idnits 2.17.1 draft-ietf-bfd-mpls-mib-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 02, 2015) is 3058 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group 3 INTERNET-DRAFT Sam Aldrin 4 Intended Status: Standards Track Google, Inc. 5 Expires: June 04, 2016 M.Venkatesan 6 Dell, Inc. 7 Kannan KV Sampath 8 Redeem Software 9 Thomas D. Nadeau 10 Brocade 12 December 02, 2015 14 BFD Management Information Base (MIB) extensions 15 for MPLS and MPLS-TP Networks 16 draft-ietf-bfd-mpls-mib-07 18 Abstract 20 This draft defines a portion of the Management Information Base (MIB) 21 for use with network management protocols in the Internet community. 22 In particular, it extends the BFD Management Information Base and 23 describes the managed objects for modeling Bidirectional Forwarding 24 Detection (BFD) protocol for MPLS and MPLS-TP networks. 26 Status of this Memo 28 This Internet-Draft is submitted to IETF in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF), its areas, and its working groups. Note that 33 other groups may also distribute working documents as Internet- 34 Drafts. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 The list of current Internet-Drafts can be accessed at 42 http://www.ietf.org/ietf/1id-abstracts.txt. 44 The list of Internet-Draft Shadow Directories can be accessed at 45 http://www.ietf.org/shadow.html. 47 This Internet-Draft will expire on June 04, 2016. 49 Copyright Notice 51 Copyright (c) 2015 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. The Internet-Standard Management Framework . . . . . . . . . . 3 68 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3.1 Conventions used in this document . . . . . . . . . . . . . 3 70 3.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 71 4. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 72 5. Brief description of MIB Objects . . . . . . . . . . . . . . . 4 73 5.1. Extensions to the BFD session table (bfdSessTable) . . . . 4 74 5.2. Example of BFD session configuration . . . . . . . . . . . 6 75 5.2.1 Example of BFD Session configuration for MPLS TE 76 tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 6 77 5.2.2 Example of BFD Session configuration for ME of MPLS-TP 78 TE tunnel . . . . . . . . . . . . . . . . . . . . . . . 7 79 5.3. BFD objects for session performance counters . . . . . . . 9 80 6. BFD-EXT-STD-MIB Module Definition . . . . . . . . . . . . . . . 10 81 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 18 82 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 20 83 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 84 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 20 85 9.2 Informative References . . . . . . . . . . . . . . . . . . . 21 86 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 87 11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 22 89 1 Introduction 91 The current MIB for BFD as defined by [RFC7331] is used for neighbor 92 monitoring in IP networks. The BFD session association to the 93 neighbors being monitored is done using the source and destination IP 94 addresses of the neighbors configured using the respective MIB 95 objects. 97 To monitor MPLS/MPLS-TP paths like tunnels or Pseudowires, there is a 98 necessity to identify or associate the BFD session to those paths. 100 This memo defines an portion of the Management Information Base (MIB) 101 for use with network management protocols in the Internet community. 102 In particular, it extends the BFD Management Information Base 103 [RFC7331] and describes the managed objects to configure and/or 104 monitor Bidirectional Forwarding Detection (BFD) protocol for MPLS 105 [RFC5884] and MPLS-TP networks [RFC6428]. 107 2. The Internet-Standard Management Framework 109 For a detailed overview of the documents that describe the current 110 Internet-Standard Management Framework, please refer to section 7 of 111 RFC3410 [RFC3410]. 113 Managed objects are accessed via a virtual information store, termed 114 the Management Information Base or MIB. MIB objects are generally 115 accessed through the Simple Network Management Protocol (SNMP). 116 Objects in the MIB are defined using the mechanisms defined in the 117 Structure of Management Information (SMI). This memo specifies a MIB 118 module that is compliant to the SMIv2, which is described in STD 58, 119 RFC2578, STD 58, RFC2579 and STD58, RFC2580. 121 3. Overview 123 3.1 Conventions used in this document 125 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 126 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 127 "OPTIONAL" in this document are to be interpreted as described in 128 RFC-2119 [RFC2119]. 