idnits 2.17.1 draft-ietf-softwire-mesh-mib-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 19, 2015) is 3051 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5512 (Obsoleted by RFC 9012) ** Obsolete normative reference: RFC 5566 (Obsoleted by RFC 9012) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire Y. Cui 3 Internet-Draft J. Dong 4 Intended status: Standards Track P. Wu 5 Expires: June 21, 2016 M. Xu 6 Tsinghua University 7 A. Yla-Jaaski 8 Aalto University 9 December 19, 2015 11 Softwire Mesh Management Information Base (MIB) 12 draft-ietf-softwire-mesh-mib-14 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for use with network management protocols in the Internet community. 18 In particular it defines objects for managing a softwire mesh. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on June 21, 2016. 37 Copyright Notice 39 Copyright (c) 2015 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 58 4.1. The swmSupportedTunnelTable Subtree . . . . . . . . . . . 3 59 4.2. The swmEncapsTable Subtree . . . . . . . . . . . . . . . 3 60 4.3. The swmBGPNeighborTable Subtree . . . . . . . . . . . . . 4 61 4.4. The swmConformance Subtree . . . . . . . . . . . . . . . 4 62 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 63 5.1. Relationship to the IF-MIB . . . . . . . . . . . . . . . 4 64 5.2. Relationship to the IP Tunnel MIB . . . . . . . . . . . . 5 65 5.3. MIB modules required for IMPORTS . . . . . . . . . . . . 5 66 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 67 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 68 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 69 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 70 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 71 10.1. Normative References . . . . . . . . . . . . . . . . . . 14 72 10.2. Informative References . . . . . . . . . . . . . . . . . 16 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 75 1. Introduction 77 The Softwire mesh framework RFC 5565 [RFC5565] is a tunneling 78 mechanism that enables connectivity between islands of IPv4 networks 79 across a single IPv6 backbone and vice versa. In a softwire mesh, 80 extended multiprotocol-BGP (MP-BGP) is used to set up tunnels and 81 advertise prefixes among address family border routers (AFBRs). 83 This memo defines a portion of the Management Information Base (MIB) 84 for use with network management protocols in the Internet community. 85 In particular it defines objects for managing a softwire mesh 86 [RFC5565]. 88 2. The Internet-Standard Management Framework 90 For a detailed overview of the documents that describe the current 91 Internet-Standard Management Framework, please refer to section 7 of 92 RFC 3410 [RFC3410]. 94 Managed objects are accessed via a virtual information store, termed 95 the Management Information Base or MIB. MIB objects are generally 96 accessed through the Simple Network Management Protocol (SNMP). They 97 are defined using the mechanisms stated in the Structure of 98 Management Information (SMI). This memo specifies a MIB module that 99 is compliant to the SMIv2 (Structure of Management Information 100 Version 2), which is described in STD 58, RFC 2578 [RFC2578], STD 58, 101 RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 103 3. Terminology 105 This document uses terminology from the softwire problem statement 106 RFC 4925 [RFC4925], the BGP encapsulation subsequent address family 107 identifier (SAFI) and the BGP tunnel encapsulation attribute RFC 5512 108 [RFC5512], the softwire mesh framework RFC 5565 [RFC5565] and the BGP 109 IPsec tunnel encapsulation attributeand RFC 5566 [RFC5566]. 111 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 112 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 113 "OPTIONAL" in this document are to be interpreted as described in RFC 114 2119 [RFC2119]. 