idnits 2.17.1 draft-ietf-rtgwg-ipfrr-ip-mib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 19 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC5714]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 2012) is 4415 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2119' is defined on line 671, but no explicit reference was found in the text Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Alia Atlas 2 Internet-Draft Juniper Networks 3 Expires: August 23, 2012 A S Kiran Koushik(Ed.) 4 Cisco Systems Inc. 5 John Flick(Ed.) 6 Hewlett-Packard Company 8 March 2012 10 IP MIB for IP Fast-Reroute 12 draft-ietf-rtgwg-ipfrr-ip-mib-02 14 Status of this Memo 16 This Internet-Draft is submitted to IETF in full conformance with the 17 provisions of BCP 78 and BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt. 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 This Internet-Draft will expire on August 23, 2012. 37 Abstract 39 This draft defines a portion of the Management Information Base (MIB) 40 for use with network management protocols in the Internet community. 41 In particular, it describes managed objects relevant for IP routes 42 using IP Fast-Reroute [RFC5714]. 44 Table of Contents 46 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 47 1.1. The SNMP Management Framework . . . . . . . . . . . . . . 3 48 2. Brief Description of MIB Objects . . . . . . . . . . . . . . . 4 49 2.1. ipFrrProtectStats Group . . . . . . . . . . . . . . . . . 4 50 2.2. ipFrrAltTable . . . . . . . . . . . . . . . . . . . . . . 4 51 2.3. ipFrrNoAltTable . . . . . . . . . . . . . . . . . . . . . 4 52 3. IP Fast-Reroute MIB Module Definitions . . . . . . . . . . . . 5 53 4. Security Considerations . . . . . . . . . . . . . . . . . . . 16 54 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 55 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 56 Full Copyright Statements . . . . . . . . . . .. . . . . . . . . . 19 58 1. Introduction 60 This document defines a portion of the Management Information Base 61 (MIB) for use with network management protocols in the Internet 62 community. In particular, it defines the managed objects used for IP 63 routes and interfaces in relation to IP Fast-Reroute. This document 64 uses terminology from [RFC5714] and [RFC5286]. 66 Current work is underway to define mechanisms for determining 67 alternate paths for traffic to use when the original path becomes 68 unavailable due to a local failure. The alternate next-hops can be 69 computed in the context of any IGP. 71 There are certain configuration attributes for IP Fast-Reroute that 72 should be configured to enable IP Fast Reroute in the context of the 73 IGP. These configuration attributes of IP Fast-Reroute are not 74 covered by this MIB module. Examples include whether IP Fast-Reroute 75 is enabled on a network region (i.e. an OSPF area or IS-IS level) and 76 the desired local hold-down timer[RFC5286], 77 whose proper value is dependent upon the size of the network region. 79 It is possible for traffic other than IP to depend upon and use the 80 alternate next-hops computed by IP Fast-Reroute. An example would be 81 MPLS traffic whose path is configured via LDP[RFC5036]. The 82 additional details (for example, outgoing MPLS label) pertaining to 83 alternate next-hops that are required by such traffic are not covered 84 by this MIB module. 86 An IP route may be reachable via multiple primary next-hops which 87 provide equal-cost paths. Where IP Fast-Reroute is enabled, each 88 primary next-hop will be protected by one or more alternate next- 89 hops. Such an alternate next-hop may itself be a primary next-hop. 91 1.1. The SNMP Management Framework 93 For a detailed overview of the documents that describe the current 94 Internet-Standard Management Framework, please refer to section 7 of 95 RFC 3410 [RFC3410]. 