 486 DESCRIPTION 487 "This object indicates that the local system's 488 ability to continue to function through a disruption of 489 the control plane. Specifically, it is set 490 to true(1) if the local system BFD implementation is 491 independent of the control plane. Otherwise, the 492 value is set to false(2)" 493 DEFVAL { false } 494 ::= { bfdSessEntry 15 } 496 bfdSessMultipointFlag OBJECT-TYPE 497 SYNTAX TruthValue 498 MAX-ACCESS read-create 499 STATUS current 500 DESCRIPTION 501 "This object indicates the Multipoint (M) bit for this 502 session. It is set to true(1) if Multipoint (M) bit is 503 set to 1. Otherwise, the value is set to false(2)" 504 DEFVAL { false } 505 ::= { bfdSessEntry 16 } 507 bfdSessInterface OBJECT-TYPE 508 SYNTAX InterfaceIndexOrZero 509 MAX-ACCESS read-create 510 STATUS current 511 DESCRIPTION 512 "This object contains an interface index used to indicate 513 the interface which this BFD session is running on. This 514 value can be zero if there is no interface associated 515 with this BFD session." 516 ::= { bfdSessEntry 17 } 518 bfdSessSrcAddrType OBJECT-TYPE 519 SYNTAX InetAddressType 520 MAX-ACCESS read-create 521 STATUS current 522 DESCRIPTION 523 "This object specifies IP address type of the source IP 524 address of this BFD session. Only values unknown(0), 525 ipv4(1), ipv6(2), or ipv6z(4) have to be supported. 527 The value of unknown(0) is allowed only when the session 528 is singleHop(1) and the source IP address of this BFD 529 session is derived from the outgoing interface, or when 530 the BFD session is not associated with a specific 531 interface. If any other unsupported values are attempted 532 in a set operation, the agent MUST return an 533 inconsistentValue error." 534 ::= { bfdSessEntry 18 } 536 bfdSessSrcAddr OBJECT-TYPE 537 SYNTAX InetAddress 538 MAX-ACCESS read-create 539 STATUS current 540 DESCRIPTION 541 "This object specifies the source IP address of this BFD 542 session." 543 ::= { bfdSessEntry 19 } 545 bfdSessDstAddrType OBJECT-TYPE 546 SYNTAX InetAddressType 547 MAX-ACCESS read-create 548 STATUS current 549 DESCRIPTION 550 "This object specifies IP address type of the neighboring IP 551 address which is being monitored with this BFD session. 552 Only values unknown(0), ipv4(1), ipv6(2), or ipv6z(4) 553 have to be supported. The value of unknown(0) is allowed 554 only when the session is singleHop(1) and the outgoing 555 interface is of type point-to-point, or when the BFD 556 session is not associated with a specific interface. If any 557 other unsupported values are attempted in a set operation, 558 the agent MUST return an inconsistentValue error." 559 ::= { bfdSessEntry 20 } 561 bfdSessDstAddr OBJECT-TYPE 562 SYNTAX InetAddress 563 MAX-ACCESS read-create 564 STATUS current 565 DESCRIPTION 566 "This object specifies the neighboring IP address which is 567 being monitored with this BFD session." 568 ::= { bfdSessEntry 21 } 570 bfdSessGTSM OBJECT-TYPE 571 SYNTAX TruthValue 572 MAX-ACCESS read-create 573 STATUS current 574 DESCRIPTION 575 "Setting the value of this object to true(1) will enable GTSM 576 protection of the BFD session. GTSM MUST be enabled on a 577 singleHop(1) session if no authentication is in use." 578 REFERENCE 579 "RFC5082, The Generalized TTL Security Mechanism (GTSM). 580 RFC5881, Section 5" 581 DEFVAL { false } 582 ::= { bfdSessEntry 22 } 584 bfdSessGTSMTTL OBJECT-TYPE 585 SYNTAX Unsigned32 (0..255) 586 MAX-ACCESS read-create 587 STATUS current 588 DESCRIPTION 589 "This object is valid only when bfdSessGTSM protection is 590 enabled on the system. This object specifies the minimum 591 allowed TTL for received BFD control packets. For 592 singleHop(1) session, if GTSM protection is enabled, 593 this object SHOULD be set to maximum TTL allowed for 594 single hop. The value of zero(0) indicates that 595 bfdSessGTSM is disabled." 596 REFERENCE 597 "RFC5082, The Generalized TTL Security Mechanism (GTSM). 598 RFC5881, Section 5" 599 DEFVAL { 0 } 600 ::= { bfdSessEntry 23 } 602 bfdSessDesiredMinTxInterval OBJECT-TYPE 603 SYNTAX BfdIntervalTC 604 MAX-ACCESS read-create 605 STATUS current 606 DESCRIPTION 607 "This object specifies the minimum interval, in 608 microseconds, that the local system would like to use 609 when transmitting BFD Control packets. The value of 610 zero(0) is reserved, and should not be used." 611 REFERENCE 612 "Section 4.1 from Katz, D. and D. Ward, Bidirectional 613 Forwarding Detection (BFD), RFC 5880, June 2012." 614 ::= { bfdSessEntry 24 } 616 bfdSessReqMinRxInterval OBJECT-TYPE 617 SYNTAX BfdIntervalTC 618 MAX-ACCESS read-create 619 STATUS current 620 DESCRIPTION 621 "This object specifies the minimum interval, in 622 microseconds, between received BFD Control packets the 623 local system is capable of supporting. The value of 624 zero(0) can be specified when the transmitting system 625 does not want the remote system to send any periodic BFD 626 control packets." 627 REFERENCE 628 "Section 4.1 from Katz, D. and D. Ward, Bidirectional 629 Forwarding Detection (BFD), RFC 5880, June 2012." 630 ::= { bfdSessEntry 25 } 632 bfdSessReqMinEchoRxInterval OBJECT-TYPE 633 SYNTAX BfdIntervalTC 634 MAX-ACCESS read-create 635 STATUS current 636 DESCRIPTION 637 "This object specifies the minimum interval, in 638 microseconds, between received BFD Echo packets that this 639 system is capable of supporting. Value must be zero(0) if 640 this is a multihop BFD session." 