130 3.2 Terminology 132 This document adopts the definitions, acronyms and mechanisms 133 described in [RFC5880], [RFC5881], [RFC5883], [RFC7130], [RFC5884], 134 and [RFC6428]. Unless otherwise stated, the mechanisms described 135 therein will not be re-described here. 137 4. Acronyms 139 BFD: Bidirectional Forwarding Detection 140 CC: Continuity Check 141 CV: Connectivity Verification 142 IP: Internet Protocol 143 LDP: Label Distribution Protocol 144 LOC: Loss Of Continuity 145 LSP: Label Switching Path 146 LSR: Label Switching Router 147 ME: Maintenance Entity 148 MEG: Maintenance Entity Group 149 MEP: Maintenance Entity End-Point 150 MIP: Maintenance Entity Group Intermediate Point 151 MIB: Management Information Base 152 MPLS: Multi-Protocol Label Switching 153 MPLS-TP: MPLS Transport Profile 154 OAM: Operations, Administration, and Maintenance 155 PW: Pseudo Wire 156 RDI: Remote Defect Indication 157 TE: Traffic Engineering 158 TP: Transport Profile 160 5. Brief description of MIB Objects 162 The objects described in this section support the functionality 163 described in documents [RFC5884] and [RFC6428]. The objects are 164 defined as an extension to the BFD base MIB defined by [RFC7331]. 166 5.1. Extensions to the BFD session table (bfdSessTable) 168 The BFD session table used to identify a BFD session between a pair 169 of nodes, as defined in [RFC7331], is extended with managed objects 170 to achieve the required functionality in MPLS and MPLS-TP networks as 171 described below: 173 1. SessionRole - Active/Passive role specification for the BFD 174 session configured on the node. Either end of a BFD session 175 can be configured as Active/Passive to determine which 176 end starts transmitting the BFD control packets. 178 2. SessionMode - Defines the mode in which BFD 179 session is running, defined as below: 180 i. CC - Indicates Continuity Check and RDI operations. 182 ii. CV - Indicates Continuity Check, Connectivity 183 Verification and RDI operations. 185 3. Timer Negotiation Flag - Provides for timer negotiation 186 to be enabled or disabled. This object can be used to tune 187 the detection of period mis-configuration. 189 4. Map Type - Indicates the type of the path being monitored by 190 the BFD session. 191 This object can take the following values: 193 For BFD session over MPLS based paths: 195 nonTeIpv4 (1) - BFD session configured for Non-TE 196 IPv4 path 197 nonTeIpv6 (2) - BFD session configured for Non-TE 198 IPv6 path 199 teIpv4 (3) - BFD session configured for a TE 200 IPv4 path 201 teIpv6 (4) - BFD session configured for a TE 202 IPv6 path 203 pw (5) - BFD session configured for a pseudowire 205 For MPLS-TP based paths: 207 mep (6) - BFD session configured for an MPLS-TP path 208 (Bidirectional tunnel, PW or Sections) will map to 209 the corresponding maintenance entity. 211 5. Map Pointer 213 A Row Pointer object which can be used to point to the first 214 accessible object in the respective instance of the table entry 215 identifying the path being monitored (mplsXCEntry[RFC3813]/ 216 mplsTunnelEntry[RFC3812]/pwEntry[RFC5601] respectively for 217 LSP/Tunnel/PW). 219 For NON-TE LSP, the map pointer points to the corresponding 220 mplsXCEntry. 222 For TE based tunnel, the map pointer points to the corresponding 223 instance of the mplsTunnelEntry. 225 For PW, this object points to the corresponding instance of 226 pwEntry. 228 For MPLS-TP paths, this object points to the corresponding 229 instance of mplsOamIdMeEntry[MPLS-OAM-ID-STD-MIB] configured to 230 monitor the MPLS-TP path associated with the BFD session. 232 6. Usage of existing object bfdSessType: 234 Additionally existing object "bfdSessType" in the BFD base MIB 235 [RFC7331] can be used with the already defined value 236 multiHopOutOfBandSignaling(3) to specify an OOB (Out of band) 237 mechanism [E.g. LSP Ping] for bootstrapping the BFD session. 239 5.2. Example of BFD session configuration 241 This section provides an example of BFD session configuration 242 for an MPLS and MPLS-TP TE tunnel. This example is only meant 243 to enable an understanding of the proposed extension and does not 244 illustrate every permutation of the MIB. 246 5.2.1 Example of BFD Session configuration for MPLS TE tunnel 248 This section provides an example BFD session configuration 249 for an MPLS TE tunnel. 251 The following denotes the configured tunnel "head" entry: 253 In mplsTunnelTable: 254 { 255 mplsTunnelIndex = 100, 256 mplsTunnelInstance = 1, 257 mplsTunnelIngressLSRId = 192.0.2.1, 258 mplsTunnelEgressLSRId = 192.0.2.3, 259 mplsTunnelName = "Tunnel", 260 ... 