idnits 2.17.1 draft-ietf-softwire-mesh-mib-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 30, 2015) is 3129 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5512 (Obsoleted by RFC 9012) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Y. Cui 3 Internet-Draft J. Dong 4 Intended status: Standards Track P. Wu 5 Expires: April 2, 2016 M. Xu 6 Tsinghua University 7 A. Yla-Jaaski 8 Aalto University 9 September 30, 2015 11 Softwire Mesh Management Information Base (MIB) 12 draft-ietf-softwire-mesh-mib-11 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for use with network management protocols in the Internet community. 18 In particular it defines objects for managing softwire mesh. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 2, 2016. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 4. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 59 5.1. The swmSupportedTunnelTable Subtree . . . . . . . . . . . 3 60 5.2. The swmEncapsTable Subtree . . . . . . . . . . . . . . . 3 61 5.3. The swmBGPNeighborTable Subtree . . . . . . . . . . . . . 3 62 5.4. The swmConformance Subtree . . . . . . . . . . . . . . . 4 63 6. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 64 6.1. Relationship to the IF-MIB . . . . . . . . . . . . . . . 4 65 6.2. Relationship to the IP Tunnel MIB . . . . . . . . . . . . 4 66 6.3. MIB modules required for IMPORTS . . . . . . . . . . . . 5 67 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 68 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 69 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 70 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 71 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 72 11.1. Normative References . . . . . . . . . . . . . . . . . . 14 73 11.2. Informative References . . . . . . . . . . . . . . . . . 15 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 76 1. Introduction 78 The Softwire mesh framework RFC 5565 [RFC5565] is a tunneling 79 mechanism that enables the connectivity between islands of IPv4 80 networks across a single IPv6 backbone and vice versa. In softwire 81 mesh, extended multiprotocol-BGP (MP-BGP)is used to set up tunnels 82 and advertise prefixes among address family border routers (AFBRs). 84 This memo defines a portion of the Management Information Base (MIB) 85 for use with network management protocols in the Internet community. 86 In particular it defines objects for managing softwire mesh 87 [RFC5565]. 89 2. The Internet-Standard Management Framework 91 For a detailed overview of the documents that describe the current 92 Internet-Standard Management Framework, please refer to section 7 of 93 RFC 3410 [RFC3410]. 95 Managed objects are accessed via a virtual information store, termed 96 the Management Information Base or MIB. MIB objects are generally 97 accessed through the Simple Network Management Protocol (SNMP). They 98 are defined using the mechanisms stated in the Structure of 99 Management Information (SMI). This memo specifies a MIB module that 100 is compliant to the SMIv2, which is described in STD 58, RFC 2578 101 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 103 3. Terminology 105 This document uses terminology from the softwire problem statement 106 RFC 4925 [RFC4925] and the softwire mesh framework RFC 5565 107 [RFC5565]. 109 4. Conventions 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 113 "OPTIONAL" in this document are to be interpreted as described in RFC 114 2119 [RFC2119]. 116 5. Structure of the MIB Module 118 The softwire mesh MIB provides a method to configure and manage the 119 softwire mesh objects through SNMP. 121 5.1. The swmSupportedTunnelTable Subtree 123 Since the AFBR needs to negotiate with a BGP peer what kind of tunnel 124 they will use, it announces the types of tunnels it supports. The 125 swmSupportedTunnelTable subtree provides the information. According 126 to section 4 of RFC 5512 [RFC5512], current softwire mesh tunnel 127 types include IP-IP, GRE and L2TPv3. 