idnits 2.17.1 draft-ietf-bfd-mpls-mib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 28, 2013) is 3955 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group 3 INTERNET-DRAFT Sam Aldrin 4 Intended Status: Standards Track Huawei Technologies 5 Expires: December 30, 2013 M.Venkatesan 6 Dell Inc. 7 Kannan KV Sampath 8 Redeem Software 9 Thomas D. Nadeau 10 Juniper Networks 12 June 28, 2013 14 BFD Management Information Base (MIB) extensions 15 for MPLS and MPLS-TP Networks 16 draft-ietf-bfd-mpls-mib-02 18 Abstract 20 This draft defines a portion of the Management Information Base (MIB) 21 for use with network management protocols in the Internet community. 22 In particular, it extends the BFD Management Information Base BFD- 23 STD-MIB and describes the managed objects for modeling Bidirectional 24 Forwarding Detection (BFD) protocol for MPLS and MPLS-TP networks. 26 Status of this Memo 28 This Internet-Draft is submitted to IETF in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF), its areas, and its working groups. Note that 33 other groups may also distribute working documents as Internet- 34 Drafts. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 The list of current Internet-Drafts can be accessed at 42 http://www.ietf.org/ietf/1id-abstracts.txt. 44 The list of Internet-Draft Shadow Directories can be accessed at 45 http://www.ietf.org/shadow.html. 47 This Internet-Draft will expire on December 30, 2013. 49 Copyright Notice 51 Copyright (c) 2013 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. The Internet-Standard Management Framework . . . . . . . . . . 3 68 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3.1 Conventions used in this document . . . . . . . . . . . . . 3 70 3.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 71 4. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 72 5. Brief description of MIB Objects . . . . . . . . . . . . . . . 4 73 5.1. Extensions to the BFD session table (bfdSessionTable) . . . 4 74 5.2. Example of BFD session configuration . . . . . . . . . . . 6 75 5.2.1 Example of BFD Session configuration for MPLS TE 76 tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 6 77 5.2.2 Example of BFD Session configuration for ME of MPLS-TP 78 TE tunnel . . . . . . . . . . . . . . . . . . . . . . . 7 79 5.3. BFD objects for session performance counters . . . . . . . 9 80 5.4. Notification Objects . . . . . . . . . . . . . . . . . . . 9 81 6. BFD MPLS-MPLS-TP MIB Module Definition . . . . . . . . . . . . 10 82 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 18 83 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 20 84 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 85 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 20 86 9.2 Informative References . . . . . . . . . . . . . . . . . . . 21 87 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 88 11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 21 90 1 Introduction 92 Current MIB for BFD as defined by BFD-STD-MIB is used for neighbor 93 monitoring in IP networks. The BFD session association to the 94 neighbors being monitored is done using the source and destination IP 95 addresses of the neighbors configured using the respective MIB 96 objects. 98 To monitor MPLS/MPLS-TP paths like tunnels or Pseudowires, there is a 99 necessity to identify or associate the BFD session to those paths. 101 This memo defines an portion of the Management Information Base (MIB) 102 for use with network management protocols in the Internet community. 103 In particular, it extends the BFD Management Information Base BFD- 104 STD-MIB and describes the managed objects to configure and/or monitor 105 Bidirectional Forwarding Detection (BFD) protocol for MPLS [BFD-MPLS] 106 and MPLS-TP networks [RFC6428]. 108 2. The Internet-Standard Management Framework 110 For a detailed overview of the documents that describe the current 111 Internet-Standard Management Framework, please refer to section 7 of 112 RFC3410 [RFC3410]. 114 Managed objects are accessed via a virtual information store, termed 115 the Management Information Base or MIB. MIB objects are generally 116 accessed through the Simple Network Management Protocol (SNMP). 