97 Managed objects are accessed via a virtual information store, termed 98 the Management Information Base or MIB. MIB objects are generally 99 accessed through the Simple Network Management Protocol (SNMP). 100 Objects in the MIB are defined using the mechanisms defined in the 101 Structure of Management Information (SMI). This memo specifies a MIB 102 module that is compliant to the SMIv2, which is described in STD 58, 103 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 104 [RFC2580]. 106 2. Brief Description of MIB Objects 108 This MIB module consists of five global objects, organized into the 109 ipFrrProtectStats group, and two tables. 111 2.1. ipFrrProtectStats Group 113 The global objects in this group provide summary information related 114 to protection for all IP routes. The information available includes 115 counts of all routes, of all protected routes, of all unprotected 116 routes, of all routes which are protected against a link failure, and 117 of all routes which are protected against a node failure. 119 2.2. ipFrrAltTable 121 The ipFrrAltTable extends the inetCidrRouteTable[RFC4292] 122 to provide information about each alternate next-hop 123 associated with a primary next-hop used by a route. Statically 124 configured alternate next-hops associated with primary next-hops can 125 be created. 127 2.3. ipFrrNoAltTable 129 The ipFrrNoAltTable extends the inetCidrRouteTable[RFC4292] 130 to provide information about the routes which do not 131 have an alternate next-hop associated with any of the route's primary 132 next-hop. The entry provides an explanation for the lack of 133 protection. 135 3. IP Fast-Reroute MIB Module Definitions 137 IPFRR-MIB DEFINITIONS ::= BEGIN 139 IMPORTS 140 MODULE-IDENTITY, 141 OBJECT-TYPE, 142 Gauge32, 143 Integer32 FROM SNMPv2-SMI -- [RFC2578] 145 RowStatus 146 FROM SNMPv2-TC -- [RFC2579] 148 MODULE-COMPLIANCE, 149 OBJECT-GROUP FROM SNMPv2-CONF -- [RFC2580] 151 InetAddressType, 152 InetAddress FROM INET-ADDRESS-MIB -- [RFC4001] 154 InterfaceIndex FROM IF-MIB -- [RFC2863] 156 ip FROM IP-MIB -- [RFC4293] 158 inetCidrRouteDestType, 159 inetCidrRouteDest, 160 inetCidrRoutePfxLen, 161 inetCidrRoutePolicy, 162 inetCidrRouteNextHopType, 163 inetCidrRouteNextHop FROM IP-FORWARD-MIB 164 -- [RFC4292] 165 ; 167 ipFrrMIB MODULE-IDENTITY 168 LAST-UPDATED "201203131200Z" -- Mar 13, 2012 169 ORGANIZATION "draft-ietf-ipfrr-ip-mib-02.txt" 170 CONTACT-INFO 171 " 172 A S Kiran Koushik 173 Cisco Systems Inc. 174 EMail: kkoushik@cisco.com 176 John W Flick 177 Hewlett Packard Company 178 EMail: john.flick@hp.com 180 Alia Atlas 181 Juniper Networks 182 Email: akatlas@juniper.net 184 " 185 DESCRIPTION 186 "IP MIB module for management of IP Fast-Reroute. 188 Copyright (C) The Internet Society (date). 189 This version of this MIB module is part of 190 draft-ietf-rtgwg-ipfrr-ip-mib-00.txt" 191 REVISION "201203131200Z" -- Mar 13, 2012 192 DESCRIPTION 193 "Editorial changes. Added new type to ipFrrAltType." 194 REVISION "200502181200Z" -- February 18, 2005 195 DESCRIPTION 196 "Add Set operations on ipFrrAltTable" 197 REVISION "200502131200Z" -- February 13, 2005 198 DESCRIPTION 199 "Initial version." 200 ::= { ip ZZZ } -- To be assigned by IANA 201 -- RFC Ed.: replace 999 with actual RFC number 202 -- & remove this note 204 -- Top level components of this MIB module. 206 ipFrrMIBObjects OBJECT IDENTIFIER ::= { ipFrrMIB 1 } 208 ipFrrProtectStats OBJECT IDENTIFIER ::= { ipFrrMIBObjects 1 } 210 -- the IP FRR MIB-Group 212 -- A collection of objects providing summarized information 213 -- about the protection availability and type of alternate paths 214 -- provided by IP Fast-Reroute mechanisms. 