129 5.2. The swmEncapsTable Subtree 131 The swmEncapsTable subtree provides softwire mesh NLRI-NH information 132 about the AFBR. It keeps the mapping between the External-IP (E-IP) 133 prefix and the Internal-IP (I-IP) address of the next hop. The 134 mappings determine which I-IP destination address will be used to 135 encapsulate the received packet according to its E-IP destination 136 address. The definitions of E-IP and I-IP are explained in section 137 4.1 of RFC 5565[RFC5565]. 139 5.3. The swmBGPNeighborTable Subtree 141 The subtree provides the softwire mesh BGP neighbor information of an 142 AFBR. It includes the address of the softwire mesh BGP peer, and the 143 kind of tunnel that the AFBR would use to communicate with this BGP 144 peer. 146 5.4. The swmConformance Subtree 148 The subtree provides the conformance information of MIB objects. 150 6. Relationship to Other MIB Modules 152 6.1. Relationship to the IF-MIB 154 The Interfaces MIB [RFC2863] defines generic managed objects for 155 managing interfaces. Each logical interface (physical or virtual) 156 has an ifEntry. Tunnels are handled by creating logical interfaces 157 (ifEntry). Being a tunnel, softwire mesh has an entry in the 158 Interface MIB, as well as an entry in IP Tunnel MIB. Those 159 corresponding entries are indexed by ifIndex. 161 The ifOperStatus in the ifTable represents whether the mesh function 162 of the AFBR has been triggered. If the software mesh capability is 163 negotiated during the BGP OPEN phase, the mesh function is considered 164 to be started, and the ifOperStatus is "up". Otherwise the 165 ifOperStatus is "down". 167 In the case of an IPv4-over-IPv6 softwire mesh tunnel, ifInUcastPkts 168 counts the number of IPv6 packets which are sent to the virtual 169 interface for decapsulation into IPv4. The ifOutUcastPkts counts the 170 number of IPv6 packets which are generated by encapsulating IPv4 171 packets sent to the virtual interface. Particularly, if these IPv4 172 packets need fragmentation, ifOutUcastPkts counts the number of 173 packets after fragmentation. 175 In the case of an IPv6-over-IPv4 softwire mesh tunnel, ifInUcastPkts 176 counts the number of IPv4 packets, which are sent to the virtual 177 interface for decapsulation into IPv6. The ifOutUcastPkts counts the 178 number of IPv4 packets, which are generated by encapsulating IPv6 179 packets sent to the virtual interface. Particularly, if these IPv6 180 packets need to be fragmented, tifOutUcastPkts counts the number of 181 packets after fragmentation. Similar definitions apply to other 182 counter objects in the ifTable. 184 6.2. Relationship to the IP Tunnel MIB 186 The IP Tunnel MIB [RFC4087] contains objects applicable to all IP 187 tunnels, including softwire mesh. Meanwhile, the Softwire Mesh MIB 188 extends the IP Tunnel MIB to further describe encapsulation-specific 189 information. 191 Running a point to multi-point tunnel, it is necessary for a softwire 192 mesh AFBR to maintain an encapsulation table, used to perform correct 193 "forwarding" among AFBRs. This forwarding function on an AFBR is 194 performed by using the E-IP destination address to look up in the 195 encapsulation table for the I-IP encapsulation destination address. 196 An AFBR also needs to know the BGP peer information of the other 197 AFBRs, so that it can negotiate the NLRI-NH information and the 198 tunnel parameters with them. 200 The Softwire mesh MIB requires the implementation of the IP Tunnel 201 MIB. The tunnelIfEncapsMethod in the tunnelIfEntry MUST be set to 202 softwireMesh("xx"), and a corresponding entry in the softwire mesh 203 MIB module will be presented for the tunnelIfEntry. The 204 tunnelIfRemoteInetAddress MUST be set to 0.0.0.0 for IPv4 or :: for 205 IPv6 because it is a point to multi-point tunnel. 207 -- RFC Ed.: Please replace "xx" with IANA assigned number here. 209 The tunnelIfAddressType in the tunnelIfTable represents the type of 210 address in the corresponding tunnelIfLocalInetAddress and 211 tunnelIfRemoteInetAddress objects. The tunnelIfAddressType is 212 identical to swmEncapsIIPDstType in softwire mesh, which can support 213 either IPv4-over-IPv6 or IPv6-over-IPv4. When the 214 swmEncapsEIPDstType is IPv6 and the swmEncapsIIPDstType is IPv4, the 215 tunnel type is IPv6-over-IPv4; When the swmEncapsEIPDstType is IPv4 216 and the swmEncapsIIPDstType is IPv6, the encapsulation mode would be 217 IPv4-over-IPv6. 