117 Objects in the MIB are defined using the mechanisms defined in the 118 Structure of Management Information (SMI). This memo specifies a MIB 119 module that is compliant to the SMIv2, which is described in STD 58, 120 RFC2578, STD 58, RFC2579 and STD58, RFC2580. 122 3. Overview 124 3.1 Conventions used in this document 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 128 document are to be interpreted as described in RFC-2119 [RFC2119]. 130 3.2 Terminology 132 This document adopts the definitions, acronyms and mechanisms 133 described in [BFD], [BFD-1HOP], [BFD-MH], [BFD-MPLS], [RFC6428]. 134 Unless otherwise stated, the mechanisms described therein will not be 135 re-described here. 137 4. Acronyms 139 BFD: Bidirectional Forwarding Detection 140 IP: Internet Protocol 141 LSP: Label Switching Path 142 LSR: Label Switching Router 143 MIB: Management Information Base 144 MPLS: Multi-Protocol Label Switching 145 MPLS-TP: MPLS Transport Profile 146 ME: Maintenance Entity 147 MEG: Maintenance Entity Group 148 MEP: Maintenance Entity End-Point 149 PW: Pseudowire 150 TP: Transport Profile 151 LOC: Loss Of Continuity 153 5. Brief description of MIB Objects 155 The objects described in this section support the functionality 156 described in documents [BFD-MPLS] and [RFC6428]. The objects are 157 defined as an extension to the BFD base MIB defined by BFD-STD-MIB. 159 5.1. Extensions to the BFD session table (bfdSessionTable) 161 The BFD session table used to identify a BFD session between a pair 162 of nodes, as defined in BFD-STD-MIB, is extended with managed objects 163 to achieve the required functionality in MPLS and MPLS-TP networks as 164 described below: 166 1. SessionRole - Active/Passive role specification for the BFD 167 session configured on the node. Either end of a BFD session 168 can be configured as Active/Passive to determine which 169 end starts transmitting the BFD control packets. 171 2. SessionMode - Defines the mode in which BFD 172 session is running, defined as below: 173 i. CC - Only Continuity Check and RDI functionality is 174 performed. 176 ii. CV - Provides for Continuity Check, Connectivity 177 Verification and RDI functionalities to be 178 supported. 180 3. Timer Negotiation Flag - Provides for timer negotiation 181 to be enabled or disabled. This object can be used to tune 182 the detection of period-misconfiguration. 184 4. Map Type - Indicates the type of the path being monitored by 185 the BFD session. 186 This object can take the following values: 188 For BFD session over MPLS based paths: 190 nonTeIpv4 (1) - BFD session configured for Non-TE 191 Ipv4 path 192 nonTeIpv6 (2) - BFD session configured for Non-TE 193 Ipv6 path 194 teIpv4 (3) - BFD session configured for a TE 195 Ipv4 path 196 teIpv6 (4) - BFD session configured for a TE 197 Ipv6 path 198 pw (5) - BFD session configured for a PW 200 For MPLS-TP based paths: 202 mep (6) - BFD session configured for an MPLS-TP path 203 (Bidirectional tunnel, PW or Sections) will map to 204 the corresponding maintenance entity. 206 5. Map Pointer 208 A Row Pointer object which can be used to point to the first 209 accessible object in the respective instance of the table entry 210 identifying the path being monitored (mplsXCEntry/mplsTunnelEntry/ 211 pwEntry respectively for LSP/Tunnel/PW). 213 For NON-TE LSP, the Map pointer points to the corresponding 214 mplsXCEntry. 216 For TE based tunnel, the Map pointer points to the corresponding 217 instance of the mplsTunnelEntry. 219 For PW, this object points to the corresponding instance of 220 pwEntry. 222 For MPLS-TP paths, this object points to the corresponding 223 instance of mplsOamIdMeEntry configured to monitor the 224 MPLS-TP path associated with the BFD session. 226 6. Usage of existing object bfdSessType: 228 Additionally existing object "bfdSessType" in the base MIB can be 229 used with the already defined value multiHopOutOfBandSignaling(3) 230 to specify an OOB (Out of band) mechanism [E.g. LSP Ping] for 231 bootstrapping the BFD session. 