idnits 2.17.1 draft-ietf-rtgwg-ipfrr-ip-mib-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 18. -- Found old boilerplate from RFC 3978, Section 5.5 on line 779. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 756. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 763. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 769. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([IPFRR]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 664: '... It is RECOMMENDED that implementers...' RFC 2119 keyword, line 670: '... RECOMMENDED. Instead, it is RECOMM...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 351 has weird spacing: '...terface throu...' == Line 633 has weird spacing: '... entire colle...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2006) is 6645 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'IPFRR' is mentioned on line 47, but not defined == Missing Reference: 'RFC3291' is mentioned on line 158, but not defined ** Obsolete undefined reference: RFC 3291 (Obsoleted by RFC 4001) == Missing Reference: 'RFC2863' is mentioned on line 160, but not defined == Missing Reference: 'RFC2011' is mentioned on line 162, but not defined ** Obsolete undefined reference: RFC 2011 (Obsoleted by RFC 4293) == Unused Reference: 'I-D.ietf-ipv6-rfc2096-update' is defined on line 679, but no explicit reference was found in the text == Outdated reference: A later version (-13) exists of draft-ietf-rtgwg-ipfrr-framework-05 ** Downref: Normative reference to an Informational draft: draft-ietf-rtgwg-ipfrr-framework (ref. 'I-D.ietf-rtgwg-ipfrr-framework') == Outdated reference: A later version (-12) exists of draft-ietf-rtgwg-ipfrr-spec-base-05 -- Possible downref: Normative reference to a draft: ref. 'IPFRR-UTURN' ** Obsolete normative reference: RFC 3036 (Obsoleted by RFC 5036) ** Downref: Normative reference to an Informational RFC: RFC 3410 Summary: 12 errors (**), 0 flaws (~~), 11 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Atlas, Ed. 3 Internet-Draft Google, Inc. 4 Expires: August 5, 2006 B. Anderson 5 Avici Systems, Inc. 6 D. Fedyk 7 Nortel Networks 8 February 2006 10 IP MIB for IP Fast-Reroute 11 draft-ietf-rtgwg-ipfrr-ip-mib-01 13 Status of this Memo 15 By submitting this Internet-Draft, each author represents that any 16 applicable patent or other IPR claims of which he or she is aware 17 have been or will be disclosed, and any of which he or she becomes 18 aware will be disclosed, in accordance with Section 6 of BCP 79. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet-Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt. 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 This Internet-Draft will expire on August 5, 2006. 38 Copyright Notice 40 Copyright (C) The Internet Society (2006). 42 Abstract 44 This draft defines a portion of the Management Information Base (MIB) 45 for use with network management protocols in the Internet community. 46 In particular, it describes managed objects relevant for IP routes 47 using IP Fast-Reroute [IPFRR]. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 1.1. The SNMP Management Framework . . . . . . . . . . . . . . 3 53 2. Brief Description of MIB Objects . . . . . . . . . . . . . . . 4 54 2.1. ipFrrProtectStats Group . . . . . . . . . . . . . . . . . 4 55 2.2. ipFrrAltTable . . . . . . . . . . . . . . . . . . . . . . 4 56 2.3. ipFrrNoAltTable . . . . . . . . . . . . . . . . . . . . . 4 57 3. IP Fast-Reroute MIB Module Definitions . . . . . . . . . . . . 5 58 4. Security Considerations . . . . . . . . . . . . . . . . . . . 16 59 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 60 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 61 Intellectual Property and Copyright Statements . . . . . . . . . . 19 63 1. Introduction 65 This document defines a portion of the Management Information Base 66 (MIB) for use with network management protocols in the Internet 67 community. In particular, it defines the managed objects used for IP 68 routes and interfaces in relation to IP Fast-Reroute. This document 69 uses terminology from [I-D.ietf-rtgwg-ipfrr-framework], [I-D.ietf- 70 rtgwg-ipfrr-spec-base] and [IPFRR-UTURN]. 