idnits 2.17.1 draft-ietf-softwire-mesh-mib-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 8 instances of too long lines in the document, the longest one being 14 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (March 5, 2015) is 3311 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC4001' is mentioned on line 222, but not defined == Unused Reference: 'RFC2223' is defined on line 685, but no explicit reference was found in the text == Unused Reference: 'RFC2629' is defined on line 695, but no explicit reference was found in the text == Unused Reference: 'RFC4181' is defined on line 700, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4925 ** Obsolete normative reference: RFC 5512 (Obsoleted by RFC 9012) -- Obsolete informational reference (is this intentional?): RFC 2223 (Obsoleted by RFC 7322) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 3 errors (**), 0 flaws (~~), 6 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Y. Cui 3 Internet-Draft J. Dong 4 Intended status: Standards Track P. Wu 5 Expires: September 6, 2015 M. Xu 6 Tsinghua University 7 A. Yla-Jaaski 8 Aalto University 9 March 5, 2015 11 Softwire Mesh Management Information Base (MIB) 12 draft-ietf-softwire-mesh-mib-08 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for use with network management protocols in the Internet community. 18 In particular it defines objects for managing softwire mesh. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on September 6, 2015. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 4. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 59 5.1. The swmSupportedTunnelTable Subtree . . . . . . . . . . . 3 60 5.2. The swmEncapsTable Subtree . . . . . . . . . . . . . . . 3 61 5.3. The swmBGPNeighborTable Subtree . . . . . . . . . . . . . 3 62 5.4. The swmConformance Subtree . . . . . . . . . . . . . . . 4 63 6. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 64 6.1. Relationship to the IF-MIB . . . . . . . . . . . . . . . 4 65 6.2. Relationship to the IP Tunnel MIB . . . . . . . . . . . . 4 66 6.3. MIB modules required for IMPORTS . . . . . . . . . . . . 5 67 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 68 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 69 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 70 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 71 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 72 11.1. Normative References . . . . . . . . . . . . . . . . . . 14 73 11.2. Informative References . . . . . . . . . . . . . . . . . 15 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 76 1. Introduction 78 The Softwire mesh framework RFC 5565 [RFC5565] is a tunneling 79 mechanism that enables the connectivity between islands of IPv4 80 networks across a single IPv6 backbone and vice versa. In softwire 81 mesh, extended multiprotocol-BGP (MP-BGP)is used to set up tunnels 82 and advertise prefixes among address family border routers (AFBRs). 84 This memo defines a portion of the Management Information Base (MIB) 85 for use with network management protocols in the Internet community. 86 In particular it defines objects for managing softwire mesh 87 [RFC5565]. 89 2. The Internet-Standard Management Framework 91 For a detailed overview of the documents that describe the current 92 Internet-Standard Management Framework, please refer to section 7 of 93 RFC 3410 [RFC3410]. 