219 6.3. MIB modules required for IMPORTS 221 The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 222 SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET-ADDRESS-MIB 223 [RFC4001]. 225 7. Definitions 227 SOFTWIRE-MESH-MIB DEFINITIONS ::= BEGIN 229 IMPORTS 230 MODULE-IDENTITY, OBJECT-TYPE, transmission FROM SNMPv2-SMI 232 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF 234 InetAddress, InetAddressType, InetAddressPrefixLength 236 FROM INET-ADDRESS-MIB 238 ifIndex FROM IF-MIB 240 IANAtunnelType FROM IANAifType-MIB; 241 swmMIB MODULE-IDENTITY 242 LAST-UPDATED "201509300000Z" -- September 30, 2015 243 ORGANIZATION "Softwire Working Group" 244 CONTACT-INFO " 246 Yong Cui 247 Email: yong@csnet1.cs.tsinghua.edu.cn 249 Jiang Dong 250 Email: knight.dongjiang@gmail.com 252 Peng Wu 253 Email: weapon9@gmail.com 255 Mingwei Xu 256 Email: xmw@cernet.edu.cn 258 Antti Yla-Jaaski 259 Email: antti.yla-jaaski@aalto.fi 261 Email comments directly to the softwire WG Mailing 262 List at softwires@ietf.org 263 " 265 DESCRIPTION 266 "This MIB module contains managed object definitions for 267 the softwire mesh framework. 269 Copyright (C) The Internet Society (2015). This version 270 of this MIB module is part of RFC 5565; see the RFC 271 itself for full legal notices." 273 REVISION "201509300000Z" 274 DESCRIPTION 275 "The MIB module is defined for management of object in 276 the Softwire mesh framework." 277 ::= { transmission xxx } 279 swmObjects OBJECT IDENTIFIER ::= { swmMIB 1 } 281 -- swmSupportedTunnelTable 282 swmSupportedTunnelTable OBJECT-TYPE 283 SYNTAX SEQUENCE OF SwmSupportedTunnelEntry 284 MAX-ACCESS not-accessible 285 STATUS current 286 DESCRIPTION 287 "A table of objects that shows what kind of tunnels 288 can be supported by the AFBR." 289 ::= { swmObjects 1 } 291 swmSupportedTunnelEntry OBJECT-TYPE 292 SYNTAX SwmSupportedTunnelEntry 293 MAX-ACCESS not-accessible 294 STATUS current 295 DESCRIPTION 296 "A set of objects that show what kind of tunnels 297 can be supported in the AFBR. If the AFBR supports 298 multiple tunnel types, the swmSupportedTunnelTable 299 would have several entries." 300 INDEX { swmSupportedTunnelType } 301 ::= { swmSupportedTunnelTable 1 } 303 SwmSupportedTunnelEntry ::= SEQUENCE { 304 swmSupportedTunnelType IANAtunnelType 305 } 307 swmSupportedTunnelType OBJECT-TYPE 308 SYNTAX IANAtunnelType 309 MAX-ACCESS read-only 310 STATUS current 311 DESCRIPTION 312 "Represents the tunnel type that the AFBR supports, 313 such as MPLS, L2TPv3, GRE, and IP-in-IP. There is 314 no restriction of tunnel type the Softwire mesh can use." 315 ::= { swmSupportedTunnelEntry 1 } 316 -- end of swmSupportedTunnelTable 318 --swmEncapsTable 319 swmEncapsTable OBJECT-TYPE 320 SYNTAX SEQUENCE OF SwmEncapsEntry 321 MAX-ACCESS not-accessible 322 STATUS current 323 DESCRIPTION 324 "A table of objects that display and control the 325 softwire mesh encapsulation information." 326 ::= { swmObjects 2 } 328 swmEncapsEntry OBJECT-TYPE 329 SYNTAX SwmEncapsEntry 330 MAX-ACCESS not-accessible 331 STATUS current 332 DESCRIPTION 333 "A table of objects that manage the softwire mesh I-IP 334 encapsulation destination based on the E-IP destination 335 prefix." 336 INDEX { ifIndex, 337 swmEncapsEIPDstType, 338 swmEncapsEIPDst, 339 swmEncapsEIPPrefixLength 340 } 341 ::= { swmEncapsTable 1 } 343 SwmEncapsEntry ::= SEQUENCE { 344 swmEncapsEIPDstType InetAddressType, 345 swmEncapsEIPDst InetAddress, 346 swmEncapsEIPPrefixLength InetAddressPrefixLength, 347 swmEncapsIIPDstType InetAddressType, 348 swmEncapsIIPDst InetAddress 349 } 351 swmEncapsEIPDstType OBJECT-TYPE 352 SYNTAX InetAddressType 353 MAX-ACCESS not-accessible 354 STATUS current 355 DESCRIPTION 356 "This object specifies the address type used for 357 swmEncapsEIPDst. It is different from the tunnelIfAddressType 358 in the tunnelIfTable." 359 ::= { swmEncapsEntry 1 } 361 swmEncapsEIPDst OBJECT-TYPE 362 SYNTAX InetAddress 363 MAX-ACCESS not-accessible 364 STATUS current 365 DESCRIPTION 366 "The E-IP destination prefix, which is 367 used for I-IP encapsulation destination looking up." 368 ::= { swmEncapsEntry 2 } 370 swmEncapsEIPPrefixLength OBJECT-TYPE 371 SYNTAX InetAddressPrefixLength 372 MAX-ACCESS not-accessible 373 STATUS current 374 DESCRIPTION 375 "The prefix length of the E-IP destination prefix." 