72 Current work is underway to define mechanisms for determining 73 alternate paths for traffic to use when the original path becomes 74 unavailable due to a local failure. The alternate next-hops can be 75 computed in the context of any IGP. 77 There are certain configuration attributes for IP Fast-Reroute that 78 should be configured to enable IP Fast Reroute in the context of the 79 IGP. These configuration attributes of IP Fast-Reroute are not 80 covered by this MIB module. Examples include whether IP Fast-Reroute 81 is enabled on a network region (i.e. an OSPF area or IS-IS level) and 82 the desired local hold-down timer[I-D.ietf-rtgwg-ipfrr-spec-base], 83 whose proper value is dependent upon the size of the network region. 85 It is possible for traffic other than IP to depend upon and use the 86 alternate next-hops computed by IP Fast-Reroute. An example would be 87 MPLS traffic whose path is configured via LDP[RFC3036]. The 88 additional details (for example, outgoing MPLS label) pertaining to 89 alternate next-hops that are required by such traffic are not covered 90 by this MIB module. 92 An IP route may be reachable via multiple primary next-hops which 93 provide equal-cost paths. Where IP Fast-Reroute is enabled, each 94 primary next-hop will be protected by one or more alternate next- 95 hops. Such an alternate next-hop may itself be a primary next-hop. 97 1.1. The SNMP Management Framework 99 For a detailed overview of the documents that describe the current 100 Internet-Standard Management Framework, please refer to section 7 of 101 RFC 3410 [RFC3410]. 103 Managed objects are accessed via a virtual information store, termed 104 the Management Information Base or MIB. MIB objects are generally 105 accessed through the Simple Network Management Protocol (SNMP). 106 Objects in the MIB are defined using the mechanisms defined in the 107 Structure of Management Information (SMI). This memo specifies a MIB 108 module that is compliant to the SMIv2, which is described in STD 58, 109 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 110 [RFC2580]. 112 2. Brief Description of MIB Objects 114 This MIB module consists of five global objects, organized into the 115 ipFrrProtectStats group, and two tables. 117 2.1. ipFrrProtectStats Group 119 The global objects in this group provide summary information related 120 to protection for all IP routes. The information available includes 121 counts of all routes, of all protected routes, of all unprotected 122 routes, of all routes which are protected against a link failure, and 123 of all routes which are protected against a node failure. 125 2.2. ipFrrAltTable 127 The ipFrrAltTable extends the inetCidrRouteTable[I-D.ietf-ipv6- 128 rfc2096-update] to provide information about each alternate next-hop 129 associated with a primary next-hop used by a route. Statically 130 configured alternate next-hops associated with primary next-hops can 131 be created. 133 2.3. ipFrrNoAltTable 135 The ipFrrNoAltTable extends the inetCidrRouteTable[I-D.ietf-ipv6- 136 rfc2096-update] to provide information about the routes which do not 137 have an alternate next-hop associated with any of the route's primary 138 next-hop. The entry provides an explanation for the lack of 139 protection. 