116 4. Structure of the MIB Module 118 The softwire mesh MIB provides a method to monitor the softwire mesh 119 objects through SNMP. 121 4.1. The swmSupportedTunnelTable Subtree 123 The swmSupportedTunnelTable subtree provides the information about 124 what types of tunnels can be used for softwire mesh scenarios in the 125 AFBR. The softwire mesh framework RFC 5565 [RFC5565] does not 126 mandate the use of any particular tunneling technology. Based on the 127 BGP tunnel encapsulation attribute tunnel types introduced by RFC 128 5512[RFC5512] and RFC 5566[RFC5566], the softwire mesh tunnel types 129 include at least L2TPv3 (Layer Two Tunneling Protocol-Version 3) over 130 IP, GRE (Generic Routing Encapsulation), Transmit tunnel endpoint, 131 IPsec in Tunnel-mode, IP in IP tunnel with IPsec Transport Mode, 132 MPLS-in-IP tunnel with IPsec Transport Mode and IP in IP. The 133 detailed encapsulation information of different tunnel types (e.g., 134 L2TPv3 Session ID, GRE Key, etc.) is not managed in the swmMIB. 136 4.2. The swmEncapsTable Subtree 138 The swmEncapsTable subtree provides softwire mesh NLRI-NH information 139 (Network Layer Reachability Information-Next Hop) about the AFBR. It 140 keeps the mapping between the External-IP (E-IP) prefix and the 141 Internal-IP (I-IP) address of the next hop. The mappings determine 142 which I-IP destination address will be used to encapsulate the 143 received packet according to its E-IP destination address. The 144 definitions of E-IP and I-IP are explained in section 4.1 of RFC 145 5565[RFC5565]. The number of entries in swmEncapsTable shows how 146 many softwire mesh tunnels are maintained in this AFBR. 148 4.3. The swmBGPNeighborTable Subtree 150 The subtree provides the softwire mesh BGP neighbor information of an 151 AFBR. It includes the address of the softwire mesh BGP peer, and the 152 kind of tunnel that the AFBR would use to communicate with this BGP 153 peer. 155 4.4. The swmConformance Subtree 157 The subtree provides the conformance information of MIB objects. 159 5. Relationship to Other MIB Modules 161 5.1. Relationship to the IF-MIB 163 The Interfaces MIB [RFC2863] defines generic managed objects for 164 managing interfaces. Each logical interface (physical or virtual) 165 has an ifEntry. Tunnels are handled by creating logical interfaces 166 (ifEntry). Being a tunnel, softwire mesh interface has an entry in 167 the Interface MIB, as well as an entry in IP Tunnel MIB. Those 168 corresponding entries are indexed by ifIndex. 170 The ifOperStatus in the ifTable represents whether the mesh function 171 of the AFBR has been triggered. If the softwire mesh capability is 172 negotiated during the BGP OPEN phase, the mesh function is considered 173 to be started, and the ifOperStatus is "up". Otherwise the 174 ifOperStatus is "down". 176 In the case of an IPv4-over-IPv6 softwire mesh tunnel, ifInUcastPkts 177 counts the number of IPv6 packets which are sent to the virtual 178 interface for decapsulation into IPv4. The ifOutUcastPkts counts the 179 number of IPv6 packets which are generated by encapsulating IPv4 180 packets sent to the virtual interface. Particularly, if these IPv4 181 packets need fragmentation, ifOutUcastPkts counts the number of 182 packets after fragmentation. 184 In the case of an IPv6-over-IPv4 softwire mesh tunnel, ifInUcastPkts 185 counts the number of IPv4 packets, which are delivered up to the 186 virtual interface for decapsulation into IPv6. The ifOutUcastPkts 187 counts the number of IPv4 packets, which are generated by 188 encapsulating IPv6 packets sent down to the virtual interface. 189 Particularly, if these IPv6 packets need to be fragmented, 190 ifOutUcastPkts counts the number of packets after fragmentation. 191 Similar definitions apply to other counter objects in the ifTable. 