idnits 2.17.1 draft-ietf-softwire-mesh-mib-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 8, 2015) is 3061 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5512 (Obsoleted by RFC 9012) ** Obsolete normative reference: RFC 5566 (Obsoleted by RFC 9012) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Y. Cui 3 Internet-Draft J. Dong 4 Intended status: Standards Track P. Wu 5 Expires: June 10, 2016 M. Xu 6 Tsinghua University 7 A. Yla-Jaaski 8 Aalto University 9 December 8, 2015 11 Softwire Mesh Management Information Base (MIB) 12 draft-ietf-softwire-mesh-mib-13 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for use with network management protocols in the Internet community. 18 In particular it defines objects for managing a softwire mesh. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on June 10, 2016. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 58 4.1. The swmSupportedTunnelTable Subtree . . . . . . . . . . . 3 59 4.2. The swmEncapsTable Subtree . . . . . . . . . . . . . . . 3 60 4.3. The swmBGPNeighborTable Subtree . . . . . . . . . . . . . 4 61 4.4. The swmConformance Subtree . . . . . . . . . . . . . . . 4 62 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 63 5.1. Relationship to the IF-MIB . . . . . . . . . . . . . . . 4 64 5.2. Relationship to the IP Tunnel MIB . . . . . . . . . . . . 5 65 5.3. MIB modules required for IMPORTS . . . . . . . . . . . . 5 66 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 67 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 68 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 69 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 70 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 71 10.1. Normative References . . . . . . . . . . . . . . . . . . 14 72 10.2. Informative References . . . . . . . . . . . . . . . . . 16 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 75 1. Introduction 77 The Softwire mesh framework RFC 5565 [RFC5565] is a tunneling 78 mechanism that enables connectivity between islands of IPv4 networks 79 across a single IPv6 backbone and vice versa. In a softwire mesh, 80 extended multiprotocol-BGP (MP-BGP) is used to set up tunnels and 81 advertise prefixes among address family border routers (AFBRs). 83 This memo defines a portion of the Management Information Base (MIB) 84 for use with network management protocols in the Internet community. 85 In particular it defines objects for managing a softwire mesh 86 [RFC5565]. 88 2. The Internet-Standard Management Framework 90 For a detailed overview of the documents that describe the current 91 Internet-Standard Management Framework, please refer to section 7 of 92 RFC 3410 [RFC3410]. 94 Managed objects are accessed via a virtual information store, termed 95 the Management Information Base or MIB. MIB objects are generally 96 accessed through the Simple Network Management Protocol (SNMP). They 97 are defined using the mechanisms stated in the Structure of 98 Management Information (SMI). This memo specifies a MIB module that 99 is compliant to the SMIv2 (Structure of Management Information 100 Version 2), which is described in STD 58, RFC 2578 [RFC2578], STD 58, 101 RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 103 3. Terminology 105 This document uses terminology from the softwire problem statement 106 RFC 4925 [RFC4925], the BGP encapsulation subsequent address family 107 identifier (SAFI) and the BGP tunnel encapsulation attribute RFC 5512 108 [RFC5512], the softwire mesh framework RFC 5565 [RFC5565] and the BGP 109 IPsec tunnel encapsulation attributeand RFC 5566 [RFC5566]. 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 113 "OPTIONAL" in this document are to be interpreted as described in RFC 114 2119 [RFC2119]. 