idnits 2.17.1 draft-ietf-softwire-mesh-mib-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 29, 2015) is 3103 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5512 (Obsoleted by RFC 9012) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Y. Cui 3 Internet-Draft J. Dong 4 Intended status: Standards Track P. Wu 5 Expires: April 1, 2016 M. Xu 6 Tsinghua University 7 A. Yla-Jaaski 8 Aalto University 9 September 29, 2015 11 Softwire Mesh Management Information Base (MIB) 12 draft-ietf-softwire-mesh-mib-10 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for use with network management protocols in the Internet community. 18 In particular it defines objects for managing softwire mesh. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 1, 2016. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 4. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 59 5.1. The swmSupportedTunnelTable Subtree . . . . . . . . . . . 3 60 5.2. The swmEncapsTable Subtree . . . . . . . . . . . . . . . 3 61 5.3. The swmBGPNeighborTable Subtree . . . . . . . . . . . . . 3 62 5.4. The swmConformance Subtree . . . . . . . . . . . . . . . 4 63 6. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 64 6.1. Relationship to the IF-MIB . . . . . . . . . . . . . . . 4 65 6.2. Relationship to the IP Tunnel MIB . . . . . . . . . . . . 4 66 6.3. MIB modules required for IMPORTS . . . . . . . . . . . . 5 67 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 68 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 69 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 70 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 71 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 72 11.1. Normative References . . . . . . . . . . . . . . . . . . 14 73 11.2. Informative References . . . . . . . . . . . . . . . . . 15 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 76 1. Introduction 78 The Softwire mesh framework RFC 5565 [RFC5565] is a tunneling 79 mechanism that enables the connectivity between islands of IPv4 80 networks across a single IPv6 backbone and vice versa. In softwire 81 mesh, extended multiprotocol-BGP (MP-BGP)is used to set up tunnels 82 and advertise prefixes among address family border routers (AFBRs). 84 This memo defines a portion of the Management Information Base (MIB) 85 for use with network management protocols in the Internet community. 86 In particular it defines objects for managing softwire mesh 87 [RFC5565]. 89 2. The Internet-Standard Management Framework 91 For a detailed overview of the documents that describe the current 92 Internet-Standard Management Framework, please refer to section 7 of 93 RFC 3410 [RFC3410]. 95 Managed objects are accessed via a virtual information store, termed 96 the Management Information Base or MIB. MIB objects are generally 97 accessed through the Simple Network Management Protocol (SNMP). They 98 are defined using the mechanisms stated in the Structure of 99 Management Information (SMI). This memo specifies a MIB module that 100 is compliant to the SMIv2, which is described in STD 58, RFC 2578 101 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 103 3. Terminology 105 This document uses terminology from the softwire problem statement 106 RFC 4925 [RFC4925] and the softwire mesh framework RFC 5565 107 [RFC5565]. 109 4. Conventions 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 113 "OPTIONAL" in this document are to be interpreted as described in RFC 114 2119 [RFC2119]. 