376 ::= { swmEncapsEntry 3 } 378 swmEncapsIIPDstType OBJECT-TYPE 379 SYNTAX InetAddressType 380 MAX-ACCESS read-only 381 STATUS current 382 DESCRIPTION 383 "This object specifies the address type used for 384 swmEncapsIIPDst. It is the same as the tunnelIfAddressType 385 in the tunnelIfTable." 386 ::= { swmEncapsEntry 4 } 388 swmEncapsIIPDst OBJECT-TYPE 389 SYNTAX InetAddress 390 MAX-ACCESS read-only 391 STATUS current 392 DESCRIPTION 393 "The I-IP destination address, which is used as the 394 encapsulation destination for the corresponding E-IP 395 prefix. Since the tunnelIfRemoteInetAddress in the 396 tunnelIfTable should be 0.0.0.0 or ::,swmEncapIIPDst 397 should be the destination address used in the outer 398 IP header." 399 ::= { swmEncapsEntry 5 } 400 -- End of swmEncapsTable 402 -- swmBGPNeighborTable 403 swmBGPNeighborTable OBJECT-TYPE 404 SYNTAX SEQUENCE OF SwmBGPNeighborEntry 405 MAX-ACCESS not-accessible 406 STATUS current 407 DESCRIPTION 408 "A table of objects that display the softwire mesh 409 BGP neighbor information." 410 ::= { swmObjects 3 } 412 swmBGPNeighborEntry OBJECT-TYPE 413 SYNTAX SwmBGPNeighborEntry 414 MAX-ACCESS not-accessible 415 STATUS current 416 DESCRIPTION 417 "A set of objects that display the softwire mesh 418 BGP neighbor information." 419 INDEX { 420 ifIndex, 421 swmBGPNeighborInetAddressType, 422 swmBGPNeighborInetAddress 423 } 424 ::= { swmBGPNeighborTable 1 } 426 SwmBGPNeighborEntry ::= SEQUENCE { 427 swmBGPNeighborInetAddressType InetAddressType, 428 swmBGPNeighborInetAddress InetAddress, 429 swmBGPNeighborTunnelType IANAtunnelType 431 } 433 swmBGPNeighborInetAddressType OBJECT-TYPE 434 SYNTAX InetAddressType 435 MAX-ACCESS not-accessible 436 STATUS current 437 DESCRIPTION 438 "This object specifies the address type used for 439 swmBGPNeighborInetAddress." 440 ::= { swmBGPNeighborEntry 1 } 442 swmBGPNeighborInetAddress OBJECT-TYPE 443 SYNTAX InetAddress 444 MAX-ACCESS not-accessible 445 STATUS current 446 DESCRIPTION 447 "The address of the AFBR's BGP neighbor. The 448 address type is the same as the tunnelIfAddressType 449 in the tunnelIfTable." 450 ::= { swmBGPNeighborEntry 2 } 452 swmBGPNeighborTunnelType OBJECT-TYPE 453 SYNTAX IANAtunnelType 454 MAX-ACCESS read-only 455 STATUS current 456 DESCRIPTION 457 "Represents the type of tunnel that the 458 AFBR chooses to transmit traffic with another AFBR/BGP 459 neighbor." 460 ::= { swmBGPNeighborEntry 3 } 461 -- End of swmBGPNeighborTable 463 -- conformance information 464 swmConformance 465 OBJECT IDENTIFIER ::= { swmMIB 2 } 466 swmCompliances 467 OBJECT IDENTIFIER ::= { swmConformance 1 } 468 swmGroups 469 OBJECT IDENTIFIER ::= { swmConformance 2 } 471 -- compliance statements 472 swmCompliance MODULE-COMPLIANCE 473 STATUS current 474 DESCRIPTION 475 "Describes the requirements for conformance to the softwire 476 mesh MIB. 478 The following index objects cannot be added as OBJECT 479 clauses but nevertheless have compliance requirements: 480 " 481 -- OBJECT swmEncapsEIPDstType 482 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 483 -- DESCRIPTION 484 -- "An implementation is required to support 485 -- global IPv4 and/or IPv6 addresses, depending 486 -- on its support for IPv4 and IPv6." 488 -- OBJECT swmEncapsEIPDst 489 -- SYNTAX InetAddress (SIZE(4|16)) 490 -- DESCRIPTION 491 -- "An implementation is required to support 492 -- global IPv4 and/or IPv6 addresses, depending 493 -- on its support for IPv4 and IPv6." 495 -- OBJECT swmEncapsEIPPrefixLength 496 -- SYNTAX InetAddressPrefixLength (Unsigned32 (0..128)) 497 -- DESCRIPTION 498 -- "An implementation is required to support 499 -- global IPv4 and/or IPv6 addresses, depending 500 -- on its support for IPv4 and IPv6." 502 -- OBJECT swmBGPNeighborInetAddressType 503 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 504 -- DESCRIPTION 505 -- "An implementation is required to support 506 -- global IPv4 and/or IPv6 addresses, depending 507 -- on its support for IPv4 and IPv6." 509 -- OBJECT swmBGPNeighborInetAddress 510 -- SYNTAX InetAddress (SIZE(4|16)) 511 -- DESCRIPTION 512 -- "An implementation is required to support 513 -- global IPv4 and/or IPv6 addresses, depending 514 -- on its support for IPv4 and IPv6." 