193 5.2. Relationship to the IP Tunnel MIB 195 The IP Tunnel MIB [RFC4087] contains objects applicable to all IP 196 tunnels, including softwire mesh tunnels. Meanwhile, the Softwire 197 Mesh MIB extends the IP Tunnel MIB to further describe encapsulation- 198 specific information. 200 When running a point to multi-point tunnel, it is necessary for a 201 softwire mesh AFBR to maintain an encapsulation table in order to 202 perform correct "forwarding" among AFBRs. This forwarding function 203 on an AFBR is performed by using the E-IP destination address to look 204 up in the encapsulation table for the I-IP encapsulation destination 205 address. An AFBR also needs to know the BGP peer information of the 206 other AFBRs, so that it can negotiate the NLRI-NH information and the 207 tunnel parameters with them. 209 The Softwire mesh MIB requires the implementation of the IP Tunnel 210 MIB. The tunnelIfEncapsMethod in the tunnelIfEntry MUST be set to 211 softwireMesh("xx"), and a corresponding entry in the softwire mesh 212 MIB module will be presented for the tunnelIfEntry. The 213 tunnelIfRemoteInetAddress MUST be set to "0.0.0.0" for IPv4 or "::" 214 for IPv6 because it is a point to multi-point tunnel. 216 -- RFC Ed.: Please replace "xx" with IANA assigned number here. 218 The tunnelIfAddressType in the tunnelIfTable represents the type of 219 address in the corresponding tunnelIfLocalInetAddress and 220 tunnelIfRemoteInetAddress objects. The tunnelIfAddressType is 221 identical to swmEncapsIIPDstType in softwire mesh, which can support 222 either IPv4-over-IPv6 or IPv6-over-IPv4. When the 223 swmEncapsEIPDstType is IPv6 and the swmEncapsIIPDstType is IPv4, the 224 tunnel type is IPv6-over-IPv4; When the swmEncapsEIPDstType is IPv4 225 and the swmEncapsIIPDstType is IPv6, the encapsulation mode would be 226 IPv4-over-IPv6. 228 5.3. MIB modules required for IMPORTS 230 The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], 231 SNMPv2-CONF [RFC2580], IF-MIB [RFC2863] and INET-ADDRESS-MIB 232 [RFC4001]. 234 6. Definitions 236 SOFTWIRE-MESH-MIB DEFINITIONS ::= BEGIN 238 IMPORTS 239 MODULE-IDENTITY, OBJECT-TYPE, mib-2 FROM SNMPv2-SMI 240 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF 242 InetAddress, InetAddressType, InetAddressPrefixLength 244 FROM INET-ADDRESS-MIB 246 ifIndex FROM IF-MIB 248 IANAtunnelType FROM IANAifType-MIB; 250 swmMIB MODULE-IDENTITY 251 LAST-UPDATED "201512190000Z" -- December 19, 2015 252 ORGANIZATION "Softwire Working Group" 253 CONTACT-INFO " 255 Yong Cui 256 Email: yong@csnet1.cs.tsinghua.edu.cn 258 Jiang Dong 259 Email: knight.dongjiang@gmail.com 261 Peng Wu 262 Email: weapon9@gmail.com 264 Mingwei Xu 265 Email: xmw@cernet.edu.cn 267 Antti Yla-Jaaski 268 Email: antti.yla-jaaski@aalto.fi 270 Email comments directly to the softwire WG Mailing 271 List at softwires@ietf.org 272 " 274 DESCRIPTION 275 "This MIB module contains managed object definitions for 276 the softwire mesh framework. 278 Copyright (C) The Internet Society (2015). This 279 version of this MIB module is part of RFC 5565; 280 see the RFC itself for full legal notices." 282 REVISION "201512190000Z" 283 DESCRIPTION 284 "The MIB module is defined for management of object in 285 the Softwire mesh framework." 286 ::= { mib-2 xxx } 287 --RFC Ed.: Please replace "xxx" with IANA assigned number here. 289 swmObjects OBJECT IDENTIFIER ::= { swmMIB 1 } 291 -- swmSupportedTunnelTable 292 swmSupportedTunnelTable OBJECT-TYPE 293 SYNTAX SEQUENCE OF SwmSupportedTunnelEntry 294 MAX-ACCESS not-accessible 295 STATUS current 296 DESCRIPTION 297 "A table of objects that shows what kind of tunnels 298 can be supported by the AFBR." 299 ::= { swmObjects 1 } 301 swmSupportedTunnelEntry OBJECT-TYPE 302 SYNTAX SwmSupportedTunnelEntry 303 MAX-ACCESS not-accessible 304 STATUS current 305 DESCRIPTION 306 "A set of objects that show what kind of tunnels 307 can be supported in the AFBR. If the AFBR supports 308 multiple tunnel types, the swmSupportedTunnelTable 309 would have several entries." 