116 5. Structure of the MIB Module 118 The softwire mesh MIB provides a method to configure and manage the 119 softwire mesh objects through SNMP. 121 5.1. The swmSupportedTunnelTable Subtree 123 Since the AFBR needs to negotiate with a BGP peer what kind of tunnel 124 they will use, it announces the types of tunnels it supports. The 125 swmSupportedTunnelTable subtree provides the information. According 126 to section 4 of RFC 5512 [RFC5512], current softwire mesh tunnel 127 types include IP-IP, GRE and L2TPv3. 129 5.2. The swmEncapsTable Subtree 131 The swmEncapsTable subtree provides softwire mesh NLRI-NH information 132 about the AFBR. It keeps the mapping between the External-IP (E-IP) 133 prefix and the Internal-IP (I-IP) address of the next hop. The 134 mappings determine which I-IP destination address will be used to 135 encapsulate the received packet according to its E-IP destination 136 address. The definitions of E-IP and I-IP are explained in section 137 4.1 of RFC 5565[RFC5565]. 139 5.3. The swmBGPNeighborTable Subtree 141 The subtree provides the softwire mesh BGP neighbor information of an 142 AFBR. It includes the address of the softwire mesh BGP peer, and the 143 kind of tunnel that the AFBR would use to communicate with this BGP 144 peer. 146 5.4. The swmConformance Subtree 148 The subtree provides the conformance information of MIB objects. 150 6. Relationship to Other MIB Modules 152 6.1. Relationship to the IF-MIB 154 The Interfaces MIB [RFC2863] defines generic managed objects for 155 managing interfaces. Each logical interface (physical or virtual) 156 has an ifEntry. Tunnels are handled by creating logical interfaces 157 (ifEntry). Being a tunnel, softwire mesh has an entry in the 158 Interface MIB, as well as an entry in IP Tunnel MIB. Those 159 corresponding entries are indexed by ifIndex. 161 The ifOperStatus in the ifTable represents whether the mesh function 162 of the AFBR has been triggered. If the software mesh capability is 163 negotiated during the BGP OPEN phase, the mesh function is considered 164 to be started, and the ifOperStatus is "up". Otherwise the 165 ifOperStatus is "down". 167 In the case of an IPv4-over-IPv6 softwire mesh tunnel, ifInUcastPkts 168 counts the number of IPv6 packets which are sent to the virtual 169 interface for decapsulation into IPv4. The ifOutUcastPkts counts the 170 number of IPv6 packets which are generated by encapsulating IPv4 171 packets sent to the virtual interface. Particularly, if these IPv4 172 packets need fragmentation, ifOutUcastPkts counts the number of 173 packets after fragmentation. 175 In the case of an IPv6-over-IPv4 softwire mesh tunnel, ifInUcastPkts 176 counts the number of IPv4 packets, which are sent to the virtual 177 interface for decapsulation into IPv6. The ifOutUcastPkts counts the 178 number of IPv4 packets, which are generated by encapsulating IPv6 179 packets sent to the virtual interface. Particularly, if these IPv6 180 packets need to be fragmented, tifOutUcastPkts counts the number of 181 packets after fragmentation. Similar definitions apply to other 182 counter objects in the ifTable. 184 6.2. Relationship to the IP Tunnel MIB 186 The IP Tunnel MIB [RFC4087] contains objects applicable to all IP 187 tunnels, including softwire mesh. Meanwhile, the Softwire Mesh MIB 188 extends the IP Tunnel MIB to further describe encapsulation-specific 189 information. 191 Running a point to multi-point tunnel, it is necessary for a softwire 192 mesh AFBR to maintain an encapsulation table, used to perform correct 193 "forwarding" among AFBRs. This forwarding function on an AFBR is 194 performed by using the E-IP destination address to look up in the 195 encapsulation table for the I-IP encapsulation destination address. 