516 MODULE -- this module 517 MANDATORY-GROUPS { 518 swmSupportedTunnelGroup, 519 swmEncapsGroup, 520 swmBGPNeighborGroup 521 } 522 ::= { swmCompliances 1 } 524 swmSupportedTunnelGroup OBJECT-GROUP 525 OBJECTS { 526 swmSupportedTunnelType 528 } 529 STATUS current 530 DESCRIPTION 531 "The collection of objects which are used to show 532 what kind of tunnel the AFBR supports." 533 ::= { swmGroups 1 } 535 swmEncapsGroup OBJECT-GROUP 536 OBJECTS { 537 swmEncapsIIPDst, 538 swmEncapsIIPDstType 539 } 540 STATUS current 541 DESCRIPTION 542 "The collection of objects which are used to display 543 softwire mesh encapsulation information." 544 ::= { swmGroups 2 } 546 swmBGPNeighborGroup OBJECT-GROUP 547 OBJECTS { 548 swmBGPNeighborTunnelType 549 } 550 STATUS current 551 DESCRIPTION 552 "The collection of objects which are used to display 553 softwire mesh BGP neighbor information." 554 ::= { swmGroups 3 } 556 END 558 8. Security Considerations 560 The swmMIB module can be used for configuration of certain objects, 561 and anything that can be configured can be incorrectly configured, 562 with potentially disastrous results. Because this MIB module reuses 563 the IP tunnel MIB, the security considerations of the IP tunnel MIB 564 is also applicable to the Softwire mesh MIB. 566 There are no management objects defined in this MIB module that have 567 a MAX-ACCESS clause of read-write and/or read-create. So, if this 568 MIB module is implemented correctly, then there is no risk that an 569 intruder can alter or create any management objects of this MIB 570 module via direct SNMP SET operations. 572 Some of the readable objects in this MIB module (i.e., objects with a 573 MAX-ACCESS other than not-accessible) may be considered sensitive or 574 vulnerable in some network environments. It is thus important to 575 control even GET and/or NOTIFY access to these objects and possibly 576 to even encrypt the values of these objects when sending them over 577 the network via SNMP. These are objects and their sensitivity/ 578 vulnerability: 580 Particularly, swmSupportedTunnelType, swmEncapsIIPDstType, 581 swmEncapsIIPDst and swmBGPNeighborTunnelType can expose the types of 582 tunnel used within the internal network, and potentially reveal the 583 topology of the internal network. 585 SNMP versions prior to SNMPv3 did not include adequate security. 586 Even if the network itself is secure (for example by using IPsec), 587 there is no control as to who on the secure network is allowed to 588 access and GET/SET (read/change/create/delete) the objects in this 589 MIB module. 591 Implementations SHOULD provide the security features described by the 592 SNMPv3 framework (see [RFC3410]), and implementations claiming 593 compliance to the SNMPv3 standard MUST include full support for 594 authentication and privacy via the User-based Security Model (USM) 595 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 596 MAY also provide support for the Transport Security Model 597 (TSM)[RFC5591] in combination with a secure transport such as SSH 598 [RFC5592] or TLS/DTLS [RFC6353]. 600 Further, deployment of SNMP versions prior to SNMPv3 is NOT 601 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 602 enable cryptographic security. It is then a customer/operator 603 responsibility to ensure that the SNMP entity giving access to an 604 instance of this MIB module is properly configured to give access to 605 the objects only to those principals (users) that have legitimate 606 rights to indeed GET or SET (change/create/delete) them. 608 9. IANA Considerations 610 The MIB module in this document uses the following IANA-assigned 611 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 612 the following IANA-assigned tunnelType values recorded in the 613 IANAtunnelType-MIB registry: 615 Descriptor OBJECT IDENTIFIER value 616 ---------- ----------------------- 617 swmMIB { transmission XXX } 619 IANAtunnelType ::= TEXTUAL-CONVENTION 620 SYNTAX INTEGER { 622 softwireMesh ("xx") 623 -- softwire Mesh tunnel 625 } 627 Editor's Note (to be removed prior to publication): the IANA is 628 requested to assign a value for "XXX" under the 'mib-2' subtree and 629 to record the assignment in the SMI Numbers registry. When the 630 assignment has been made, the RFC Editor is asked to replace "XXX" 631 (here and in the MIB module) with the assigned value and to remove 632 this note. 634 10. Acknowledgements 636 The authors would like to thank Dave Thaler, Jean-Philippe Dionne, Qi 637 Sun, Sheng Jiang, Yu Fu for their valuable comments. 