idnits 2.17.1 draft-ops-rfc2013-update-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There is 1 instance of too long lines in the document, the longest one being 2 characters in excess of 72. ** The abstract seems to contain references ([4]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2001) is 8469 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '4' on line 448 looks like a reference -- Missing reference section? '5' on line 451 looks like a reference -- Missing reference section? '6' on line 454 looks like a reference -- Missing reference section? '7' on line 458 looks like a reference -- Missing reference section? '8' on line 461 looks like a reference -- Missing reference section? '9' on line 464 looks like a reference -- Missing reference section? '10' on line 468 looks like a reference -- Missing reference section? '11' on line 472 looks like a reference -- Missing reference section? '12' on line 476 looks like a reference -- Missing reference section? '13' on line 479 looks like a reference -- Missing reference section? '14' on line 482 looks like a reference -- Missing reference section? '15' on line 486 looks like a reference -- Missing reference section? '16' on line 537 looks like a reference -- Missing reference section? '17' on line 494 looks like a reference -- Missing reference section? '18' on line 498 looks like a reference -- Missing reference section? '19' on line 538 looks like a reference -- Missing reference section? '20' on line 505 looks like a reference -- Missing reference section? '1' on line 439 looks like a reference -- Missing reference section? '2' on line 442 looks like a reference -- Missing reference section? '3' on line 445 looks like a reference Summary: 5 errors (**), 0 flaws (~~), 2 warnings (==), 22 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Bill Fenner 2 INTERNET-DRAFT AT&T Research 3 Expires: August 2001 Brian Haberman 4 Nortel Networks 5 Keith McCloghrie 6 Cisco Systems 7 Juergen Schoenwalder 8 TU Braunschweig 9 Dave Thaler 10 Microsoft 11 February 2001 13 Management Information Base 14 for the User Datagram Protocol (UDP) 15 draft-ops-rfc2013-update-00.txt 17 Status of this Document 19 This document is an Internet-Draft and is in full conformance with all 20 provisions of Section 10 of RFC2026. 22 Internet-Drafts are working documents of the Internet Engineering Task 23 Force (IETF), its areas, and its working groups. Note that other groups 24 may also distribute working documents as Internet-Drafts. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference material 29 or to cite them other than as "work in progress." 31 The list of current Internet-Drafts can be accessed at 32 http://www.ietf.org/ietf/1id-abstracts.txt 34 The list of Internet-Draft Shadow Directories can be accessed at 35 http://www.ietf.org/shadow.html. 37 This document is a product of the IPv6 MIB Revision Design Team. 38 Comments should be addressed to the authors, or the mailing list at 39 ipv6mib@ibr.cs.tu-bs.de. 41 Copyright Notice 43 Copyright (C) The Internet Society (2001). All Rights Reserved. 45 Abstract 47 This memo defines a portion of the Management Information Base (MIB) for 48 use with network management protocols in the Internet community. In 49 particular, it describes managed objects used for implementations of the 50 User Datagram Protocol (UDP) [4] in an IP version independent manner. 52 Table of Contents 54 1. The SNMP Management Framework . . . . . . . . . . . . . . . . . . 2 55 2. Revision History. . . . . . . . . . . . . . . . . . . . . . . . . 3 56 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 4. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 58 5. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . . 10 59 6. References. . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 60 7. Security Considerations . . . . . . . . . . . . . . . . . . . . . 