641 ::= { bfdSessEntry 26 } 643 bfdSessDetectMult OBJECT-TYPE 644 SYNTAX BfdMultiplierTC 645 MAX-ACCESS read-create 646 STATUS current 647 DESCRIPTION 648 "This object specifies the Detect time multiplier." 649 ::= { bfdSessEntry 27 } 651 bfdSessNegotiatedInterval OBJECT-TYPE 652 SYNTAX BfdIntervalTC 653 MAX-ACCESS read-only 654 STATUS current 655 DESCRIPTION 656 "This object specifies the negotiated interval, in 657 microseconds, that the local system is transmitting 658 BFD Control packets." 659 ::= { bfdSessEntry 28 } 661 bfdSessNegotiatedEchoInterval OBJECT-TYPE 662 SYNTAX BfdIntervalTC 663 MAX-ACCESS read-only 664 STATUS current 665 DESCRIPTION 666 "This object specifies the negotiated interval, in 667 microseconds, that the local system is transmitting 668 BFD echo packets. Value is expected to be zero if 669 the sessions is not running in echo mode." 670 ::= { bfdSessEntry 29 } 672 bfdSessNegotiatedDetectMult OBJECT-TYPE 673 SYNTAX BfdMultiplierTC 674 MAX-ACCESS read-only 675 STATUS current 676 DESCRIPTION 677 "This object specifies the Detect time multiplier." 678 ::= { bfdSessEntry 30 } 680 bfdSessAuthPresFlag OBJECT-TYPE 681 SYNTAX TruthValue 682 MAX-ACCESS read-create 683 STATUS current 684 DESCRIPTION 685 "This object indicates that the local system's 686 desire to use Authentication. Specifically, it is set 687 to true(1) if the local system wishes the session 688 to be authenticated or false(2) if not." 689 REFERENCE 690 "Sections 4.2 - 4.4 from Katz, D. and D. Ward, 691 Bidirectional Forwarding Detection (BFD), RFC 5880, 692 June 2012." 693 DEFVAL { false } 694 ::= { bfdSessEntry 31 } 696 bfdSessAuthenticationType OBJECT-TYPE 697 SYNTAX BfdSessAuthenticationTypeTC 698 MAX-ACCESS read-create 699 STATUS current 700 DESCRIPTION 701 "The Authentication Type used for this BFD session. 702 This field is valid only when the Authentication 703 Present bit is set. Max-access to this object as well as 704 other authentication related objects are set to 705 read-create in order to support management of a single 706 key ID at a time, key rotation is not handled. Key update 707 in practice must be done by atomic update using a set 708 containing all affected objects in the same varBindList 709 or otherwise risk the session dropping. Value -1 710 indicates that no authentication is in use for this 711 session." 712 REFERENCE 713 "Sections 4.2 - 4.4 from Katz, D. and D. Ward, 714 Bidirectional Forwarding Detection (BFD), RFC 5880, 715 June 2012." 716 DEFVAL { -1 } 717 ::= { bfdSessEntry 32 } 719 bfdSessAuthenticationKeyID OBJECT-TYPE 720 SYNTAX Integer32 (-1 | 0..255) 721 MAX-ACCESS read-create 722 STATUS current 723 DESCRIPTION 724 "The authentication key ID in use for this session. This 725 object permits multiple keys to be active simultaneously. 726 When bfdSessAuthPresFlag is false(2), then the value 727 of this object MUST be -1. The value -1 indicates that 728 no Authentication Key ID will be present in the optional 729 BFD Authentication Section." 730 REFERENCE 731 "Sections 4.2 - 4.4 from Katz, D. and D. Ward, 732 Bidirectional Forwarding Detection (BFD), RFC 5880, 733 June 2012." 734 DEFVAL { -1 } 735 ::= { bfdSessEntry 33 } 737 bfdSessAuthenticationKey OBJECT-TYPE 738 SYNTAX BfdSessionAuthenticationKeyTC 739 MAX-ACCESS read-create 740 STATUS current 741 DESCRIPTION 742 "The authentication key. When the 743 bfdSessAuthenticationType is simplePassword(1), the value 744 of this object is the password present in the BFD packets. 746 When the bfdSessAuthentication type is one of the keyed 747 authentication types, this value is used in the 748 computation of the key present in the BFD authentication 749 packet." 750 REFERENCE 751 "Sections 4.2 - 4.4 from Katz, D. and D. Ward, 752 Bidirectional Forwarding Detection (BFD), RFC 5880, 753 June 2012." 754 ::= { bfdSessEntry 34 } 756 bfdSessStorageType OBJECT-TYPE 757 SYNTAX StorageType 758 MAX-ACCESS read-create 759 STATUS current 760 DESCRIPTION 761 "This variable indicates the storage type for this 762 object. Conceptual rows having the value 763 'permanent' need not allow write-access to any 764 columnar objects in the row." 765 ::= { bfdSessEntry 35 } 767 bfdSessRowStatus OBJECT-TYPE 768 SYNTAX RowStatus 769 MAX-ACCESS read-create 770 STATUS current 771 DESCRIPTION 772 "This variable is used to create, modify, and/or 773 delete a row in this table. When a row in this 774 table has a row in the active(1) state, no 775 objects in this row can be modified except the 776 bfdSessRowStatus and bfdSessStorageType." 777 ::= { bfdSessEntry 36 } 779 -- BFD Session Performance Table 781 bfdSessPerfTable OBJECT-TYPE 782 SYNTAX SEQUENCE OF BfdSessPerfEntry 783 MAX-ACCESS not-accessible 784 STATUS current 785 DESCRIPTION 786 "This table specifies BFD Session performance counters." 787 ::= { bfdObjects 3 } 789 bfdSessPerfEntry OBJECT-TYPE 790 SYNTAX BfdSessPerfEntry 791 MAX-ACCESS not-accessible 792 STATUS current 793 DESCRIPTION 794 "An entry in this table is created by a BFD-enabled node 795 for every BFD Session. bfdSessPerfDiscTime is used to 796 indicate potential discontinuity for all counter objects 797 in this table." 