idnits 2.17.1 draft-ietf-softwire-mesh-mib-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 8 instances of too long lines in the document, the longest one being 10 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (April 6, 2014) is 3644 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC4001' is mentioned on line 221, but not defined == Unused Reference: 'RFC2223' is defined on line 684, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 694, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 699, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4925 ** Obsolete normative reference: RFC 5512 (Obsoleted by RFC 9012) -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 3 errors (**), 0 flaws (~~), 6 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Y. Cui 3 Internet-Draft J. Dong 4 Intended status: Standards Track P. Wu 5 Expires: October 8, 2014 M. Xu 6 Tsinghua University 7 A. Yla-Jaaski 8 Aalto University 9 April 6, 2014 11 Softwire Mesh Management Information Base (MIB) 12 draft-ietf-softwire-mesh-mib-06 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for use with network management protocols in the Internet community. 18 In particular it defines objects for managing softwire mesh. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on October 8, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 4. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 59 5.1. The swmSupportedTunnelTable Subtree . . . . . . . . . . . 3 60 5.2. The swmEncapsTable Subtree . . . . . . . . . . . . . . . 3 61 5.3. The swmBGPNeighborTable Subtree . . . . . . . . . . . . . 3 62 5.4. The swmConformance Subtree . . . . . . . . . . . . . . . 4 63 6. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 64 6.1. Relationship to the IF-MIB . . . . . . . . . . . . . . . 4 65 6.2. Relationship to the IP Tunnel MIB . . . . . . . . . . . . 4 66 6.3. MIB modules required for IMPORTS . . . . . . . . . . . . 5 67 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 68 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 69 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 70 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 71 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 72 11.1. Normative References . . . . . . . . . . . . . . . . . . 14 73 11.2. Informative References . . . . . . . . . . . . . . . . . 15 75 1. Introduction 77 The Softwire mesh framework RFC 5565 [RFC5565] is a tunneling 78 mechanism that enables the connectivity between islands of IPv4 79 networks across a single IPv6 backbone and vice versa. In softwire 80 mesh, extended multiprotocol-BGP (MP-BGP)is used to set up tunnels 81 and advertise prefixes among address family border routers (AFBRs). 83 This memo defines a portion of the Management Information Base (MIB) 84 for use with network management protocols in the Internet community. 85 In particular it defines objects for managing softwire mesh 86 [RFC5565]. 88 2. The Internet-Standard Management Framework 90 For a detailed overview of the documents that describe the current 91 Internet-Standard Management Framework, please refer to section 7 of 92 RFC 3410 [RFC3410]. 94 Managed objects are accessed via a virtual information store, termed 95 the Management Information Base or MIB. MIB objects are generally 96 accessed through the Simple Network Management Protocol (SNMP). They 97 are defined using the mechanisms stated in the Structure of 98 Management Information (SMI). This memo specifies a MIB module that 99 is compliant to the SMIv2, which is described in STD 58, RFC 2578 100 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 102 3. Terminology 104 This document uses terminology from the softwire problem statement 105 RFC 4925 [RFC4925] and the softwire mesh framework RFC 5565 106 [RFC5565]. 108 4. Conventions 110 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 111 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 112 document are to be interpreted as described in RFC 2119 [RFC2119]. 