116 4. Structure of the MIB Module 118 The softwire mesh MIB provides a method to monitor the softwire mesh 119 objects through SNMP. 121 4.1. The swmSupportedTunnelTable Subtree 123 The swmSupportedTunnelTable subtree provides the information about 124 what types of tunnels can be used for softwire mesh scenarios in the 125 AFBR. The softwire mesh framework RFC 5565 [RFC5565] does not 126 mandate the use of any particular tunneling technology. Based on the 127 BGP tunnel encapsulation attribute tunnel types introduced by RFC 128 5512[RFC5512] and RFC 5566[RFC5566], the softwire mesh tunnel types 129 include at least L2TPv3 (Layer Two Tunneling Protocol-Version 3) over 130 IP, GRE (Generic Routing Encapsulation), Transmit tunnel endpoint, 131 IPsec in Tunnel-mode, IP in IP tunnel with IPsec Transport Mode, 132 MPLS-in-IP tunnel with IPsec Transport Mode and IP in IP. The 133 detailed encapsulation information of different tunnel types (e.g., 134 L2TPv3 Session ID, GRE Key, etc.) is not managed in the swmMIB. 136 4.2. The swmEncapsTable Subtree 138 The swmEncapsTable subtree provides softwire mesh NLRI-NH information 139 (Network Layer Reachability Information-Next Hop) about the AFBR. It 140 keeps the mapping between the External-IP (E-IP) prefix and the 141 Internal-IP (I-IP) address of the next hop. The mappings determine 142 which I-IP destination address will be used to encapsulate the 143 received packet according to its E-IP destination address. The 144 definitions of E-IP and I-IP are explained in section 4.1 of RFC 145 5565[RFC5565]. The number of entries in swmEncapsTable shows how 146 many softwire mesh tunnels are maintained in this AFBR. 148 4.3. The swmBGPNeighborTable Subtree 150 The subtree provides the softwire mesh BGP neighbor information of an 151 AFBR. It includes the address of the softwire mesh BGP peer, and the 152 kind of tunnel that the AFBR would use to communicate with this BGP 153 peer. 155 4.4. The swmConformance Subtree 157 The subtree provides the conformance information of MIB objects. 159 5. Relationship to Other MIB Modules 161 5.1. Relationship to the IF-MIB 163 The Interfaces MIB [RFC2863] defines generic managed objects for 164 managing interfaces. Each logical interface (physical or virtual) 165 has an ifEntry. Tunnels are handled by creating logical interfaces 166 (ifEntry). Being a tunnel, softwire mesh interface has an entry in 167 the Interface MIB, as well as an entry in IP Tunnel MIB. Those 168 corresponding entries are indexed by ifIndex. 170 The ifOperStatus in the ifTable represents whether the mesh function 171 of the AFBR has been triggered. If the softwire mesh capability is 172 negotiated during the BGP OPEN phase, the mesh function is considered 173 to be started, and the ifOperStatus is "up". Otherwise the 174 ifOperStatus is "down". 176 In the case of an IPv4-over-IPv6 softwire mesh tunnel, ifInUcastPkts 177 counts the number of IPv6 packets which are sent to the virtual 178 interface for decapsulation into IPv4. The ifOutUcastPkts counts the 179 number of IPv6 packets which are generated by encapsulating IPv4 180 packets sent to the virtual interface. Particularly, if these IPv4 181 packets need fragmentation, ifOutUcastPkts counts the number of 182 packets after fragmentation. 184 In the case of an IPv6-over-IPv4 softwire mesh tunnel, ifInUcastPkts 185 counts the number of IPv4 packets, which are delivered up to the 186 virtual interface for decapsulation into IPv6. The ifOutUcastPkts 187 counts the number of IPv4 packets, which are generated by 188 encapsulating IPv6 packets sent down to the virtual interface. 189 Particularly, if these IPv6 packets need to be fragmented, 190 ifOutUcastPkts counts the number of packets after fragmentation. 191 Similar definitions apply to other counter objects in the ifTable. 