196 An AFBR also needs to know the BGP peer information of the other 197 AFBRs, so that it can negotiate the NLRI-NH information and the 198 tunnel parameters with them. 200 The Softwire mesh MIB requires the implementation of the IP Tunnel 201 MIB. The tunnelIfEncapsMethod in the tunnelIfEntry MUST be set to 202 softwireMesh("xx"), and a corresponding entry in the softwire mesh 203 MIB module will be presented for the tunnelIfEntry. The 204 tunnelIfRemoteInetAddress MUST be set to 0.0.0.0 for IPv4 or :: for 205 IPv6 because it is a point to multi-point tunnel. 207 -- RFC Ed.: Please replace "xx" with IANA assigned number here. 209 The tunnelIfAddressType in the tunnelIfTable represents the type of 210 address in the corresponding tunnelIfLocalInetAddress and 211 tunnelIfRemoteInetAddress objects. The tunnelIfAddressType is 212 identical to swmEncapsIIPDstType in softwire mesh, which can support 213 either IPv4-over-IPv6 or IPv6-over-IPv4. When the 214 swmEncapsEIPDstType is IPv6 and the swmEncapsIIPDstType is IPv4, the 215 tunnel type is IPv6-over-IPv4; When the swmEncapsEIPDstType is IPv4 216 and the swmEncapsIIPDstType is IPv6, the encapsulation mode would be 217 IPv4-over-IPv6. 219 6.3. MIB modules required for IMPORTS 221 The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 222 SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET-ADDRESS-MIB 223 [RFC4001]. 225 7. Definitions 227 SOFTWIRE-MESH-MIB DEFINITIONS ::= BEGIN 229 IMPORTS 230 MODULE-IDENTITY, OBJECT-TYPE, transmission FROM SNMPv2-SMI 232 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF 234 InetAddress, InetAddressType, InetAddressPrefixLength 236 FROM INET-ADDRESS-MIB 238 ifIndex FROM IF-MIB 240 IANAtunnelType FROM IANAifType-MIB; 242 swmMIB MODULE-IDENTITY 243 LAST-UPDATED "201503060000Z" -- March 6, 2015 244 ORGANIZATION "Softwire Working Group" 245 CONTACT-INFO " 247 Yong Cui 248 Email: yong@csnet1.cs.tsinghua.edu.cn 250 Jiang Dong 251 Email: dongjiang@csnet1.cs.tsinghua.edu.cn 253 Peng Wu 254 Email: weapon@csnet1.cs.tsinghua.edu.cn 256 Mingwei Xu 257 Email: xmw@cernet.edu.cn 259 Antti Yla-Jaaski 260 Email: antti.yla-jaaski@aalto.fi 262 Email comments directly to the softwire WG Mailing 263 List at softwires@ietf.org 264 " 266 DESCRIPTION 267 "This MIB module contains managed object definitions for 268 the softwire mesh framework. 270 Copyright (C) The Internet Society (2015). This version 271 of this MIB module is part of RFC yyyy; see the RFC 272 itself for full legal notices." 274 -- RFC Ed.: please replace yyyy with actual RFC number & remove 275 this note. 277 REVISION "201503060000Z" 278 DESCRIPTION 279 "The MIB module is defined for management of object in 280 the Softwire mesh framework." 281 ::= { transmission XXX } 283 --RFC Ed.: Please replace "XXX" with IANA assigned number here. 285 swmObjects OBJECT IDENTIFIER ::= { swmMIB 1 } 287 -- swmSupportedTunnelTable 288 swmSupportedTunnelTable OBJECT-TYPE 289 SYNTAX SEQUENCE OF SwmSupportedTunnelEntry 290 MAX-ACCESS not-accessible 291 STATUS current 292 DESCRIPTION 293 "A table of objects that shows what kind of tunnels 294 can be supported by the AFBR." 295 ::= { swmObjects 1 } 297 swmSupportedTunnelEntry OBJECT-TYPE 298 SYNTAX SwmSupportedTunnelEntry 299 MAX-ACCESS not-accessible 300 STATUS current 301 DESCRIPTION 302 "A set of objects that show what kind of tunnels 303 can be supported in the AFBR. If the AFBR supports 304 multiple tunnel types, the swmSupportedTunnelTable 305 would have several entries." 