216 ipFrrTotalRoutes OBJECT-TYPE 217 SYNTAX Gauge32 218 MAX-ACCESS read-only 219 STATUS current 220 DESCRIPTION 221 "The number of valid routes known by this entity." 222 ::= { ipFrrProtectStats 1 } 224 ipFrrUnprotectedRoutes OBJECT-TYPE 225 SYNTAX Gauge32 226 MAX-ACCESS read-only 227 STATUS current 228 DESCRIPTION 229 "The number of valid routes known by this entity 230 which do not have an alternate next-hop associated 231 with any primary next-hop." 232 ::= { ipFrrProtectStats 2 } 234 ipFrrProtectedRoutes OBJECT-TYPE 235 SYNTAX Gauge32 236 MAX-ACCESS read-only 237 STATUS current 238 DESCRIPTION 239 "The number of routes known by this entity 240 which have at least one alternate next-hop." 241 ::= { ipFrrProtectStats 3 } 243 ipFrrLinkProtectedRoutes OBJECT-TYPE 244 SYNTAX Gauge32 245 MAX-ACCESS read-only 246 STATUS current 247 DESCRIPTION 248 "The number of routes known by this entity 249 for which all alternate next-hops provide link 250 protection for their associated primary next-hops." 251 ::= { ipFrrProtectStats 4 } 253 ipFrrNodeProtectedRoutes OBJECT-TYPE 254 SYNTAX Gauge32 255 MAX-ACCESS read-only 256 STATUS current 257 DESCRIPTION 258 "The number of routes known by this entity 259 for which all alternate next-hops provide node 260 protection for their associated primary next-hops." 261 ::= { ipFrrProtectStats 5 } 263 -- the IP FRR Alternate MIB-Group 264 -- 265 -- The ipFrrAltTable extends the inetCidrRouteTable to indicate 266 -- the alternate next-hop(s) associated with each primary 267 -- next-hop. The additional indices (ipFrrAltNextHopType and 268 -- ipFrrAltNextHop ) allow for multiple alternate paths for a 269 -- given primary next-hop. 271 ipFrrAltTable OBJECT-TYPE 272 SYNTAX SEQUENCE OF IpFrrAltEntry 273 MAX-ACCESS not-accessible 274 STATUS current 275 DESCRIPTION 276 "This entity's IP Fast Reroute Alternates table." 277 ::= { ipFrrMIBObjects 2 } 279 ipFrrAltEntry OBJECT-TYPE 280 SYNTAX IpFrrAltEntry 281 MAX-ACCESS not-accessible 282 STATUS current 283 DESCRIPTION 284 "An entry containing information on a particular route, 285 one of its particular (primary) next-hops and one of 286 the associated alternate next-hops. 288 Implementers need to be aware that if the total 289 number of elements (octets or sub-identifiers) in 290 inetCidrRouteDest, inetCidrRoutePolicy, 291 inetCidrRouteNextHop, and ipFrrAltNextHop exceeds 107 292 then OIDs of column instances in this table will have 293 more than 128 sub-identifiers and cannot be accessed 294 using SNMPv1, SNMPv2c, or SNMPv3." 296 INDEX { inetCidrRouteDestType, 297 inetCidrRouteDest, 298 inetCidrRoutePfxLen, 299 inetCidrRoutePolicy, 300 inetCidrRouteNextHopType, 301 inetCidrRouteNextHop, 302 ipFrrAltNextHopType, 303 ipFrrAltNextHop 304 } 305 ::= { ipFrrAltTable 1 } 307 IpFrrAltEntry ::= SEQUENCE { 308 ipFrrAltNextHopType InetAddressType, 309 ipFrrAltNextHop InetAddress, 310 ipFrrAltIfIndex InterfaceIndex, 311 ipFrrAltType INTEGER, 312 ipFrrAltProtectionAvailable BITS, 313 ipFrrAltMetric1 Integer32, 314 ipFrrAltStatus RowStatus 315 } 317 ipFrrAltNextHopType OBJECT-TYPE 318 SYNTAX InetAddressType 319 MAX-ACCESS not-accessible 320 STATUS current 321 DESCRIPTION 322 "The type of the ipFrrNextHop address, as defined 323 in the InetAddress MIB. 325 Only those address types that may appear in an actual 326 routing table are allowed as values of this object." 327 REFERENCE "RFC 4001" 328 ::= { ipFrrAltEntry 1 } 330 ipFrrAltNextHop OBJECT-TYPE 331 SYNTAX InetAddress 332 MAX-ACCESS not-accessible 333 STATUS current 334 DESCRIPTION 335 "The address of the next system along the alternate 336 route. 