261 mplsTunnelSignallingProto = none (1), 262 mplsTunnelSetupPrio = 0, 263 mplsTunnelHoldingPrio = 0, 264 mplsTunnelSessionAttributes = 0, 265 mplsTunnelLocalProtectInUse = false (0), 266 mplsTunnelResourcePointer = mplsTunnelResourceMaxRate.5, 267 mplsTunnelInstancePriority = 1, 268 mplsTunnelHopTableIndex = 1, 269 mplsTunnelIncludeAnyAffinity = 0, 270 mplsTunnelIncludeAllAffinity = 0, 271 mplsTunnelExcludeAnyAffinity = 0, 272 mplsTunnelPathInUse = 1, 273 mplsTunnelRole = head (1), 274 ... 275 mplsTunnelRowStatus = Active 276 } 278 BFD session parameters used to monitor this tunnel should be 279 configured on head-end as follows: 281 In bfdSessTable: 282 BfdSessEntry ::= SEQUENCE { 283 -- BFD session index 284 bfdSessIndex = 2, 285 bfdSessVersionNumber = 1, 286 -- LSP Ping used for OOB bootstrapping 287 bfdSessType = multiHopOutOfBandSignaling, 288 ... 289 bfdSessAdminStatus = start, 290 ... 291 bfdSessDemandModeDesiredFlag = false, 292 bfdSessControlPlaneIndepFlag = false, 293 bfdSessMultipointFlag = false, 294 bfdSessDesiredMinTxInterval = 100000, 295 bfdSessReqMinRxInterval = 100000, 296 ... 297 -- Indicates that the BFD session is to monitor 298 -- an MPLS TE tunnel 299 bfdMplsSessMapType = teIpv4(3), 301 -- OID of the first accessible object (mplsTunnelName) of 302 -- the mplsTunnelEntry identifying the MPLS TE tunnel (being 303 -- monitored using BFD) in the MPLS tunnel table. 304 -- A value of zeroDotzero indicates that no association 305 -- has been made as yet between the BFD session and the path 306 -- being monitored. 307 -- In the above OID example: 308 -- 100 -> Tunnel Index 309 -- 1 -> Tunnel instance 310 -- 3221225985 -> Ingress LSR Id 192.0.2.1 311 -- 3221225987 -> Egress LSR Id 192.0.2.3 312 bfdMplsSessMapPointer 313 = mplsTunnelName.100.1.3221225985.3221225987, 314 bfdSessRowStatus = createAndGo 315 } 317 Similarly, the BFD session would be configured on the tail-end 318 of the tunnel. Creating the above row will trigger 319 the bootstrapping of the session using LSP Ping and its 320 subsequent establishment over the path by de-multiplexing of 321 the control packets using the BFD session discriminators. 323 5.2.2 Example of BFD Session configuration for ME of MPLS-TP TE tunnel 325 This example considers the OAM identifiers configuration on a 326 head-end LSR to manage and monitor a co-routed bidirectional MPLS 327 tunnel. 328 Only relevant objects which are applicable for IP based OAM 329 identifiers of co-routed MPLS tunnel are illustrated here. 331 In mplsOamIdMegTable: 332 { 333 -- MEG index (Index to the table) 334 mplsOamIdMegIndex = 1, 335 mplsOamIdMegName = "MEG1", 336 mplsOamIdMegOperatorType = ipCompatible (1), 337 mplsOamIdMegServiceType = lsp (1), 338 mplsOamIdMegMpLocation = perNode(1), 339 -- Mandatory parameters needed to activate the row go here 340 mplsOamIdMegRowStatus = createAndGo (4) 341 } 343 This will create an entry in the mplsOamIdMegTable to manage and 344 monitor the MPLS tunnel. 346 The following ME table is used to associate the path information 347 to a MEG. 349 In mplsOamIdMeTable: 350 { 351 -- ME index (Index to the table) 352 mplsOamIdMeIndex = 1, 353 -- MP index (Index to the table) 354 mplsOamIdMeMpIndex = 1, 355 mplsOamIdMeName = "ME1", 356 mplsOamIdMeMpIfIndex = 0, 357 -- Source MEP id is derived from the IP compatible MPLS tunnel 358 mplsOamIdMeSourceMepIndex = 0, 359 -- Source MEP id is derived from the IP compatible MPLS tunnel 360 mplsOamIdMeSinkMepIndex = 0, 361 mplsOamIdMeMpType = mep (1), 362 mplsOamIdMeMepDirection = down (2), 363 mplsOamIdMeProactiveOamPhbTCValue = 0, 364 mplsOamIdMeOnDemandOamPhbTCValue = 0, 365 -- RowPointer MUST point to the first accessible column of an 366 -- MPLS tunnel 367 mplsOamIdMeServicePointer = mplsTunnelName.1.1.1.2, 368 -- Mandatory parameters needed to activate the row go here 369 mplsOamIdMeRowStatus = createAndGo (4) 370 } 372 BFD session parameters used to monitor this tunnel should be 373 configured on head-end as follows: 375 In bfdSessTable: 376 BfdSessEntry ::= SEQUENCE { 377 -- BFD session index 378 bfdSessIndex = 2, 379 bfdSessVersionNumber = 1, 380 -- LSP Ping used for OOB bootstrapping 381 bfdSessType = multiHopOutOfBandSignaling, 382 ... 383 bfdSessAdminStatus = start, 384 ... 385 bfdSessDemandModeDesiredFlag = false, 386 bfdSessControlPlaneIndepFlag = false, 387 bfdSessMultipointFlag = false, 388 bfdSessDesiredMinTxInterval = 100000, 389 bfdSessReqMinRxInterval = 100000, 390 ... 