11 61 8. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . . 12 62 9. Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 12 64 1. The SNMP Management Framework 66 The SNMP Management Framework presently consists of five major 67 components: 69 o An overall architecture, described in RFC 2571 [5]. 71 o Mechanisms for describing and naming objects and events for the 72 purpose of management. The first version of this Structure of 73 Management Information (SMI) is called SMIv1 and described in STD 16, 74 RFC 1155 [6], STD 16, RFC 1212 [7] and RFC 1215 [8]. The second 75 version, called SMIv2, is described in STD 58, RFC 2578 [9], STD 58, 76 RFC 2579 [10] and STD 58, RFC 2580 [11]. 78 o Message protocols for transferring management information. The first 79 version of the SNMP message protocol is called SNMPv1 and described in 80 STD 15, RFC 1157 [12]. A second version of the SNMP message protocol, 81 which is not an Internet standards track protocol, is called SNMPv2c 82 and described in RFC 1901 [13] and RFC 1906 [14]. The third version of 83 the message protocol is called SNMPv3 and described in RFC 1906 [14], 84 RFC 2572 [15] and RFC 2574 [16]. 86 o Protocol operations for accessing management information. The first 87 set of protocol operations and associated PDU formats is described in 88 STD 15, RFC 1157 [12]. A second set of protocol operations and 89 associated PDU formats is described in RFC 1905 [17]. 91 o A set of fundamental applications described in RFC 2573 [18] and the 92 view-based access control mechanism described in RFC 2575 [19]. 94 A more detailed introduction to the current SNMP Management Framework 95 can be found in RFC 2570 [20]. 97 Managed objects are accessed via a virtual information store, termed the 98 Management Information Base or MIB. Objects in the MIB are defined 99 using the mechanisms defined in the SMI. 101 This memo specifies a MIB module that is compliant to the SMIv2. A MIB 102 conforming to the SMIv1 can be produced through the appropriate 103 translations. The resulting translated MIB must be semantically 104 equivalent, except where objects or events are omitted because no 105 translation is possible (use of Counter64). Some machine readable 106 information in SMIv2 will be converted into textual descriptions in 107 SMIv1 during the translation process. However, this loss of machine 108 readable information is not considered to change the semantics of the 109 MIB. 111 2. Revision History 113 Changes from first draft posted to v6mib mailing list: 115 23 Feb 2001 117 Made threshold for HC packet counters 1Mpps 119 Added copyright statements and table of contents 121 21 Feb 2001 -- Juergen's changes 123 Renamed udpInetTable to udpListenerTable 125 Updated Conformance info 127 6 Feb 2001 129 Removed v6-only objects. 131 Removed remote and instance objects, turning the table back into a 132 listener-only table. 134 Renamed inetUdp* to udpInet* 136 Added HC in and out datagram counters 137 Added SIZE restriction to udpListenerLocalAddress. (36 = 32-byte 138 addresses plus 4-byte scope, but it's just a strawman) 140 Used InetPortNumber TC from updated INET-ADDRESS-MIB 142 Updated compliance statements. 144 Added Keith to authors 146 Added open issues section. 148 3. Definitions 150 UDP-MIB DEFINITIONS ::= BEGIN 152 IMPORTS 153 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Counter64, 154 IpAddress, mib-2 FROM SNMPv2-SMI 155 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 156 InetAddress, InetAddressType, 157 InetPortNumber FROM INET-ADDRESS-MIB; 159 udpMIB MODULE-IDENTITY 160 LAST-UPDATED "200102210000Z" 161 ORGANIZATION "IETF IPv6 MIB Revision Team" 162 CONTACT-INFO 163 "Bill Fenner (editor) 165 AT&T Labs -- Research 166 75 Willow Rd. 167 Menlo Park, CA 94025 169 Phone: +1 650 330-7893 170 Email: " 171 DESCRIPTION 172 "The MIB module for managing UDP implementations." 