798 AUGMENTS { bfdSessEntry } 799 ::= { bfdSessPerfTable 1 } 801 BfdSessPerfEntry ::= SEQUENCE { 802 bfdSessPerfCtrlPktIn Counter32, 803 bfdSessPerfCtrlPktOut Counter32, 804 bfdSessPerfCtrlPktDrop Counter32, 805 bfdSessPerfCtrlPktDropLastTime TimeStamp, 806 bfdSessPerfEchoPktIn Counter32, 807 bfdSessPerfEchoPktOut Counter32, 808 bfdSessPerfEchoPktDrop Counter32, 809 bfdSessPerfEchoPktDropLastTime TimeStamp, 810 bfdSessUpTime TimeStamp, 811 bfdSessPerfLastSessDownTime TimeStamp, 812 bfdSessPerfLastCommLostDiag BfdDiagTC, 813 bfdSessPerfSessUpCount Counter32, 814 bfdSessPerfDiscTime TimeStamp, 815 -- High Capacity Counters 816 bfdSessPerfCtrlPktInHC Counter64, 817 bfdSessPerfCtrlPktOutHC Counter64, 818 bfdSessPerfCtrlPktDropHC Counter64, 819 bfdSessPerfEchoPktInHC Counter64, 820 bfdSessPerfEchoPktOutHC Counter64, 821 bfdSessPerfEchoPktDropHC Counter64 822 } 824 -- Ed Note: should we add per-diag code counts here, 826 bfdSessPerfCtrlPktIn OBJECT-TYPE 827 SYNTAX Counter32 828 MAX-ACCESS read-only 829 STATUS current 830 DESCRIPTION 831 "The total number of BFD control messages received for this 832 BFD session. 834 It MUST be equal to the least significant 32 bits of 835 bfdSessPerfCtrlPktInHC if supported, and MUST do so 836 with the rules spelled out in RFC 2863." 837 ::= { bfdSessPerfEntry 1 } 839 bfdSessPerfCtrlPktOut OBJECT-TYPE 840 SYNTAX Counter32 841 MAX-ACCESS read-only 842 STATUS current 843 DESCRIPTION 844 "The total number of BFD control messages sent for this BFD 845 session. 847 It MUST be equal to the least significant 32 bits of 848 bfdSessPerfCtrlPktOutHC if supported, and MUST do so 849 with the rules spelled out in RFC 2863." 850 ::= { bfdSessPerfEntry 2 } 852 bfdSessPerfCtrlPktDrop OBJECT-TYPE 853 SYNTAX Counter32 854 MAX-ACCESS read-only 855 STATUS current 856 DESCRIPTION 857 "The total number of BFD control messages received for this 858 session yet dropped for being invalid. 860 It MUST be equal to the least significant 32 bits of 861 bfdSessPerfCtrlPktDropHC if supported, and MUST do so 862 with the rules spelled out in RFC 2863." 864 ::= { bfdSessPerfEntry 3 } 866 bfdSessPerfCtrlPktDropLastTime OBJECT-TYPE 867 SYNTAX TimeStamp 868 MAX-ACCESS read-only 869 STATUS current 870 DESCRIPTION 871 "The value of sysUpTime on the most recent occasion at 872 which received BFD control message for this session was 873 dropped. If no such up event exists, this object contains 874 a zero value." 875 ::= { bfdSessPerfEntry 4 } 877 bfdSessPerfEchoPktIn OBJECT-TYPE 878 SYNTAX Counter32 879 MAX-ACCESS read-only 880 STATUS current 881 DESCRIPTION 882 "The total number of BFD echo messages received for this 883 BFD session. 885 It MUST be equal to the least significant 32 bits of 886 bfdSessPerfEchoPktInHC if supported, and MUST do so 887 with the rules spelled out in RFC 2863." 888 ::= { bfdSessPerfEntry 5 } 890 bfdSessPerfEchoPktOut OBJECT-TYPE 891 SYNTAX Counter32 892 MAX-ACCESS read-only 893 STATUS current 894 DESCRIPTION 895 "The total number of BFD echo messages sent for this BFD 896 session. 898 It MUST be equal to the least significant 32 bits of 899 bfdSessPerfEchoPktOutHC if supported, and MUST do so 900 with the rules spelled out in RFC 2863." 901 ::= { bfdSessPerfEntry 6 } 903 bfdSessPerfEchoPktDrop OBJECT-TYPE 904 SYNTAX Counter32 905 MAX-ACCESS read-only 906 STATUS current 907 DESCRIPTION 908 "The total number of BFD echo messages received for this 909 session yet dropped for being invalid. 911 It MUST be equal to the least significant 32 bits of 912 bfdSessPerfEchoPktDropHC if supported, and MUST do so 913 with the rules spelled out in RFC 2863." 914 ::= { bfdSessPerfEntry 7 } 916 bfdSessPerfEchoPktDropLastTime OBJECT-TYPE 917 SYNTAX TimeStamp 918 MAX-ACCESS read-only 919 STATUS current 920 DESCRIPTION 921 "The value of sysUpTime on the most recent occasion at 922 which received BFD echo message for this session was 923 dropped. If no such up event exists, this object contains 924 a zero value." 925 ::= { bfdSessPerfEntry 8 } 927 bfdSessUpTime OBJECT-TYPE 928 SYNTAX TimeStamp 929 MAX-ACCESS read-only 930 STATUS current 931 DESCRIPTION 932 "The value of sysUpTime on the most recent occasion at which 933 the session came up. If no such up event exists this object 934 contains a zero value." 935 ::= { bfdSessPerfEntry 9 } 937 bfdSessPerfLastSessDownTime OBJECT-TYPE 938 SYNTAX TimeStamp 939 MAX-ACCESS read-only 940 STATUS current 941 DESCRIPTION 942 "The value of sysUpTime on the most recent occasion at 943 which the last time communication was lost with the 944 neighbor. If no such down event exist this object 945 contains a zero value." 946 ::= { bfdSessPerfEntry 10 } 948 bfdSessPerfLastCommLostDiag OBJECT-TYPE 949 SYNTAX BfdDiagTC 950 MAX-ACCESS read-only 951 STATUS current 952 DESCRIPTION 953 "The BFD diag code for the last time communication was lost 954 with the neighbor. If no such down event exists this object 955 contains a zero value." 956 ::= { bfdSessPerfEntry 11 } 958 bfdSessPerfSessUpCount OBJECT-TYPE 959 SYNTAX Counter32 960 MAX-ACCESS read-only 961 STATUS current 962 DESCRIPTION 963 "The number of times this session has gone into the Up 964 state since the system last rebooted." 965 ::= { bfdSessPerfEntry 12 } 967 bfdSessPerfDiscTime OBJECT-TYPE 968 SYNTAX TimeStamp 969 MAX-ACCESS read-only 970 STATUS current 971 DESCRIPTION 972 "The value of sysUpTime on the most recent occasion at 973 which any one or more of the session counters suffered 974 a discontinuity. 