310 INDEX { swmSupportedTunnelType } 311 ::= { swmSupportedTunnelTable 1 } 313 SwmSupportedTunnelEntry ::= SEQUENCE { 314 swmSupportedTunnelType IANAtunnelType 315 } 317 swmSupportedTunnelType OBJECT-TYPE 318 SYNTAX IANAtunnelType 319 MAX-ACCESS read-only 320 STATUS current 321 DESCRIPTION 322 "Represents the tunnel type that can be used for softwire 323 mesh scenarios, such as L2TPv3 over IP, GRE, Transmit 324 tunnel endpoint, IPsec in Tunnel-mode, IP in IP tunnel with 325 IPsec Transport Mode, MPLS-in-IP tunnel with IPsec Transport 326 Mode and IP in IP. There is no restriction of tunnel type 327 the Softwire mesh can use." 328 REFERENCE 329 "L2TPv3 over IP, GRE, IP in IP in RFC5512. 330 Transmit tunnel endpoint, IPsec in Tunnel-mode, IP in IP 331 tunnel with IPsec Transport Mode, MPLS-in-IP tunnel with 332 IPsec Transport Mode in RFC5566." 333 ::= { swmSupportedTunnelEntry 1 } 335 -- end of swmSupportedTunnelTable 337 --swmEncapsTable 338 swmEncapsTable OBJECT-TYPE 339 SYNTAX SEQUENCE OF SwmEncapsEntry 340 MAX-ACCESS not-accessible 341 STATUS current 342 DESCRIPTION 343 "A table of objects that display the 344 softwire mesh encapsulation information." 345 ::= { swmObjects 2 } 347 swmEncapsEntry OBJECT-TYPE 348 SYNTAX SwmEncapsEntry 349 MAX-ACCESS not-accessible 350 STATUS current 351 DESCRIPTION 352 "A table of objects that manage the softwire mesh I-IP 353 encapsulation destination based on the E-IP destination 354 prefix." 355 INDEX { ifIndex, 356 swmEncapsEIPDstType, 357 swmEncapsEIPDst, 358 swmEncapsEIPPrefixLength 359 } 360 ::= { swmEncapsTable 1 } 362 SwmEncapsEntry ::= SEQUENCE { 363 swmEncapsEIPDstType InetAddressType, 364 swmEncapsEIPDst InetAddress, 365 swmEncapsEIPPrefixLength InetAddressPrefixLength, 366 swmEncapsIIPDstType InetAddressType, 367 swmEncapsIIPDst InetAddress 368 } 370 swmEncapsEIPDstType OBJECT-TYPE 371 SYNTAX InetAddressType 372 MAX-ACCESS not-accessible 373 STATUS current 374 DESCRIPTION 375 "This object specifies the address type used for 376 swmEncapsEIPDst. It is different from the tunnelIfAddressType 377 in the tunnelIfTable. The swmEncapsEIPDstType is IPv6 (2) 378 if it is IPv6-over-IPv4 tunneling. The swmEncapsEIPDstType is 379 IPv4 (1) if it is IPv4-over-IPv6 tunneling." 380 REFERENCE 381 "IPv4 and IPv6 in RFC 4001." 382 ::= { swmEncapsEntry 1 } 384 swmEncapsEIPDst OBJECT-TYPE 385 SYNTAX InetAddress 386 MAX-ACCESS not-accessible 387 STATUS current 388 DESCRIPTION 389 "The E-IP destination prefix, which is 390 used for I-IP encapsulation destination looking up. 391 The type of this address is determined by the 392 value of swmEncapsEIPDstType" 393 REFERENCE 394 "E-IP and I-IP in RFC 5565." 395 ::= { swmEncapsEntry 2 } 397 swmEncapsEIPPrefixLength OBJECT-TYPE 398 SYNTAX InetAddressPrefixLength 399 MAX-ACCESS not-accessible 400 STATUS current 401 DESCRIPTION 402 "The prefix length of the E-IP destination prefix." 403 ::= { swmEncapsEntry 3 } 405 swmEncapsIIPDstType OBJECT-TYPE 406 SYNTAX InetAddressType 407 MAX-ACCESS read-only 408 STATUS current 409 DESCRIPTION 410 "This object specifies the address type used for 411 swmEncapsIIPDst. It is the same as the tunnelIfAddressType 412 in the tunnelIfTable." 413 REFERENCE 414 "IPv4 and IPv6 in RFC 4001." 415 ::= { swmEncapsEntry 4 } 417 swmEncapsIIPDst OBJECT-TYPE 418 SYNTAX InetAddress 419 MAX-ACCESS read-only 420 STATUS current 421 DESCRIPTION 422 "The I-IP destination address, which is used as the 423 encapsulation destination for the corresponding E-IP 424 prefix. Since the tunnelIfRemoteInetAddress in the 425 tunnelIfTable should be 0.0.0.0 or ::, swmEncapIIPDst 426 should be the destination address used in the outer 427 IP header." 