193 5.2. Relationship to the IP Tunnel MIB 195 The IP Tunnel MIB [RFC4087] contains objects applicable to all IP 196 tunnels, including softwire mesh tunnels. Meanwhile, the Softwire 197 Mesh MIB extends the IP Tunnel MIB to further describe encapsulation- 198 specific information. 200 When running a point to multi-point tunnel, it is necessary for a 201 softwire mesh AFBR to maintain an encapsulation table in order to 202 perform correct "forwarding" among AFBRs. This forwarding function 203 on an AFBR is performed by using the E-IP destination address to look 204 up in the encapsulation table for the I-IP encapsulation destination 205 address. An AFBR also needs to know the BGP peer information of the 206 other AFBRs, so that it can negotiate the NLRI-NH information and the 207 tunnel parameters with them. 209 The Softwire mesh MIB requires the implementation of the IP Tunnel 210 MIB. The tunnelIfEncapsMethod in the tunnelIfEntry MUST be set to 211 softwireMesh("xx"), and a corresponding entry in the softwire mesh 212 MIB module will be presented for the tunnelIfEntry. The 213 tunnelIfRemoteInetAddress MUST be set to "0.0.0.0" for IPv4 or "::" 214 for IPv6 because it is a point to multi-point tunnel. 216 -- RFC Ed.: Please replace "xx" with IANA assigned number here. 218 The tunnelIfAddressType in the tunnelIfTable represents the type of 219 address in the corresponding tunnelIfLocalInetAddress and 220 tunnelIfRemoteInetAddress objects. The tunnelIfAddressType is 221 identical to swmEncapsIIPDstType in softwire mesh, which can support 222 either IPv4-over-IPv6 or IPv6-over-IPv4. When the 223 swmEncapsEIPDstType is IPv6 and the swmEncapsIIPDstType is IPv4, the 224 tunnel type is IPv6-over-IPv4; When the swmEncapsEIPDstType is IPv4 225 and the swmEncapsIIPDstType is IPv6, the encapsulation mode would be 226 IPv4-over-IPv6. 228 5.3. MIB modules required for IMPORTS 230 The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 231 SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET-ADDRESS-MIB 232 [RFC4001]. 234 6. Definitions 236 SOFTWIRE-MESH-MIB DEFINITIONS ::= BEGIN 238 IMPORTS 239 MODULE-IDENTITY, OBJECT-TYPE, smi-2 FROM SNMPv2-SMI 240 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF 242 InetAddress, InetAddressType, InetAddressPrefixLength 244 FROM INET-ADDRESS-MIB 246 ifIndex FROM IF-MIB 248 IANAtunnelType FROM IANAifType-MIB; 250 swmMIB MODULE-IDENTITY 251 LAST-UPDATED "201512080000Z" -- December 08, 2015 252 ORGANIZATION "Softwire Working Group" 253 CONTACT-INFO " 255 Yong Cui 256 Email: yong@csnet1.cs.tsinghua.edu.cn 258 Jiang Dong 259 Email: knight.dongjiang@gmail.com 261 Peng Wu 262 Email: weapon9@gmail.com 264 Mingwei Xu 265 Email: xmw@cernet.edu.cn 267 Antti Yla-Jaaski 268 Email: antti.yla-jaaski@aalto.fi 270 Email comments directly to the softwire WG Mailing 271 List at softwires@ietf.org 272 " 274 DESCRIPTION 275 "This MIB module contains managed object definitions for 276 the softwire mesh framework. 278 Copyright (C) The Internet Society (2015). This 279 version of this MIB module is part of RFC 5565; 280 see the RFC itself for full legal notices." 282 REVISION "201512080000Z" 283 DESCRIPTION 284 "The MIB module is defined for management of object in 285 the Softwire mesh framework." 286 ::= { mib-2 XXX } 288 swmObjects OBJECT IDENTIFIER ::= { swmMIB 1 } 290 -- swmSupportedTunnelTable 291 swmSupportedTunnelTable OBJECT-TYPE 292 SYNTAX SEQUENCE OF SwmSupportedTunnelEntry 293 MAX-ACCESS not-accessible 294 STATUS current 295 DESCRIPTION 296 "A table of objects that shows what kind of tunnels 297 can be supported by the AFBR." 298 ::= { swmObjects 1 } 300 swmSupportedTunnelEntry OBJECT-TYPE 301 SYNTAX SwmSupportedTunnelEntry 302 MAX-ACCESS not-accessible 303 STATUS current 304 DESCRIPTION 305 "A set of objects that show what kind of tunnels 306 can be supported in the AFBR. If the AFBR supports 307 multiple tunnel types, the swmSupportedTunnelTable 308 would have several entries." 