233 5.2. Example of BFD session configuration 235 This section provides an example of BFD session configuration 236 for an MPLS and MPLS-TP TE tunnel. This example is only meant 237 to enable an understanding of the proposed extension and does not 238 illustrate every permutation of the MIB. 240 5.2.1 Example of BFD Session configuration for MPLS TE tunnel 242 This section provides an example BFD session configuration 243 for an MPLS TE tunnel. This example is only meant to enable 244 an understanding of the proposed extension and does not 245 illustrate every permutation of the MIB. 247 The following denotes the configured tunnel "head" entry: 249 In mplsTunnelTable: 250 { 251 mplsTunnelIndex = 100, 252 mplsTunnelInstance = 1, 253 mplsTunnelIngressLSRId = 192.0.2.1, 254 mplsTunnelEgressLSRId = 192.0.2.3, 255 mplsTunnelName = "Tunnel", 256 ... 257 mplsTunnelSignallingProto = none (1), 258 mplsTunnelSetupPrio = 0, 259 mplsTunnelHoldingPrio = 0, 260 mplsTunnelSessionAttributes = 0, 261 mplsTunnelLocalProtectInUse = false (0), 262 mplsTunnelResourcePointer = mplsTunnelResourceMaxRate.5, 263 mplsTunnelInstancePriority = 1, 264 mplsTunnelHopTableIndex = 1, 265 mplsTunnelIncludeAnyAffinity = 0, 266 mplsTunnelIncludeAllAffinity = 0, 267 mplsTunnelExcludeAnyAffinity = 0, 268 mplsTunnelPathInUse = 1, 269 mplsTunnelRole = head (1), 270 ... 271 mplsTunnelRowStatus = Active 272 } 274 BFD session parameters used to monitor this tunnel should be 275 configured on head-end as follows: 277 In bfdSessTable: 278 BfdSessEntry ::= SEQUENCE { 279 -- BFD session index 280 bfdSessIndex = 2, 281 bfdSessVersionNumber = 1, 282 -- LSP Ping used for OOB bootstrapping 283 bfdSessType = multiHopOutOfBandSignaling, 284 ... 285 bfdSessAdminStatus = start, 286 ... 287 bfdSessDemandModeDesiredFlag = false, 288 bfdSessControlPlaneIndepFlag = false, 289 bfdSessMultipointFlag = false, 290 bfdSessDesiredMinTxInterval = 100000, 291 bfdSessReqMinRxInterval = 100000, 292 ... 293 -- Indicates that the BFD session is to monitor 294 -- an MPLS TE tunnel 295 bfdMplsSessMapType = teIpv4(3), 297 -- OID of the first accessible object (mplsTunnelName) of 298 -- the mplsTunnelEntry identifying the MPLS TE tunnel (being 299 -- monitored using BFD) in the MPLS tunnel table. 300 -- A value of zeroDotzero indicates that no association 301 -- has been made as yet between the BFD session and the path 302 -- being monitored. 303 -- In the above OID example: 304 -- 100 -> Tunnel Index 305 -- 1 -> Tunnel instance 306 -- 3221225985 -> Ingress LSR Id 192.0.2.1 307 -- 3221225987 -> Egress LSR Id 192.0.2.3 308 bfdMplsSessMapPointer 309 = mplsTunnelName.100.1.3221225985.3221225987, 310 bfdSessRowStatus = createAndGo 311 } 313 Similarly BFD session would be configured on the tail-end of 314 the tunnel. Creating the above row will trigger 315 the bootstrapping of the session using LSP Ping and its 316 subsequent establishment over the path by de-multiplexing of 317 the control packets using the BFD session discriminators. 319 5.2.2 Example of BFD Session configuration for ME of MPLS-TP TE tunnel 321 This example considers the OAM identifiers configuration on a 322 head-end LSR to manage and monitor a co-routed bidirectional MPLS 323 tunnel. 324 Only relevant objects which are applicable for IP based OAM 325 identifiers of co-routed MPLS tunnel are illustrated here. 327 In mplsOamIdMegTable: 329 { 330 -- MEG index (Index to the table) 331 mplsOamIdMegIndex = 1, 332 mplsOamIdMegName = "MEG1", 333 mplsOamIdMegOperatorType = ipCompatible (1), 334 mplsOamIdMegServiceType = lsp (1), 335 mplsOamIdMegMpLocation = perNode(1), 336 -- Mandatory parameters needed to activate the row go here 337 mplsOamIdMegRowStatus = createAndGo (4) 338 } 340 This will create an entry in the mplsOamIdMegTable to manage and 341 monitor the MPLS tunnel. 