95 Managed objects are accessed via a virtual information store, termed 96 the Management Information Base or MIB. MIB objects are generally 97 accessed through the Simple Network Management Protocol (SNMP). They 98 are defined using the mechanisms stated in the Structure of 99 Management Information (SMI). This memo specifies a MIB module that 100 is compliant to the SMIv2, which is described in STD 58, RFC 2578 101 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 103 3. Terminology 105 This document uses terminology from the softwire problem statement 106 RFC 4925 [RFC4925] and the softwire mesh framework RFC 5565 107 [RFC5565]. 109 4. Conventions 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 113 document are to be interpreted as described in RFC 2119 [RFC2119]. 115 5. Structure of the MIB Module 117 The softwire mesh MIB provides a method to configure and manage the 118 softwire mesh objects through SNMP. 120 5.1. The swmSupportedTunnelTable Subtree 122 Since the AFBR needs to negotiate with a BGP peer what kind of tunnel 123 they will use, it announces the types of tunnels it supports. The 124 swmSupportedTunnelTable subtree provides the information. According 125 to section 4 of RFC 5512 [RFC5512], current softwire mesh tunnel 126 types include IP-IP, GRE and L2TPv3. 128 5.2. The swmEncapsTable Subtree 130 The swmEncapsTable subtree provides softwire mesh NLRI-NH information 131 about the AFBR. It keeps the mapping between the External-IP (E-IP) 132 prefix and the Internal-IP (I-IP) address of the next hop. The 133 mappings determine which I-IP destination address will be used to 134 encapsulate the received packet according to its E-IP destination 135 address. The definitions of E-IP and I-IP are explained in section 136 4.1 of RFC 5565[RFC5565]. 138 5.3. The swmBGPNeighborTable Subtree 140 The subtree provides the softwire mesh BGP neighbor information of an 141 AFBR. It includes the address of the softwire mesh BGP peer, and the 142 kind of tunnel that the AFBR would use to communicate with this BGP 143 peer. 145 5.4. The swmConformance Subtree 147 The subtree provides the conformance information of MIB objects. 149 6. Relationship to Other MIB Modules 151 6.1. Relationship to the IF-MIB 153 The Interfaces MIB [RFC2863] defines generic managed objects for 154 managing interfaces. Each logical interface (physical or virtual) 155 has an ifEntry. Tunnels are handled by creating logical interfaces 156 (ifEntry). Being a tunnel, softwire mesh has an entry in the 157 Interface MIB, as well as an entry in IP Tunnel MIB. Those 158 corresponding entries are indexed by ifIndex. 160 The ifOperStatus in the ifTable represents whether the mesh function 161 of the AFBR has been triggered. If the software mesh capability is 162 negotiated during the BGP OPEN phase, the mesh function is considered 163 to be started, and the ifOperStatus is "up". Otherwise the 164 ifOperStatus is "down". 166 In the case of an IPv4-over-IPv6 softwire mesh tunnel, ifInUcastPkts 167 counts the number of IPv6 packets which are sent to the virtual 168 interface for decapsulation into IPv4. The ifOutUcastPkts counts the 169 number of IPv6 packets which are generated by encapsulating IPv4 170 packets sent to the virtual interface. Particularly, if these IPv4 171 packets need fragmentation, ifOutUcastPkts counts the number of 172 packets after fragmentation. 174 In the case of an IPv6-over-IPv4 softwire mesh tunnel, ifInUcastPkts 175 counts the number of IPv4 packets, which are sent to the virtual 176 interface for decapsulation into IPv6. The ifOutUcastPkts counts the 177 number of IPv4 packets, which are generated by encapsulating IPv6 178 packets sent to the virtual interface. Particularly, if these IPv6 179 packets need to be fragmented, tifOutUcastPkts counts the number of 180 packets after fragmentation. Similar definitions apply to other 181 counter objects in the ifTable. 