309 INDEX { swmSupportedTunnelType } 310 ::= { swmSupportedTunnelTable 1 } 312 SwmSupportedTunnelEntry ::= SEQUENCE { 313 swmSupportedTunnelType IANAtunnelType 314 } 316 swmSupportedTunnelType OBJECT-TYPE 317 SYNTAX IANAtunnelType 318 MAX-ACCESS read-only 319 STATUS current 320 DESCRIPTION 321 "Represents the tunnel type that can be used for softwire 322 mesh scenarios, such as L2TPv3 over IP, GRE, Transmit 323 tunnel endpoint, IPsec in Tunnel-mode, IP in IP tunnel with 324 IPsec Transport Mode, MPLS-in-IP tunnel with IPsec Transport 325 Mode and IP in IP. There is no restriction of tunnel type 326 the Softwire mesh can use." 327 REFERENCE 328 "L2TPv3 over IP, GRE, IP in IP in RFC5512. 329 Transmit tunnel endpoint, IPsec in Tunnel-mode, IP in IP 330 tunnel with IPsec Transport Mode, MPLS-in-IP tunnel with 331 IPsec Transport Mode in RFC5566." 332 ::= { swmSupportedTunnelEntry 1 } 334 -- end of swmSupportedTunnelTable 335 --swmEncapsTable 336 swmEncapsTable OBJECT-TYPE 337 SYNTAX SEQUENCE OF SwmEncapsEntry 338 MAX-ACCESS not-accessible 339 STATUS current 340 DESCRIPTION 341 "A table of objects that display the 342 softwire mesh encapsulation information." 343 ::= { swmObjects 2 } 345 swmEncapsEntry OBJECT-TYPE 346 SYNTAX SwmEncapsEntry 347 MAX-ACCESS not-accessible 348 STATUS current 349 DESCRIPTION 350 "A table of objects that manage the softwire mesh I-IP 351 encapsulation destination based on the E-IP destination 352 prefix." 353 INDEX { ifIndex, 354 swmEncapsEIPDstType, 355 swmEncapsEIPDst, 356 swmEncapsEIPPrefixLength 357 } 358 ::= { swmEncapsTable 1 } 360 SwmEncapsEntry ::= SEQUENCE { 361 swmEncapsEIPDstType InetAddressType, 362 swmEncapsEIPDst InetAddress, 363 swmEncapsEIPPrefixLength InetAddressPrefixLength, 364 swmEncapsIIPDstType InetAddressType, 365 swmEncapsIIPDst InetAddress 366 } 368 swmEncapsEIPDstType OBJECT-TYPE 369 SYNTAX InetAddressType 370 MAX-ACCESS not-accessible 371 STATUS current 372 DESCRIPTION 373 "This object specifies the address type used for 374 swmEncapsEIPDst. It is different from the tunnelIfAddressType 375 in the tunnelIfTable. The swmEncapsEIPDstType is IPv6 (2) 376 if it is IPv6-over-IPv4 tunneling. The swmEncapsEIPDstType is 377 IPv4 (1) if it is IPv4-over-IPv6 tunneling." 378 REFERENCE 379 "IPv4 and IPv6 in RFC 4001." 380 ::= { swmEncapsEntry 1 } 382 swmEncapsEIPDst OBJECT-TYPE 383 SYNTAX InetAddress 384 MAX-ACCESS not-accessible 385 STATUS current 386 DESCRIPTION 387 "The E-IP destination prefix, which is 388 used for I-IP encapsulation destination looking up." 389 REFERENCE 390 "E-IP and I-IP in RFC 5565." 391 ::= { swmEncapsEntry 2 } 393 swmEncapsEIPPrefixLength OBJECT-TYPE 394 SYNTAX InetAddressPrefixLength 395 MAX-ACCESS not-accessible 396 STATUS current 397 DESCRIPTION 398 "The prefix length of the E-IP destination prefix." 399 ::= { swmEncapsEntry 3 } 401 swmEncapsIIPDstType OBJECT-TYPE 402 SYNTAX InetAddressType 403 MAX-ACCESS read-only 404 STATUS current 405 DESCRIPTION 406 "This object specifies the address type used for 407 swmEncapsIIPDst. It is the same as the tunnelIfAddressType 408 in the tunnelIfTable." 409 REFERENCE 410 "IPv4 and IPv6 in RFC 4001." 411 ::= { swmEncapsEntry 4 } 413 swmEncapsIIPDst OBJECT-TYPE 414 SYNTAX InetAddress 415 MAX-ACCESS read-only 416 STATUS current 417 DESCRIPTION 418 "The I-IP destination address, which is used as the 419 encapsulation destination for the corresponding E-IP 420 prefix. Since the tunnelIfRemoteInetAddress in the 421 tunnelIfTable should be 0.0.0.0 or ::, swmEncapIIPDst 422 should be the destination address used in the outer 423 IP header." 424 REFERENCE 425 "E-IP and I-IP in RFC 5565." 