391 -- Indicates that the BFD session is to monitor 392 -- a ME of an MPLS-TP TE tunnel 393 bfdMplsSessMapType = mep(6), 395 bfdMplsSessMapPointer 396 = mplsOamIdMeName.1.1.1, 397 bfdSessRowStatus = createAndGo 398 } 400 Similarly, the BFD session would be configured on the tail-end of 401 the tunnel and creating the above row will trigger 402 the bootstrapping of the session using LSP Ping and its subsequent 403 establishment over the path by de-multiplexing of the control 404 packets using the BFD session discriminators. 406 5.3. BFD objects for session performance counters 408 [RFC7331] defines BFD Session Performance Table 409 (bfdSessPerfTable), for collecting per-session BFD performance 410 counters, as an extension to the bfdSessTable. 412 The bfdSessPerfTable is extended with the performance counters 413 to collect Mis-connectivity Defect, Loss of Continuity Defect 414 and RDI (Remote Defect Indication) counters. 416 1. bfdMplsSessPerfMisDefCount - Mis-connectivity defect count 417 for this BFD session. 418 2. bfdMplsSessPerfLocDefCount - Loss of continuity defect count for 419 this BFD session. 420 3. bfdMplsSessPerfRdiInCount - Total number of RDI messages 421 received for this BFD session. 422 4. bfdMplsSessPerfRdiOutCount - Total number of RDI messages sent 423 for this BFD session. 425 6. BFD-EXT-STD-MIB Module Definition 426 BFD-EXT-STD-MIB DEFINITIONS ::= BEGIN 428 IMPORTS 429 MODULE-IDENTITY, OBJECT-TYPE, mib-2, 430 Counter32, zeroDotZero 431 FROM SNMPv2-SMI -- [RFC2578] 433 RowPointer, TruthValue, TEXTUAL-CONVENTION 434 FROM SNMPv2-TC -- [RFC2579] 436 MODULE-COMPLIANCE, OBJECT-GROUP 437 FROM SNMPv2-CONF -- [RFC2580] 439 bfdSessIndex 440 FROM BFD-STD-MIB; -- [RFC7331] 442 bfdMplsMib MODULE-IDENTITY 443 LAST-UPDATED "201504190000Z" -- April 19, 2015 444 ORGANIZATION "IETF Bidirectional Forwarding Detection 445 Working Group" 446 CONTACT-INFO 447 " 448 Sam Aldrin 449 Google, Inc. 450 1600 Amphitheatre Parkway 451 Mountain View, CA 452 USA 453 Email: aldrin.ietf@gmail.com 455 Venkatesan Mahalingam 456 Dell Inc. 457 5450 Great America Parkway, 458 Santa Clara, CA 95054, USA 459 Email: venkat.mahalingams@gmail.com 461 Kannan KV Sampath 462 Redeem Software 463 India 464 Email: kannankvs@gmail.com 466 Thomas D. Nadeau 467 Email: tnadeau@lucidvision.com" 469 DESCRIPTION 470 " Copyright (c) 2015 IETF Trust and the persons identified 471 as the document authors. All rights reserved. 472 This MIB module is an initial version containing objects 473 to provide a proactive mechanism to detect faults using 474 BFD for MPLS and MPLS-TP networks." 475 REVISION "201504190000Z" -- April 19, 2015 476 DESCRIPTION 477 "BFD MIB objects for MPLS paths" 478 -- RFC Ed.: RFC-editor pls fill in XXX 479 ::= { mib-2 XXX } -- XXX to be replaced with correct value 480 -- RFC Ed.: assigned by IANA 482 -- ------------------------------------------------------------ 483 -- groups in the MIB 484 -- ------------------------------------------------------------ 486 bfdMplsObjects OBJECT IDENTIFIER ::= { bfdMplsMib 0 } 487 bfdMplsConformance OBJECT IDENTIFIER ::= { bfdMplsMib 1 } 489 -- ------------------------------------------------------------ 490 -- Textual Conventions 491 -- ------------------------------------------------------------ 493 SessionMapTypeTC ::= TEXTUAL-CONVENTION 494 STATUS current 495 DESCRIPTION 496 "Used to indicate the type of MPLS or MPLS-TP path 497 associated to the session" 498 SYNTAX INTEGER { 499 nonTeIpv4(1), -- mapping into LDP IPv4 500 nonTeIpv6(2), -- mapping into LDP IPv6 501 teIpv4(3), -- mapping into TE IPv4 502 teIpv6(4), -- mapping into TE IPv6 503 pw(5), -- mapping into Pseudowires 504 mep(6) -- mapping into MEPs in MPLS-TP 505 } 507 DefectActionTC ::= TEXTUAL-CONVENTION 508 STATUS current 509 DESCRIPTION 510 "The action to be taken when the mis-connectivity/loss of 511 connectivity defect occurs in the MPLS or MPLS-TP 512 path associated to the session" 513 SYNTAX INTEGER { 514 alarmOnly(1), -- Alarm only 515 alarmAndBlockData(2) -- Alarm and block the data 516 } 518 -- ------------------------------------------------------------------ 519 -- BFD session table extensions for MPLS and MPLS-TP BFD sessions 520 -- ------------------------------------------------------------------ 521 -- bfdMplsSessTable - bfdSessTable Extension 523 bfdMplsSessTable OBJECT-TYPE 524 SYNTAX SEQUENCE OF BfdMplsSessEntry 525 MAX-ACCESS not-accessible 526 STATUS current 527 DESCRIPTION 528 "This table is an extension to the bfdSessTable for 529 configuring BFD sessions for MPLS or MPLS-TP paths." 