183 6.2. Relationship to the IP Tunnel MIB 185 The IP Tunnel MIB [RFC4087] contains objects applicable to all IP 186 tunnels, including softwire mesh. Meanwhile, the Softwire Mesh MIB 187 extends the IP Tunnel MIB to further describe encapsulation-specific 188 information. 190 Running a point to multi-point tunnel, it is necessary for a softwire 191 mesh AFBR to maintain an encapsulation table, used to perform correct 192 "forwarding" among AFBRs. This forwarding function on an AFBR is 193 performed by using the E-IP destination address to look up in the 194 encapsulation table for the I-IP encapsulation destination address. 195 An AFBR also needs to know the BGP peer information of the other 196 AFBRs, so that it can negotiate the NLRI-NH information and the 197 tunnel parameters with them. 199 The Softwire mesh MIB requires the implementation of the IP Tunnel 200 MIB. The tunnelIfEncapsMethod in the tunnelIfEntry MUST be set to 201 softwireMesh("xx"), and a corresponding entry in the softwire mesh 202 MIB module will be presented for the tunnelIfEntry. The 203 tunnelIfRemoteInetAddress MUST be set to 0.0.0.0 for IPv4 or :: for 204 IPv6 because it is a point to multi-point tunnel. 206 -- RFC Ed.: Please replace "xx" with IANA assigned number here. 208 The tunnelIfAddressType in the tunnelIfTable represents the type of 209 address in the corresponding tunnelIfLocalInetAddress and 210 tunnelIfRemoteInetAddress objects. The tunnelIfAddressType is 211 identical to swmEncapsIIPDstType in softwire mesh, which can support 212 either IPv4-over-IPv6 or IPv6-over-IPv4. When the 213 swmEncapsEIPDstType is IPv6 and the swmEncapsIIPDstType is IPv4, the 214 tunnel type is IPv6-over-IPv4; When the swmEncapsEIPDstType is IPv4 215 and the swmEncapsIIPDstType is IPv6, the encapsulation mode would be 216 IPv4-over-IPv6. 218 6.3. MIB modules required for IMPORTS 220 The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 221 SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET-ADDRESS-MIB 222 [RFC4001]. 224 7. Definitions 226 SOFTWIRE-MESH-MIB DEFINITIONS ::= BEGIN 228 IMPORTS 229 MODULE-IDENTITY, OBJECT-TYPE, transmission FROM SNMPv2-SMI 231 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF 233 InetAddress, InetAddressType, InetAddressPrefixLength FROM INET-ADDRESS-MIB 235 ifIndex FROM IF-MIB 237 IANAtunnelType FROM IANAifType-MIB; 239 swmMIB MODULE-IDENTITY 240 LAST-UPDATED "201503060000Z" -- March 6, 2015 241 ORGANIZATION "Softwire Working Group" 242 CONTACT-INFO " 244 Yong Cui 245 Email: yong@csnet1.cs.tsinghua.edu.cn 247 Jiang Dong 248 Email: dongjiang@csnet1.cs.tsinghua.edu.cn 250 Peng Wu 251 Email: weapon@csnet1.cs.tsinghua.edu.cn 253 Mingwei Xu 254 Email: xmw@cernet.edu.cn 256 Antti Yla-Jaaski 257 Email: antti.yla-jaaski@aalto.fi 259 Email comments directly to the softwire WG Mailing 260 List at softwires@ietf.org 261 " 263 DESCRIPTION 264 "This MIB module contains managed object definitions for 265 the softwire mesh framework. 267 Copyright (C) The Internet Society (2015). This version 268 of this MIB module is part of RFC yyyy; see the RFC 269 itself for full legal notices." 271 -- RFC Ed.: please replace yyyy with actual RFC number & remove this note. 273 REVISION "201503060000Z" 274 DESCRIPTION 275 "The MIB module is defined for management of object in 276 the Softwire mesh framework." 277 ::= { transmission XXX } 279 --RFC Ed.: Please replace "XXX" with IANA assigned number here. 281 swmObjects OBJECT IDENTIFIER ::= { swmMIB 1 } 283 -- swmSupportedTunnelTable 284 swmSupportedTunnelTable OBJECT-TYPE 285 SYNTAX SEQUENCE OF SwmSupportedTunnelEntry 286 MAX-ACCESS not-accessible 287 STATUS current 288 DESCRIPTION 289 "A table of objects that shows what kind of tunnels 290 can be supported by the AFBR." 291 ::= { swmObjects 1 } 293 swmSupportedTunnelEntry OBJECT-TYPE 294 SYNTAX SwmSupportedTunnelEntry 295 MAX-ACCESS not-accessible 296 STATUS current 297 DESCRIPTION 298 "A set of objects that show what kind of tunnels 299 can be supported in the AFBR. If the AFBR supports 300 multiple tunnel types, the swmSupportedTunnelTable 301 would have several entries." 