426 ::= { swmEncapsEntry 5 } 427 -- End of swmEncapsTable 429 -- swmBGPNeighborTable 430 swmBGPNeighborTable OBJECT-TYPE 431 SYNTAX SEQUENCE OF SwmBGPNeighborEntry 432 MAX-ACCESS not-accessible 433 STATUS current 434 DESCRIPTION 435 "A table of objects that display the softwire mesh 436 BGP neighbor information." 437 ::= { swmObjects 3 } 439 swmBGPNeighborEntry OBJECT-TYPE 440 SYNTAX SwmBGPNeighborEntry 441 MAX-ACCESS not-accessible 442 STATUS current 443 DESCRIPTION 444 "A set of objects that display the softwire mesh 445 BGP neighbor information." 446 INDEX { 447 ifIndex, 448 swmBGPNeighborInetAddressType, 449 swmBGPNeighborInetAddress 450 } 451 ::= { swmBGPNeighborTable 1 } 453 SwmBGPNeighborEntry ::= SEQUENCE { 454 swmBGPNeighborInetAddressType InetAddressType, 455 swmBGPNeighborInetAddress InetAddress, 456 swmBGPNeighborTunnelType IANAtunnelType 457 } 459 swmBGPNeighborInetAddressType OBJECT-TYPE 460 SYNTAX InetAddressType 461 MAX-ACCESS not-accessible 462 STATUS current 463 DESCRIPTION 464 "This object specifies the address type used for 465 swmBGPNeighborInetAddress." 466 ::= { swmBGPNeighborEntry 1 } 468 swmBGPNeighborInetAddress OBJECT-TYPE 469 SYNTAX InetAddress 470 MAX-ACCESS not-accessible 471 STATUS current 472 DESCRIPTION 473 "The address of the AFBR's BGP neighbor. The 474 address type is the same as the tunnelIfAddressType 475 in the tunnelIfTable." 476 ::= { swmBGPNeighborEntry 2 } 478 swmBGPNeighborTunnelType OBJECT-TYPE 479 SYNTAX IANAtunnelType 480 MAX-ACCESS read-only 481 STATUS current 482 DESCRIPTION 483 "Represents the type of tunnel that the AFBR 484 chooses to transmit traffic with another AFBR/BGP 485 neighbor." 486 ::= { swmBGPNeighborEntry 3 } 487 -- End of swmBGPNeighborTable 489 -- conformance information 490 swmConformance 491 OBJECT IDENTIFIER ::= { swmMIB 2 } 492 swmCompliances 493 OBJECT IDENTIFIER ::= { swmConformance 1 } 494 swmGroups 495 OBJECT IDENTIFIER ::= { swmConformance 2 } 497 -- compliance statements 498 swmCompliance MODULE-COMPLIANCE 499 STATUS current 500 DESCRIPTION 501 "Describes the requirements for conformance to the softwire 502 mesh MIB. 504 The following index objects cannot be added as OBJECT 505 clauses but nevertheless have compliance requirements: 506 " 507 -- OBJECT swmEncapsEIPDstType 508 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 509 -- DESCRIPTION 510 -- "An implementation is required to support 511 -- global IPv4 and/or IPv6 addresses, depending 512 -- on its support for IPv4 and IPv6." 514 -- OBJECT swmEncapsEIPDst 515 -- SYNTAX InetAddress (SIZE(4|16)) 516 -- DESCRIPTION 517 -- "An implementation is required to support 518 -- global IPv4 and/or IPv6 addresses, depending 519 -- on its support for IPv4 and IPv6." 521 -- OBJECT swmEncapsEIPPrefixLength 522 -- SYNTAX InetAddressPrefixLength (Unsigned32 (0..128)) 523 -- DESCRIPTION 524 -- "An implementation is required to support 525 -- global IPv4 and/or IPv6 addresses, depending 526 -- on its support for IPv4 and IPv6." 528 -- OBJECT swmBGPNeighborInetAddressType 529 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 530 -- DESCRIPTION 531 -- "An implementation is required to support 532 -- global IPv4 and/or IPv6 addresses, depending 533 -- on its support for IPv4 and IPv6." 535 -- OBJECT swmBGPNeighborInetAddress 536 -- SYNTAX InetAddress (SIZE(4|16)) 537 -- DESCRIPTION 538 -- "An implementation is required to support 539 -- global IPv4 and/or IPv6 addresses, depending 540 -- on its support for IPv4 and IPv6." 542 MODULE -- this module 543 MANDATORY-GROUPS { 544 swmSupportedTunnelGroup, 545 swmEncapsGroup, 546 swmBGPNeighborGroup 547 } 548 ::= { swmCompliances 1 } 550 swmSupportedTunnelGroup OBJECT-GROUP 551 OBJECTS { 552 swmSupportedTunnelType 553 } 554 STATUS current 555 DESCRIPTION 556 "The collection of objects which are used to show 557 what kind of tunnel the AFBR supports." 