173 REVISION "200102210000Z" 174 DESCRIPTION 175 "IP version neutral revision, published as RFC XXXX." 176 REVISION "9411010000Z" 177 DESCRIPTION 178 "Initial SMIv2 version, published as RFC 2013." 179 REVISION "9103310000Z" 180 DESCRIPTION 181 "The initial revision of this MIB module was part of MIB-II." 182 ::= { mib-2 50 } 184 -- the UDP group 186 udp OBJECT IDENTIFIER ::= { mib-2 7 } 188 udpInDatagrams OBJECT-TYPE 189 SYNTAX Counter32 190 MAX-ACCESS read-only 191 STATUS current 192 DESCRIPTION 193 "The total number of UDP datagrams delivered to UDP users." 194 ::= { udp 1 } 196 udpNoPorts OBJECT-TYPE 197 SYNTAX Counter32 198 MAX-ACCESS read-only 199 STATUS current 200 DESCRIPTION 201 "The total number of received UDP datagrams for which there 202 was no application at the destination port." 203 ::= { udp 2 } 205 udpInErrors OBJECT-TYPE 206 SYNTAX Counter32 207 MAX-ACCESS read-only 208 STATUS current 209 DESCRIPTION 210 "The number of received UDP datagrams that could not be 211 delivered for reasons other than the lack of an application 212 at the destination port." 213 ::= { udp 3 } 215 udpOutDatagrams OBJECT-TYPE 216 SYNTAX Counter32 217 MAX-ACCESS read-only 218 STATUS current 219 DESCRIPTION 220 "The total number of UDP datagrams sent from this entity." 221 ::= { udp 4 } 223 udpHCInDatagrams OBJECT-TYPE 224 SYNTAX Counter64 225 MAX-ACCESS read-only 226 STATUS current 227 DESCRIPTION 228 "The total number of UDP datagrams delivered to UDP users, 229 for devices which can receive more than 1 million UDP 230 packets per second." 231 ::= { udp 26 } 233 udpHCOutDatagrams OBJECT-TYPE 234 SYNTAX Counter64 235 MAX-ACCESS read-only 236 STATUS current 237 DESCRIPTION 238 "The total number of UDP datagrams sent from this entity, for 239 devices which can transmit more than 1 million UDP packets 240 per second." 241 ::= { udp 27 } 243 -- The UDP Listener table 245 -- The UDP listener table contains information about this 246 -- entity's UDP end-points on which a local application is 247 -- currently accepting datagrams. 249 udpListenerTable OBJECT-TYPE 250 SYNTAX SEQUENCE OF UdpListenerEntry 251 MAX-ACCESS not-accessible 252 STATUS current 253 DESCRIPTION 254 "A table containing UDP listener information." 255 ::= { udp 7 } 257 udpListenerEntry OBJECT-TYPE 258 SYNTAX UdpListenerEntry 259 MAX-ACCESS not-accessible 260 STATUS current 261 DESCRIPTION 262 "Information about a particular current UDP listener." 263 INDEX { udpListenerLocalAddressType, 264 udpListenerLocalAddress, 265 udpListenerLocalPort } 266 ::= { udpListenerTable 1 } 268 UdpListenerEntry ::= SEQUENCE { 269 udpListenerLocalAddressType InetAddressType, 270 udpListenerLocalAddress InetAddress, 271 udpListenerLocalPort InetPortNumber 272 } 274 udpListenerLocalAddressType OBJECT-TYPE 275 SYNTAX InetAddressType 276 MAX-ACCESS not-accessible 277 STATUS current 278 DESCRIPTION 279 "The address type of udpListenerLocalAddress" 281 ::= { udpListenerEntry 1 } 283 udpListenerLocalAddress OBJECT-TYPE 284 SYNTAX InetAddress (SIZE(0..36)) 285 MAX-ACCESS not-accessible 286 STATUS current 287 DESCRIPTION 288 "The local IP address for this UDP listener. In the case of 289 a UDP listener which is willing to accept datagrams for any 290 IP interface associated with the node, a value of all zeroes 291 is used." 292 ::= { udpListenerEntry 2 } 294 udpListenerLocalPort OBJECT-TYPE 295 SYNTAX InetPortNumber 296 MAX-ACCESS read-only 297 STATUS current 298 DESCRIPTION 299 "The local port number for this UDP listener." 300 ::= { udpListenerEntry 3 } 302 -- The deprecated UDP Listener table 304 -- The UDP listener table contains information about this 305 -- entity's IPv4 UDP end-points on which a local application is 306 -- currently accepting datagrams. 308 udpTable OBJECT-TYPE 309 SYNTAX SEQUENCE OF UdpEntry 310 MAX-ACCESS not-accessible 311 STATUS deprecated 312 DESCRIPTION 313 "A table containing IPv4-specific UDP listener information. 