302 INDEX { swmSupportedTunnelType } 303 ::= { swmSupportedTunnelTable 1 } 305 SwmSupportedTunnelEntry ::= SEQUENCE { 306 swmSupportedTunnelType IANAtunnelType 307 } 309 swmSupportedTunnelType OBJECT-TYPE 310 SYNTAX IANAtunnelType 311 MAX-ACCESS read-only 312 STATUS current 313 DESCRIPTION 314 "Represents the tunnel type that the AFBR supports, 315 such as MPLS, L2TPv3, GRE, and IP-in-IP. There is 316 no restriction of tunnel type the Softwire mesh can use." 317 ::= { swmSupportedTunnelEntry 1 } 318 -- end of swmSupportedTunnelTable 320 --swmEncapsTable 321 swmEncapsTable OBJECT-TYPE 322 SYNTAX SEQUENCE OF SwmEncapsEntry 323 MAX-ACCESS not-accessible 324 STATUS current 325 DESCRIPTION 326 "A table of objects that display and control the 327 softwire mesh encapsulation information." 328 ::= { swmObjects 2 } 330 swmEncapsEntry OBJECT-TYPE 331 SYNTAX SwmEncapsEntry 332 MAX-ACCESS not-accessible 333 STATUS current 334 DESCRIPTION 335 "A table of objects that manage the softwire mesh I-IP 336 encapsulation destination based on the E-IP destination prefix." 337 INDEX { ifIndex, 338 swmEncapsEIPDstType, 339 swmEncapsEIPDst, 340 swmEncapsEIPPrefixLength 341 } 342 ::= { swmEncapsTable 1 } 344 SwmEncapsEntry ::= SEQUENCE { 345 swmEncapsEIPDstType InetAddressType, 346 swmEncapsEIPDst InetAddress, 347 swmEncapsEIPPrefixLength InetAddressPrefixLength, 348 swmEncapsIIPDstType InetAddressType, 349 swmEncapsIIPDst InetAddress 350 } 352 swmEncapsEIPDstType OBJECT-TYPE 353 SYNTAX InetAddressType 354 MAX-ACCESS not-accessible 355 STATUS current 356 DESCRIPTION 357 "This object specifies the address type used for 358 swmEncapsEIPDst. It is different from the tunnelIfAddressType 359 in the tunnelIfTable." 360 ::= { swmEncapsEntry 1 } 362 swmEncapsEIPDst OBJECT-TYPE 363 SYNTAX InetAddress 364 MAX-ACCESS not-accessible 365 STATUS current 366 DESCRIPTION 367 "The E-IP destination prefix, which is 368 used for I-IP encapsulation destination looking up." 369 ::= { swmEncapsEntry 2 } 371 swmEncapsEIPPrefixLength OBJECT-TYPE 372 SYNTAX InetAddressPrefixLength 373 MAX-ACCESS not-accessible 374 STATUS current 375 DESCRIPTION 376 "The prefix length of the E-IP destination prefix." 377 ::= { swmEncapsEntry 3 } 379 swmEncapsIIPDstType OBJECT-TYPE 380 SYNTAX InetAddressType 381 MAX-ACCESS read-only 382 STATUS current 383 DESCRIPTION 384 "This object specifies the address type used for 385 swmEncapsIIPDst. It is the same as the tunnelIfAddressType 386 in the tunnelIfTable." 387 ::= { swmEncapsEntry 4 } 389 swmEncapsIIPDst OBJECT-TYPE 390 SYNTAX InetAddress 391 MAX-ACCESS read-only 392 STATUS current 393 DESCRIPTION 394 "The I-IP destination address, which is used as the encapsulation 395 destination for the corresponding E-IP prefix. Since the 396 tunnelIfRemoteInetAddress in the tunnelIfTable should be 0.0.0.0 or ::, 397 swmEncapIIPDst should be the destination address used in the outer 398 IP header." 399 ::= { swmEncapsEntry 5 } 400 -- End of swmEncapsTable 402 -- swmBGPNeighborTable 403 swmBGPNeighborTable OBJECT-TYPE 404 SYNTAX SEQUENCE OF SwmBGPNeighborEntry 405 MAX-ACCESS not-accessible 406 STATUS current 407 DESCRIPTION 408 "A table of objects that display the softwire mesh 409 BGP neighbor information." 