141 3. IP Fast-Reroute MIB Module Definitions 143 IPFRR-MIB DEFINITIONS ::= BEGIN 145 IMPORTS 146 MODULE-IDENTITY, 147 OBJECT-TYPE, 148 Gauge32, 149 Integer32 FROM SNMPv2-SMI -- [RFC2578] 151 RowStatus 152 FROM SNMPv2-TC -- [RFC2579] 154 MODULE-COMPLIANCE, 155 OBJECT-GROUP FROM SNMPv2-CONF -- [RFC2580] 157 InetAddressType, 158 InetAddress FROM INET-ADDRESS-MIB -- [RFC3291] 160 InterfaceIndex FROM IF-MIB -- [RFC2863] 162 ip FROM IP-MIB -- [RFC2011] 164 inetCidrRouteDestType, 165 inetCidrRouteDest, 166 inetCidrRoutePfxLen, 167 inetCidrRoutePolicy, 168 inetCidrRouteNextHopType, 169 inetCidrRouteNextHop FROM IP-FORWARD-MIB 170 -- [draft-ietf-ipv6-rfc2096-update-07] 171 ; 173 ipFrrMIB MODULE-IDENTITY 174 LAST-UPDATED "200502181200Z" -- June 10, 2005 175 ORGANIZATION "draft-ietf-ipfrr-ip-mib-00.txt" 176 CONTACT-INFO 177 " Bill Anderson 178 Avici Systems, Inc. 179 EMail: wanderson@avici.com 181 Alia Atlas 182 Avici Systems, Inc. 183 Email: aatlas@avici.com 185 Don Fedyk 186 Nortel Networks 187 Email: dwfedyk@nortel.com 189 " 190 DESCRIPTION 191 "IP MIB module for management of IP Fast-Reroute. 193 Copyright (C) The Internet Society (date). 194 This version of this MIB module is part of 195 draft-ietf-rtgwg-ipfrr-ip-mib-00.txt" 197 REVISION "200502181200Z" -- February 18, 2005 198 DESCRIPTION 199 "Add Set operations on ipFrrAltTable" 200 REVISION "200502131200Z" -- February 13, 2005 201 DESCRIPTION 202 "Initial version." 203 ::= { ip 999 } -- To be assigned by IANA 204 -- RFC Ed.: replace 999 with actual RFC number 205 -- & remove this note 207 -- Top level components of this MIB module. 209 ipFrrMIBObjects OBJECT IDENTIFIER ::= { ipFrrMIB 1 } 211 ipFrrProtectStats OBJECT IDENTIFIER ::= { ipFrrMIBObjects 1 } 213 -- the IP FRR MIB-Group 215 -- A collection of objects providing summarized information 216 -- about the protection availability and type of alternate paths 217 -- provided by IP Fast-Reroute mechanisms. 219 ipFrrTotalRoutes OBJECT-TYPE 220 SYNTAX Gauge32 221 MAX-ACCESS read-only 222 STATUS current 223 DESCRIPTION 224 "The number of valid routes known by this entity." 225 ::= { ipFrrProtectStats 1 } 227 ipFrrUnprotectedRoutes OBJECT-TYPE 228 SYNTAX Gauge32 229 MAX-ACCESS read-only 230 STATUS current 231 DESCRIPTION 232 "The number of valid routes known by this entity 233 which do not have an alternate next-hop associated 234 with any primary next-hop." 235 ::= { ipFrrProtectStats 2 } 237 ipFrrProtectedRoutes OBJECT-TYPE 238 SYNTAX Gauge32 239 MAX-ACCESS read-only 240 STATUS current 241 DESCRIPTION 242 "The number of routes known by this entity 243 which have at least one alternate next-hop." 244 ::= { ipFrrProtectStats 3 } 246 ipFrrLinkProtectedRoutes OBJECT-TYPE 247 SYNTAX Gauge32 248 MAX-ACCESS read-only 249 STATUS current 250 DESCRIPTION 251 "The number of routes known by this entity 252 for which all alternate next-hops provide link 253 protection for their associated primary next-hops." 254 ::= { ipFrrProtectStats 4 } 256 ipFrrNodeProtectedRoutes OBJECT-TYPE 257 SYNTAX Gauge32 258 MAX-ACCESS read-only 259 STATUS current 260 DESCRIPTION 261 "The number of routes known by this entity 262 for which all alternate next-hops provide node 263 protection for their associated primary next-hops." 264 ::= { ipFrrProtectStats 5 } 266 -- the IP FRR Alternate MIB-Group 267 -- 268 -- The ipFrrAltTable extends the inetCidrRouteTable to indicate 269 -- the alternate next-hop(s) associated with each primary 270 -- next-hop. The additional indices (ipFrrAltNextHopType and 271 -- ipFrrAltNextHop ) allow for multiple alternate paths for a 272 -- given primary next-hop. 274 ipFrrAltTable OBJECT-TYPE 275 SYNTAX SEQUENCE OF IpFrrAltEntry 276 MAX-ACCESS not-accessible 277 STATUS current 278 DESCRIPTION 279 "This entity's IP Fast Reroute Alternates table." 280 ::= { ipFrrMIBObjects 2 } 282 ipFrrAltEntry OBJECT-TYPE 283 SYNTAX IpFrrAltEntry 284 MAX-ACCESS not-accessible 285 STATUS current 286 DESCRIPTION 287 "An entry containing information on a particular route, 288 one of its particular (primary) next-hops and one of 289 the associated alternate next-hops. 291 Implementers need to be aware that if the total 292 number of elements (octets or sub-identifiers) in 293 inetCidrRouteDest, inetCidrRoutePolicy, 294 inetCidrRouteNextHop, and ipFrrAltNextHop exceeds 107 295 then OIDs of column instances in this table will have 296 more than 128 sub-identifiers and cannot be accessed 297 using SNMPv1, SNMPv2c, or SNMPv3." 