idnits 2.17.1 draft-ietf-softwire-map-mib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (June 13, 2014) is 3599 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC3411' is defined on line 512, but no explicit reference was found in the text == Unused Reference: 'RFC4087' is defined on line 521, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-softwire-map' is defined on line 523, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-softwire-map-dhcp-option' is defined on line 527, but no explicit reference was found in the text -- No information found for draft-ietf-softwire-map-dhcp-option - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-softwire-map-dhcp-option' Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track B.Liu 4 Expires: December 15, 2014 Huawei Technologies Co., Ltd 5 J.Dong 6 Y.Chen 7 Tsinghua University 8 June 13, 2014 10 Definitions of Managed Objects for MAP-E 11 draft-ietf-softwire-map-mib-02 13 Status of this Memo 15 This Internet-Draft is submitted in full conformance with the 16 provisions of BCP 78 and BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF). Note that other groups may also distribute 20 working documents as Internet-Drafts. The list of current Internet- 21 Drafts is at http://datatracker.ietf.org/drafts/current/. 23 Internet-Drafts are draft documents valid for a maximum of six 24 months and may be updated, replaced, or obsoleted by other documents 25 at any time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 This Internet-Draft will expire on December 15, 2014. 30 Copyright Notice 32 Copyright (c) 2014 IETF Trust and the persons identified as the 33 document authors. All rights reserved. 35 This document is subject to BCP 78 and the IETF Trust's Legal 36 Provisions Relating to IETF Documents 37 (http://trustee.ietf.org/license-info) in effect on the date of 38 publication of this document. Please review these documents 39 carefully, as they describe your rights and restrictions with 40 respect to this document. Code Components extracted from this 41 document must include Simplified BSD License text as described in 42 Section 4.e of the Trust Legal Provisions and are provided without 43 warranty as described in the Simplified BSD License. 45 Abstract 47 This memo defines a portion of the Management Information Base (MIB) 48 for using with network management protocols in the Internet 49 community. In particular, it defines managed objects for MAP 50 encapsulation mode. 52 Table of Contents 54 1. Introduction ................................................. 3 55 2. The Internet-Standard Management Framework ................... 3 56 3. Terminology .................................................. 3 57 4. Structure of the MIB Module .................................. 3 58 4.1. The mapMIBObjects ....................................... 4 59 4.1.1. The mapRule Subtree ................................ 4 60 4.1.2. The mapSecurityCheck Subtree ....................... 4 61 4.2. The mapMIBConformance Subtree ........................... 4 62 5. Definitions .................................................. 4 63 6. IANA Considerations ......................................... 11 64 7. Security Considerations ..................................... 11 65 8. Acknowledgments ............................................. 12 66 9. References .................................................. 12 67 9.1. Normative References ................................... 12 68 9.2. Informative References ................................. 13 69 Author's Addresses ............................................. 13 71 1. Introduction 73 MAP [I-D. draft-ietf-softwire-map] is a stateless mechanism for 74 running IPv4 over IPv6-only infrastructure. In particular, it 75 includes two mode, translation mode or encapsulation mode. For the 76 encapsulation mode, it provides an automatic tunnelling mechanism 77 for providing IPv4 connectivity service to end users over a service 78 provider's IPv6 network. 