343 The following ME table is used to associate the path information 344 to a MEG. 346 In mplsOamIdMeTable: 347 { 348 -- ME index (Index to the table) 349 mplsOamIdMeIndex = 1, 350 -- MP index (Index to the table) 351 mplsOamIdMeMpIndex = 1, 352 mplsOamIdMeName = "ME1", 353 mplsOamIdMeMpIfIndex = 0, 354 -- Source MEP id is derived from the IP compatible MPLS tunnel 355 mplsOamIdMeSourceMepIndex = 0, 356 -- Source MEP id is derived from the IP compatible MPLS tunnel 357 mplsOamIdMeSinkMepIndex = 0, 358 mplsOamIdMeMpType = mep (1), 359 mplsOamIdMeMepDirection = down (2), 360 mplsOamIdMeProactiveOamPhbTCValue = 0, 361 mplsOamIdMeOnDemandOamPhbTCValue = 0, 362 -- RowPointer MUST point to the first accessible column of an 363 -- MPLS tunnel 364 mplsOamIdMeServicePointer = mplsTunnelName.1.1.1.2, 365 -- Mandatory parameters needed to activate the row go here 366 mplsOamIdMeRowStatus = createAndGo (4) 367 } 369 BFD session parameters used to monitor this tunnel should be 370 configured on head-end as follows: 372 In bfdSessTable: 373 BfdSessEntry ::= SEQUENCE { 374 -- BFD session index 375 bfdSessIndex = 2, 376 bfdSessVersionNumber = 1, 377 -- LSP Ping used for OOB bootstrapping 378 bfdSessType = multiHopOutOfBandSignaling, 379 ... 380 bfdSessAdminStatus = start, 381 ... 382 bfdSessDemandModeDesiredFlag = false, 383 bfdSessControlPlaneIndepFlag = false, 384 bfdSessMultipointFlag = false, 385 bfdSessDesiredMinTxInterval = 100000, 386 bfdSessReqMinRxInterval = 100000, 387 ... 388 -- Indicates that the BFD session is to monitor 389 -- a ME of an MPLS-TP TE tunnel 390 bfdMplsSessMapType = mep(6), 392 bfdMplsSessMapPointer 393 = mplsOamIdMeName.1.1.1, 394 bfdSessRowStatus = createAndGo 395 } 397 Similarly BFD session would be configured on the tail-end of 398 the tunnel. Creating the above row will trigger the bootstrapping 399 of the session using LSP Ping and its subsequent establishment 400 over the path by de-multiplexing of the control packets using 401 the BFD session discriminators. 403 5.3. BFD objects for session performance counters 405 BFD-STD-MIB defines BFD Session Performance Table 406 (bfdSessionPerfTable), for collecting per-session BFD performance 407 counters, as an extension to the bfdSessionTable. 409 The bfdSessionPerfTable is extended with the performance counters 410 to collect Mis-connectivity Defect, Loss of Continuity Defect 411 and RDI (Remote Defect Indication) counters. 413 1. bfdMplsSessPerfMisDefCount - Mis-connectivity defect count 414 for this BFD session. 415 2. bfdMplsSessPerfLocDefCount - Loss of continuity defect count for 416 this BFD session. 417 3. bfdMplsSessPerfRdiInCount - Total number of RDI messages 418 received for this BFD session. 419 4. bfdMplsSessPerfRdiOutCount - Total number of RDI messages sent 420 for this BFD session. 422 5.4. Notification Objects 424 To be added in the next version of this document. 426 6. BFD MPLS-MPLS-TP MIB Module Definition 427 BFD-EXT-STD-MIB DEFINITIONS ::= BEGIN 429 IMPORTS 430 MODULE-IDENTITY, OBJECT-TYPE, mib-2, 431 Counter32, zeroDotZero 432 FROM SNMPv2-SMI -- [RFC2578] 434 RowPointer,TruthValue,TEXTUAL-CONVENTION 435 FROM SNMPv2-TC -- [RFC2579] 437 MODULE-COMPLIANCE, OBJECT-GROUP 438 FROM SNMPv2-CONF -- [RFC2580] 440 bfdSessIndex 441 FROM BFD-STD-MIB; 443 bfdMplsMib MODULE-IDENTITY 444 LAST-UPDATED "201306260000Z" -- June 26 2013 445 ORGANIZATION "IETF Bidirectional Forwarding Detection 446 Working Group" 447 CONTACT-INFO 448 " 449 Sam Aldrin 450 Huawei Technologies 451 2330 Central Express Way, 452 Santa Clara, CA 95051, USA 453 Email: aldrin.ietf@gmail.com 455 Venkatesan Mahalingam 456 Dell Inc. 457 350 Holger Way, 458 San Jose, CA 95134, USA 459 Email: venkat.mahalingams@gmail.com 461 Kannan KV Sampath 462 Redeem Software 463 India 464 Email: kannankvs@gmail.com 466 Thomas D. Nadeau 467 Juniper Networks 468 10 Technology Park Drive, Westford, MA 01886 469 Email: tnadeau@juniper.net" 471 DESCRIPTION 472 " Copyright (c) 2013 IETF Trust and the persons identified 473 as the document authors. All rights reserved. 