338 The type of this address is determined by the value 339 of the ipFrrAltNextHopType." 340 ::= { ipFrrAltEntry 2 } 342 ipFrrAltIfIndex OBJECT-TYPE 343 SYNTAX InterfaceIndex 344 MAX-ACCESS read-create 345 STATUS current 346 DESCRIPTION 347 "The ifIndex value which identifies the local 348 interface through which the next hop of this 349 alternate route should be reached." 350 ::= { ipFrrAltEntry 3 } 352 ipFrrAltType OBJECT-TYPE 353 SYNTAX INTEGER { 354 other (1), -- type not defined 355 equalCost (2), -- primary path 356 loopFree (3), -- loop free alternate 357 MRT (4) -- Maximally Redundant Trees 358 } 359 MAX-ACCESS read-create 360 STATUS current 361 DESCRIPTION 362 "The type of alternate which is provided by the 363 alternate next-hop. The supported types are as 364 follows: 366 equalCost : The alternate next-hop is another 367 primary next-hop. 369 loopFree : The shortest route to the destination 370 IP address from the alternate next-hop 371 does not traverse this system. See 372 draft-ietf-rtgwg-ipfrr-spec-base-04. 374 other : The mechanism by which the alternate next-hop 375 can be used is not specified. 377 MRT : Maximally Redundant Trees, where each 378 destination has two MRTs associated with it. 379 These two trees are referred as blue and red 380 MRTs. 381 See draft-ietf-rtgwg-mrt-frr-architecture-00. 382 " 383 ::= { ipFrrAltEntry 4 } 385 ipFrrAltProtectionAvailable OBJECT-TYPE 386 SYNTAX BITS { 387 nodeProtect(0), 388 linkProtect(1), 389 unknownProtection(2) 390 } 391 MAX-ACCESS read-create 392 STATUS current 393 DESCRIPTION 394 "This object specifies the scope of protection for 395 which this alternate next-hop can provide failure 396 protection. The alternate next-hop should provide 397 one or more of node-protection and link-protection. 398 If the protection provided by the alternate next-hop 399 is unknown, then only unknownProtection should be 400 specified. Specifying uknownProtection with any 401 other type of protection is not supported. " 402 ::= { ipFrrAltEntry 5 } 404 ipFrrAltMetric1 OBJECT-TYPE 405 SYNTAX Integer32 406 MAX-ACCESS read-create 407 STATUS current 408 DESCRIPTION 409 "This is the primary routing metric for this 410 alternate path to the destination IP address. 411 If the alternate path metric is unknown, the value 412 should be set to -1." 413 ::= { ipFrrAltEntry 6 } 415 ipFrrAltStatus OBJECT-TYPE 416 SYNTAX RowStatus 417 MAX-ACCESS read-create 418 STATUS current 419 DESCRIPTION 420 "The row status variable, used according to 421 row installation and removal conventions." 422 ::= { ipFrrAltEntry 7 } 424 -- the IP FRR No Alternate MIB-Group 425 -- 426 -- The ipFrrNoAltTable extends the inetCidrRouteTable 427 -- to indicate which routes are unprotected and the reason 428 -- why. The indices do not include the primary next-hop because 429 -- the lack of protection is for the route. This allows easy 430 -- access to the set of unprotected routes that would be 431 -- affected by a local failure of their primary next-hop. 433 ipFrrNoAltTable OBJECT-TYPE 434 SYNTAX SEQUENCE OF IpFrrNoAltEntry 435 MAX-ACCESS not-accessible 436 STATUS current 437 DESCRIPTION 438 "This entity's IP Fast Reroute Unprotected Routes 439 table." 440 ::= { ipFrrMIBObjects 3 } 442 ipFrrNoAltEntry OBJECT-TYPE 443 SYNTAX IpFrrNoAltEntry 444 MAX-ACCESS not-accessible 445 STATUS current 446 DESCRIPTION 447 "An entry containing the reason why a route does not 448 have an alternate next-hop. The existence of an 449 entry for a route indicates that there is no 450 alternate next-hop." 451 INDEX { inetCidrRouteDestType, 452 inetCidrRouteDest, 453 inetCidrRoutePfxLen 454 } 455 ::= { ipFrrNoAltTable 1 } 457 IpFrrNoAltEntry ::= SEQUENCE { 458 ipFrrNoAltCause INTEGER 459 } 461 ipFrrNoAltCause OBJECT-TYPE 462 SYNTAX INTEGER { 463 ipFrrUnavailable (1), -- No valid alternate(s) 464 localAddress (2), -- local/internal address 465 ipFrrDisabled (3), -- Protection not enabled 466 other (4) -- unknown or other cause 467 } 468 MAX-ACCESS read-only 469 STATUS current 470 DESCRIPTION 471 "For valid routes without an alternate next-hop, this 472 object enumerates the reason why no protection is 473 available. The possibilities are as follows. 