80 This document defines a portion of the Management Information Base 81 (MIB) for use with network management protocols in the Internet 82 community. This MIB module may be used for monitoring the devices in 83 the MAP scenario, especially, for the encapsulation mode. 85 2. The Internet-Standard Management Framework 87 For a detailed overview of the documents that describe the current 88 Internet-Standard Management Framework, please refer to section 7 of 89 [RFC3410]. 91 Managed objects are accessed via a virtual information store, termed 92 the MIB. MIB objects are generally accessed through the Simple 93 Network Management Protocol (SNMP). 95 Objects in the MIB are defined using the mechanisms defined in the 96 Structure of Management Information (SMI). This memo specifies a 97 MIB module that is compliant to the SMIv2, which is described in 98 [RFC2578], [RFC2579] and [RFC2580]. 100 3. Terminology 102 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 103 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 104 document are to be interpreted as described in [RFC2119]. 106 4. Structure of the MIB Module 108 The MAP-E MIB provides a way to configure and manage the devices in 109 MAP encapsulation mode through SNMP. 111 MAP-E MIB is configurable on a per-interface basis. It depends on 112 several parts of the IF-MIB [RFC2863]. 114 4.1. The mapMIBObjects 116 4.1.1. The mapRule Subtree 118 The mapRule subtree describes managed objects used for managing the 119 multiple mapping rules in the MAP encapsulation mode. 121 According to the MAP specification, the mapping rules are divided 122 into two categories, which are BMR (Basic Mapping Rule), and FMR 123 (Forwarding Mapping Rule). 125 4.1.2. The mapSecurityCheck Subtree 127 The mapSecurityCheck subtree is to statistic the number of invalid 128 packets that been identified. There are two kind of invalid packets 129 which are defined in the MAP specification as the following. 131 - The BR MUST perform a validation of the consistency of the source 132 IPv6 address and source port number for the packet using BMR. 133 - The CE SHOULD check that MAP received packets' transport-layer 134 destination port number is in the range configured by MAP for the CE. 136 4.2. The mapMIBConformance Subtree 138 The mapMIBConformance subtree provides conformance information of 139 MIB objects. 141 5. Definitions 143 MAP-E-MIB DEFINITIONS ::= BEGIN 145 IMPORTS 146 MODULE-IDENTITY, OBJECT-TYPE, transmission, 147 Integer32, Counter64 148 FROM SNMPv2-SMI 150 ifIndex 151 FROM IF-MIB 153 InetAddressType, InetAddress, 154 InetPortNumber, InetAddressPrefixLength 155 FROM INET-ADDRESS-MIB 157 OBJECT-GROUP, MODULE-COMPLIANCE 158 FROM SNMPv2-CONF; 160 mapMIB MODULE-IDENTITY 161 LAST-UPDATED "201406130000Z" -- June 13, 2014 162 ORGANIZATION "IETF Softwire Working Group" 163 CONTACT-INFO 164 "Yu Fu 165 Huawei Technologies Co., Ltd 166 Huawei Building, 156 Beiqing Rd., Hai-Dian District 167 Beijing, P.R. China 100095 168 EMail: eleven.fuyu@huawei.com 170 Sheng Jiang 171 Huawei Technologies Co., Ltd 172 Huawei Building, 156 Beiqing Rd., Hai-Dian District 173 Beijing, P.R. China 100095 174 EMail: jiangsheng@huawei.com 176 Bing Liu 177 Huawei Technologies Co., Ltd 178 Huawei Building, 156 Beiqing Rd., Hai-Dian District 179 Beijing, P.R. China 100095 180 EMail: leo.liubing@huawei.com 182 Jiang Dong 183 Tsinghua University 184 Department of Computer Science, Tsinghua University 185 Beijing 100084 186 P.R. China 187 Email: knight.dongjiang@gmail.com 189 Yuchi Chen 190 Tsinghua University 191 Department of Computer Science, Tsinghua University 192 Beijing 100084 193 P.R. China 194 Email: chenycmx@gmail.com" 196 DESCRIPTION 197 "The MIB module is defined for management of objects in the 198 MAP-E BRs or CEs." 199 REVISION "201406130000Z" 200 DESCRIPTION 201 "Initial version. Published as RFC xxxx." 202 --RFC Ed.: RFC-edtitor pls fill in xxxx 203 ::= { transmission xxx } 204 --xxx to be replaced withIANA-assigned value 206 mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1} 207 mapRule OBJECT IDENTIFIER 208 ::= { mapMIBObjects 1 } 210 mapSecurityCheck OBJECT IDENTIFIER 211 ::= { mapMIBObjects 2 } 213 mapRuleTable OBJECT-TYPE 214 SYNTAX SEQUENCE OF MapRuleEntry 215 MAX-ACCESS not-accessible 216 STATUS current 217 DESCRIPTION 218 "The (conceptual) table containing rule Information of 219 specific mapping rule. It can also be used for row 220 creation." 221 ::= { mapRule 1 } 223 mapRuleEntry OBJECT-TYPE 224 SYNTAX MapRuleEntry 225 MAX-ACCESS not-accessible 226 STATUS current 227 DESCRIPTION 228 "Each entry in this table contains the information on a 229 particular mapping rule." 230 INDEX { mapRuleID } 231 ::= { mapRuleTable 1 } 233 MapRuleEntry ::= 234 SEQUENCE { 235 mapRuleID Integer32, 236 mapRuleIPv6PrefixType InetAddressType, 237 mapRuleIPv6Prefix InetAddress, 238 mapRuleIPv6PrefixLen InetAddressPrefixLength, 239 mapRuleIPv4PrefixType InetAddressType, 240 mapRuleIPv4Prefix InetAddress, 241 mapRuleIPv4PrefixLen InetAddressPrefixLength, 242 mapRuleStartPort InetPortNumber, 243 mapRuleEndPort InetPortNumber, 244 mapRuleEALen Integer32, 245 mapRuleType Integer32 246 } 248 mapRuleID OBJECT-TYPE 249 SYNTAX Integer32 (1..2147483647) 250 MAX-ACCESS not-accessible 251 STATUS current 252 DESCRIPTION 253 "An identifier used to distinguish the multiple mapping 254 rule which is unique with each CE in the same BR." 255 ::= { mapRuleEntry 1 } 257 mapRuleIPv6PrefixType OBJECT-TYPE 258 SYNTAX InetAddressType 259 MAX-ACCESS read-create 260 STATUS current 261 DESCRIPTION 262 "In this object, it MUST be set to the value of 2 to 263 present IPv6 type. It complies the textule convention 264 of IPv6 address defined in [RFC4001]." 265 ::= { mapRuleEntry 2 } 267 mapRuleIPv6Prefix OBJECT-TYPE 268 SYNTAX InetAddress 269 MAX-ACCESS read-create 270 STATUS current 271 DESCRIPTION 272 "The IPv6 prefix defined in mapping rule which will be 273 assigned to CE ." 274 ::= { mapRuleEntry 3 } 276 mapRuleIPv6PrefixLen OBJECT-TYPE 277 SYNTAX InetAddressPrefixLength 278 MAX-ACCESS read-create 279 STATUS current 280 DESCRIPTION 281 "The length of the IPv6 prefix defined in the mapping rule. 282 As a parameter for mapping rule, it will be also assigned 283 to CE." 284 ::= { mapRuleEntry 4 } 286 mapRuleIPv4PrefixType OBJECT-TYPE 287 SYNTAX InetAddressType 288 MAX-ACCESS read-create 289 STATUS current 290 DESCRIPTION 291 "In this object, it MUST be set to the value of 1 to 292 present IPv4 type. It complies the textual convention 293 of IPv6 address defined in [RFC4001]." 294 ::= { mapRuleEntry 5 } 296 mapRuleIPv4Prefix OBJECT-TYPE 297 SYNTAX InetAddress 298 MAX-ACCESS read-create 299 STATUS current 300 DESCRIPTION 301 " The IPv4 prefix defined in mapping rule which will be 302 assigned to CE." 303 ::= { mapRuleEntry 6 } 305 mapRuleIPv4PrefixLen OBJECT-TYPE 306 SYNTAX InetAddressPrefixLength 307 MAX-ACCESS read-create 308 STATUS current 309 DESCRIPTION 310 "The length of the IPv4 prefix defined in the mapping 311 rule. As a parameter for mapping rule, it will be also 312 assigned to CE." 313 ::= { mapRuleEntry 7 } 315 mapRuleStartPort OBJECT-TYPE 316 SYNTAX InetPortNumber 317 MAX-ACCESS read-create 318 STATUS current 319 DESCRIPTION 320 "The start port number of the port range derived 321 from the mapping rule which will be assigned to CE." 322 ::= { mapRuleEntry 8 } 324 mapRuleEndPort OBJECT-TYPE 325 SYNTAX InetPortNumber 326 MAX-ACCESS read-create 327 STATUS current 328 DESCRIPTION 329 " The end port number of the port range derived 330 from the mapping rule which will be assigned to CE." 331 ::= { mapRuleEntry 9 } 333 mapRuleEALen OBJECT-TYPE 334 SYNTAX Integer32 335 MAX-ACCESS read-create 336 STATUS current 337 DESCRIPTION 338 "The length of the Embedded-Address (EA) defined in 339 mapping rule which will be assigned to CE." 340 ::= { mapRuleEntry 10 } 342 mapRuleType OBJECT-TYPE 343 SYNTAX Integer32 344 MAX-ACCESS read-create 345 STATUS current 346 DESCRIPTION 347 "The type of the mapping rule. A value of 0 means it 348 is a BMR; a non-zero value means it is a FMR." 349 ::= { mapRuleEntry 11 } 351 mapSecurityCheckTable OBJECT-TYPE 352 SYNTAX SEQUENCE OF MapSecurityCheckEntry 353 MAX-ACCESS not-accessible 354 STATUS current 355 DESCRIPTION 356 "The (conceptual) table containing information on 357 MAP security checks. This table can be used to statistic 358 the number of invalid packets that been identified" 359 ::= { mapSecurityCheck 1 } 361 mapSecurityCheckEntry OBJECT-TYPE 362 SYNTAX MapSecurityCheckEntry 363 MAX-ACCESS not-accessible 364 STATUS current 365 DESCRIPTION 366 "Each entry in this table contains the information on a 367 particular MAP SecurityCheck." 368 INDEX { ifIndex } 369 ::= { mapSecurityCheckTable 1 } 371 MapSecurityCheckEntry ::= 372 SEQUENCE { 373 mapSecurityCheckInvalidv4 Counter64, 374 mapSecurityCheckInvalidv6 Counter64 376 } 378 mapSecurityCheckInvalidv4 OBJECT-TYPE 379 SYNTAX Counter64 380 MAX-ACCESS accessible-for-notify 381 STATUS current 382 DESCRIPTION 383 "The CE SHOULD check that MAP received packets' 384 transport-layer destination port number is in the range 385 configured by MAP for the CE. So this object indicate 386 the number of the invalid IPv4 packets received by the 387 MAP." 388 ::= { mapSecurityCheckEntry 1 } 390 mapSecurityCheckInvalidv6 OBJECT-TYPE 391 SYNTAX Counter64 392 MAX-ACCESS accessible-for-notify 393 STATUS current 394 DESCRIPTION 395 "The BR MUST perform a validation of the consistency of 396 the source IPv6 address and source port number for the 397 packet using BMR. So this object indicate the number of 398 the invalid IPv6 packets received by the BR." 399 ::= { mapSecurityCheckEntry 2 } 401 -- Conformance Information 403 mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2} 405 mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 } 407 mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 } 409 -- compliance statements 411 mapMIBCompliance MODULE-COMPLIANCE 412 STATUS current 413 DESCRIPTION 414 " Describes the minimal requirements for conformance 415 to the MAP-E MIB." 416 MODULE -- this module 417 MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup } 418 ::= { mapMIBCompliances 1 } 420 -- Units of Conformance 422 mapMIBRuleGroup OBJECT-GROUP 423 OBJECTS { 424 mapRuleIPv6PrefixType, 425 mapRuleIPv6Prefix, 426 mapRuleIPv6PrefixLen, 427 mapRuleIPv4PrefixType, 428 mapRuleIPv4Prefix, 429 mapRuleIPv4PrefixLen, 430 mapRuleStartPort, 431 mapRuleEndPort, mapRuleEALen, 432 mapRuleType } 433 STATUS current 434 DESCRIPTION 435 " The collection of this objects are used to give the 436 information of mapping rules in MAP-E." 437 ::= { mapMIBGroups 1 } 439 mapMIBSecurityGroup OBJECT-GROUP 440 OBJECTS { 441 mapSecurityCheckInvalidv4, 442 mapSecurityCheckInvalidv6 } 443 STATUS current 444 DESCRIPTION 445 " The collection of this objects are used to give the 446 information on MAP security checks." 447 ::= { mapMIBGroups 2 } 449 END 451 6. IANA Considerations 453 The MIB module in this document uses the following IANA-assigned 454 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 456 Descriptor OBJECT IDENTIFIER value 457 ---------- ----------------------- 458 MAP-E-MIB { transmission XXX } 460 7. Security Considerations 462 The MAP-E MIB module can be used for configuration of certain 463 objects, and anything that can be configured can be incorrectly 464 configured, with potentially disastrous results. Because this MIB 465 module reuses the IP tunnel MIB, the security considerations for 466 these MIBs are also applicable to the MAP-E MIB. 468 SNMP versions prior to SNMPv3 did not include adequate security. 