475 This MIB module is an initial version containing objects 476 to provide a proactive mechanism to detect faults using 477 BFD for MPLS and MPLS-TP networks" 478 REVISION "201306260000Z" -- June 26 2013 479 DESCRIPTION 480 " Initial version published as RFC xxx " 481 -- RFC Ed.: RFC-editor pls fill in xxxx 482 ::= { mib-2 XXX } -- XXX to be replaced with correct value 483 -- RFC Ed.: assigned by IANA 485 -- ------------------------------------------------------------ 486 -- groups in the MIB 487 -- ------------------------------------------------------------ 489 bfdMplsObjects OBJECT IDENTIFIER ::= { bfdMplsMib 0 } 490 bfdMplsConformance OBJECT IDENTIFIER ::= { bfdMplsMib 1 } 492 -- ------------------------------------------------------------ 493 -- Textual Conventions 494 -- ------------------------------------------------------------ 496 SessionMapTypeTC ::= TEXTUAL-CONVENTION 497 STATUS current 498 DESCRIPTION 499 "Used to indicate the type of MPLS or MPLS-TP path 500 associated to the session" 501 SYNTAX INTEGER { 502 nonTeIpv4(1), -- mapping into LDP IPv4 503 nonTeIpv6(2), -- mapping into LDP IPv6 504 teIpv4(3), -- mapping into TE IPv4 505 teIpv6(4), -- mapping into TE IPv6 506 pw(5), -- mapping into Pseudowires 508 mep(6) -- mapping into MEPs in MPLS-TP 510 } 512 DefectActionTC ::= TEXTUAL-CONVENTION 513 STATUS current 514 DESCRIPTION 515 "The action to be taken when the mis-connectivity/loss of 516 connectivity defect occurs in the MPLS or MPLS-TP 517 path associated to the session" 518 SYNTAX INTEGER { 519 alarmOnly(1), -- Alarm only 520 alarmAndBlockData(2) -- Alarm and block the data 522 } 524 -- ------------------------------------------------------------------ 525 -- BFD session table extensions for BFD on MPLS and MPLS-TP 526 -- ------------------------------------------------------------------ 527 -- bfdMplsSessTable - bfdSessTable Extension 529 bfdMplsSessTable OBJECT-TYPE 530 SYNTAX SEQUENCE OF BfdMplsSessEntry 531 MAX-ACCESS not-accessible 533 STATUS current 534 DESCRIPTION 535 "This table is an extension to the bfdSessTable for 536 configuring BFD sessions for MPLS or MPLS-TP paths." 537 ::= { bfdMplsObjects 1 } 539 bfdMplsSessEntry OBJECT-TYPE 540 SYNTAX BfdMplsSessEntry 541 MAX-ACCESS not-accessible 542 STATUS current 543 DESCRIPTION 544 "A row in this table extends a row in bfdSessTable." 545 INDEX { bfdSessIndex } 546 ::= { bfdMplsSessTable 1 } 548 BfdMplsSessEntry ::= SEQUENCE { 549 bfdMplsSessRole INTEGER, 550 bfdMplsSessMode INTEGER, 551 bfdMplsSessTmrNegotiate TruthValue, 552 bfdMplsSessMapType SessionMapTypeTC, 553 bfdMplsSessMapPointer RowPointer, 554 bfdMplsSessMisConnectivityDefectAction DefectActionTC, 555 bfdMplsSessLOCDefect DefectActionTC 556 } 558 bfdMplsSessRole OBJECT-TYPE 559 SYNTAX INTEGER { 560 active(1), 561 passive(2) 562 } 563 MAX-ACCESS read-create 564 STATUS current 565 DESCRIPTION 566 "This object specifies whether the system is playing the 567 active(1) role or the passive(2) role for this 568 BFD session." 569 REFERENCE 570 "RFC 5880, Section 6.1" 572 DEFVAL { active } 573 ::= { bfdMplsSessEntry 1 } 575 bfdMplsSessMode OBJECT-TYPE 576 SYNTAX INTEGER { 577 cc(1), 578 cv(2) 579 } 580 MAX-ACCESS read-create 582 STATUS current 583 DESCRIPTION 584 "This object specifies whether the BFD session is running 585 in Continuity Check(CC) or the Connectivity 586 Verification(CV) mode." 587 REFERENCE 588 "1.RFC6428, Proactive Connectivity Verification, 589 Continuity Check and Remote Defect Indication 590 for MPLS Transport Profile." 591 DEFVAL { cc } 592 ::= { bfdMplsSessEntry 2 } 594 bfdMplsSessTmrNegotiate OBJECT-TYPE 595 SYNTAX TruthValue 596 MAX-ACCESS read-create 597 STATUS current 598 DESCRIPTION 599 "This object specifies if timer negotiation is required for 600 the BFD session. When set to false, timer negotiation is 601 disabled" 602 DEFVAL { true } 603 ::= { bfdMplsSessEntry 3 } 605 bfdMplsSessMapType OBJECT-TYPE 606 SYNTAX SessionMapTypeTC 607 MAX-ACCESS read-create 608 STATUS current 609 DESCRIPTION 610 "This object indicates the type of path being monitored 611 by this BFD session entry." 613 DEFVAL { nonTeIpv4 } 614 ::= { bfdMplsSessEntry 4 } 616 bfdMplsSessMapPointer OBJECT-TYPE 617 SYNTAX RowPointer 618 MAX-ACCESS read-create 619 STATUS current 620 DESCRIPTION 621 "If bfdMplsSessMapType is nonTeIpv4(1) or nonTeIpv6(2), 622 then this object MUST contain zeroDotZero or point to 623 an instance of the mplsXCEntry indicating the LDP-based 624 LSP associated with this BFD session. 626 If bfdMplsSessMapType is teIpv4(3) or teIpv6(4), then 627 this object MUST contain zeroDotZero or point to 628 an instance of the mplsTunnelEntry indicating 629 the RSVP-based MPLS TE tunnel associated with this 630 BFD session. 