114 5. Structure of the MIB Module 116 The softwire mesh MIB provides a method to configure and manage the 117 softwire mesh objects through SNMP. 119 5.1. The swmSupportedTunnelTable Subtree 121 Since the AFBR needs to negotiate with a BGP peer what kind of tunnel 122 they will use, it should first announce the types of tunnels it 123 supports. The swmSupportedTunnelTable subtree provides the 124 information. According to section 4 of RFC 5512 [RFC5512], current 125 softwire mesh tunnel types include IP-IP, GRE and L2TPv3. 127 5.2. The swmEncapsTable Subtree 129 The swmEncapsTable subtree provides softwire mesh NLRI-NH information 130 about the AFBR. It keeps the mapping between the External-IP (E-IP) 131 prefix and the Internal-IP (I-IP) address of the next hop. The 132 mappings determine which I-IP destination address will be used to 133 encapsulate the received packet according to its E-IP destination 134 address. The definitions of E-IP and I-IP are explained in section 135 4.1 of RFC 5565[RFC5565]. 137 5.3. The swmBGPNeighborTable Subtree 139 The subtree provides the softwire mesh BGP neighbor information of an 140 AFBR. It includes the address of the softwire mesh BGP peer, and the 141 kind of tunnel that the AFBR would use to communicate with this BGP 142 peer. 144 5.4. The swmConformance Subtree 146 The subtree provides the conformance information of MIB objects. 148 6. Relationship to Other MIB Modules 150 6.1. Relationship to the IF-MIB 152 The Interfaces MIB [RFC2863] defines generic managed objects for 153 managing interfaces. Each logical interface (physical or virtual) 154 has an ifEntry. Tunnels are handled by creating logical interfaces 155 (ifEntry). Being a tunnel, softwire mesh has an entry in the 156 Interface MIB, as well as an entry in IP Tunnel MIB. Those 157 corresponding entries are indexed by ifIndex. 159 The ifOperStatus in the ifTable represents whether the mesh function 160 of the AFBR has been triggered. If the software mesh capability is 161 negotiated during the BGP OPEN phase, the mesh function is considered 162 to be started, and the ifOperStatus is "up". Otherwise the 163 ifOperStatus is "down". 165 In the case of an IPv4-over-IPv6 softwire mesh tunnel, ifInUcastPkts 166 counts the number of IPv6 packets which are sent to the virtual 167 interface for decapsulation into IPv4. The ifOutUcastPkts counts the 168 number of IPv6 packets which are generated by encapsulating IPv4 169 packets sent to the virtual interface. Particularly, if these IPv4 170 packets need fragmentation, ifOutUcastPkts counts the number of 171 packets after fragmentation. 173 In the case of an IPv6-over-IPv4 softwire mesh tunnel, ifInUcastPkts 174 counts the number of IPv4 packets, which are sent to the virtual 175 interface for decapsulation into IPv6. The ifOutUcastPkts counts the 176 number of IPv4 packets, which are generated by encapsulating IPv6 177 packets sent to the virtual interface. Particularly, if these IPv6 178 packets need to be fragmented, tifOutUcastPkts counts the number of 179 packets after fragmentation. Similar definitions apply to other 180 counter objects in the ifTable. 182 6.2. Relationship to the IP Tunnel MIB 184 The IP Tunnel MIB [RFC4087] contains objects applicable to all IP 185 tunnels, including softwire mesh. Meanwhile, the Softwire Mesh MIB 186 extends the IP Tunnel MIB to further describe encapsulation-specific 187 information. 189 Running a point to multi-point tunnel, it is necessary for a softwire 190 mesh AFBR to maintain an encapsulation table, used to perform correct 191 "forwarding" among AFBRs. This forwarding function on an AFBR is 192 performed by using the E-IP destination address to look up in the 193 encapsulation table for the I-IP encapsulation destination address. 194 An AFBR also needs to know the BGP peer information of the other 195 AFBRs, so that it can negotiate the NLRI-NH information and the 196 tunnel parameters with them. 198 The Softwire mesh MIB requires the implementation of the IP Tunnel 199 MIB. The tunnelIfEncapsMethod in the tunnelIfEntry MUST be set to 200 softwireMesh("xx"), and a corresponding entry in the softwire mesh 201 MIB module will be presented for the tunnelIfEntry. The 202 tunnelIfRemoteInetAddress MUST be set to 0.0.0.0 for IPv4 or :: for 203 IPv6 because it is a point to multi-point tunnel. 