299 INDEX { inetCidrRouteDestType, 300 inetCidrRouteDest, 301 inetCidrRoutePfxLen, 302 inetCidrRoutePolicy, 303 inetCidrRouteNextHopType, 304 inetCidrRouteNextHop, 305 ipFrrAltNextHopType, 306 ipFrrAltNextHop 307 } 308 ::= { ipFrrAltTable 1 } 310 IpFrrAltEntry ::= SEQUENCE { 311 ipFrrAltNextHopType InetAddressType, 312 ipFrrAltNextHop InetAddress, 313 ipFrrAltIfIndex InterfaceIndex, 314 ipFrrAltType INTEGER, 315 ipFrrAltProtectionAvailable BITS, 316 ipFrrAltMetric1 Integer32, 317 ipFrrAltStatus RowStatus 318 } 320 ipFrrAltNextHopType OBJECT-TYPE 321 SYNTAX InetAddressType 322 MAX-ACCESS not-accessible 323 STATUS current 324 DESCRIPTION 325 "The type of the ipFrrNextHop address, as defined 326 in the InetAddress MIB. 328 Only those address types that may appear in an actual 329 routing table are allowed as values of this object." 330 REFERENCE "RFC 3291" 331 ::= { ipFrrAltEntry 1 } 333 ipFrrAltNextHop OBJECT-TYPE 334 SYNTAX InetAddress 335 MAX-ACCESS not-accessible 336 STATUS current 337 DESCRIPTION 338 "The address of the next system along the alternate 339 route. 341 The type of this address is determined by the value 342 of the ipFrrAltNextHopType." 343 ::= { ipFrrAltEntry 2 } 345 ipFrrAltIfIndex OBJECT-TYPE 346 SYNTAX InterfaceIndex 347 MAX-ACCESS read-create 348 STATUS current 349 DESCRIPTION 350 "The ifIndex value which identifies the local 351 interface through which the next hop of this 352 alternate route should be reached." 353 ::= { ipFrrAltEntry 3 } 355 ipFrrAltType OBJECT-TYPE 356 SYNTAX INTEGER { 357 other (1), -- type not defined 358 equalCost (2), -- primary path 359 loopFree (3), -- loop free alternate 360 uTurn (4) -- u-turn alternate 361 } 362 MAX-ACCESS read-create 363 STATUS current 364 DESCRIPTION 365 "The type of alternate which is provided by the 366 alternate next-hop. The supported types are as 367 follows: 369 equalCost : The alternate next-hop is another 370 primary next-hop. 372 loopFree : The shortest route to the destination 373 IP address from the alternate next-hop 374 does not traverse this system. See 375 draft-ietf-rtgwg-ipfrr-spec-base-04. 377 uTurn : The alternate next system, which is 378 indicated by the alternate next-hop, has 379 itself a primary path that traverses this 380 system but also has an alternate next-hop 381 for this route that does not traverse this 382 system. See 383 draft-atlas-ip-local-protect-uturn-02. 385 other : The mechanism by which the alternate next-hop 386 can be used is not specified." 387 ::= { ipFrrAltEntry 4 } 389 ipFrrAltProtectionAvailable OBJECT-TYPE 390 SYNTAX BITS { 391 nodeProtect(0), 392 linkProtect(1), 393 unknownProtection(2) 394 } 395 MAX-ACCESS read-create 396 STATUS current 397 DESCRIPTION 398 "This object specifies the scope of protection for 399 which this alternate next-hop can provide failure 400 protection. The alternate next-hop should provide 401 one or more of node-protection and link-protection. 402 If the protection provided by the alternate next-hop 403 is unknown, then only unknownProtection should be 404 specified. Specifying uknownProtection with any 405 other type of protection is not supported. " 406 ::= { ipFrrAltEntry 5 } 408 ipFrrAltMetric1 OBJECT-TYPE 409 SYNTAX Integer32 410 MAX-ACCESS read-create 411 STATUS current 412 DESCRIPTION 413 "This is the primary routing metric for this 414 alternate path to the destination IP address. 415 If the alternate path metric is unknown, the value 416 should be set to -1." 417 ::= { ipFrrAltEntry 6 } 419 ipFrrAltStatus OBJECT-TYPE 420 SYNTAX RowStatus 421 MAX-ACCESS read-create 422 STATUS current 423 DESCRIPTION 424 "The row status variable, used according to 425 row installation and removal conventions." 