475 ipFrrUnavailable : The supported IP Fast-Reroute 476 mechanisms could not find a safe 477 alternate next-hop. 479 localAddress : The route represents a local address. 480 This system is the destination so no 481 alternate path is possible or necessary. 483 ipFrrDisabled : Finding of alternate next-hops is 484 operationally disabled. 486 other : The reason is unknown or different from those 487 specifically enumerated possible causes." 488 ::= { ipFrrNoAltEntry 1 } 490 -- conformance information 492 ipFrrMIBConformance 493 OBJECT IDENTIFIER ::= { ipFrrMIB 2 } 495 ipFrrMIBCompliances 496 OBJECT IDENTIFIER ::= { ipFrrMIBConformance 1 } 498 ipFrrMIBGroups 499 OBJECT IDENTIFIER ::= { ipFrrMIBConformance 2 } 501 -- compliance statements 503 ipFrrMIBCompliance MODULE-COMPLIANCE 504 STATUS deprecated 505 DESCRIPTION 506 "Minimum requirements to state conformity 507 to this MIB. Supporting only IP v4 addresses 508 This is deprecated in favor of 509 ipFrrMIBInetCompliance 511 There are a number of INDEX objects that cannot be 512 represented in the form of OBJECT clauses in SMIv2, 513 but for which there are compliance requirements, 514 expressed in OBJECT clause form in this description: 516 OBJECT inetCidrRouteDestType 517 SYNTAX InetAddressType { ipv4(1), ipv4z(3) } 518 MIN-ACCESS read-only 519 DESCRIPTION 520 A (deprecated) complying implementation at this 521 level is required to support IPv4 addresses only. 522 This compliance level is defined so an 523 implementation only needs to support the addresses 524 it actually supports on the device. 526 OBJECT inetCidrRouteNextHopType 527 SYNTAX InetAddressType { ipv4(1), ipv4z(3) } 528 MIN-ACCESS read-only 529 DESCRIPTION 530 A (deprecated) complying implementation at this 531 level is required to support IPv4 addresses only. 532 This compliance level is defined so an 533 implementation only needs to support the addresses 534 it actually supports on the device. 536 OBJECT ipFrrAltNextHopType 537 SYNTAX InetAddressType { ipv4(1), ipv4z(3) } 538 MIN-ACCESS read-only 539 DESCRIPTION 540 A (deprecated) complying implementation at this 541 level is required to support IPv4 addresses only. 542 This compliance level is defined so an 543 implementation only needs to support the 544 addresses it actually supports on the device. 545 " 546 MODULE -- this module 547 MANDATORY-GROUPS { ipFrrBasicGroup } 549 ::= { ipFrrMIBCompliances 1 } 551 ipFrrMIBInetCompliance MODULE-COMPLIANCE 552 STATUS current 553 DESCRIPTION 554 "Full conformity to this MIB." 555 MODULE -- this module 556 MANDATORY-GROUPS { ipFrrBasicGroup } 558 OBJECT ipFrrAltStatus 559 SYNTAX INTEGER { active(1) } 560 WRITE-SYNTAX INTEGER { createAndGo(4), destroy(6) } 561 DESCRIPTION 562 "Support for createAndWait and notInService is not 563 required." 565 ::= { ipFrrMIBCompliances 2 } 567 ipFrrReadOnlyCompliance MODULE-COMPLIANCE 568 STATUS current 569 DESCRIPTION 571 "When this MIB is implemented without support for 572 read-create (i.e. in read-only mode), then that 573 implementation can claim read-only compliance. In that 574 case, ipFrrAlt group can be monitored but cannot be 575 configured with this MIB." 577 MODULE 578 MANDATORY-GROUPS { ipFrrBasicGroup } 580 OBJECT ipFrrAltIfIndex 581 MIN-ACCESS read-only 582 DESCRIPTION 583 "Write access is not required." 