530 ::= { bfdMplsObjects 1 } 532 bfdMplsSessEntry OBJECT-TYPE 533 SYNTAX BfdMplsSessEntry 534 MAX-ACCESS not-accessible 535 STATUS current 536 DESCRIPTION 537 "A row in this table extends a row in bfdSessTable 538 and note that not all of the objects defined in 539 bfdSessTable are used for MPLS BFD sessions." 540 INDEX { bfdSessIndex } 541 ::= { bfdMplsSessTable 1 } 543 BfdMplsSessEntry ::= SEQUENCE { 544 bfdMplsSessRole INTEGER, 545 bfdMplsSessMode INTEGER, 546 bfdMplsSessTmrNegotiate TruthValue, 547 bfdMplsSessMapType SessionMapTypeTC, 548 bfdMplsSessMapPointer RowPointer, 549 bfdMplsSessMisConnectivityDefectAction DefectActionTC, 550 bfdMplsSessLOCDefect DefectActionTC 551 } 553 bfdMplsSessRole OBJECT-TYPE 554 SYNTAX INTEGER { 555 active(1), 556 passive(2) 557 } 558 MAX-ACCESS read-create 559 STATUS current 560 DESCRIPTION 561 "This object specifies whether the system is playing the 562 active(1) role or the passive(2) role for this 563 BFD session." 564 REFERENCE 565 "Bidirectional Forwarding Detection, RFC 5880, 566 Section 6.1" 567 DEFVAL { active } 568 ::= { bfdMplsSessEntry 1 } 569 bfdMplsSessMode OBJECT-TYPE 570 SYNTAX INTEGER { 571 cc(1), 572 cv(2) 573 } 574 MAX-ACCESS read-create 575 STATUS current 576 DESCRIPTION 577 "This object specifies whether the BFD session is running 578 in Continuity Check(CC) or the Connectivity 579 Verification(CV) mode." 580 REFERENCE 581 "Proactive Connectivity Verification, Continuity Check 582 and Remote Defect Indication for MPLS Transport Profile, 583 RFC 6428." 584 DEFVAL { cc } 585 ::= { bfdMplsSessEntry 2 } 587 bfdMplsSessTmrNegotiate OBJECT-TYPE 588 SYNTAX TruthValue 589 MAX-ACCESS read-create 590 STATUS current 591 DESCRIPTION 592 "This object specifies if timer negotiation is required for 593 the BFD session. When set to false, timer negotiation is 594 disabled." 595 DEFVAL { true } 596 ::= { bfdMplsSessEntry 3 } 598 bfdMplsSessMapType OBJECT-TYPE 599 SYNTAX SessionMapTypeTC 600 MAX-ACCESS read-create 601 STATUS current 602 DESCRIPTION 603 "This object indicates the type of path being monitored 604 by this BFD session entry." 605 DEFVAL { nonTeIpv4 } 606 ::= { bfdMplsSessEntry 4 } 608 bfdMplsSessMapPointer OBJECT-TYPE 609 SYNTAX RowPointer 610 MAX-ACCESS read-create 611 STATUS current 612 DESCRIPTION 613 "If bfdMplsSessMapType is nonTeIpv4(1) or nonTeIpv6(2), 614 then this object MUST contain zeroDotZero or point to 615 an instance of the mplsXCEntry indicating the LDP-based 616 LSP associated with this BFD session. 618 If bfdMplsSessMapType is teIpv4(3) or teIpv6(4), then 619 this object MUST contain zeroDotZero or point to 620 an instance of the mplsTunnelEntry indicating 621 the RSVP-based MPLS TE tunnel associated with this 622 BFD session. 624 If bfdMplsSessMapType is pw(5), then this object MUST 625 contain zeroDotZero or point to an instance of 626 the pwEntry indicating the MPLS Pseudowire associated 627 with this BFD session. 629 If bfdMplsSessMapTpye is mep(6). then this object MUST 630 contain zeroDotZero or point to an instance identifying 631 the mplsOamIdMeEntry configured for monitoring the MPLS-TP 632 path associated with this BFD session. 634 If this object points to a conceptual row instance 635 in a table consistent with bfdMplsSessMapType but this 636 instance does not currently exist then no valid 637 path is associated with this session entry. 639 If this object contains zeroDotZero then no valid path is 640 associated with this BFD session entry till it is 641 populated with a valid pointer consistent with 642 the value of bfdMplsSessMapType as explained above. 644 When the bfdSessRowStatus is active, this object value 645 change would lead to set failure and the bfdSessRowStatus 646 should be in notReady or notInService state in order to 647 change the value of this object. 648 " 649 REFERENCE 650 "1. Multiprotocol Label Switching (MPLS) Traffic 651 Engineering (TE)Management Information Base (MIB), 652 [RFC3812]. 653 2. Multiprotocol Label Switching (MPLS) Label Switching 654 Router (LSR) Management Information Base (MIB), 655 [RFC3813]. 656 3. Pseudowire (PW) Management Information Base (MIB, 657 [RFC5601]. 658 4. MPLS-TP Operations, Administration, and Management 659 (OAM) Identifiers Management Information Base (MIB), ID 660 draft-ietf-mpls-tp-oam-id-mib-04, December 2013." 661 DEFVAL { zeroDotZero } 662 ::= { bfdMplsSessEntry 5 } 664 bfdMplsSessMisConnectivityDefectAction OBJECT-TYPE 665 SYNTAX DefectActionTC 666 MAX-ACCESS read-create 667 STATUS current 668 DESCRIPTION 669 "This object indicates the action to be taken when 670 the mis-connectivity defect is detected on 671 this BFD session." 