428 REFERENCE 429 "E-IP and I-IP in RFC 5565." 430 ::= { swmEncapsEntry 5 } 431 -- End of swmEncapsTable 432 -- swmBGPNeighborTable 433 swmBGPNeighborTable OBJECT-TYPE 434 SYNTAX SEQUENCE OF SwmBGPNeighborEntry 435 MAX-ACCESS not-accessible 436 STATUS current 437 DESCRIPTION 438 "A table of objects that display the softwire mesh 439 BGP neighbor information." 440 ::= { swmObjects 3 } 442 swmBGPNeighborEntry OBJECT-TYPE 443 SYNTAX SwmBGPNeighborEntry 444 MAX-ACCESS not-accessible 445 STATUS current 446 DESCRIPTION 447 "A set of objects that display the softwire mesh 448 BGP neighbor information." 449 INDEX { 450 ifIndex, 451 swmBGPNeighborInetAddressType, 452 swmBGPNeighborInetAddress 453 } 454 ::= { swmBGPNeighborTable 1 } 456 SwmBGPNeighborEntry ::= SEQUENCE { 457 swmBGPNeighborInetAddressType InetAddressType, 458 swmBGPNeighborInetAddress InetAddress, 459 swmBGPNeighborTunnelType IANAtunnelType 460 } 462 swmBGPNeighborInetAddressType OBJECT-TYPE 463 SYNTAX InetAddressType 464 MAX-ACCESS not-accessible 465 STATUS current 466 DESCRIPTION 467 "This object specifies the address type used for 468 swmBGPNeighborInetAddress." 469 ::= { swmBGPNeighborEntry 1 } 471 swmBGPNeighborInetAddress OBJECT-TYPE 472 SYNTAX InetAddress 473 MAX-ACCESS not-accessible 474 STATUS current 475 DESCRIPTION 476 "The address of the AFBR's BGP neighbor. The 477 address type is the same as the tunnelIfAddressType 478 in the tunnelIfTable." 479 ::= { swmBGPNeighborEntry 2 } 481 swmBGPNeighborTunnelType OBJECT-TYPE 482 SYNTAX IANAtunnelType 483 MAX-ACCESS read-only 484 STATUS current 485 DESCRIPTION 486 "Represents the type of tunnel that the AFBR 487 chooses to transmit traffic with another AFBR/BGP 488 neighbor." 489 ::= { swmBGPNeighborEntry 3 } 490 -- End of swmBGPNeighborTable 492 -- conformance information 493 swmConformance 494 OBJECT IDENTIFIER ::= { swmMIB 2 } 495 swmCompliances 496 OBJECT IDENTIFIER ::= { swmConformance 1 } 497 swmGroups 498 OBJECT IDENTIFIER ::= { swmConformance 2 } 500 -- compliance statements 501 swmCompliance MODULE-COMPLIANCE 502 STATUS current 503 DESCRIPTION 504 "Describes the requirements for conformance to the softwire 505 mesh MIB. 507 The following index objects cannot be added as OBJECT 508 clauses but nevertheless have compliance requirements: 509 " 510 -- OBJECT swmEncapsEIPDstType 511 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 512 -- DESCRIPTION 513 -- "An implementation is required to support 514 -- global IPv4 and/or IPv6 addresses, depending 515 -- on its support for IPv4 and IPv6." 517 -- OBJECT swmEncapsEIPDst 518 -- SYNTAX InetAddress (SIZE(4|16)) 519 -- DESCRIPTION 520 -- "An implementation is required to support 521 -- global IPv4 and/or IPv6 addresses, depending 522 -- on its support for IPv4 and IPv6." 524 -- OBJECT swmEncapsEIPPrefixLength 525 -- SYNTAX InetAddressPrefixLength (Unsigned32 (0..128)) 526 -- DESCRIPTION 527 -- "An implementation is required to support 528 -- global IPv4 and/or IPv6 addresses, depending 529 -- on its support for IPv4 and IPv6." 531 -- OBJECT swmBGPNeighborInetAddressType 532 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 533 -- DESCRIPTION 534 -- "An implementation is required to support 535 -- global IPv4 and/or IPv6 addresses, depending 536 -- on its support for IPv4 and IPv6." 538 -- OBJECT swmBGPNeighborInetAddress 539 -- SYNTAX InetAddress (SIZE(4|16)) 540 -- DESCRIPTION 541 -- "An implementation is required to support 542 -- global IPv4 and/or IPv6 addresses, depending 543 -- on its support for IPv4 and IPv6." 545 MODULE -- this module 546 MANDATORY-GROUPS { 547 swmSupportedTunnelGroup, 548 swmEncapsGroup, 549 swmBGPNeighborGroup 550 } 551 ::= { swmCompliances 1 } 553 swmSupportedTunnelGroup OBJECT-GROUP 554 OBJECTS { 555 swmSupportedTunnelType 556 } 557 STATUS current 558 DESCRIPTION 559 "The collection of objects which are used to show 560 what kind of tunnel the AFBR supports." 