585 OBJECT ipFrrAltType 586 MIN-ACCESS read-only 587 DESCRIPTION 588 "Write access is not required." 590 OBJECT ipFrrAltProtectionAvailable 591 MIN-ACCESS read-only 592 DESCRIPTION 593 "Write access is not required." 595 OBJECT ipFrrAltMetric1 596 MIN-ACCESS read-only 597 DESCRIPTION 598 "Write access is not required." 600 OBJECT ipFrrAltStatus 601 MIN-ACCESS read-only 602 DESCRIPTION 603 "Write access is not required." 605 ::= { ipFrrMIBCompliances 3 } 607 -- units of conformance 608 ipFrrBasicGroup OBJECT-GROUP 609 OBJECTS {ipFrrTotalRoutes, 610 ipFrrUnprotectedRoutes, 611 ipFrrProtectedRoutes, 612 ipFrrLinkProtectedRoutes, 613 ipFrrNodeProtectedRoutes, 614 ipFrrAltIfIndex, 615 ipFrrAltType, 616 ipFrrAltProtectionAvailable, 617 ipFrrAltMetric1, 618 ipFrrAltStatus, 619 ipFrrNoAltCause 620 } 621 STATUS current 622 DESCRIPTION 623 "The entire collection of objects defined in 624 this MIB for management of IP Fast Reroute ." 625 ::= { ipFrrMIBGroups 1 } 627 END 629 4. Security Considerations 631 There are a number of management objects defined in this MIB module 632 with a MAX-ACCESS clause of read-write and/or read-create. Such 633 objects may be considered sensitive or vulnerable in some network 634 environments. The support for SET operations in a non-secure 635 environment without proper protection can have a negative effect on 636 network operations. The ipFrrAltTable contains routing and 637 forwarding information that is critical to the operation of the 638 network in the event of a local failure. Allowing unauthenticated 639 write access to this table can compromise the validity of the 640 alternate forwarding information. 642 Some of the readable objects in this MIB module (i.e. objects with a 643 MAX-ACCESS other than not-accessible) may be considered sensitive or 644 vulnerable in some network environments. It is thus important to 645 control even GET access to these objects and possibly to even encrypt 646 the values of these objects when sending them over the network via 647 SNMP. 649 SNMP versions prior to SNMPv3 did not include adequate security. 650 Even if the network itself is secure (for example by using IPSec), 651 even then, there is no control as to who on the secure network is 652 allowed to access and GET the objects in this MIB module. 654 It is RECOMMENDED that implementers consider the security features as 655 provided by the SNMPv3 framework (see [RFC3410], section 8), 656 including full support for the SNMPv3 cryptographic mechanisms (for 657 authentication and privacy). 659 Further, deployment of SNMP versions prior to SNMPv3 is NOT 660 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 661 enable cryptographic security. It is then a customer/operator 662 responsibility to ensure that the SNMP entity giving access to an 663 instance of this MIB module is properly configured to give access to 664 the objects only to those principals (users) that have legitimate 665 rights to indeed GET them. 667 5. References 669 5.1 Normative References 671 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 672 Requirement Levels", BCP 14, RFC 2119, March 1997. 674 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 675 MIB", RFC 2863, June 2000. 677 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 678 Schoenwaelder, "Textual Conventions for Internet 679 Network 680 Addresses", RFC 4001, February 2005. 682 [RFC4292] Haberman, B., "IP Forwarding Table MIB", RFC 4292, 683 April 2006. 685 [RFC4293] Routhier, S., "Management Information Base for the 686 Internet Protocol (IP)", RFC 4293, April 2006. 