632 If bfdMplsSessMapType is pw(5), then this object MUST 633 contain zeroDotZero or point to an instance of 634 the pwEntry indicating the MPLS Pseudowire associated 635 with this BFD session. 637 If bfdMplsSessMapTpye is mep(6). then this object MUST 638 contain zeroDotZero or point to an instance identifying 639 the mplsOamIdMeEntry configured for monitoring the MPLS-TP 640 path associated with this BFD session. 642 If this object points to a conceptual row instance 643 in a table consistent with bfdMplsSessMapType but this 644 instance does not currently exist then no valid 645 path is associated with this session entry. 647 If this object contains zeroDotZero then no valid path is 648 associated with this BFD session entry till it is 649 populated with a valid pointer consistent with 650 the value of bfdMplsSessMapType as explained above." 651 DEFVAL { zeroDotZero } 652 ::= { bfdMplsSessEntry 5 } 654 bfdMplsSessMisConnectivityDefectAction OBJECT-TYPE 655 SYNTAX DefectActionTC 656 MAX-ACCESS read-create 657 STATUS current 658 DESCRIPTION 659 "This object indicates the action to be taken when 660 the mis-connectivity defect is detected on 661 this BFD session." 662 DEFVAL { alarmOnly } 663 ::= { bfdMplsSessEntry 6 } 665 bfdMplsSessLOCDefect OBJECT-TYPE 666 SYNTAX DefectActionTC 667 MAX-ACCESS read-create 668 STATUS current 669 DESCRIPTION 670 "This object indicates the action to be taken when 671 the loss of continuity defect is detected on 672 this BFD session." 673 DEFVAL { alarmOnly } 674 ::= { bfdMplsSessEntry 7 } 676 -- ------------------------------------------------------------------ 677 -- BFD Objects for Session performance 678 -- ----------------------------------------------------------------- 679 -- bfdMplsSessPerfTable - bfdSessPerfTable Extension 681 bfdMplsSessPerfTable OBJECT-TYPE 682 SYNTAX SEQUENCE OF BfdMplsSessPerfEntry 683 MAX-ACCESS not-accessible 684 STATUS current 685 DESCRIPTION 686 "This table is an extension to the bfdSessPerfTable" 687 ::= { bfdMplsObjects 2 } 689 bfdMplsSessPerfEntry OBJECT-TYPE 690 SYNTAX BfdMplsSessPerfEntry 691 MAX-ACCESS not-accessible 692 STATUS current 693 DESCRIPTION 694 "A row in this table extends the bfdSessPerfTable" 695 INDEX { bfdSessIndex } 696 ::= { bfdMplsSessPerfTable 1 } 698 BfdMplsSessPerfEntry ::= SEQUENCE { 699 bfdMplsSessPerfMisDefCount Counter32, 701 bfdMplsSessPerfLocDefCount Counter32, 702 bfdMplsSessPerfRdiInCount Counter32, 703 bfdMplsSessPerfRdiOutCount Counter32 704 } 706 bfdMplsSessPerfMisDefCount OBJECT-TYPE 707 SYNTAX Counter32 708 MAX-ACCESS read-only 709 STATUS current 710 DESCRIPTION 711 "This object gives a count of the mis-connectivity defects 712 detected for the BFD session. For instance, this count 713 will be incremented when the received BFD control packet 714 carries an incorrect globally unique source 715 MEP identifier." 716 ::= { bfdMplsSessPerfEntry 1 } 718 bfdMplsSessPerfLocDefCount OBJECT-TYPE 719 SYNTAX Counter32 720 MAX-ACCESS read-only 721 STATUS current 722 DESCRIPTION 723 "This object gives a count of the Loss of continuity 724 defects detected in MPLS and MPLS-TP paths" 725 ::= { bfdMplsSessPerfEntry 2 } 727 bfdMplsSessPerfRdiInCount OBJECT-TYPE 728 SYNTAX Counter32 729 MAX-ACCESS read-only 730 STATUS current 731 DESCRIPTION 732 "This object gives a count of the Remote Defect 733 Indications received for the BFD session." 734 ::= { bfdMplsSessPerfEntry 3 } 736 bfdMplsSessPerfRdiOutCount OBJECT-TYPE 737 SYNTAX Counter32 738 MAX-ACCESS read-only 739 STATUS current 740 DESCRIPTION 741 "This object gives a count of the Remote Defect 742 Indications sent by the BFD session" 743 ::= { bfdMplsSessPerfEntry 4 } 745 -- Module compliance 746 bfdMplsGroups 747 OBJECT IDENTIFIER ::= { bfdMplsConformance 1 } 749 bfdMplsCompliances 750 OBJECT IDENTIFIER ::= { bfdMplsConformance 2 } 752 -- Compliance requirement for fully compliant implementations. 754 bfdMplsModuleFullCompliance MODULE-COMPLIANCE 755 STATUS current 756 DESCRIPTION 757 "Compliance statement for agents that provide full 758 support for the BFD-EXT-STD-MIB module. " 760 MODULE -- This module. 