205 -- RFC Ed.: Please replace "xx" with IANA assigned number here. 207 The tunnelIfAddressType in the tunnelIfTable represents the type of 208 address in the corresponding tunnelIfLocalInetAddress and 209 tunnelIfRemoteInetAddress objects. The tunnelIfAddressType is 210 identical to swmEncapsIIPDstType in softwire mesh, which can support 211 either IPv4-over-IPv6 or IPv6-over-IPv4. When the 212 swmEncapsEIPDstType is IPv6 and the swmEncapsIIPDstType is IPv4, the 213 tunnel type is IPv6-over-IPv4; When the swmEncapsEIPDstType is IPv4 214 and the swmEncapsIIPDstType is IPv6, the encapsulation mode would be 215 IPv4-over-IPv6. 217 6.3. MIB modules required for IMPORTS 219 The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 220 SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET-ADDRESS-MIB 221 [RFC4001]. 223 7. Definitions 225 SOFTWIRE-MESH-MIB DEFINITIONS ::= BEGIN 227 IMPORTS 228 MODULE-IDENTITY, OBJECT-TYPE, transmission FROM SNMPv2-SMI 230 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF 232 InetAddress, InetAddressType, InetAddressPrefixLength FROM INET-ADDRESS-MIB 234 ifIndex FROM IF-MIB 236 IANAtunnelType FROM IANAifType-MIB; 238 swmMIB MODULE-IDENTITY 239 LAST-UPDATED "201404060000Z" -- April 6, 2014 240 ORGANIZATION "Softwire Working Group" 241 CONTACT-INFO " 243 Yong Cui 244 Email: yong@csnet1.cs.tsinghua.edu.cn 246 Jiang Dong 247 Email: dongjiang@csnet1.cs.tsinghua.edu.cn 249 Peng Wu 250 Email: weapon@csnet1.cs.tsinghua.edu.cn 252 Mingwei Xu 253 Email: xmw@cernet.edu.cn 255 Antti Yla-Jaaski 256 Email: antti.yla-jaaski@aalto.fi 258 Email comments directly to the softwire WG Mailing 259 List at softwires@ietf.org 260 " 262 DESCRIPTION 263 "This MIB module contains managed object definitions for 264 the softwire mesh framework. 266 Copyright (C) The Internet Society (2014). This version 267 of this MIB module is part of RFC yyyy; see the RFC 268 itself for full legal notices." 270 -- RFC Ed.: please replace yyyy with actual RFC number & remove this note. 272 REVISION "201404060000Z" 273 DESCRIPTION 274 "The MIB module is defined for management of object in 275 the Softwire mesh framework." 276 ::= { transmission XXX } 278 --RFC Ed.: Please replace "XXX" with IANA assigned number here. 280 swmObjects OBJECT IDENTIFIER ::= { swmMIB 1 } 282 -- swmSupportedTunnelTable 283 swmSupportedTunnelTable OBJECT-TYPE 284 SYNTAX SEQUENCE OF SwmSupportedTunnelEntry 285 MAX-ACCESS not-accessible 286 STATUS current 287 DESCRIPTION 288 "A table of objects that shows what kind of tunnels 289 can be supported by the AFBR." 290 ::= { swmObjects 1 } 292 swmSupportedTunnelEntry OBJECT-TYPE 293 SYNTAX SwmSupportedTunnelEntry 294 MAX-ACCESS not-accessible 295 STATUS current 296 DESCRIPTION 297 "A set of objects that show what kind of tunnels 298 can be supported in the AFBR. If the AFBR supports 299 multiple tunnel types, the swmSupportedTunnelTable 300 would have several entries." 301 INDEX { swmSupportedTunnelType } 302 ::= { swmSupportedTunnelTable 1 } 304 SwmSupportedTunnelEntry ::= SEQUENCE { 305 swmSupportedTunnelType IANAtunnelType 306 } 308 swmSupportedTunnelType OBJECT-TYPE 309 SYNTAX IANAtunnelType 310 MAX-ACCESS read-only 311 STATUS current 312 DESCRIPTION 313 "Represents the tunnel type that the AFBR supports, 314 such as MPLS, L2TPv3, GRE, and IP-in-IP. There is 315 no restriction of tunnel type the Softwire mesh can use." 316 ::= { swmSupportedTunnelEntry 1 } 317 -- end of swmSupportedTunnelTable 319 --swmEncapsTable 320 swmEncapsTable OBJECT-TYPE 321 SYNTAX SEQUENCE OF SwmEncapsEntry 322 MAX-ACCESS not-accessible 323 STATUS current 324 DESCRIPTION 325 "A table of objects that display and control the 326 softwire mesh encapsulation information." 327 ::= { swmObjects 2 } 329 swmEncapsEntry OBJECT-TYPE 330 SYNTAX SwmEncapsEntry 331 MAX-ACCESS not-accessible 332 STATUS current 333 DESCRIPTION 334 "A table of objects that manage the softwire mesh I-IP 335 encapsulation destination based on the E-IP destination prefix." 336 INDEX { ifIndex, 337 swmEncapsEIPDstType, 338 swmEncapsEIPDst, 339 swmEncapsEIPPrefixLength 340 } 341 ::= { swmEncapsTable 1 } 343 SwmEncapsEntry ::= SEQUENCE { 344 swmEncapsEIPDstType InetAddressType, 345 swmEncapsEIPDst InetAddress, 346 swmEncapsEIPPrefixLength InetAddressPrefixLength, 347 swmEncapsIIPDstType InetAddressType, 348 swmEncapsIIPDst InetAddress 349 } 351 swmEncapsEIPDstType OBJECT-TYPE 352 SYNTAX InetAddressType 353 MAX-ACCESS not-accessible 354 STATUS current 355 DESCRIPTION 356 "This object specifies the address type used for 357 swmEncapsEIPDst. It is different from the tunnelIfAddressType 358 in the tunnelIfTable." 