469 Even if the network itself is secure (for example by using IPSec), 470 even then, there is no control as to who on the secure network is 471 allowed to access and GET/SET (read/change/create/delete) the 472 objects in this MIB module. 474 It is RECOMMENDED that implementers consider the security features 475 as provided by the SNMPv3 framework (see [RFC3410], section 8), 476 including full support for the SNMPv3 cryptographic mechanisms (for 477 authentication and privacy). 479 Further, deployment of SNMP versions prior to SNMPv3 is NOT 480 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 481 enable cryptographic security. It is then a customer/operator 482 responsibility to ensure that the SNMP entity giving access to an 483 instance of this MIB module is properly configured to give access to 484 the objects only to those principles (users) that have legitimate 485 rights to indeed GET or SET (change/create/delete) them. 487 8. Acknowledgments 489 The authors would like to thank for valuable comments from David 490 Harrington, Mark Townsley, and Shishio Tsuchiya. 492 9. References 494 9.1. Normative References 496 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 497 Requirement Levels", BCP 14, RFC 2119, March 1997. 499 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 500 "Structure of Management Information Version 2 (SMIv2)", 501 RFC 2578, April 1999. 503 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 504 "Textual Conventions for SMIv2", RFC 2579, April 1999. 506 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 507 "Conformance Statements for SMIv2", RFC 2580, April 1999. 509 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 510 MIB", RFC 2863, June 2000. 512 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 513 Architecture for Describing Simple Network Management 514 Protocol (SNMP) Management Frameworks", RFC 3411, December 515 2002. 517 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 518 Schoenwaelder, "Textual Conventions for Internet Network 519 Addresses", RFC 4001, February 2005. 521 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 523 [I-D.ietf-softwire-map] 524 Troan, O.,etc., "Mapping of Address and Port (MAP)", 525 draft-ietf-softwire-map, working in progress. 527 [I-D.ietf-softwire-map-dhcp-option] 528 Mrugalski, T.,etc., "DHCPv6 Options for Mapping of Address 529 and Port", draft-ietf-softwire-map-dhcp-option, working in 530 progress. 532 9.2. Informative References 534 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 535 "Introduction and Applicability Statements for Internet- 536 Standard Management Framework", RFC 3410, December 2002. 538 Author's Addresses 540 Yu Fu 541 Huawei Technologies Co., Ltd 542 Huawei Building, 156 Beiqing Rd. 543 Hai-Dian District, Beijing 100095 544 P.R. China 545 Email: eleven.fuyu@huawei.com 547 Sheng Jiang 548 Huawei Technologies Co., Ltd 549 Huawei Building, 156 Beiqing Rd. 550 Hai-Dian District, Beijing 100095 551 P.R. China 552 Email: jiangsheng@huawei.com 554 Bing Liu 555 Huawei Technologies Co., Ltd 556 Huawei Building, 156 Beiqing Rd. 557 Hai-Dian District, Beijing 100095 558 P.R. China 559 Email: leo.liubing@huawei.com 561 Jiang Dong 562 Tsinghua University 563 Department of Computer Science, Tsinghua University 564 Beijing 100084 565 P.R. China 566 Email: knight.dongjiang@gmail.com 568 Yuchi Chen 569 Tsinghua University 570 Department of Computer Science, Tsinghua University 571 Beijing 100084 572 P.R. China 573 Email: chenycmx@gmail.com