306 INDEX { swmSupportedTunnelType } 307 ::= { swmSupportedTunnelTable 1 } 309 SwmSupportedTunnelEntry ::= SEQUENCE { 310 swmSupportedTunnelType IANAtunnelType 311 } 313 swmSupportedTunnelType OBJECT-TYPE 314 SYNTAX IANAtunnelType 315 MAX-ACCESS read-only 316 STATUS current 317 DESCRIPTION 318 "Represents the tunnel type that the AFBR supports, 319 such as MPLS, L2TPv3, GRE, and IP-in-IP. There is 320 no restriction of tunnel type the Softwire mesh can use." 321 ::= { swmSupportedTunnelEntry 1 } 322 -- end of swmSupportedTunnelTable 324 --swmEncapsTable 325 swmEncapsTable OBJECT-TYPE 326 SYNTAX SEQUENCE OF SwmEncapsEntry 327 MAX-ACCESS not-accessible 328 STATUS current 329 DESCRIPTION 330 "A table of objects that display and control the 331 softwire mesh encapsulation information." 332 ::= { swmObjects 2 } 334 swmEncapsEntry OBJECT-TYPE 335 SYNTAX SwmEncapsEntry 336 MAX-ACCESS not-accessible 337 STATUS current 338 DESCRIPTION 339 "A table of objects that manage the softwire mesh I-IP 340 encapsulation destination based on the E-IP destination 341 prefix." 342 INDEX { ifIndex, 343 swmEncapsEIPDstType, 344 swmEncapsEIPDst, 345 swmEncapsEIPPrefixLength 346 } 347 ::= { swmEncapsTable 1 } 349 SwmEncapsEntry ::= SEQUENCE { 350 swmEncapsEIPDstType InetAddressType, 351 swmEncapsEIPDst InetAddress, 352 swmEncapsEIPPrefixLength InetAddressPrefixLength, 353 swmEncapsIIPDstType InetAddressType, 354 swmEncapsIIPDst InetAddress 355 } 357 swmEncapsEIPDstType OBJECT-TYPE 358 SYNTAX InetAddressType 359 MAX-ACCESS not-accessible 360 STATUS current 361 DESCRIPTION 362 "This object specifies the address type used for 363 swmEncapsEIPDst. It is different from the tunnelIfAddressType 364 in the tunnelIfTable." 365 ::= { swmEncapsEntry 1 } 367 swmEncapsEIPDst OBJECT-TYPE 368 SYNTAX InetAddress 369 MAX-ACCESS not-accessible 370 STATUS current 371 DESCRIPTION 372 "The E-IP destination prefix, which is 373 used for I-IP encapsulation destination looking up." 374 ::= { swmEncapsEntry 2 } 376 swmEncapsEIPPrefixLength OBJECT-TYPE 377 SYNTAX InetAddressPrefixLength 378 MAX-ACCESS not-accessible 379 STATUS current 380 DESCRIPTION 381 "The prefix length of the E-IP destination prefix." 382 ::= { swmEncapsEntry 3 } 384 swmEncapsIIPDstType OBJECT-TYPE 385 SYNTAX InetAddressType 386 MAX-ACCESS read-only 387 STATUS current 388 DESCRIPTION 389 "This object specifies the address type used for 390 swmEncapsIIPDst. It is the same as the tunnelIfAddressType 391 in the tunnelIfTable." 392 ::= { swmEncapsEntry 4 } 394 swmEncapsIIPDst OBJECT-TYPE 395 SYNTAX InetAddress 396 MAX-ACCESS read-only 397 STATUS current 398 DESCRIPTION 399 "The I-IP destination address, which is used as the 400 encapsulation destination for the corresponding E-IP 401 prefix. Since the tunnelIfRemoteInetAddress in the 402 tunnelIfTable should be 0.0.0.0 or ::,swmEncapIIPDst 403 should be the destination address used in the outer 404 IP header." 405 ::= { swmEncapsEntry 5 } 406 -- End of swmEncapsTable 408 -- swmBGPNeighborTable 409 swmBGPNeighborTable OBJECT-TYPE 410 SYNTAX SEQUENCE OF SwmBGPNeighborEntry 411 MAX-ACCESS not-accessible 412 STATUS current 413 DESCRIPTION 414 "A table of objects that display the softwire mesh 415 BGP neighbor information." 416 ::= { swmObjects 3 } 418 swmBGPNeighborEntry OBJECT-TYPE 419 SYNTAX SwmBGPNeighborEntry 420 MAX-ACCESS not-accessible 421 STATUS current 422 DESCRIPTION 423 "A set of objects that display the softwire mesh 424 BGP neighbor information." 425 INDEX { 426 ifIndex, 427 swmBGPNeighborInetAddressType, 428 swmBGPNeighborInetAddress 429 } 430 ::= { swmBGPNeighborTable 1 } 432 SwmBGPNeighborEntry ::= SEQUENCE { 433 swmBGPNeighborInetAddressType InetAddressType, 434 swmBGPNeighborInetAddress InetAddress, 435 swmBGPNeighborTunnelType IANAtunnelType 436 } 438 swmBGPNeighborInetAddressType OBJECT-TYPE 439 SYNTAX InetAddressType 440 MAX-ACCESS not-accessible 441 STATUS current 442 DESCRIPTION 443 "This object specifies the address type used for 444 swmBGPNeighborInetAddress." 