314 It contains information about all local IPv4 UDP end-points 315 on which an application is currently accepting datagrams. 316 This table has been deprecated in favor of the version 317 neutral udpListenerTable." 318 ::= { udp 5 } 320 udpEntry OBJECT-TYPE 321 SYNTAX UdpEntry 322 MAX-ACCESS not-accessible 323 STATUS deprecated 324 DESCRIPTION 325 "Information about a particular current UDP listener." 326 INDEX { udpLocalAddress, udpLocalPort } 327 ::= { udpTable 1 } 329 UdpEntry ::= SEQUENCE { 330 udpLocalAddress IpAddress, 331 udpLocalPort INTEGER 332 } 334 udpLocalAddress OBJECT-TYPE 335 SYNTAX IpAddress 336 MAX-ACCESS read-only 337 STATUS deprecated 338 DESCRIPTION 339 "The local IP address for this UDP listener. In the case of 340 a UDP listener which is willing to accept datagrams for any 341 IP interface associated with the node, the value 0.0.0.0 is 342 used." 343 ::= { udpEntry 1 } 345 udpLocalPort OBJECT-TYPE 346 SYNTAX INTEGER (0..65535) 347 MAX-ACCESS read-only 348 STATUS deprecated 349 DESCRIPTION 350 "The local port number for this UDP listener." 351 ::= { udpEntry 2 } 353 -- conformance information 355 udpMIBConformance OBJECT IDENTIFIER ::= { udpMIB 2 } 357 udpMIBCompliances OBJECT IDENTIFIER ::= { udpMIBConformance 1 } 358 udpMIBGroups OBJECT IDENTIFIER ::= { udpMIBConformance 2 } 360 -- compliance statements 362 udpMIBCompliance2 MODULE-COMPLIANCE 363 STATUS current 364 DESCRIPTION 365 "The compliance statement for systems which implement UDP." 366 MODULE -- this module 367 MANDATORY-GROUPS { udpBaseGroup, udpListenerGroup } 368 GROUP udpHCGroup 369 DESCRIPTION 370 "This group is mandatory for those systems which are capable 371 of receiving or transmitting more than 1 million UDP 372 packets per second. 1 million packets per second will 373 cause a Counter32 to wrap in just over an hour." 374 ::= { udpMIBCompliances 2 } 376 udpMIBCompliance MODULE-COMPLIANCE 377 STATUS deprecated 378 DESCRIPTION 379 "The compliance statement for IPv4-only systems which 380 implement UDP. For IP version independence, this compliance 381 statement is deprecated in favor of udpMIBCompliance2." 382 MODULE -- this module 383 MANDATORY-GROUPS { udpGroup } 384 ::= { udpMIBCompliances 1 } 386 -- units of conformance 388 udpGroup OBJECT-GROUP 389 OBJECTS { udpInDatagrams, udpNoPorts, 390 udpInErrors, udpOutDatagrams, 391 udpLocalAddress, udpLocalPort } 392 STATUS deprecated 393 DESCRIPTION 394 "The udp group of objects providing for management of UDP 395 over IPv4." 396 ::= { udpMIBGroups 1 } 398 udpBaseGroup OBJECT-GROUP 399 OBJECTS { udpInDatagrams, udpNoPorts, udpInErrors, udpOutDatagrams } 400 STATUS current 401 DESCRIPTION 402 "The group of objects providing for counters of UDP 403 statistics." 404 ::= { udpMIBGroups 2 } 406 udpHCGroup OBJECT-GROUP 407 OBJECTS { udpHCInDatagrams, udpHCOutDatagrams } 408 STATUS current 409 DESCRIPTION 410 "The group of objects providing for counters of high speed 411 UDP implementations." 412 ::= { udpMIBGroups 3 } 414 udpListenerGroup OBJECT-GROUP 415 OBJECTS { udpListenerLocalPort } 416 STATUS current 417 DESCRIPTION 418 "The group of objects providing for the IP version 419 independent management of UDP listeners." 421 ::= { udpMIBGroups 4 } 423 END 425 4. Open Issues 427 [optional] connection table to more fully specify sockets? 429 Per-connection/listener datagram / octet count objects in an optional 430 conformance group? 432 5. Acknowledgements 434 This document contains a modified subset of RFC 1213 and updates RFC 435 2013 and RFC 2454. 437 6. References 439 [1] Rose, M. and K. McCloghrie, "Management Information Base for Network 440 Management of TCP/IP-based internets", RFC 1213, March 1991. 442 [2] K. McCloghrie, "SNMPv2 Management Information Base for the User 443 Datagram Protocol using SMIv2", RFC 2013, November 1996. 