976 The relevant counters are the specific instances associated 977 with this BFD session of any Counter32 object contained in 978 the BfdSessPerfTable. If no such discontinuities have 979 occurred since the last re-initialization of the local 980 management subsystem, then this object contains a zero 981 value." 982 ::= { bfdSessPerfEntry 13 } 984 bfdSessPerfCtrlPktInHC OBJECT-TYPE 985 SYNTAX Counter64 986 MAX-ACCESS read-only 987 STATUS current 988 DESCRIPTION 989 "This value represents the total number of BFD control 990 messages received for this BFD session. 992 The least significant 32 bits MUST equal to 993 bfdSessPerfCtrlPktIn, and MUST do so with 994 the rules spelled out in RFC 2863." 995 ::= { bfdSessPerfEntry 14 } 997 bfdSessPerfCtrlPktOutHC OBJECT-TYPE 998 SYNTAX Counter64 999 MAX-ACCESS read-only 1000 STATUS current 1001 DESCRIPTION 1002 "This value represents the total number of BFD control 1003 messages transmitted for this BFD session. 1005 The least significant 32 bits MUST equal to 1006 bfdSessPerfCtrlPktOut, and MUST do so with 1007 the rules spelled out in RFC 2863." 1009 ::= { bfdSessPerfEntry 15 } 1011 bfdSessPerfCtrlPktDropHC OBJECT-TYPE 1012 SYNTAX Counter64 1013 MAX-ACCESS read-only 1014 STATUS current 1015 DESCRIPTION 1016 "This value represents the total number of BFD control 1017 messages received for this BFD session yet dropped for 1018 being invalid. 1020 The least significant 32 bits MUST equal to 1021 bfdSessPerfCtrlPktDrop, and MUST do so with 1022 the rules spelled out in RFC 2863." 1023 ::= { bfdSessPerfEntry 16 } 1025 bfdSessPerfEchoPktInHC OBJECT-TYPE 1026 SYNTAX Counter64 1027 MAX-ACCESS read-only 1028 STATUS current 1029 DESCRIPTION 1030 "This value represents the total number of BFD echo 1031 messages received for this BFD session. 1033 The least significant 32 bits MUST equal to 1034 bfdSessPerfEchoPktIn, and MUST do so with 1035 the rules spelled out in RFC 2863." 1036 ::= { bfdSessPerfEntry 17 } 1038 bfdSessPerfEchoPktOutHC OBJECT-TYPE 1039 SYNTAX Counter64 1040 MAX-ACCESS read-only 1041 STATUS current 1042 DESCRIPTION 1043 "This value represents the total number of BFD echo 1044 messages transmitted for this BFD session. 1046 The least significant 32 bits MUST equal to 1047 bfdSessPerfEchoPktOut, and MUST do so with 1048 the rules spelled out in RFC 2863." 1049 ::= { bfdSessPerfEntry 18 } 1051 bfdSessPerfEchoPktDropHC OBJECT-TYPE 1052 SYNTAX Counter64 1053 MAX-ACCESS read-only 1054 STATUS current 1055 DESCRIPTION 1056 "This value represents the total number of BFD echo 1057 messages received for this BFD session yet dropped 1058 for being invalid. 1060 The least significant 32 bits MUST equal to 1061 bfdSessPerfEchoPktDrop, and MUST do so with 1062 the rules spelled out in RFC 2863." 1063 ::= { bfdSessPerfEntry 19 } 1065 -- BFD Session Discriminator Mapping Table 1067 bfdSessDiscMapTable OBJECT-TYPE 1068 SYNTAX SEQUENCE OF BfdSessDiscMapEntry 1069 MAX-ACCESS not-accessible 1070 STATUS current 1071 DESCRIPTION 1072 "The BFD Session Discriminator Mapping Table maps a 1073 local discriminator value to associated BFD session's 1074 BfdSessIndexTC used in the bfdSessionTable." 1075 ::= { bfdObjects 4 } 1077 bfdSessDiscMapEntry OBJECT-TYPE 1078 SYNTAX BfdSessDiscMapEntry 1079 MAX-ACCESS not-accessible 1080 STATUS current 1081 DESCRIPTION 1082 "The BFD Session Discriminator Map Entry describes 1083 BFD session that is mapped to this BfdSessIndexTC." 1084 INDEX { bfdSessDiscriminator } 1085 ::= { bfdSessDiscMapTable 1 } 1087 BfdSessDiscMapEntry ::= SEQUENCE { 1088 bfdSessDiscMapIndex BfdSessIndexTC, 1089 bfdSessDiscMapStorageType StorageType, 1090 bfdSessDiscMapRowStatus RowStatus 1091 } 1093 bfdSessDiscMapIndex OBJECT-TYPE 1094 SYNTAX BfdSessIndexTC 1095 MAX-ACCESS read-only 1096 STATUS current 1097 DESCRIPTION 1098 "This object specifies the BfdSessIndexTC referred to by 1099 the indices of this row. In essence, a mapping is 1100 provided between these indexes and the BfdSessTable." 1101 ::= { bfdSessDiscMapEntry 1 } 1103 bfdSessDiscMapStorageType OBJECT-TYPE 1104 SYNTAX StorageType 1105 MAX-ACCESS read-create 1106 STATUS current 1107 DESCRIPTION 1108 "This variable indicates the storage type for this 1109 object. Conceptual rows having the value 1110 'permanent' need not allow write-access to any 1111 columnar objects in the row." 1112 ::= { bfdSessDiscMapEntry 2 } 1114 bfdSessDiscMapRowStatus OBJECT-TYPE 1115 SYNTAX RowStatus 1116 MAX-ACCESS read-create 1117 STATUS current 1118 DESCRIPTION 1119 "This variable is used to create, modify, and/or 1120 delete a row in this table. When a row in this 1121 table has a row in the active(1) state, no 1122 objects in this row can be modified except the 1123 bfdSessDiscMapRowStatus and bfdSessDiscMapStorageType." 1124 ::= { bfdSessDiscMapEntry 3 } 1126 -- BFD Session IP Mapping Table 1128 bfdSessIpMapTable OBJECT-TYPE 1129 SYNTAX SEQUENCE OF BfdSessIpMapEntry 1130 MAX-ACCESS not-accessible 1131 STATUS current 1132 DESCRIPTION 1133 "The BFD Session IP Mapping Table maps given 1134 bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, 1135 bfdSessDstAddrType and bfdSessDstAddr 1136 to an associated BFD session's BfdSessIndexTC used in 1137 the bfdSessionTable." 1138 ::= { bfdObjects 5 } 1140 bfdSessIpMapEntry OBJECT-TYPE 1141 SYNTAX BfdSessIpMapEntry 1142 MAX-ACCESS not-accessible 1143 STATUS current 1144 DESCRIPTION 1145 "The BFD Session IP Map Entry describes 1146 BFD session that is mapped to this BfdSessIndexTC." 