359 ::= { swmEncapsEntry 1 } 361 swmEncapsEIPDst OBJECT-TYPE 362 SYNTAX InetAddress 363 MAX-ACCESS not-accessible 364 STATUS current 365 DESCRIPTION 366 "The E-IP destination prefix, which is 367 used for I-IP encapsulation destination looking up." 368 ::= { swmEncapsEntry 2 } 370 swmEncapsEIPPrefixLength OBJECT-TYPE 371 SYNTAX InetAddressPrefixLength 372 MAX-ACCESS not-accessible 373 STATUS current 374 DESCRIPTION 375 "The prefix length of the E-IP destination prefix." 376 ::= { swmEncapsEntry 3 } 378 swmEncapsIIPDstType OBJECT-TYPE 379 SYNTAX InetAddressType 380 MAX-ACCESS read-only 381 STATUS current 382 DESCRIPTION 383 "This object specifies the address type used for 384 swmEncapsIIPDst. It is the same as the tunnelIfAddressType 385 in the tunnelIfTable." 386 ::= { swmEncapsEntry 4 } 388 swmEncapsIIPDst OBJECT-TYPE 389 SYNTAX InetAddress 390 MAX-ACCESS read-only 391 STATUS current 392 DESCRIPTION 393 "The I-IP destination address, which is used as the encapsulation 394 destination for the corresponding E-IP prefix. Since the 395 tunnelIfRemoteInetAddress in the tunnelIfTable should be 0.0.0.0 or ::, 396 swmEncapIIPDst should be the destination address used in the outer 397 IP header." 398 ::= { swmEncapsEntry 5 } 399 -- End of swmEncapsTable 401 -- swmBGPNeighborTable 402 swmBGPNeighborTable OBJECT-TYPE 403 SYNTAX SEQUENCE OF SwmBGPNeighborEntry 404 MAX-ACCESS not-accessible 405 STATUS current 406 DESCRIPTION 407 "A table of objects that display the softwire mesh 408 BGP neighbor information." 409 ::= { swmObjects 3 } 411 swmBGPNeighborEntry OBJECT-TYPE 412 SYNTAX SwmBGPNeighborEntry 413 MAX-ACCESS not-accessible 414 STATUS current 415 DESCRIPTION 416 "A set of objects that display the softwire mesh 417 BGP neighbor information." 418 INDEX { 419 ifIndex, 420 swmBGPNeighborInetAddressType, 421 swmBGPNeighborInetAddress 422 } 423 ::= { swmBGPNeighborTable 1 } 425 SwmBGPNeighborEntry ::= SEQUENCE { 426 swmBGPNeighborInetAddressType InetAddressType, 427 swmBGPNeighborInetAddress InetAddress, 428 swmBGPNeighborTunnelType IANAtunnelType 429 } 430 swmBGPNeighborInetAddressType OBJECT-TYPE 431 SYNTAX InetAddressType 432 MAX-ACCESS not-accessible 433 STATUS current 434 DESCRIPTION 435 "This object specifies the address type used for 436 swmBGPNeighborInetAddress." 437 ::= { swmBGPNeighborEntry 1 } 439 swmBGPNeighborInetAddress OBJECT-TYPE 440 SYNTAX InetAddress 441 MAX-ACCESS not-accessible 442 STATUS current 443 DESCRIPTION 444 "The address of the AFBR's BGP neighbor. The 445 address type is the same as the tunnelIfAddressType 446 in the tunnelIfTable." 447 ::= { swmBGPNeighborEntry 2 } 449 swmBGPNeighborTunnelType OBJECT-TYPE 450 SYNTAX IANAtunnelType 451 MAX-ACCESS read-only 452 STATUS current 453 DESCRIPTION 454 "Represents the type of tunnel that the 455 AFBR chooses to transmit traffic with another AFBR/BGP neighbor." 456 ::= { swmBGPNeighborEntry 3 } 457 -- End of swmBGPNeighborTable 459 -- conformance information 460 swmConformance 461 OBJECT IDENTIFIER ::= { swmMIB 2 } 462 swmCompliances 463 OBJECT IDENTIFIER ::= { swmConformance 1 } 464 swmGroups 465 OBJECT IDENTIFIER ::= { swmConformance 2 } 467 -- compliance statements 468 swmCompliance MODULE-COMPLIANCE 469 STATUS current 470 DESCRIPTION 471 "Describes the requirements for conformance to the softwire 472 mesh MIB. 474 The following index objects cannot be added as OBJECT 475 clauses but nevertheless have compliance requirements: 476 " 477 -- OBJECT swmEncapsEIPDstType 478 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 479 -- DESCRIPTION 480 -- "An implementation is required to support 481 -- global IPv4 and/or IPv6 addresses, depending 482 -- on its support for IPv4 and IPv6." 484 -- OBJECT swmEncapsEIPDst 485 -- SYNTAX InetAddress (SIZE(4|16)) 486 -- DESCRIPTION 487 -- "An implementation is required to support 488 -- global IPv4 and/or IPv6 addresses, depending 489 -- on its support for IPv4 and IPv6." 