445 ::= { swmBGPNeighborEntry 1 } 447 swmBGPNeighborInetAddress OBJECT-TYPE 448 SYNTAX InetAddress 449 MAX-ACCESS not-accessible 450 STATUS current 451 DESCRIPTION 452 "The address of the AFBR's BGP neighbor. The 453 address type is the same as the tunnelIfAddressType 454 in the tunnelIfTable." 455 ::= { swmBGPNeighborEntry 2 } 457 swmBGPNeighborTunnelType OBJECT-TYPE 458 SYNTAX IANAtunnelType 459 MAX-ACCESS read-only 460 STATUS current 461 DESCRIPTION 462 "Represents the type of tunnel that the 463 AFBR chooses to transmit traffic with another AFBR/BGP 464 neighbor." 465 ::= { swmBGPNeighborEntry 3 } 466 -- End of swmBGPNeighborTable 468 -- conformance information 469 swmConformance 470 OBJECT IDENTIFIER ::= { swmMIB 2 } 471 swmCompliances 472 OBJECT IDENTIFIER ::= { swmConformance 1 } 473 swmGroups 474 OBJECT IDENTIFIER ::= { swmConformance 2 } 476 -- compliance statements 477 swmCompliance MODULE-COMPLIANCE 478 STATUS current 479 DESCRIPTION 480 "Describes the requirements for conformance to the softwire 481 mesh MIB. 483 The following index objects cannot be added as OBJECT 484 clauses but nevertheless have compliance requirements: 485 " 486 -- OBJECT swmEncapsEIPDstType 487 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 488 -- DESCRIPTION 489 -- "An implementation is required to support 490 -- global IPv4 and/or IPv6 addresses, depending 491 -- on its support for IPv4 and IPv6." 493 -- OBJECT swmEncapsEIPDst 494 -- SYNTAX InetAddress (SIZE(4|16)) 495 -- DESCRIPTION 496 -- "An implementation is required to support 497 -- global IPv4 and/or IPv6 addresses, depending 498 -- on its support for IPv4 and IPv6." 500 -- OBJECT swmEncapsEIPPrefixLength 501 -- SYNTAX InetAddressPrefixLength (Unsigned32 (0..128)) 502 -- DESCRIPTION 503 -- "An implementation is required to support 504 -- global IPv4 and/or IPv6 addresses, depending 505 -- on its support for IPv4 and IPv6." 507 -- OBJECT swmBGPNeighborInetAddressType 508 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 509 -- DESCRIPTION 510 -- "An implementation is required to support 511 -- global IPv4 and/or IPv6 addresses, depending 512 -- on its support for IPv4 and IPv6." 514 -- OBJECT swmBGPNeighborInetAddress 515 -- SYNTAX InetAddress (SIZE(4|16)) 516 -- DESCRIPTION 517 -- "An implementation is required to support 518 -- global IPv4 and/or IPv6 addresses, depending 519 -- on its support for IPv4 and IPv6." 521 MODULE -- this module 522 MANDATORY-GROUPS { 523 swmSupportedTunnelGroup, 524 swmEncapsGroup, 525 swmBGPNeighborGroup 526 } 527 ::= { swmCompliances 1 } 529 swmSupportedTunnelGroup OBJECT-GROUP 530 OBJECTS { 531 swmSupportedTunnelType 532 } 533 STATUS current 534 DESCRIPTION 535 "The collection of objects which are used to show 536 what kind of tunnel the AFBR supports." 537 ::= { swmGroups 1 } 539 swmEncapsGroup OBJECT-GROUP 540 OBJECTS { 541 swmEncapsIIPDst, 542 swmEncapsIIPDstType 543 } 544 STATUS current 545 DESCRIPTION 546 "The collection of objects which are used to display 547 softwire mesh encapsulation information." 548 ::= { swmGroups 2 } 550 swmBGPNeighborGroup OBJECT-GROUP 551 OBJECTS { 552 swmBGPNeighborTunnelType 553 } 554 STATUS current 555 DESCRIPTION 556 "The collection of objects which are used to display 557 softwire mesh BGP neighbor information." 