558 ::= { swmGroups 1 } 560 swmEncapsGroup OBJECT-GROUP 561 OBJECTS { 562 swmEncapsIIPDst, 563 swmEncapsIIPDstType 564 } 565 STATUS current 566 DESCRIPTION 567 "The collection of objects which are used to display 568 softwire mesh encapsulation information." 569 ::= { swmGroups 2 } 571 swmBGPNeighborGroup OBJECT-GROUP 572 OBJECTS { 573 swmBGPNeighborTunnelType 575 } 576 STATUS current 577 DESCRIPTION 578 "The collection of objects which are used to display 579 softwire mesh BGP neighbor information." 580 ::= { swmGroups 3 } 582 END 584 7. Security Considerations 586 Because this MIB module reuses the IP tunnel MIB, the security 587 considerations of the IP tunnel MIB is also applicable to the 588 Softwire mesh MIB. 590 There are no management objects defined in this MIB module that have 591 a MAX-ACCESS clause of read-write and/or read-create. So, if this 592 MIB module is implemented correctly, then there is no risk that an 593 intruder can alter or create any management objects of this MIB 594 module via direct SNMP SET operations. 596 Some of the readable objects in this MIB module (i.e., objects with a 597 MAX-ACCESS other than not-accessible) may be considered sensitive or 598 vulnerable in some network environments. It is thus important to 599 control even GET and/or NOTIFY access to these objects and possibly 600 to even encrypt the values of these objects when sending them over 601 the network via SNMP. These are objects and their sensitivity/ 602 vulnerability. 604 Particularly, swmSupportedTunnelType, swmEncapsIIPDstType, 605 swmEncapsIIPDst and swmBGPNeighborTunnelType can expose the types of 606 tunnels used within the internal network, and potentially reveal the 607 topology of the internal network. 609 SNMP versions prior to SNMPv3 did not include adequate security. 610 Even if the network itself is secure (for example by using IPsec), 611 there is no control as to who on the secure network is allowed to 612 access and GET/SET (read/change/create/delete) the objects in this 613 MIB module. 615 Implementations SHOULD provide the security features described by the 616 SNMPv3 framework (see [RFC3410]), and implementations claiming 617 compliance to the SNMPv3 standard MUST include full support for 618 authentication and privacy via the User-based Security Model (USM) 619 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 620 MAY also provide support for the Transport Security Model 621 (TSM)[RFC5591] in combination with a secure transport such as SSH 622 [RFC5592] or TLS/DTLS [RFC6353]. 624 Further, deployment of SNMP versions prior to SNMPv3 is NOT 625 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 626 enable cryptographic security. It is then a customer/operator 627 responsibility to ensure that the SNMP entity giving access to an 628 instance of this MIB module is properly configured to give access to 629 the objects only to those principals (users) that have legitimate 630 rights to indeed GET or SET (change/create/delete) them. 632 8. IANA Considerations 634 The MIB module in this document uses the following IANA-assigned 635 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 636 the following IANA-assigned tunnelType values recorded in the 637 IANAtunnelType-MIB registry: 639 Descriptor OBJECT IDENTIFIER value 640 ---------- ----------------------- 641 swmMIB { mib-2 XXX } 643 IANAtunnelType ::= TEXTUAL-CONVENTION 644 SYNTAX INTEGER { 645 softwireMesh ("xx") -- softwire Mesh tunnel 646 } 648 9. Acknowledgements 650 The authors would like to thank Dave Thaler, Jean-Philippe Dionne, Qi 651 Sun, Sheng Jiang, Yu Fu for their valuable comments. 653 10. References 655 10.1. Normative References 657 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 658 Requirement Levels", BCP 14, RFC 2119, 659 DOI 10.17487/RFC2119, March 1997, 660 . 