410 ::= { swmObjects 3 } 412 swmBGPNeighborEntry OBJECT-TYPE 413 SYNTAX SwmBGPNeighborEntry 414 MAX-ACCESS not-accessible 415 STATUS current 416 DESCRIPTION 417 "A set of objects that display the softwire mesh 418 BGP neighbor information." 419 INDEX { 420 ifIndex, 421 swmBGPNeighborInetAddressType, 422 swmBGPNeighborInetAddress 423 } 424 ::= { swmBGPNeighborTable 1 } 426 SwmBGPNeighborEntry ::= SEQUENCE { 427 swmBGPNeighborInetAddressType InetAddressType, 428 swmBGPNeighborInetAddress InetAddress, 429 swmBGPNeighborTunnelType IANAtunnelType 430 } 431 swmBGPNeighborInetAddressType OBJECT-TYPE 432 SYNTAX InetAddressType 433 MAX-ACCESS not-accessible 434 STATUS current 435 DESCRIPTION 436 "This object specifies the address type used for 437 swmBGPNeighborInetAddress." 438 ::= { swmBGPNeighborEntry 1 } 440 swmBGPNeighborInetAddress OBJECT-TYPE 441 SYNTAX InetAddress 442 MAX-ACCESS not-accessible 443 STATUS current 444 DESCRIPTION 445 "The address of the AFBR's BGP neighbor. The 446 address type is the same as the tunnelIfAddressType 447 in the tunnelIfTable." 448 ::= { swmBGPNeighborEntry 2 } 450 swmBGPNeighborTunnelType OBJECT-TYPE 451 SYNTAX IANAtunnelType 452 MAX-ACCESS read-only 453 STATUS current 454 DESCRIPTION 455 "Represents the type of tunnel that the 456 AFBR chooses to transmit traffic with another AFBR/BGP neighbor." 457 ::= { swmBGPNeighborEntry 3 } 458 -- End of swmBGPNeighborTable 460 -- conformance information 461 swmConformance 462 OBJECT IDENTIFIER ::= { swmMIB 2 } 463 swmCompliances 464 OBJECT IDENTIFIER ::= { swmConformance 1 } 465 swmGroups 466 OBJECT IDENTIFIER ::= { swmConformance 2 } 468 -- compliance statements 469 swmCompliance MODULE-COMPLIANCE 470 STATUS current 471 DESCRIPTION 472 "Describes the requirements for conformance to the softwire 473 mesh MIB. 475 The following index objects cannot be added as OBJECT 476 clauses but nevertheless have compliance requirements: 477 " 478 -- OBJECT swmEncapsEIPDstType 479 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 480 -- DESCRIPTION 481 -- "An implementation is required to support 482 -- global IPv4 and/or IPv6 addresses, depending 483 -- on its support for IPv4 and IPv6." 485 -- OBJECT swmEncapsEIPDst 486 -- SYNTAX InetAddress (SIZE(4|16)) 487 -- DESCRIPTION 488 -- "An implementation is required to support 489 -- global IPv4 and/or IPv6 addresses, depending 490 -- on its support for IPv4 and IPv6." 492 -- OBJECT swmEncapsEIPPrefixLength 493 -- SYNTAX InetAddressPrefixLength (Unsigned32 (0..128)) 494 -- DESCRIPTION 495 -- "An implementation is required to support 496 -- global IPv4 and/or IPv6 addresses, depending 497 -- on its support for IPv4 and IPv6." 499 -- OBJECT swmBGPNeighborInetAddressType 500 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 501 -- DESCRIPTION 502 -- "An implementation is required to support 503 -- global IPv4 and/or IPv6 addresses, depending 504 -- on its support for IPv4 and IPv6." 506 -- OBJECT swmBGPNeighborInetAddress 507 -- SYNTAX InetAddress (SIZE(4|16)) 508 -- DESCRIPTION 509 -- "An implementation is required to support 510 -- global IPv4 and/or IPv6 addresses, depending 511 -- on its support for IPv4 and IPv6." 513 MODULE -- this module 514 MANDATORY-GROUPS { 515 swmSupportedTunnelGroup, 516 swmEncapsGroup, 517 swmBGPNeighborGroup 518 } 519 ::= { swmCompliances 1 } 521 swmSupportedTunnelGroup OBJECT-GROUP 522 OBJECTS { 523 swmSupportedTunnelType 524 } 525 STATUS current 526 DESCRIPTION 527 "The collection of objects which are used to show 528 what kind of tunnel the AFBR supports." 529 ::= { swmGroups 1 } 531 swmEncapsGroup OBJECT-GROUP 532 OBJECTS { 533 swmEncapsIIPDst, 534 swmEncapsIIPDstType 535 } 536 STATUS current 537 DESCRIPTION 538 "The collection of objects which are used to display 539 softwire mesh encapsulation information." 