762 MANDATORY-GROUPS { 763 bfdSessionExtGroup, 764 bfdSessionExtPerfGroup 765 } 766 ::= { bfdMplsCompliances 1 } 768 bfdMplsModuleReadOnlyCompliance MODULE-COMPLIANCE 769 STATUS current 770 DESCRIPTION 771 "Compliance requirement for implementations that only 772 provide read-only support for BFD-EXT-STD-MIB. Such devices 773 can then be monitored but cannot be configured using 774 this MIB module." 776 MODULE -- This module. 778 MANDATORY-GROUPS { 779 bfdSessionExtGroup, 780 bfdSessionExtPerfGroup 781 } 783 OBJECT bfdMplsSessRole 784 MIN-ACCESS read-only 785 DESCRIPTION "Write access is not required." 787 OBJECT bfdMplsSessMode 788 MIN-ACCESS read-only 789 DESCRIPTION "Write access is not required." 791 OBJECT bfdMplsSessTmrNegotiate 792 MIN-ACCESS read-only 793 DESCRIPTION "Write access is not required." 794 OBJECT bfdMplsSessMapType 795 MIN-ACCESS read-only 796 DESCRIPTION "Write access is not required." 798 OBJECT bfdMplsSessMapPointer 799 MIN-ACCESS read-only 800 DESCRIPTION "Write access is not required." 802 ::= { bfdMplsCompliances 2 } 804 -- Units of conformance. 806 bfdSessionExtGroup OBJECT-GROUP 807 OBJECTS { 808 bfdMplsSessRole, 809 bfdMplsSessMode, 810 bfdMplsSessTmrNegotiate, 811 bfdMplsSessMapType, 812 bfdMplsSessMapPointer, 813 bfdMplsSessMisConnectivityDefectAction, 814 bfdMplsSessLOCDefect 815 } 816 STATUS current 817 DESCRIPTION 818 "Collection of objects needed for BFD monitoring for 819 MPLS and MPLS-TP paths" 820 ::= { bfdMplsGroups 1 } 822 bfdSessionExtPerfGroup OBJECT-GROUP 823 OBJECTS { 824 bfdMplsSessPerfMisDefCount, 825 bfdMplsSessPerfLocDefCount, 826 bfdMplsSessPerfRdiInCount, 827 bfdMplsSessPerfRdiOutCount 828 } 829 STATUS current 830 DESCRIPTION 831 "Collection of objects needed to monitor the 832 performance of BFD sessions on MPLS and MPLS-TP 833 paths" 834 ::= { bfdMplsGroups 2 } 836 END 838 7. Security Considerations 839 As BFD session for MPLS path may be tied into the stability of 840 the MPLS network infrastructure, the effects of an attack on a BFD 841 session may be very serious. This ultimately has denial-of-service 842 effects, as links may be declared to be down (or falsely declared to 843 be up.) As such, improper configuration of the objects represented 844 by this MIB may result in denial of service to a large number of end- 845 users. 847 There are a number of management objects defined in this MIB module 848 with a MAX-ACCESS clause of read-write and/or read-create. Such 849 objects may be considered sensitive or vulnerable in some network 850 environments. The support for SET operations in a non-secure 851 environment without proper protection can have a negative effect on 852 network operations. 854 There are a number of management objects defined in this MIB module 855 with a MAX-ACCESS clause of read-write and/or read-create. Such 856 objects may be considered sensitive or vulnerable in some network 857 environments. It is thus important to control even GET and/or NOTIFY 858 access to these objects and possibly to even encrypt the values of 859 these objects when sending them over the network via SNMP. 861 o The bfdMplsSessTable may be used to directly configure BFD 862 sessions for MPLS path. 863 Unauthorized access to objects in this table could result in 864 disruption of traffic on the network. This is especially true if 865 an unauthorized user configures enough tables to invoke a denial 866 of service attack on the device where they are configured, or on 867 a remote device where the sessions terminate. 869 Some of the readable objects in this MIB module (i.e., objects with a 870 MAX-ACCESS other than not-accessible) may be considered sensitive or 871 vulnerable in some network environments. It is thus important to 872 control even GET and/or NOTIFY access to these objects and possibly 873 to even encrypt the values of these objects when sending them over 874 the network via SNMP. These are the tables and objects and their 875 sensitivity/vulnerability: 877 o The bfdSessPerfTable and bfdMplsSessPerfTable both allows access 878 to the performance characteristics of BFD sessions for MPLS 879 paths. Network administrators not wishing to show 880 this information should consider this table sensitive. 