1147 INDEX { 1148 bfdSessInterface, 1149 bfdSessSrcAddrType, 1150 bfdSessSrcAddr, 1151 bfdSessDstAddrType, 1152 bfdSessDstAddr 1154 } 1155 ::= { bfdSessIpMapTable 1 } 1157 BfdSessIpMapEntry ::= SEQUENCE { 1158 bfdSessIpMapIndex BfdSessIndexTC, 1159 bfdSessIpMapStorageType StorageType, 1160 bfdSessIpMapRowStatus RowStatus 1161 } 1163 bfdSessIpMapIndex OBJECT-TYPE 1164 SYNTAX BfdSessIndexTC 1165 MAX-ACCESS read-only 1166 STATUS current 1167 DESCRIPTION 1168 "This object specifies the BfdSessIndexTC referred to by 1169 the indexes of this row. In essence, a mapping is 1170 provided between these indexes and the BfdSessTable." 1171 ::= { bfdSessIpMapEntry 1 } 1173 bfdSessIpMapStorageType OBJECT-TYPE 1174 SYNTAX StorageType 1175 MAX-ACCESS read-create 1176 STATUS current 1177 DESCRIPTION 1178 "This variable indicates the storage type for this 1179 object. Conceptual rows having the value 1180 'permanent' need not allow write-access to any 1181 columnar objects in the row." 1182 ::= { bfdSessIpMapEntry 2 } 1184 bfdSessIpMapRowStatus OBJECT-TYPE 1185 SYNTAX RowStatus 1186 MAX-ACCESS read-create 1187 STATUS current 1188 DESCRIPTION 1189 "This variable is used to create, modify, and/or 1190 delete a row in this table. When a row in this 1191 table has a row in the active(1) state, no 1192 objects in this row can be modified except the 1193 bfdSessIpMapRowStatus and bfdSessIpMapStorageType." 1194 ::= { bfdSessIpMapEntry 3 } 1196 -- Notification Configuration 1198 bfdSessUp NOTIFICATION-TYPE 1199 OBJECTS { 1200 bfdSessDiag, -- low range value 1201 bfdSessDiag -- high range value 1203 } 1204 STATUS current 1205 DESCRIPTION 1206 "This notification is generated when the 1207 bfdSessState object for one or more contiguous 1208 entries in bfdSessTable are about to enter the up(4) 1209 state from some other state. The included values of 1210 bfdSessDiag MUST both be set equal to this 1211 new state (i.e: up(4)). The two instances of 1212 bfdSessDiag in this notification indicate the range 1213 of indexes that are affected. Note that all the indexes 1214 of the two ends of the range can be derived from the 1215 instance identifiers of these two objects. For the 1216 cases where a contiguous range of sessions 1217 have transitioned into the up(4) state at roughly 1218 the same time, the device SHOULD issue a single 1219 notification for each range of contiguous indexes in 1220 an effort to minimize the emission of a large number 1221 of notifications. If a notification has to be 1222 issued for just a single bfdSessEntry, then 1223 the instance identifier (and values) of the two 1224 bfdSessDiag objects MUST be the identical." 1225 ::= { bfdNotifications 1 } 1227 bfdSessDown NOTIFICATION-TYPE 1228 OBJECTS { 1229 bfdSessDiag, -- low range value 1230 bfdSessDiag -- high range value 1231 } 1232 STATUS current 1233 DESCRIPTION 1234 "This notification is generated when the 1235 bfdSessState object for one or more contiguous 1236 entries in bfdSessTable are about to enter the down(2) 1237 or adminDown(1) states from some other state. The included 1238 values of bfdSessDiag MUST both be set equal to this new 1239 state (i.e: down(2) or adminDown(1)). The two instances 1240 of bfdSessDiag in this notification indicate the range 1241 of indexes that are affected. Note that all the indexes 1242 of the two ends of the range can be derived from the 1243 instance identifiers of these two objects. For 1244 cases where a contiguous range of sessions 1245 have transitioned into the down(2) or adminDown(1) states 1246 at roughly the same time, the device SHOULD issue a single 1247 notification for each range of contiguous indexes in 1248 an effort to minimize the emission of a large number 1249 of notifications. If a notification has to be 1250 issued for just a single bfdSessEntry, then 1251 the instance identifier (and values) of the two 1252 bfdSessDiag objects MUST be the identical." 1253 ::= { bfdNotifications 2 } 1255 -- Ed Note: We need to add notification for changes 1256 -- when the two ends automatically negotiate to a new detection time 1257 -- value or when detection multiplier changes. 1259 -- Module compliance. 1261 bfdGroups 1262 OBJECT IDENTIFIER ::= { bfdConformance 1 } 1264 bfdCompliances 1265 OBJECT IDENTIFIER ::= { bfdConformance 2 } 1267 -- Compliance requirement for fully compliant implementations. 1269 bfdModuleFullCompliance MODULE-COMPLIANCE 1270 STATUS current 1271 DESCRIPTION 1272 "Compliance statement for agents that provide full 1273 support for the BFD-MIB module. Such devices can 1274 then be monitored and also be configured using 1275 this MIB module." 1277 MODULE -- This module. 1279 MANDATORY-GROUPS { 1280 bfdSessionGroup, 1281 bfdSessionReadOnlyGroup, 1282 bfdSessionPerfGroup, 1283 bfdNotificationGroup 1284 } 1286 GROUP bfdSessionPerfHCGroup 1287 DESCRIPTION "This group is mandatory for all systems that 1288 are able to support the Counter64 date type." 1290 OBJECT bfdSessSrcAddrType 1291 SYNTAX InetAddressType { unknown(0), ipv4(1), 1292 ipv6(2), ipv6z(4) } 1293 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1294 support are required." 