491 -- OBJECT swmEncapsEIPPrefixLength 492 -- SYNTAX InetAddressPrefixLength (Unsigned32 (0..128)) 493 -- DESCRIPTION 494 -- "An implementation is required to support 495 -- global IPv4 and/or IPv6 addresses, depending 496 -- on its support for IPv4 and IPv6." 498 -- OBJECT swmBGPNeighborInetAddressType 499 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 500 -- DESCRIPTION 501 -- "An implementation is required to support 502 -- global IPv4 and/or IPv6 addresses, depending 503 -- on its support for IPv4 and IPv6." 505 -- OBJECT swmBGPNeighborInetAddress 506 -- SYNTAX InetAddress (SIZE(4|16)) 507 -- DESCRIPTION 508 -- "An implementation is required to support 509 -- global IPv4 and/or IPv6 addresses, depending 510 -- on its support for IPv4 and IPv6." 512 MODULE -- this module 513 MANDATORY-GROUPS { 514 swmSupportedTunnelGroup, 515 swmEncapsGroup, 516 swmBGPNeighborGroup 517 } 518 ::= { swmCompliances 1 } 520 swmSupportedTunnelGroup OBJECT-GROUP 521 OBJECTS { 522 swmSupportedTunnelType 523 } 524 STATUS current 525 DESCRIPTION 526 "The collection of objects which are used to show 527 what kind of tunnel the AFBR supports." 528 ::= { swmGroups 1 } 530 swmEncapsGroup OBJECT-GROUP 531 OBJECTS { 532 swmEncapsIIPDst, 533 swmEncapsIIPDstType 534 } 535 STATUS current 536 DESCRIPTION 537 "The collection of objects which are used to display 538 softwire mesh encapsulation information." 539 ::= { swmGroups 2 } 541 swmBGPNeighborGroup OBJECT-GROUP 542 OBJECTS { 543 swmBGPNeighborTunnelType 544 } 545 STATUS current 546 DESCRIPTION 547 "The collection of objects which are used to display 548 softwire mesh BGP neighbor information." 549 ::= { swmGroups 3 } 551 END 553 8. Security Considerations 555 The swmMIB module can be used for configuration of certain objects, 556 and anything that can be configured can be incorrectly configured, 557 with potentially disastrous results. Because this MIB module reuses 558 the IP tunnel MIB, the security considerations of the IP tunnel MIB 559 is also applicable to the Softwire mesh MIB. 561 There are no management objects defined in this MIB module that have 562 a MAX-ACCESS clause of read-write and/or read-create. So, if this 563 MIB module is implemented correctly, then there is no risk that an 564 intruder can alter or create any management objects of this MIB 565 module via direct SNMP SET operations. 567 Some of the readable objects in this MIB module (i.e., objects with a 568 MAX-ACCESS other than not-accessible) may be considered sensitive or 569 vulnerable in some network environments. It is thus important to 570 control even GET and/or NOTIFY access to these objects and possibly 571 to even encrypt the values of these objects when sending them over 572 the network via SNMP. These are the tables and objects and their 573 sensitivity/vulnerability: 575 swmSupportedTunnelType 576 swmEncapsIIPDstType 577 swmEncapsIIPDst 578 swmBGPNeighborTunnelType 580 SNMP versions prior to SNMPv3 did not include adequate security. 581 Even if the network itself is secure (for example by using IPsec), 582 there is no control as to who on the secure network is allowed to 583 access and GET/SET (read/change/create/delete) the objects in this 584 MIB module. 586 Implementations SHOULD provide the security features described by the 587 SNMPv3 framework (see [RFC3410]), and implementations claiming 588 compliance to the SNMPv3 standard MUST include full support for 589 authentication and privacy via the User-based Security Model (USM) 590 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 591 MAY also provide support for the Transport Security Model 592 (TSM)[RFC5591] in combination with a secure transport such as SSH 593 [RFC5592] or TLS/DTLS [RFC6353]. 