672 DEFVAL { alarmOnly } 673 ::= { bfdMplsSessEntry 6 } 675 bfdMplsSessLOCDefect OBJECT-TYPE 676 SYNTAX DefectActionTC 677 MAX-ACCESS read-create 678 STATUS current 679 DESCRIPTION 680 "This object indicates the action to be taken when 681 the loss of continuity defect is detected on 682 this BFD session." 683 DEFVAL { alarmOnly } 684 ::= { bfdMplsSessEntry 7 } 686 -- ------------------------------------------------------------------ 687 -- BFD Objects for Session performance 688 -- ----------------------------------------------------------------- 689 -- bfdMplsSessPerfTable - bfdSessPerfTable Extension 691 bfdMplsSessPerfTable OBJECT-TYPE 692 SYNTAX SEQUENCE OF BfdMplsSessPerfEntry 693 MAX-ACCESS not-accessible 694 STATUS current 695 DESCRIPTION 696 "This table is an extension to the bfdSessPerfTable" 697 ::= { bfdMplsObjects 2 } 699 bfdMplsSessPerfEntry OBJECT-TYPE 700 SYNTAX BfdMplsSessPerfEntry 701 MAX-ACCESS not-accessible 702 STATUS current 703 DESCRIPTION 704 "A row in this table extends the bfdSessPerfTable" 705 INDEX { bfdSessIndex } 706 ::= { bfdMplsSessPerfTable 1 } 708 BfdMplsSessPerfEntry ::= SEQUENCE { 709 bfdMplsSessPerfMisDefCount Counter32, 710 bfdMplsSessPerfLocDefCount Counter32, 711 bfdMplsSessPerfRdiInCount Counter32, 712 bfdMplsSessPerfRdiOutCount Counter32 713 } 714 bfdMplsSessPerfMisDefCount OBJECT-TYPE 715 SYNTAX Counter32 716 MAX-ACCESS read-only 717 STATUS current 718 DESCRIPTION 719 "This object gives a count of the mis-connectivity defects 720 detected for the BFD session. For instance, this count 721 will be incremented when the received BFD control packet 722 carries an incorrect globally unique source 723 MEP identifier." 724 ::= { bfdMplsSessPerfEntry 1 } 726 bfdMplsSessPerfLocDefCount OBJECT-TYPE 727 SYNTAX Counter32 728 MAX-ACCESS read-only 729 STATUS current 730 DESCRIPTION 731 "This object gives a count of the Loss of continuity 732 defects detected in MPLS and MPLS-TP paths" 733 ::= { bfdMplsSessPerfEntry 2 } 735 bfdMplsSessPerfRdiInCount OBJECT-TYPE 736 SYNTAX Counter32 737 MAX-ACCESS read-only 738 STATUS current 739 DESCRIPTION 740 "This object gives a count of the Remote Defect 741 Indications received for the BFD session." 742 ::= { bfdMplsSessPerfEntry 3 } 744 bfdMplsSessPerfRdiOutCount OBJECT-TYPE 745 SYNTAX Counter32 746 MAX-ACCESS read-only 747 STATUS current 748 DESCRIPTION 749 "This object gives a count of the Remote Defect 750 Indications sent by the BFD session" 751 ::= { bfdMplsSessPerfEntry 4 } 753 -- Module compliance 755 bfdMplsGroups 756 OBJECT IDENTIFIER ::= { bfdMplsConformance 1 } 758 bfdMplsCompliances 759 OBJECT IDENTIFIER ::= { bfdMplsConformance 2 } 761 -- Compliance requirement for fully compliant implementations. 763 bfdMplsModuleFullCompliance MODULE-COMPLIANCE 764 STATUS current 765 DESCRIPTION 766 "Compliance statement for agents that provide full 767 support for the BFD-EXT-STD-MIB module. " 769 MODULE -- This module. 771 MANDATORY-GROUPS { 772 bfdSessionExtGroup, 773 bfdSessionExtPerfGroup 774 } 775 ::= { bfdMplsCompliances 1 } 777 -- Compliance requirement for read-only implementations. 779 bfdMplsModuleReadOnlyCompliance MODULE-COMPLIANCE 780 STATUS current 781 DESCRIPTION 782 "Compliance requirement for implementations that only 783 provide read-only support for BFD-EXT-STD-MIB. Such devices 784 can then be monitored but cannot be configured using 785 this MIB module." 787 MODULE -- This module. 789 MANDATORY-GROUPS { 790 bfdSessionExtGroup, 791 bfdSessionExtPerfGroup 792 } 794 OBJECT bfdMplsSessRole 795 MIN-ACCESS read-only 796 DESCRIPTION "Write access is not required." 798 OBJECT bfdMplsSessMode 799 MIN-ACCESS read-only 800 DESCRIPTION "Write access is not required." 802 OBJECT bfdMplsSessTmrNegotiate 803 MIN-ACCESS read-only 804 DESCRIPTION "Write access is not required." 806 OBJECT bfdMplsSessMapType 807 MIN-ACCESS read-only 808 DESCRIPTION "Write access is not required." 810 OBJECT bfdMplsSessMapPointer 811 MIN-ACCESS read-only 812 DESCRIPTION "Write access is not required." 814 ::= { bfdMplsCompliances 2 } 816 -- Units of conformance. 