1296 OBJECT bfdSessSrcAddr 1297 SYNTAX InetAddress (SIZE (0|4|16|20)) 1298 DESCRIPTION "An implementation is only required to support 1299 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1301 OBJECT bfdSessDstAddrType 1302 SYNTAX InetAddressType { unknown(0), ipv4(1), 1303 ipv6(2), ipv6z(4) } 1304 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1305 support are required." 1307 OBJECT bfdSessDstAddr 1308 SYNTAX InetAddress (SIZE (0|4|16|20)) 1309 DESCRIPTION "An implementation is only required to support 1310 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1312 OBJECT bfdSessRowStatus 1313 SYNTAX RowStatus { active(1), notInService(2) } 1314 WRITE-SYNTAX RowStatus { active(1), notInService(2), 1315 createAndGo(4), destroy(6) } 1316 DESCRIPTION "Support for createAndWait and notReady is not 1317 required." 1319 OBJECT bfdSessDiscMapRowStatus 1320 SYNTAX RowStatus { active(1), notInService(2) } 1321 WRITE-SYNTAX RowStatus { active(1), notInService(2), 1322 createAndGo(4), destroy(6) } 1323 DESCRIPTION "Support for createAndWait and notReady is not 1324 required." 1326 OBJECT bfdSessIpMapRowStatus 1327 SYNTAX RowStatus { active(1), notInService(2) } 1328 WRITE-SYNTAX RowStatus { active(1), notInService(2), 1329 createAndGo(4), destroy(6) } 1330 DESCRIPTION "Support for createAndWait and notReady is not 1331 required." 1333 ::= { bfdCompliances 1 } 1335 bfdModuleReadOnlyCompliance MODULE-COMPLIANCE 1336 STATUS current 1337 DESCRIPTION 1338 "Compliance requirement for implementations that only 1339 provide read-only support for BFD-MIB. Such devices 1340 can then be monitored but cannot be configured using 1341 this MIB module." 1343 MODULE -- This module. 1345 MANDATORY-GROUPS { 1346 bfdSessionGroup, 1347 bfdSessionReadOnlyGroup, 1348 bfdSessionPerfGroup, 1349 bfdNotificationGroup 1350 } 1352 GROUP bfdSessionPerfHCGroup 1353 DESCRIPTION "This group is mandatory for all systems that 1354 are able to support the Counter64 date type." 1356 OBJECT bfdSessVersionNumber 1357 MIN-ACCESS read-only 1358 DESCRIPTION "Write access is not required." 1360 OBJECT bfdSessType 1361 MIN-ACCESS read-only 1362 DESCRIPTION "Write access is not required." 1364 OBJECT bfdSessDestinationUdpPort 1365 MIN-ACCESS read-only 1366 DESCRIPTION "Write access is not required." 1368 OBJECT bfdSessSourceUdpPort 1369 MIN-ACCESS read-only 1370 DESCRIPTION "Write access is not required." 1372 OBJECT bfdSessEchoSourceUdpPort 1373 MIN-ACCESS read-only 1374 DESCRIPTION "Write access is not required." 1376 OBJECT bfdSessAdminStatus 1377 MIN-ACCESS read-only 1378 DESCRIPTION "Write access is not required." 1380 OBJECT bfdSessOperMode 1381 MIN-ACCESS read-only 1382 DESCRIPTION "Write access is not required." 1384 OBJECT bfdSessDemandModeDesiredFlag 1385 MIN-ACCESS read-only 1386 DESCRIPTION "Write access is not required." 1388 OBJECT bfdSessControlPlaneIndepFlag 1389 MIN-ACCESS read-only 1390 DESCRIPTION "Write access is not required." 1392 OBJECT bfdSessMultipointFlag 1393 MIN-ACCESS read-only 1394 DESCRIPTION "Write access is not required." 1396 OBJECT bfdSessInterface 1397 MIN-ACCESS read-only 1398 DESCRIPTION "Write access is not required." 1400 OBJECT bfdSessSrcAddrType 1401 SYNTAX InetAddressType { unknown(0), ipv4(1), 1402 ipv6(2), ipv6z(4) } 1403 MIN-ACCESS read-only 1404 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1405 support are required." 1407 OBJECT bfdSessSrcAddr 1408 SYNTAX InetAddress (SIZE (0|4|16|20)) 1409 MIN-ACCESS read-only 1410 DESCRIPTION "An implementation is only required to support 1411 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1413 OBJECT bfdSessDstAddrType 1414 SYNTAX InetAddressType { unknown(0), ipv4(1), 1415 ipv6(2), ipv6z(4) } 1416 MIN-ACCESS read-only 1417 DESCRIPTION "Only unknown(0), ipv4(1), ipv6(2) and ipv6z(4) 1418 support are required." 1420 OBJECT bfdSessDstAddr 1421 SYNTAX InetAddress (SIZE (0|4|16|20)) 1422 MIN-ACCESS read-only 1423 DESCRIPTION "An implementation is only required to support 1424 unknown(0), ipv4(1), ipv6(2) and ipv6z(4) sizes." 1426 OBJECT bfdSessGTSM 1427 MIN-ACCESS read-only 1428 DESCRIPTION "Write access is not required." 1430 OBJECT bfdSessGTSMTTL 1431 MIN-ACCESS read-only 1432 DESCRIPTION "Write access is not required." 1434 OBJECT bfdSessDesiredMinTxInterval 1435 MIN-ACCESS read-only 1436 DESCRIPTION "Write access is not required." 1438 OBJECT bfdSessReqMinRxInterval 1439 MIN-ACCESS read-only 1440 DESCRIPTION "Write access is not required." 1441 OBJECT bfdSessReqMinEchoRxInterval 1442 MIN-ACCESS read-only 1443 DESCRIPTION "Write access is not required." 1445 OBJECT bfdSessDetectMult 1446 MIN-ACCESS read-only 1447 DESCRIPTION "Write access is not required." 1449 OBJECT bfdSessAuthPresFlag 1450 MIN-ACCESS read-only 1451 DESCRIPTION "Write access is not required." 1453 OBJECT bfdSessAuthenticationType 1454 MIN-ACCESS read-only 1455 DESCRIPTION "Write access is not required." 1457 OBJECT bfdSessAuthenticationKeyID 1458 MIN-ACCESS read-only 1459 DESCRIPTION "Write access is not required." 1461 OBJECT bfdSessAuthenticationKey 1462 MIN-ACCESS read-only 1463 DESCRIPTION "Write access is not required." 1465 OBJECT bfdSessStorageType 1466 MIN-ACCESS read-only 1467 DESCRIPTION "Write access is not required." 1469 OBJECT bfdSessRowStatus 1470 SYNTAX RowStatus { active(1) } 1471 MIN-ACCESS read-only 1472 DESCRIPTION "Write access is not required." 1474 OBJECT bfdSessDiscMapStorageType 1475 MIN-ACCESS read-only 1476 DESCRIPTION "Write access is not required." 