595 Further, deployment of SNMP versions prior to SNMPv3 is NOT 596 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 597 enable cryptographic security. It is then a customer/operator 598 responsibility to ensure that the SNMP entity giving access to an 599 instance of this MIB module is properly configured to give access to 600 the objects only to those principals (users) that have legitimate 601 rights to indeed GET or SET (change/create/delete) them. 603 9. IANA Considerations 605 The MIB module in this document uses the following IANA-assigned 606 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 607 the following IANA-assigned tunnelType values recorded in the 608 IANAtunnelType-MIB registry: 610 Descriptor OBJECT IDENTIFIER value 611 ---------- ----------------------- 612 swmMIB { transmission XXX } 614 IANAtunnelType ::= TEXTUAL-CONVENTION 615 SYNTAX INTEGER { 617 softwireMesh ("xx") -- softwire Mesh tunnel 619 } 621 Editor's Note (to be removed prior to publication): the IANA is 622 requested to assign a value for "XXX" under the 'mib-2' subtree and 623 to record the assignment in the SMI Numbers registry. When the 624 assignment has been made, the RFC Editor is asked to replace "XXX" 625 (here and in the MIB module) with the assigned value and to remove 626 this note. 628 10. Acknowledgements 630 The authors would like to thank Dave Thaler, Jean-Philippe Dionne, Qi 631 Sun, Sheng Jiang, Yu Fu for their valuable comments. 633 11. References 635 11.1. Normative References 637 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 638 Requirement Levels", BCP 14, RFC 2119, March 1997. 640 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 641 Schoenwaelder, Ed., "Structure of Management Information 642 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 644 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 645 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 646 58, RFC 2579, April 1999. 648 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 649 "Conformance Statements for SMIv2", STD 58, RFC 2580, 650 April 1999. 652 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 653 (USM) for version 3 of the Simple Network Management 654 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 656 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 657 Advanced Encryption Standard (AES) Cipher Algorithm in the 658 SNMP User-based Security Model", RFC 3826, June 2004. 660 [RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire 661 Problem Statement", RFC 4925, July 2007. 663 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 664 Subsequent Address Family Identifier (SAFI) and the BGP 665 Tunnel Encapsulation Attribute", RFC 5512, April 2009. 667 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 668 Framework", RFC 5565, June 2009. 670 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 671 for the Simple Network Management Protocol (SNMP)", RFC 672 5591, June 2009. 674 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 675 Shell Transport Model for the Simple Network Management 676 Protocol (SNMP)", RFC 5592, June 2009. 678 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 679 Model for the Simple Network Management Protocol (SNMP)", 680 RFC 6353, July 2011. 682 11.2. Informative References 684 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 685 RFC 2223, October 1997. 687 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 688 MIB", RFC 2863, June 2000. 690 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 691 "Introduction and Applicability Statements for Internet- 692 Standard Management Framework", RFC 3410, December 2002. 694 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 695 June 1999. 697 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 699 [RFC4181] Heard, C., "Guidelines for Authors and Reviewers of MIB 700 Documents", BCP 111, RFC 4181, September 2005. 702 Authors' Addresses 704 Yong Cui 705 Tsinghua University 706 Department of Computer Science, Tsinghua University 707 Beijing 100084 708 P.R.China 710 Phone: +86-10-6260-3059 711 EMail: yong@csnet1.cs.tsinghua.edu.cn 712 Jiang Dong 713 Tsinghua University 714 Department of Computer Science, Tsinghua University 715 Beijing 100084 716 P.R.China 718 Phone: +86-10-6278-5822 719 EMail: dongjiang@csnet1.cs.tsinghua.edu.cn 721 Peng Wu 722 Tsinghua University 723 Department of Computer Science, Tsinghua University 724 Beijing 100084 725 P.R.China 727 Phone: +86-10-6278-5822 728 EMail: weapon@csnet1.cs.tsinghua.edu.cn 730 Mingwei Xu 731 Tsinghua University 732 Department of Computer Science, Tsinghua University 733 Beijing 100084 734 P.R.China 736 Phone: +86-10-6278-5822 737 EMail: xmw@cernet.edu.cn 739 Antti Yla-Jaaski 740 Aalto University 741 Konemiehentie 2 742 Espoo 02150 743 Finland 745 Phone: +358-40-5954222 746 EMail: antti.yla-jaaski@aalto.fi