558 ::= { swmGroups 3 } 560 END 562 8. Security Considerations 564 The swmMIB module can be used for configuration of certain objects, 565 and anything that can be configured can be incorrectly configured, 566 with potentially disastrous results. Because this MIB module reuses 567 the IP tunnel MIB, the security considerations of the IP tunnel MIB 568 is also applicable to the Softwire mesh MIB. 570 There are no management objects defined in this MIB module that have 571 a MAX-ACCESS clause of read-write and/or read-create. So, if this 572 MIB module is implemented correctly, then there is no risk that an 573 intruder can alter or create any management objects of this MIB 574 module via direct SNMP SET operations. 576 Some of the readable objects in this MIB module (i.e., objects with a 577 MAX-ACCESS other than not-accessible) may be considered sensitive or 578 vulnerable in some network environments. It is thus important to 579 control even GET and/or NOTIFY access to these objects and possibly 580 to even encrypt the values of these objects when sending them over 581 the network via SNMP. These are objects and their sensitivity/ 582 vulnerability: 584 Particularly, swmSupportedTunnelType, swmEncapsIIPDstType, 585 swmEncapsIIPDst and swmBGPNeighborTunnelType can expose the types of 586 tunnel used within the internal network, and potentially reveal the 587 topology of the internal network. 589 SNMP versions prior to SNMPv3 did not include adequate security. 590 Even if the network itself is secure (for example by using IPsec), 591 there is no control as to who on the secure network is allowed to 592 access and GET/SET (read/change/create/delete) the objects in this 593 MIB module. 595 Implementations SHOULD provide the security features described by the 596 SNMPv3 framework (see [RFC3410]), and implementations claiming 597 compliance to the SNMPv3 standard MUST include full support for 598 authentication and privacy via the User-based Security Model (USM) 599 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 600 MAY also provide support for the Transport Security Model 601 (TSM)[RFC5591] in combination with a secure transport such as SSH 602 [RFC5592] or TLS/DTLS [RFC6353]. 604 Further, deployment of SNMP versions prior to SNMPv3 is NOT 605 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 606 enable cryptographic security. It is then a customer/operator 607 responsibility to ensure that the SNMP entity giving access to an 608 instance of this MIB module is properly configured to give access to 609 the objects only to those principals (users) that have legitimate 610 rights to indeed GET or SET (change/create/delete) them. 612 9. IANA Considerations 614 The MIB module in this document uses the following IANA-assigned 615 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 616 the following IANA-assigned tunnelType values recorded in the 617 IANAtunnelType-MIB registry: 619 Descriptor OBJECT IDENTIFIER value 620 ---------- ----------------------- 621 swmMIB { transmission XXX } 623 IANAtunnelType ::= TEXTUAL-CONVENTION 624 SYNTAX INTEGER { 626 softwireMesh ("xx") 627 -- softwire Mesh tunnel 629 } 631 Editor's Note (to be removed prior to publication): the IANA is 632 requested to assign a value for "XXX" under the 'mib-2' subtree and 633 to record the assignment in the SMI Numbers registry. When the 634 assignment has been made, the RFC Editor is asked to replace "XXX" 635 (here and in the MIB module) with the assigned value and to remove 636 this note. 638 10. Acknowledgements 640 The authors would like to thank Dave Thaler, Jean-Philippe Dionne, Qi 641 Sun, Sheng Jiang, Yu Fu for their valuable comments. 643 11. References 645 11.1. Normative References 647 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 648 Requirement Levels", BCP 14, RFC 2119, 649 DOI 10.17487/RFC2119, March 1997, 650 . 