426 ::= { ipFrrAltEntry 7 } 428 -- the IP FRR No Alternate MIB-Group 429 -- 430 -- The ipFrrNoAltTable extends the inetCidrRouteTable 431 -- to indicate which routes are unprotected and the reason 432 -- why. The indices do not include the primary next-hop because 433 -- the lack of protection is for the route. This allows easy 434 -- access to the set of unprotected routes that would be 435 -- affected by a local failure of their primary next-hop. 437 ipFrrNoAltTable OBJECT-TYPE 438 SYNTAX SEQUENCE OF IpFrrNoAltEntry 439 MAX-ACCESS not-accessible 440 STATUS current 441 DESCRIPTION 442 "This entity's IP Fast Reroute Unprotected Routes 443 table." 444 ::= { ipFrrMIBObjects 3 } 446 ipFrrNoAltEntry OBJECT-TYPE 447 SYNTAX IpFrrNoAltEntry 448 MAX-ACCESS not-accessible 449 STATUS current 450 DESCRIPTION 451 "An entry containing the reason why a route does not 452 have an alternate next-hop. The existence of an 453 entry for a route indicates that there is no 454 alternate next-hop." 455 INDEX { inetCidrRouteDestType, 456 inetCidrRouteDest, 457 inetCidrRoutePfxLen 458 } 459 ::= { ipFrrNoAltTable 1 } 461 IpFrrNoAltEntry ::= SEQUENCE { 462 ipFrrNoAltCause INTEGER 463 } 465 ipFrrNoAltCause OBJECT-TYPE 466 SYNTAX INTEGER { 467 ipFrrUnavailable (1), -- No valid alternate(s) 468 localAddress (2), -- local/internal address 469 ipFrrDisabled (3), -- Protection not enabled 470 ipFrrUturnDisabled (4), -- Protection not enabled 471 other (5) -- unknown or other cause 472 } 473 MAX-ACCESS read-only 474 STATUS current 475 DESCRIPTION 476 "For valid routes without an alternate next-hop, this 477 object enumerates the reason why no protection is 478 available. The possibilities are as follows. 480 ipFrrUnavailable : The supported IP Fast-Reroute 481 mechanisms could not find a safe 482 alternate next-hop. 484 localAddress : The route represents a local address. 485 This system is the destination so no 486 alternate path is possible or necessary. 488 ipFrrDisabled : Finding of alternate next-hops is 489 operationally disabled. 491 ipFrrUturnDisabled : Finding of u-turn alternate 492 next-hops is operationally disabled. No 493 loop-free alternate could be found. See 494 draft-atlas-ip-local-protect-uturn-02 496 other : The reason is unknown or different from those 497 specifically enumerated possible causes." 498 ::= { ipFrrNoAltEntry 1 } 500 -- conformance information 502 ipFrrMIBConformance 503 OBJECT IDENTIFIER ::= { ipFrrMIB 2 } 505 ipFrrMIBCompliances 506 OBJECT IDENTIFIER ::= { ipFrrMIBConformance 1 } 508 ipFrrMIBGroups 509 OBJECT IDENTIFIER ::= { ipFrrMIBConformance 2 } 511 -- compliance statements 513 ipFrrMIBCompliance MODULE-COMPLIANCE 514 STATUS deprecated 515 DESCRIPTION 516 "Minimum requirements to state conformity 517 to this MIB. Supporting only IP v4 addresses 518 This is deprecated in favor of 519 ipFrrMIBInetCompliance 521 There are a number of INDEX objects that cannot be 522 represented in the form of OBJECT clauses in SMIv2, 523 but for which there are compliance requirements, 524 expressed in OBJECT clause form in this description: 526 OBJECT inetCidrRouteDestType 527 SYNTAX InetAddressType { ipv4(1), ipv4z(3) } 528 MIN-ACCESS read-only 529 DESCRIPTION 530 A (deprecated) complying implementation at this 531 level is required to support IPv4 addresses only. 532 This compliance level is defined so an 533 implementation only needs to support the addresses 534 it actually supports on the device. 536 OBJECT inetCidrRouteNextHopType 537 SYNTAX InetAddressType { ipv4(1), ipv4z(3) } 538 MIN-ACCESS read-only 539 DESCRIPTION 540 A (deprecated) complying implementation at this 541 level is required to support IPv4 addresses only. 542 This compliance level is defined so an 543 implementation only needs to support the addresses 544 it actually supports on the device. 546 OBJECT ipFrrAltNextHopType 547 SYNTAX InetAddressType { ipv4(1), ipv4z(3) } 548 MIN-ACCESS read-only 549 DESCRIPTION 550 A (deprecated) complying implementation at this 551 level is required to support IPv4 addresses only. 552 This compliance level is defined so an 553 implementation only needs to support the 554 addresses it actually supports on the device. 