662 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 663 Schoenwaelder, Ed., "Structure of Management Information 664 Version 2 (SMIv2)", STD 58, RFC 2578, 665 DOI 10.17487/RFC2578, April 1999, 666 . 668 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 669 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 670 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 671 . 673 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 674 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 675 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 676 . 678 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 679 Schoenwaelder, "Textual Conventions for Internet Network 680 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 681 . 683 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 684 (USM) for version 3 of the Simple Network Management 685 Protocol (SNMPv3)", STD 62, RFC 3414, 686 DOI 10.17487/RFC3414, December 2002, 687 . 689 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 690 Advanced Encryption Standard (AES) Cipher Algorithm in the 691 SNMP User-based Security Model", RFC 3826, 692 DOI 10.17487/RFC3826, June 2004, 693 . 695 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 696 Subsequent Address Family Identifier (SAFI) and the BGP 697 Tunnel Encapsulation Attribute", RFC 5512, 698 DOI 10.17487/RFC5512, April 2009, 699 . 701 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 702 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 703 . 705 [RFC5566] Berger, L., White, R., and E. Rosen, "BGP IPsec Tunnel 706 Encapsulation Attribute", RFC 5566, DOI 10.17487/RFC5566, 707 June 2009, . 709 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 710 for the Simple Network Management Protocol (SNMP)", 711 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 712 . 714 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 715 Shell Transport Model for the Simple Network Management 716 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 717 2009, . 719 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 720 Model for the Simple Network Management Protocol (SNMP)", 721 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 722 . 724 10.2. Informative References 726 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 727 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 728 . 730 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 731 Durand, Ed., "Softwire Problem Statement", RFC 4925, 732 DOI 10.17487/RFC4925, July 2007, 733 . 735 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 736 "Introduction and Applicability Statements for Internet- 737 Standard Management Framework", RFC 3410, 738 DOI 10.17487/RFC3410, December 2002, 739 . 741 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, 742 DOI 10.17487/RFC4087, June 2005, 743 . 745 Authors' Addresses 747 Yong Cui 748 Tsinghua University 749 Department of Computer Science, Tsinghua University 750 Beijing 100084 751 P.R.China 753 Phone: +86-10-6260-3059 754 EMail: yong@csnet1.cs.tsinghua.edu.cn 755 Jiang Dong 756 Tsinghua University 757 Department of Computer Science, Tsinghua University 758 Beijing 100084 759 P.R.China 761 Phone: +86-10-6278-5822 762 EMail: knight.dongjiang@gmail.com 764 Peng Wu 765 Tsinghua University 766 Department of Computer Science, Tsinghua University 767 Beijing 100084 768 P.R.China 770 Phone: +86-10-6278-5822 771 EMail: weapon9@gmail.com 773 Mingwei Xu 774 Tsinghua University 775 Department of Computer Science, Tsinghua University 776 Beijing 100084 777 P.R.China 779 Phone: +86-10-6278-5822 780 EMail: xmw@cernet.edu.cn 782 Antti Yla-Jaaski 783 Aalto University 784 Konemiehentie 2 785 Espoo 02150 786 Finland 788 Phone: +358-40-5954222 789 EMail: antti.yla-jaaski@aalto.fi