639 11. References 641 11.1. Normative References 643 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 644 Requirement Levels", BCP 14, RFC 2119, 645 DOI 10.17487/RFC2119, March 1997, 646 . 648 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 649 Schoenwaelder, Ed., "Structure of Management Information 650 Version 2 (SMIv2)", STD 58, RFC 2578, 651 DOI 10.17487/RFC2578, April 1999, 652 . 654 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 655 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 656 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 657 . 659 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 660 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 661 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 662 . 664 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 665 Schoenwaelder, "Textual Conventions for Internet Network 666 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 667 . 669 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 670 (USM) for version 3 of the Simple Network Management 671 Protocol (SNMPv3)", STD 62, RFC 3414, 672 DOI 10.17487/RFC3414, December 2002, 673 . 675 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 676 Advanced Encryption Standard (AES) Cipher Algorithm in the 677 SNMP User-based Security Model", RFC 3826, 678 DOI 10.17487/RFC3826, June 2004, 679 . 681 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 682 Subsequent Address Family Identifier (SAFI) and the BGP 683 Tunnel Encapsulation Attribute", RFC 5512, 684 DOI 10.17487/RFC5512, April 2009, 685 . 687 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 688 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 689 . 691 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 692 for the Simple Network Management Protocol (SNMP)", 693 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 694 . 696 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 697 Shell Transport Model for the Simple Network Management 698 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 699 2009, . 701 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 702 Model for the Simple Network Management Protocol (SNMP)", 703 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 704 . 706 11.2. Informative References 708 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 709 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 710 . 712 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 713 Durand, Ed., "Softwire Problem Statement", RFC 4925, 714 DOI 10.17487/RFC4925, July 2007, 715 . 717 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 718 "Introduction and Applicability Statements for Internet- 719 Standard Management Framework", RFC 3410, 720 DOI 10.17487/RFC3410, December 2002, 721 . 723 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, 724 DOI 10.17487/RFC4087, June 2005, 725 . 727 Authors' Addresses 729 Yong Cui 730 Tsinghua University 731 Department of Computer Science, Tsinghua University 732 Beijing 100084 733 P.R.China 735 Phone: +86-10-6260-3059 736 EMail: yong@csnet1.cs.tsinghua.edu.cn 738 Jiang Dong 739 Tsinghua University 740 Department of Computer Science, Tsinghua University 741 Beijing 100084 742 P.R.China 744 Phone: +86-10-6278-5822 745 EMail: knight.dongjiang@gmail.com 747 Peng Wu 748 Tsinghua University 749 Department of Computer Science, Tsinghua University 750 Beijing 100084 751 P.R.China 753 Phone: +86-10-6278-5822 754 EMail: weapon9@gmail.com 755 Mingwei Xu 756 Tsinghua University 757 Department of Computer Science, Tsinghua University 758 Beijing 100084 759 P.R.China 761 Phone: +86-10-6278-5822 762 EMail: xmw@cernet.edu.cn 764 Antti Yla-Jaaski 765 Aalto University 766 Konemiehentie 2 767 Espoo 02150 768 Finland 770 Phone: +358-40-5954222 771 EMail: antti.yla-jaaski@aalto.fi