555 " 556 MODULE -- this module 557 MANDATORY-GROUPS { ipFrrBasicGroup } 559 ::= { ipFrrMIBCompliances 1 } 561 ipFrrMIBInetCompliance MODULE-COMPLIANCE 562 STATUS current 563 DESCRIPTION 564 "Full conformity to this MIB." 565 MODULE -- this module 566 MANDATORY-GROUPS { ipFrrBasicGroup } 568 OBJECT ipFrrAltStatus 569 SYNTAX INTEGER { active(1) } 570 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 571 DESCRIPTION 572 "Support for createAndWait and notInService is not 573 required." 575 ::= { ipFrrMIBCompliances 2 } 577 ipFrrReadOnlyCompliance MODULE-COMPLIANCE 578 STATUS current 579 DESCRIPTION 581 "When this MIB is implemented without support for 582 read-create (i.e. in read-only mode), then that 583 implementation can claim read-only compliance. In that 584 case, ipFrrAlt group can be monitored but cannot be 585 configured with this MIB." 587 MODULE 588 MANDATORY-GROUPS { ipFrrBasicGroup } 590 OBJECT ipFrrAltIfIndex 591 MIN-ACCESS read-only 592 DESCRIPTION 593 "Write access is not required." 595 OBJECT ipFrrAltType 596 MIN-ACCESS read-only 597 DESCRIPTION 598 "Write access is not required." 600 OBJECT ipFrrAltProtectionAvailable 601 MIN-ACCESS read-only 602 DESCRIPTION 603 "Write access is not required." 605 OBJECT ipFrrAltMetric1 606 MIN-ACCESS read-only 607 DESCRIPTION 608 "Write access is not required." 610 OBJECT ipFrrAltStatus 611 MIN-ACCESS read-only 612 DESCRIPTION 613 "Write access is not required." 615 ::= { ipFrrMIBCompliances 3 } 617 -- units of conformance 618 ipFrrBasicGroup OBJECT-GROUP 619 OBJECTS {ipFrrTotalRoutes, 620 ipFrrUnprotectedRoutes, 621 ipFrrProtectedRoutes, 622 ipFrrLinkProtectedRoutes, 623 ipFrrNodeProtectedRoutes, 624 ipFrrAltIfIndex, 625 ipFrrAltType, 626 ipFrrAltProtectionAvailable, 627 ipFrrAltMetric1, 628 ipFrrAltStatus, 629 ipFrrNoAltCause 630 } 631 STATUS current 632 DESCRIPTION 633 "The entire collection of objects defined in 634 this MIB for management of IP Fast Reroute ." 635 ::= { ipFrrMIBGroups 1 } 637 END 639 4. Security Considerations 641 There are a number of management objects defined in this MIB module 642 with a MAX-ACCESS clause of read-write and/or read-create. Such 643 objects may be considered sensitive or vulnerable in some network 644 environments. The support for SET operations in a non-secure 645 environment without proper protection can have a negative effect on 646 network operations. The ipFrrAltTable contains routing and 647 forwarding information that is critical to the operation of the 648 network in the event of a local failure. Allowing unauthenticated 649 write access to this table can compromise the validity of the 650 alternate forwarding information. 652 Some of the readable objects in this MIB module (i.e. objects with a 653 MAX-ACCESS other than not-accessible) may be considered sensitive or 654 vulnerable in some network environments. It is thus important to 655 control even GET access to these objects and possibly to even encrypt 656 the values of these objects when sending them over the network via 657 SNMP. 659 SNMP versions prior to SNMPv3 did not include adequate security. 660 Even if the network itself is secure (for example by using IPSec), 661 even then, there is no control as to who on the secure network is 662 allowed to access and GET the objects in this MIB module. 664 It is RECOMMENDED that implementers consider the security features as 665 provided by the SNMPv3 framework (see [RFC3410], section 8), 666 including full support for the SNMPv3 cryptographic mechanisms (for 667 authentication and privacy). 669 Further, deployment of SNMP versions prior to SNMPv3 is NOT 670 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 671 enable cryptographic security. It is then a customer/operator 672 responsibility to ensure that the SNMP entity giving access to an 673 instance of this MIB module is properly configured to give access to 674 the objects only to those principals (users) that have legitimate 675 rights to indeed GET them. 677 5. References 679 [I-D.ietf-ipv6-rfc2096-update] 680 Wasserman, M. and B. Haberman, "IP Forwarding Table MIB", 681 draft-ietf-ipv6-rfc2096-update-07 (work in progress), 682 February 2004. 