818 bfdSessionExtGroup OBJECT-GROUP 819 OBJECTS { 820 bfdMplsSessRole, 821 bfdMplsSessMode, 822 bfdMplsSessTmrNegotiate, 823 bfdMplsSessMapType, 824 bfdMplsSessMapPointer, 825 bfdMplsSessMisConnectivityDefectAction, 826 bfdMplsSessLOCDefect 827 } 828 STATUS current 829 DESCRIPTION 830 "Collection of objects needed for BFD monitoring for 831 MPLS and MPLS-TP paths" 832 ::= { bfdMplsGroups 1 } 834 bfdSessionExtPerfGroup OBJECT-GROUP 835 OBJECTS { 836 bfdMplsSessPerfMisDefCount, 837 bfdMplsSessPerfLocDefCount, 838 bfdMplsSessPerfRdiInCount, 839 bfdMplsSessPerfRdiOutCount 840 } 841 STATUS current 842 DESCRIPTION 843 "Collection of objects needed to monitor the 844 performance of BFD sessions on MPLS and MPLS-TP 845 paths" 846 ::= { bfdMplsGroups 2 } 848 END 850 7. Security Considerations 852 As BFD session for MPLS path may be tied into the stability of 853 the MPLS network infrastructure, the effects of an attack on a BFD 854 session may be very serious. This ultimately has denial-of-service 855 effects, as links may be declared to be down (or falsely declared to 856 be up.) As such, improper configuration of the objects represented 857 by this MIB may result in denial of service to a large number of end- 858 users. 860 There are a number of management objects defined in this MIB module 861 with a MAX-ACCESS clause of read-write and/or read-create. Such 862 objects may be considered sensitive or vulnerable in some network 863 environments. The support for SET operations in a non-secure 864 environment without proper protection can have a negative effect on 865 network operations. 867 There are a number of management objects defined in this MIB module 868 with a MAX-ACCESS clause of read-write and/or read-create. Such 869 objects may be considered sensitive or vulnerable in some network 870 environments. It is thus important to control even GET and/or NOTIFY 871 access to these objects and possibly to even encrypt the values of 872 these objects when sending them over the network via SNMP. 874 o The bfdMplsSessTable may be used to directly configure BFD 875 sessions for MPLS path. 876 Unauthorized access to objects in this table could result in 877 disruption of traffic on the network. This is especially true if 878 an unauthorized user configures enough tables to invoke a denial 879 of service attack on the device where they are configured, or on 880 a remote device where the sessions terminate. 882 Some of the readable objects in this MIB module (i.e., objects with a 883 MAX-ACCESS other than not-accessible) may be considered sensitive or 884 vulnerable in some network environments. It is thus important to 885 control even GET and/or NOTIFY access to these objects and possibly 886 to even encrypt the values of these objects when sending them over 887 the network via SNMP. These are the tables and objects and their 888 sensitivity/vulnerability: 890 o The bfdSessPerfTable and bfdMplsSessPerfTable both allows access 891 to the performance characteristics of BFD sessions for MPLS 892 paths. Network administrators not wishing to show 893 this information should consider this table sensitive. 895 The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and 896 bfdSessAuthenticationKey objects hold security methods and 897 associated security keys of BFD sessions for MPLS paths. These 898 objects SHOULD be considered highly sensitive objects. In order 899 for these sensitive information from being improperly accessed, 900 implementers MAY wish to disallow read and create access to these 901 objects. 903 SNMP versions prior to SNMPv3 did not include adequate security. Even 904 if the network itself is secure (for example by using IPsec), there 905 is no control as to who on the secure network is allowed to access 906 and GET/SET (read/change/create/delete) the objects in this MIB 907 module. 909 Implementations SHOULD provide the security features described by the 910 SNMPv3 framework (see [RFC3410]), and implementations claiming 911 compliance to the SNMPv3 standard MUST include full support for 912 authentication and privacy via the User-based Security Model (USM) 913 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 914 MAY also provide support for the Transport Security Model (TSM) 915 [RFC5591] in combination with a secure transport such as SSH 916 [RFC5592] or TLS/DTLS [RFC6353]. 918 Further, deployment of SNMP versions prior to SNMPv3 is NOT 919 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 920 enable cryptographic security. It is then a customer/operator 921 responsibility to ensure that the SNMP entity giving access to an 922 instance of this MIB module is properly configured to give access to 923 the objects only to those principals (users) that have legitimate 924 rights to indeed GET or SET (change/create/delete) them. 926 8. IANA Considerations 928 The MIB module in this document uses the following IANA-assigned 929 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 931 Descriptor OBJECT IDENTIFIER value 932 ---------- ----------------------- 934 bfdMplsMib { mib-2 XXX } 936 [Editor's Note (to be removed prior to publication): the IANA is 937 requested to assign a value for "XXX" under the 'mib-2' subtree 938 and to record the assignment in the SMI Numbers registry. When 939 the assignment has been made, the RFC Editor is asked to replace 940 "XXX" here and in the MIB module) with the assigned value and 941 to remove this note.] 943 9. References 945 9.1 Normative References 947 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 948 Requirement Levels", BCP 14, RFC 2119, March 1997. 