540 ::= { swmGroups 2 } 542 swmBGPNeighborGroup OBJECT-GROUP 543 OBJECTS { 544 swmBGPNeighborTunnelType 545 } 546 STATUS current 547 DESCRIPTION 548 "The collection of objects which are used to display 549 softwire mesh BGP neighbor information." 550 ::= { swmGroups 3 } 552 END 554 8. Security Considerations 556 The swmMIB module can be used for configuration of certain objects, 557 and anything that can be configured can be incorrectly configured, 558 with potentially disastrous results. Because this MIB module reuses 559 the IP tunnel MIB, the security considerations of the IP tunnel MIB 560 is also applicable to the Softwire mesh MIB. 562 There are no management objects defined in this MIB module that have 563 a MAX-ACCESS clause of read-write and/or read-create. So, if this 564 MIB module is implemented correctly, then there is no risk that an 565 intruder can alter or create any management objects of this MIB 566 module via direct SNMP SET operations. 568 Some of the readable objects in this MIB module (i.e., objects with a 569 MAX-ACCESS other than not-accessible) may be considered sensitive or 570 vulnerable in some network environments. It is thus important to 571 control even GET and/or NOTIFY access to these objects and possibly 572 to even encrypt the values of these objects when sending them over 573 the network via SNMP. These are objects and their sensitivity/ 574 vulnerability: 576 Particularly, swmSupportedTunnelType, swmEncapsIIPDstType, 577 swmEncapsIIPDst and swmBGPNeighborTunnelType can expose the types of 578 tunnel used within the internal network, and potentially reveal the 579 topology of the internal network. 581 SNMP versions prior to SNMPv3 did not include adequate security. 582 Even if the network itself is secure (for example by using IPsec), 583 there is no control as to who on the secure network is allowed to 584 access and GET/SET (read/change/create/delete) the objects in this 585 MIB module. 587 Implementations SHOULD provide the security features described by the 588 SNMPv3 framework (see [RFC3410]), and implementations claiming 589 compliance to the SNMPv3 standard MUST include full support for 590 authentication and privacy via the User-based Security Model (USM) 591 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 592 MAY also provide support for the Transport Security Model 593 (TSM)[RFC5591] in combination with a secure transport such as SSH 594 [RFC5592] or TLS/DTLS [RFC6353]. 596 Further, deployment of SNMP versions prior to SNMPv3 is NOT 597 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 598 enable cryptographic security. It is then a customer/operator 599 responsibility to ensure that the SNMP entity giving access to an 600 instance of this MIB module is properly configured to give access to 601 the objects only to those principals (users) that have legitimate 602 rights to indeed GET or SET (change/create/delete) them. 604 9. IANA Considerations 606 The MIB module in this document uses the following IANA-assigned 607 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 608 the following IANA-assigned tunnelType values recorded in the 609 IANAtunnelType-MIB registry: 611 Descriptor OBJECT IDENTIFIER value 612 ---------- ----------------------- 613 swmMIB { transmission XXX } 615 IANAtunnelType ::= TEXTUAL-CONVENTION 616 SYNTAX INTEGER { 618 softwireMesh ("xx") -- softwire Mesh tunnel 620 } 622 Editor's Note (to be removed prior to publication): the IANA is 623 requested to assign a value for "XXX" under the 'mib-2' subtree and 624 to record the assignment in the SMI Numbers registry. When the 625 assignment has been made, the RFC Editor is asked to replace "XXX" 626 (here and in the MIB module) with the assigned value and to remove 627 this note. 629 10. Acknowledgements 631 The authors would like to thank Dave Thaler, Jean-Philippe Dionne, Qi 632 Sun, Sheng Jiang, Yu Fu for their valuable comments. 