652 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 653 Schoenwaelder, Ed., "Structure of Management Information 654 Version 2 (SMIv2)", STD 58, RFC 2578, 655 DOI 10.17487/RFC2578, April 1999, 656 . 658 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 659 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 660 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 661 . 663 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 664 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 665 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 666 . 668 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 669 Schoenwaelder, "Textual Conventions for Internet Network 670 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 671 . 673 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 674 (USM) for version 3 of the Simple Network Management 675 Protocol (SNMPv3)", STD 62, RFC 3414, 676 DOI 10.17487/RFC3414, December 2002, 677 . 679 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 680 Advanced Encryption Standard (AES) Cipher Algorithm in the 681 SNMP User-based Security Model", RFC 3826, 682 DOI 10.17487/RFC3826, June 2004, 683 . 685 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 686 Subsequent Address Family Identifier (SAFI) and the BGP 687 Tunnel Encapsulation Attribute", RFC 5512, 688 DOI 10.17487/RFC5512, April 2009, 689 . 691 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 692 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 693 . 695 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 696 for the Simple Network Management Protocol (SNMP)", 697 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 698 . 700 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 701 Shell Transport Model for the Simple Network Management 702 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 703 2009, . 705 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 706 Model for the Simple Network Management Protocol (SNMP)", 707 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 708 . 710 11.2. Informative References 712 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 713 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 714 . 716 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 717 Durand, Ed., "Softwire Problem Statement", RFC 4925, 718 DOI 10.17487/RFC4925, July 2007, 719 . 721 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 722 "Introduction and Applicability Statements for Internet- 723 Standard Management Framework", RFC 3410, 724 DOI 10.17487/RFC3410, December 2002, 725 . 727 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, 728 DOI 10.17487/RFC4087, June 2005, 729 . 731 Authors' Addresses 733 Yong Cui 734 Tsinghua University 735 Department of Computer Science, Tsinghua University 736 Beijing 100084 737 P.R.China 739 Phone: +86-10-6260-3059 740 EMail: yong@csnet1.cs.tsinghua.edu.cn 742 Jiang Dong 743 Tsinghua University 744 Department of Computer Science, Tsinghua University 745 Beijing 100084 746 P.R.China 748 Phone: +86-10-6278-5822 749 EMail: knight.dongjiang@gmail.com 751 Peng Wu 752 Tsinghua University 753 Department of Computer Science, Tsinghua University 754 Beijing 100084 755 P.R.China 757 Phone: +86-10-6278-5822 758 EMail: weapon9@gmail.com 759 Mingwei Xu 760 Tsinghua University 761 Department of Computer Science, Tsinghua University 762 Beijing 100084 763 P.R.China 765 Phone: +86-10-6278-5822 766 EMail: xmw@cernet.edu.cn 768 Antti Yla-Jaaski 769 Aalto University 770 Konemiehentie 2 771 Espoo 02150 772 Finland 774 Phone: +358-40-5954222 775 EMail: antti.yla-jaaski@aalto.fi