882 The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and 883 bfdSessAuthenticationKey objects hold security methods and 884 associated security keys of BFD sessions for MPLS paths. These 885 objects SHOULD be considered highly sensitive objects. In order 886 for these sensitive information from being improperly accessed, 887 implementers MAY wish to disallow read and create access to these 888 objects. 890 SNMP versions prior to SNMPv3 did not include adequate security. 891 Even if the network itself is secure "for example by using IPSec", 892 even then, there is no control as to who on the secure network is 893 allowed to access and GET/SET "read/change/create/delete" the objects 894 in these MIB modules. 896 It is RECOMMENDED that implementers consider the security features as 897 provided by the SNMPv3 framework (see [RFC3410], section 8), 898 including full support for the SNMPv3 cryptographic mechanisms "for 899 authentication and privacy". 901 Further, deployment of SNMP versions prior to SNMPv3 is not 902 recommended. Instead, it is RECOMMENDED to deploy SNMPv3 and to 903 enable cryptographic security. It is then a customer/operator 904 responsibility to ensure that the SNMP entity giving access to an 905 instance of this MIB module, is properly configured to give access to 906 the objects only to those principals "users" that have legitimate 907 rights to indeed GET or SET "change/create/delete" them. 909 8. IANA Considerations 911 The MIB module in this document uses the following IANA-assigned 912 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 914 Descriptor OBJECT IDENTIFIER value 915 ---------- ----------------------- 917 bfdMplsMib { mib-2 XXX } 919 [Editor's Note (to be removed prior to publication): the IANA is 920 requested to assign a value for "XXX" under the 'mib-2' subtree 921 and to record the assignment in the SMI Numbers registry. When 922 the assignment has been made, the RFC Editor is asked to replace 923 "XXX" here and in the MIB module) with the assigned value and 924 to remove this note.] 926 9. References 928 9.1 Normative References 930 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 931 Requirement Levels", BCP 14, RFC 2119, March 1997. 933 [BFD] Katz, D. and D. Ward, "Bidirectional Forwarding 934 Detection (BFD)", RFC 5880, June 2010. 936 [BFD-1HOP] Katz, D. and D. Ward, "Bidirectional Forwarding 937 Detection (BFD) for IPv4 and IPv6 (Single Hop)", 938 RFC 5881, June 2010. 940 [BFD-MH] Katz, D. and D. Ward, "Bidirectional Forwarding 941 Detection (BFD) for Multihop Paths", RFC 5883, 942 June 2010. 944 [BFD-MPLS] Aggarwal, R. et.al., "Bidirectional Forwarding 945 Detection (BFD) for MPLS Label Switched Paths (LSPs)", 946 RFC 5884, June 2010 948 [RFC6428] Allan, D., Swallow, G., Drake, J., "Proactive 949 Connectivity Verification, Continuity Check and Remote 950 Defect indication for MPLS Transport Profile", RFC 951 6428, November 2011. 953 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 954 "Structure of Management Information Version 2 (SMIv2)", 955 STD 58, RFC 2578, April 1999. 957 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 958 "Textual Conventions for SMIv2", STD 58, RFC 2579, April 959 1999. 961 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 962 "Conformance Statements for SMIv2", STD 58, RFC 2580, 963 April 1999. 965 9.2 Informative References 967 [RFC3410] J. Case, R. Mundy, D. pertain, B.Stewart, "Introduction 968 and Applicability Statement for Internet Standard 969 Management Framework", RFC 3410, December 2002. 971 10. Acknowledgments 973 The authors would like to thank Jeffrey Haas, Mukund Mani, 974 Lavanya Srivatsa, Muly Ilan and John Salloway for their valuable 975 comments. 977 11. Authors' Addresses 979 Sam Aldrin 980 Huawei Technologies 981 2330 Central Express Way, 982 Santa Clara, CA 95051, USA 983 Email: aldrin.ietf@gmail.com 985 Venkatesan Mahalingam 986 Dell Inc. 987 350 Holger Way, 988 San Jose, CA 95134, USA 989 Email: venkat.mahalingams@gmail.com 991 Kannan KV Sampath 992 Redeem Software 993 India 994 Email: kannankvs@gmail.com 996 Thomas D. Nadeau 997 Juniper Networks 998 10 Technology Park Drive, Westford, MA 01886 999 Email: tnadeau@juniper.net