1478 OBJECT bfdSessDiscMapRowStatus 1479 SYNTAX RowStatus { active(1) } 1480 MIN-ACCESS read-only 1481 DESCRIPTION "Write access is not required." 1483 OBJECT bfdSessIpMapStorageType 1484 MIN-ACCESS read-only 1485 DESCRIPTION "Write access is not required." 1487 OBJECT bfdSessIpMapRowStatus 1488 SYNTAX RowStatus { active(1) } 1489 MIN-ACCESS read-only 1490 DESCRIPTION "Write access is not required." 1492 ::= { bfdCompliances 2 } 1494 -- Units of conformance. 1496 bfdSessionGroup OBJECT-GROUP 1497 OBJECTS { 1498 bfdAdminStatus, 1499 bfdSessNotificationsEnable, 1500 bfdSessVersionNumber, 1501 bfdSessType, 1502 bfdSessDestinationUdpPort, 1503 bfdSessSourceUdpPort, 1504 bfdSessEchoSourceUdpPort, 1505 bfdSessAdminStatus, 1506 bfdSessOperMode, 1507 bfdSessDemandModeDesiredFlag, 1508 bfdSessControlPlaneIndepFlag, 1509 bfdSessMultipointFlag, 1510 bfdSessInterface, 1511 bfdSessSrcAddrType, 1512 bfdSessSrcAddr, 1513 bfdSessDstAddrType, 1514 bfdSessDstAddr, 1515 bfdSessGTSM, 1516 bfdSessGTSMTTL, 1517 bfdSessDesiredMinTxInterval, 1518 bfdSessReqMinRxInterval, 1519 bfdSessReqMinEchoRxInterval, 1520 bfdSessDetectMult, 1521 bfdSessAuthPresFlag, 1522 bfdSessAuthenticationType, 1523 bfdSessAuthenticationKeyID, 1524 bfdSessAuthenticationKey, 1525 bfdSessStorageType, 1526 bfdSessRowStatus, 1527 bfdSessDiscMapStorageType, 1528 bfdSessDiscMapRowStatus, 1529 bfdSessIpMapStorageType, 1530 bfdSessIpMapRowStatus 1531 } 1532 STATUS current 1533 DESCRIPTION 1534 "Collection of objects needed for BFD sessions." 1535 ::= { bfdGroups 1 } 1537 bfdSessionReadOnlyGroup OBJECT-GROUP 1538 OBJECTS { 1539 bfdSessDiscriminator, 1540 bfdSessRemoteDiscr, 1541 bfdSessState, 1542 bfdSessRemoteHeardFlag, 1543 bfdSessDiag, 1544 bfdSessNegotiatedInterval, 1545 bfdSessNegotiatedEchoInterval, 1546 bfdSessNegotiatedDetectMult, 1547 bfdSessDiscMapIndex, 1548 bfdSessIpMapIndex 1549 } 1550 STATUS current 1551 DESCRIPTION 1552 "Collection of read-only objects needed for BFD sessions." 1553 ::= { bfdGroups 2 } 1555 bfdSessionPerfGroup OBJECT-GROUP 1556 OBJECTS { 1557 bfdSessPerfCtrlPktIn, 1558 bfdSessPerfCtrlPktOut, 1559 bfdSessPerfCtrlPktDrop, 1560 bfdSessPerfCtrlPktDropLastTime, 1561 bfdSessPerfEchoPktIn, 1562 bfdSessPerfEchoPktOut, 1563 bfdSessPerfEchoPktDrop, 1564 bfdSessPerfEchoPktDropLastTime, 1565 bfdSessUpTime, 1566 bfdSessPerfLastSessDownTime, 1567 bfdSessPerfLastCommLostDiag, 1568 bfdSessPerfSessUpCount, 1569 bfdSessPerfDiscTime 1570 } 1571 STATUS current 1572 DESCRIPTION 1573 "Collection of objects needed to monitor the 1574 performance of BFD sessions." 1575 ::= { bfdGroups 3 } 1577 bfdSessionPerfHCGroup OBJECT-GROUP 1578 OBJECTS { 1579 bfdSessPerfCtrlPktInHC, 1580 bfdSessPerfCtrlPktOutHC, 1581 bfdSessPerfCtrlPktDropHC, 1582 bfdSessPerfEchoPktInHC, 1583 bfdSessPerfEchoPktOutHC, 1584 bfdSessPerfEchoPktDropHC 1586 } 1587 STATUS current 1588 DESCRIPTION 1589 "Collection of objects needed to monitor the 1590 performance of BFD sessions for which the 1591 values of bfdSessPerfPktIn, bfdSessPerfPktOut 1592 wrap around too quickly." 1593 ::= { bfdGroups 4 } 1595 bfdNotificationGroup NOTIFICATION-GROUP 1596 NOTIFICATIONS { 1597 bfdSessUp, 1598 bfdSessDown 1599 } 1600 STATUS current 1601 DESCRIPTION 1602 "Set of notifications implemented in this 1603 module." 1604 ::= { bfdGroups 5 } 1606 END 1608 6. Security Considerations 1610 As BFD may be tied into the stability of the network infrastructure 1611 (such as routing protocols), the effects of an attack on a BFD 1612 session may be very serious. This ultimately has denial-of-service 1613 effects, as links may be declared to be down (or falsely declared to 1614 be up.) As such, improper manipulation of the objects represented by 1615 this MIB may result in denial of service to a large number of end- 1616 users. 1618 There are a number of management objects defined in this MIB module 1619 with a MAX-ACCESS clause of read-write and/or read-create. Such 1620 objects may be considered sensitive or vulnerable in some network 1621 environments. The support for SET operations in a non-secure 1622 environment without proper protection can have a negative effect on 1623 network operations. These are the tables and objects and their 1624 sensitivity/vulnerability: 1626 o bfdSessAdminStatus - Improper change of bfdSessAdminStatus, from 1627 start to stop, can cause significant disruption of the 1628 connectivity to those portions of the Internet reached via the 1629 applicable remote BFD peer. 1631 o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, 1632 bfdSessReqMinEchoRxInterval, bfdSessDetectMult - Improper change 1633 of this object can cause connections to be disrupted for extremely 1634 long time periods when otherwise they would be restored in a 1635 relatively short period of time. 1637 There are a number of management objects defined in this MIB module 1638 with a MAX-ACCESS clause of read-write and/or read-create. Such 1639 objects may be considered sensitive or vulnerable in some network 1640 environments. It is thus important to control even GET and/or NOTIFY 1641 access to these objects and possibly to even encrypt the values of 1642 these objects when sending them over the network via SNMP. 1644 o The bfdSessTable may be used to directly configure BFD sessions. 