684 [I-D.ietf-rtgwg-ipfrr-framework] 685 Shand, M. and S. Bryant, "IP Fast Reroute Framework", 686 draft-ietf-rtgwg-ipfrr-framework-05 (work in progress), 687 March 2006. 689 [I-D.ietf-rtgwg-ipfrr-spec-base] 690 Atlas, A. and A. Zinin, Ed., "Basic Specification for IP 691 Fast-Reroute: Loop-free Alternates", 692 draft-ietf-rtgwg-ipfrr-spec-base-05.txt (work in 693 progress), February 2006. 695 [IPFRR-UTURN] 696 Atlas, A., Ed., "U-Turn Alternates for IP/LDP Local 697 Protection", draft-atlas-ip-local-protect-uturn-03.txt 698 (work in progress), February 2006. 700 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 701 Schoenwaelder, Ed., "Structure of Management Information 702 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 704 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 705 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 706 STD 58, RFC 2579, April 1999. 708 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 709 "Conformance Statements for SMIv2", STD 58, RFC 2580, 710 April 1999. 712 [RFC3036] Andersson, L., Doolan, P., Feldman, N., Fredette, A., and 713 B. Thomas, "LDP Specification", RFC 3036, January 2001. 715 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 716 "Introduction and Applicability Statements for Internet- 717 Standard Management Framework", RFC 3410, December 2002. 719 Authors' Addresses 721 Alia K. Atlas (editor) 722 Google, Inc. 723 1600 Amphitheatre Parkway 724 Mountain View, CA 94043 725 USA 727 Email: akatlas@alum.mit.edu 729 Bill Anderson 730 Avici Systems, Inc. 731 101 Billerica Avenue 732 N. Billerica, MA 01862 733 USA 735 Phone: +1 978 964 2679 736 Email: wanderson@avici.com 738 Don Fedyk 739 Nortel Networks 740 600 Technology Park 741 Billerica, MA 01821 742 USA 744 Phone: +1 978 288 3041 745 Email: dwfedyk@nortel.com 747 Intellectual Property Statement 749 The IETF takes no position regarding the validity or scope of any 750 Intellectual Property Rights or other rights that might be claimed to 751 pertain to the implementation or use of the technology described in 752 this document or the extent to which any license under such rights 753 might or might not be available; nor does it represent that it has 754 made any independent effort to identify any such rights. Information 755 on the procedures with respect to rights in RFC documents can be 756 found in BCP 78 and BCP 79. 758 Copies of IPR disclosures made to the IETF Secretariat and any 759 assurances of licenses to be made available, or the result of an 760 attempt made to obtain a general license or permission for the use of 761 such proprietary rights by implementers or users of this 762 specification can be obtained from the IETF on-line IPR repository at 763 http://www.ietf.org/ipr. 765 The IETF invites any interested party to bring to its attention any 766 copyrights, patents or patent applications, or other proprietary 767 rights that may cover technology that may be required to implement 768 this standard. Please address the information to the IETF at 769 ietf-ipr@ietf.org. 771 Disclaimer of Validity 773 This document and the information contained herein are provided on an 774 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 775 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 776 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 777 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 778 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 779 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 781 Copyright Statement 783 Copyright (C) The Internet Society (2006). This document is subject 784 to the rights, licenses and restrictions contained in BCP 78, and 785 except as set forth therein, the authors retain all their rights. 787 Acknowledgment 789 Funding for the RFC Editor function is currently provided by the 790 Internet Society.