561 ::= { swmGroups 1 } 563 swmEncapsGroup OBJECT-GROUP 564 OBJECTS { 565 swmEncapsIIPDst, 566 swmEncapsIIPDstType 567 } 568 STATUS current 569 DESCRIPTION 570 "The collection of objects which are used to display 571 softwire mesh encapsulation information." 572 ::= { swmGroups 2 } 574 swmBGPNeighborGroup OBJECT-GROUP 575 OBJECTS { 576 swmBGPNeighborTunnelType 577 } 578 STATUS current 579 DESCRIPTION 580 "The collection of objects which are used to display 581 softwire mesh BGP neighbor information." 582 ::= { swmGroups 3 } 584 END 586 7. Security Considerations 588 Because this MIB module reuses the IP tunnel MIB, the security 589 considerations of the IP tunnel MIB is also applicable to the 590 Softwire mesh MIB. 592 There are no management objects defined in this MIB module that have 593 a MAX-ACCESS clause of read-write and/or read-create. So, if this 594 MIB module is implemented correctly, then there is no risk that an 595 intruder can alter or create any management objects of this MIB 596 module via direct SNMP SET operations. 598 Some of the readable objects in this MIB module (i.e., objects with a 599 MAX-ACCESS other than not-accessible) may be considered sensitive or 600 vulnerable in some network environments. It is thus important to 601 control even GET and/or NOTIFY access to these objects and possibly 602 to even encrypt the values of these objects when sending them over 603 the network via SNMP. These are objects and their sensitivity/ 604 vulnerability. 606 Particularly, swmSupportedTunnelType, swmEncapsIIPDstType, 607 swmEncapsIIPDst and swmBGPNeighborTunnelType can expose the types of 608 tunnels used within the internal network, and potentially reveal the 609 topology of the internal network. 611 SNMP versions prior to SNMPv3 did not include adequate security. 612 Even if the network itself is secure (for example by using IPsec), 613 there is no control as to who on the secure network is allowed to 614 access and GET/SET (read/change/create/delete) the objects in this 615 MIB module. 617 Implementations SHOULD provide the security features described by the 618 SNMPv3 framework (see [RFC3410]), and implementations claiming 619 compliance to the SNMPv3 standard MUST include full support for 620 authentication and privacy via the User-based Security Model (USM) 621 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 622 MAY also provide support for the Transport Security Model 623 (TSM)[RFC5591] in combination with a secure transport such as SSH 624 [RFC5592] or TLS/DTLS [RFC6353]. 626 Further, deployment of SNMP versions prior to SNMPv3 is NOT 627 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 628 enable cryptographic security. It is then a customer/operator 629 responsibility to ensure that the SNMP entity giving access to an 630 instance of this MIB module is properly configured to give access to 631 the objects only to those principals (users) that have legitimate 632 rights to indeed GET or SET (change/create/delete) them. 634 8. IANA Considerations 636 The MIB module in this document uses the following IANA-assigned 637 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 638 the following IANA-assigned tunnelType values recorded in the 639 IANAtunnelType-MIB registry: 641 Descriptor OBJECT IDENTIFIER value 642 ---------- ----------------------- 643 swmMIB { mib-2 xxx } 645 IANAtunnelType ::= TEXTUAL-CONVENTION 646 SYNTAX INTEGER { 647 softwireMesh ("xx") -- softwire Mesh tunnel 648 } 650 9. Acknowledgements 652 The authors would like to thank Dave Thaler, Jean-Philippe Dionne, Qi 653 Sun, Sheng Jiang, Yu Fu for their valuable comments. 655 10. References 657 10.1. Normative References 659 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 660 Requirement Levels", BCP 14, RFC 2119, 661 DOI 10.17487/RFC2119, March 1997, 662 . 