1645 The bfdSessMapTable can be used indirectly in the same way. 1646 Unauthorized access to objects in this table could result in 1647 disruption of traffic on the network. This is especially true if 1648 an unauthorized user configures enough tables to invoke a denial 1649 of service attack on the device where they are configured, or on a 1650 remote device where the sessions terminate. 1652 Some of the readable objects in this MIB module (i.e., objects with a 1653 MAX-ACCESS other than not-accessible) may be considered sensitive or 1654 vulnerable in some network environments. It is thus important to 1655 control even GET and/or NOTIFY access to these objects and possibly 1656 to even encrypt the values of these objects when sending them over 1657 the network via SNMP. These are the tables and objects and their 1658 sensitivity/vulnerability: 1660 o The bfdSessPerfTable both allows access to the performance 1661 characteristics of BFD sessions. Network administrators not 1662 wishing to show this information should consider this table 1663 sensitive. 1665 The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and 1666 bfdSessAuthenticationKey objects hold security methods and associated 1667 security keys of BFD sessions. These objects SHOULD be considered 1668 highly sensitive objects. In order for these sensitive information 1669 from being improperly accessed, implementers MAY wish to disallow 1670 read and create access to these objects. 1672 SNMP versions prior to SNMPv3 did not include adequate security. 1673 Even if the network itself is secure "for example by using IPSec", 1674 even then, there is no control as to who on the secure network is 1675 allowed to access and GET/SET "read/change/create/delete" the objects 1676 in these MIB modules. 1678 It is RECOMMENDED that implementers consider the security features as 1679 provided by the SNMPv3 framework (see [RFC3410], section 8), 1680 including full support for the SNMPv3 cryptographic mechanisms "for 1681 authentication and privacy". 1683 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1684 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1685 enable cryptographic security. It is then a customer/operator 1686 responsibility to ensure that the SNMP entity giving access to an 1687 instance of this MIB module, is properly configured to give access to 1688 the objects only to those principals "users" that have legitimate 1689 rights to indeed GET or SET "change/create/delete" them. 1691 7. IANA Considerations 1693 The MIB module in this document uses the following IANA-assigned 1694 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1696 Descriptor OBJECT IDENTIFIER value 1697 ---------- ----------------------- 1699 bfdMib { mib-2 XXX } 1701 [Editor's Note (to be removed prior to publication): the IANA is 1702 requested to assign a value for "XXX" under the 'mib-2' subtree and 1703 to record the assignment in the SMI Numbers registry. When the 1704 assignment has been made, the RFC Editor is asked to replace "XXX" 1705 (here and in the MIB module) with the assigned value and to remove 1706 this note.] 1708 This document also requests IANA to manage the registry for the 1709 BfdDiagTC object. 1711 8. References 1713 8.1. Normative References 1715 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1716 Requirement Levels", BCP 14, RFC 2119, March 1997. 1718 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1719 Schoenwaelder, Ed., "Structure of Management Information 1720 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1722 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1723 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 1724 58, RFC 2579, April 1999. 1726 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1727 "Conformance Statements for SMIv2", STD 58, RFC 2580, 1728 April 1999. 1730 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 1731 (BFD)", RFC 5880, June 2010. 1733 [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 1734 (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June 1735 2010. 1737 [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 1738 (BFD) for Multihop Paths", RFC 5883, June 2010. 1740 [I-D.ietf-bfd-tc-mib] 1741 Nadeau, T., Ali, Z., and N. Akiya, "Definitions of Textual 1742 Conventions (TCs) for Bidirectional Forwarding Detection 1743 (BFD) Management", draft-ietf-bfd-tc-mib-01 (work in 1744 progress), June 2012. 1746 8.2. Informative References 1748 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1749 "Introduction and Applicability Statements for Internet- 1750 Standard Management Framework", RFC 3410, December 2002. 1752 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1753 Schoenwaelder, "Textual Conventions for Internet Network 1754 Addresses", RFC 4001, February 2005. 1756 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1757 MIB", RFC 2863, June 2000. 1759 [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network 1760 Management Protocol (SNMP) Applications", STD 62, RFC 1761 3413, December 2002. 1763 Appendix A. Acknowledgments 1765 Authors would like to thank David Ward, Jeffrey Haas, Reshad Rahman, 1766 David Toscano, Sylvain Masse, Mark Tooker, and Kiran Koushik Agrahara 1767 Sreenivasa for their comments and suggestions. 1769 Authors' Addresses 1771 Thomas D. Nadeau 1772 Juniper Networks 1774 EMail: tnadeau@juniper.net 1776 Zafar Ali 1777 Cisco Systems 1779 EMail: zali@cisco.com 1781 Nobo Akiya 1782 Cisco Systems 1784 EMail: nobo@cisco.com