688 [RFC5286] Atlas, A. and A. Zinin, "Basic Specification for IP Fast 689 Reroute: Loop-Free Alternates", RFC 5286, September 2008. 691 5.2 Informative References 693 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 694 Schoenwaelder, Ed., "Structure of Management Information 695 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 697 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 698 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 699 STD 58, RFC 2579, April 1999. 701 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 702 "Conformance Statements for SMIv2", STD 58, RFC 2580, 703 April 1999. 705 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 706 "Introduction and Applicability Statements for Internet- 707 Standard Management Framework", RFC 3410, December 2002. 709 [RFC5036] Andersson, L., Ed., Minei, I., Ed., and B. Thomas, 710 Ed., "LDP Specification", RFC 5036, October 2007. 712 [RFC5714] Shand, M. and S. Bryant, "IP Fast Reroute Framework", 713 RFC 5714, January 2010. 715 6. IANA Considerations 717 The MIB module in this document uses the following IANA-assigned 718 OBJECT IDENTIFIER value recorded in the SMI Numbers registry. 720 The IANA is requested to assign { ip ZZZ } to the 721 IPFRR-MIB MIB module specified in this document. 723 Editor's Note (to be removed prior to publication): the IANA is 724 requested to assign a value for "ZZZ" under 725 the ip subtree and to record the assignments in the SMI Numbers 726 registry. When the assignments have been made, the RFC Editor is 727 asked to replace "ZZZ" (here and in the MIB 728 modules) with the assigned value and to remove this note. 730 Authors' Addresses 732 Alia Atlas 733 Juniper Networks 734 10 Technology Park Drive 735 Westford, MA 01886 736 USA 738 Email: akatlas@juniper.net 740 A S Kiran Koushik (Ed.) 741 Cisco Systems Inc. 742 12515 Research Blvd, Bldg 4, 743 Austin, TX 78759 744 USA 746 Email: kkoushik@cisco.com 748 John Flick (Ed.) 749 Hewlett-Packard Company 750 8000 Foothills Blvd. 751 Roseville, CA 95747-5557 752 USA 753 Email: john.flick@hp.com 755 Acknowledgements 757 The authors would like to acknowledge contributions made by 758 Bill Anderson and Don Fedyk and thank them. 760 Full Copyright Statement 762 Copyright (c) 2012 IETF Trust and the persons identified as the 763 document authors. All rights reserved. 765 This document is subject to BCP 78 and the IETF Trust's Legal 766 Provisions Relating to IETF Documents 767 (http://trustee.ietf.org/license-info) in effect on the date of 768 publication of this document. Please review these documents 769 carefully, as they describe your rights and restrictions with respect 770 to this document. Code Components extracted from this document must 771 include Simplified BSD License text as described in Section 4.e of 772 the Trust Legal Provisions and are provided without warranty as 773 described in the Simplified BSD License. 775 This document may contain material from IETF Documents or IETF 776 Contributions published or made publicly available before November 777 10, 2008. The person(s) controlling the copyright in some of this 778 material may not have granted the IETF Trust the right to allow 779 modifications of such material outside the IETF Standards Process. 780 Without obtaining an adequate license from the person(s) 781 controlling the copyright in such materials, this document may not 782 be modified outside the IETF Standards Process, and derivative 783 works of it may not be created outside the IETF Standards Process, 784 except to format it for publication as an RFC or to translate it 785 into languages other than English. 787 Acknowledgment 789 Funding for the RFC Editor function is currently provided by the 790 Internet Society.