664 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 665 Schoenwaelder, Ed., "Structure of Management Information 666 Version 2 (SMIv2)", STD 58, RFC 2578, 667 DOI 10.17487/RFC2578, April 1999, 668 . 670 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 671 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 672 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 673 . 675 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 676 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 677 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 678 . 680 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 681 Schoenwaelder, "Textual Conventions for Internet Network 682 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 683 . 685 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 686 (USM) for version 3 of the Simple Network Management 687 Protocol (SNMPv3)", STD 62, RFC 3414, 688 DOI 10.17487/RFC3414, December 2002, 689 . 691 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 692 Advanced Encryption Standard (AES) Cipher Algorithm in the 693 SNMP User-based Security Model", RFC 3826, 694 DOI 10.17487/RFC3826, June 2004, 695 . 697 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 698 Subsequent Address Family Identifier (SAFI) and the BGP 699 Tunnel Encapsulation Attribute", RFC 5512, 700 DOI 10.17487/RFC5512, April 2009, 701 . 703 [RFC5565] Wu, J., Cui, Y., Metz, C., and E. Rosen, "Softwire Mesh 704 Framework", RFC 5565, DOI 10.17487/RFC5565, June 2009, 705 . 707 [RFC5566] Berger, L., White, R., and E. Rosen, "BGP IPsec Tunnel 708 Encapsulation Attribute", RFC 5566, DOI 10.17487/RFC5566, 709 June 2009, . 711 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 712 for the Simple Network Management Protocol (SNMP)", 713 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 714 . 716 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 717 Shell Transport Model for the Simple Network Management 718 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 719 2009, . 721 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 722 Model for the Simple Network Management Protocol (SNMP)", 723 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 724 . 726 10.2. Informative References 728 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 729 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 730 . 732 [RFC4925] Li, X., Ed., Dawkins, S., Ed., Ward, D., Ed., and A. 733 Durand, Ed., "Softwire Problem Statement", RFC 4925, 734 DOI 10.17487/RFC4925, July 2007, 735 . 737 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 738 "Introduction and Applicability Statements for Internet- 739 Standard Management Framework", RFC 3410, 740 DOI 10.17487/RFC3410, December 2002, 741 . 743 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, 744 DOI 10.17487/RFC4087, June 2005, 745 . 747 Authors' Addresses 749 Yong Cui 750 Tsinghua University 751 Department of Computer Science, Tsinghua University 752 Beijing 100084 753 P.R.China 755 Phone: +86-10-6260-3059 756 EMail: yong@csnet1.cs.tsinghua.edu.cn 757 Jiang Dong 758 Tsinghua University 759 Department of Computer Science, Tsinghua University 760 Beijing 100084 761 P.R.China 763 Phone: +86-10-6278-5822 764 EMail: knight.dongjiang@gmail.com 766 Peng Wu 767 Tsinghua University 768 Department of Computer Science, Tsinghua University 769 Beijing 100084 770 P.R.China 772 Phone: +86-10-6278-5822 773 EMail: weapon9@gmail.com 775 Mingwei Xu 776 Tsinghua University 777 Department of Computer Science, Tsinghua University 778 Beijing 100084 779 P.R.China 781 Phone: +86-10-6278-5822 782 EMail: xmw@cernet.edu.cn 784 Antti Yla-Jaaski 785 Aalto University 786 Konemiehentie 2 787 Espoo 02150 788 Finland 790 Phone: +358-40-5954222 791 EMail: antti.yla-jaaski@aalto.fi