950 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 951 "Structure of Management Information Version 2 (SMIv2)", 952 STD 58, RFC 2578, April 1999. 954 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 955 "Textual Conventions for SMIv2", STD 58, RFC 2579, April 956 1999. 958 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 959 "Conformance Statements for SMIv2", STD 58, RFC 2580, 960 April 1999. 962 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding 963 Detection (BFD)", RFC 5880, June 2010. 965 [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding 966 Detection (BFD) for IPv4 and IPv6 (Single Hop)", 967 RFC 5881, June 2010. 969 [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding 970 Detection (BFD) for Multihop Paths", RFC 5883, 971 June 2010 973 [RFC5884] Aggarwal, R. et.al., "Bidirectional Forwarding 974 Detection (BFD) for MPLS Label Switched Paths (LSPs)", 975 RFC 5884, June 2010 977 [RFC6428] Allan, D., Swallow, G., Drake, J., "Proactive 978 Connectivity Verification, Continuity Check and Remote 979 Defect indication for MPLS Transport Profile", RFC 980 6428, November 2011. 982 9.2 Informative References 984 [RFC3410] J. Case, R. Mundy, D. pertain, B.Stewart, "Introduction 985 and Applicability Statement for Internet Standard 986 Management Framework", RFC 3410, December 2002. 988 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security 989 Model(USM) for version 3 of the Simple Network 990 Management Protocol (SNMPv3)", STD 62, RFC 3414, 991 December 2002. 993 [RFC3812] Srinivasan, C., Viswanathan, A., and T. Nadeau, 994 "Multiprotocol Label Switching (MPLS) Traffic Engineering 995 (TE) Management Information Base (MIB)", RFC 3812, June 996 2004. 998 [RFC3813] Srinivasan, C., Viswanathan, A., and T. Nadeau, 999 "Multiprotocol Label Switching (MPLS) Label Switching 1000 (LSR) Router Management Information Base (MIB)", 1001 RFC 3813, June 2004. 1003 [RFC3826] Blumenthal, U., F. Maino and K. McCloghrie, "The 1004 Advanced Encryption Standard (AES) Cipher Algorithm in 1005 the SNMP User-based Security Model", RFC 3826, June 1006 2004. 1008 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security 1009 Model for the Simple Network Management Protocol 1010 (SNMP)",RFC 5591, June 2009. 1012 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 1013 Shell Transport Model for the Simple Network Management 1014 Protocol (SNMP)", RFC 5592, June 2009. 1016 [RFC5601] T. Nadeau, Ed., D. Zelig, Ed., "Pseudowire (PW) 1017 Management Information Base (MIB)", RFC 5601, 1018 July 2009. 1020 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 1021 Model for the Simple Network Management Protocol 1022 (SNMP)", STD 78, RFC 6353, July 2011. 1024 [RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and 1025 J. Haas, "Bidirectional Forwarding Detection (BFD) on 1026 Link Aggregation Group (LAG) Interfaces", RFC 7130, 1027 February 2014. 1029 [RFC7331] T. Nadeau, Z. Ali, N. Akiya "BFD Management 1030 Information Base", RFC 7331, August 2014. 1032 [MPLS-OAM-ID-STD-MIB] Sam Aldrin, M.Venkatesan, Kannan KV Sampath, 1033 Thomas D. Nadeau, Sami Boutros, Ping Pan, 1034 "MPLS-TP Operations, Administration, and 1035 Management (OAM) Identifiers Management 1036 Information Base (MIB)", ID 1037 draft-ietf-mpls-tp-oam-id-mib-11, 1038 September 2015. 1040 10. Acknowledgments 1042 The authors would like to thank Jeffrey Haas, Mukund Mani, 1043 Lavanya Srivatsa, Muly Ilan and John Salloway for their valuable 1044 comments. 1046 11. Authors' Addresses 1047 Sam Aldrin 1048 Google, Inc. 1049 600 Amphitheatre Parkway 1050 Mountain View, CA 1051 USA 1052 Email: aldrin.ietf@gmail.com 1054 Venkatesan Mahalingam 1055 Dell Inc. 1056 5450 Great America Parkway, 1057 Santa Clara, CA 95054, USA 1058 Email: venkat.mahalingams@gmail.com 1060 Kannan KV Sampath 1061 Redeem Software 1062 India 1063 Email: kannankvs@gmail.com 1065 Thomas D. Nadeau 1066 Brocade 1067 Email: tnadeau@lucidvision.com