634 11. References 636 11.1. Normative References 638 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 639 Requirement Levels", BCP 14, RFC 2119, March 1997. 641 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 642 Schoenwaelder, Ed., "Structure of Management Information 643 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 645 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 646 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 647 58, RFC 2579, April 1999. 649 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 650 "Conformance Statements for SMIv2", STD 58, RFC 2580, 651 April 1999. 653 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 654 (USM) for version 3 of the Simple Network Management 655 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 657 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 658 Advanced Encryption Standard (AES) Cipher Algorithm in the 659 SNMP User-based Security Model", RFC 3826, June 2004. 661 [RFC4925] Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire 662 Problem Statement", RFC 4925, July 2007. 664 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 665 Subsequent Address Family Identifier (SAFI) and the BGP 666 Tunnel Encapsulation Attribute", RFC 5512, April 2009. 668 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 669 Framework", RFC 5565, June 2009. 671 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 672 for the Simple Network Management Protocol (SNMP)", STD 673 78, RFC 5591, June 2009. 675 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 676 Shell Transport Model for the Simple Network Management 677 Protocol (SNMP)", RFC 5592, June 2009. 679 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 680 Model for the Simple Network Management Protocol (SNMP)", 681 STD 78, RFC 6353, July 2011. 683 11.2. Informative References 685 [RFC2223] Postel, J. and J. Reynolds, "Instructions to RFC Authors", 686 RFC 2223, October 1997. 688 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 689 MIB", RFC 2863, June 2000. 691 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 692 "Introduction and Applicability Statements for Internet- 693 Standard Management Framework", RFC 3410, December 2002. 695 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 696 June 1999. 698 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 700 [RFC4181] Heard, C., "Guidelines for Authors and Reviewers of MIB 701 Documents", BCP 111, RFC 4181, September 2005. 703 Authors' Addresses 705 Yong Cui 706 Tsinghua University 707 Department of Computer Science, Tsinghua University 708 Beijing 100084 709 P.R.China 711 Phone: +86-10-6260-3059 712 EMail: yong@csnet1.cs.tsinghua.edu.cn 713 Jiang Dong 714 Tsinghua University 715 Department of Computer Science, Tsinghua University 716 Beijing 100084 717 P.R.China 719 Phone: +86-10-6278-5822 720 EMail: dongjiang@csnet1.cs.tsinghua.edu.cn 722 Peng Wu 723 Tsinghua University 724 Department of Computer Science, Tsinghua University 725 Beijing 100084 726 P.R.China 728 Phone: +86-10-6278-5822 729 EMail: weapon@csnet1.cs.tsinghua.edu.cn 731 Mingwei Xu 732 Tsinghua University 733 Department of Computer Science, Tsinghua University 734 Beijing 100084 735 P.R.China 737 Phone: +86-10-6278-5822 738 EMail: xmw@cernet.edu.cn 740 Antti Yla-Jaaski 741 Aalto University 742 Konemiehentie 2 743 Espoo 02150 744 Finland 746 Phone: +358-40-5954222 747 EMail: antti.yla-jaaski@aalto.fi