445 [3] Haskin, D. and S. Onishi, "IP Version 6 Management Information Base 446 for the User Datagram Protocol", RFC 2454, December 1998. 448 [4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DARPA, August 449 1980. 451 [5] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 452 Describing SNMP Management Frameworks", RFC 2571, April 1999. 454 [6] Rose, M., and K. McCloghrie, "Structure and Identification of 455 Management Information for TCP/IP-based Internets", STD 16, RFC 456 1155, May 1990. 458 [7] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 459 1212, March 1991. 461 [8] M. Rose, "A Convention for Defining Traps for use with the SNMP", 462 RFC 1215, March 1991. 464 [9] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 465 and S. Waldbusser, "Structure of Management Information Version 2 466 (SMIv2)", STD 58, RFC 2578, April 1999. 468 [10] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 469 and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 470 2579, April 1999. 472 [11] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 473 and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 474 2580, April 1999. 476 [12] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 477 Management Protocol", STD 15, RFC 1157, May 1990. 479 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 480 "Introduction to Community-based SNMPv2", RFC 1901, January 1996. 482 [14] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 483 Mappings for Version 2 of the Simple Network Management Protocol 484 (SNMPv2)", RFC 1906, January 1996. 486 [15] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 487 Processing and Dispatching for the Simple Network Management 488 Protocol (SNMP)", RFC 2572, April 1999. 490 [16] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for 491 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 492 2574, April 1999. 494 [17] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 495 Operations for Version 2 of the Simple Network Management Protocol 496 (SNMPv2)", RFC 1905, January 1996. 498 [18] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 499 2573, April 1999. 501 [19] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 502 Control Model (VACM) for the Simple Network Management Protocol 503 (SNMP)", RFC 2575, April 1999. 505 [20] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to 506 Version 3 of the Internet-standard Network Management Framework", 507 RFC 2570, April 1999. 509 7. Security Considerations 511 There are no management objects defined in this MIB that have a MAX- 512 ACCESS clause of read-write and/or read-create. So, if this MIB is 513 implemented correctly, then there is no risk that an intruder can alter 514 or create any management objects of this MIB via direct SNMP SET 515 operations. 517 There are a number of managed objects in this MIB that may contain 518 sensitive information. These are: 520 o The udpListenerLocalPort and udpLocalPort objects can be used to 521 identify what ports are open on the machine and can thus what attacks 522 are likely to succeed, without the attacker having to run a port 523 scanner. 525 It is thus important to control even GET access to these objects and 526 possibly to even encrypt the values of these object when sending them 527 over the network via SNMP. Not all versions of SNMP provide features 528 for such a secure environment. 530 SNMPv1 by itself is not a secure environment. Even if the network 531 itself is secure (for example by using IPSec), even then, there is no 532 control as to who on the secure network is allowed to access and GET/SET 533 (read/change/create/delete) the objects in this MIB. 535 It is recommended that the implementers consider the security features 536 as provided by the SNMPv3 framework. Specifically, the use of the User- 537 based Security Model RFC 2574 [16] and the View-based Access Control 538 Model RFC 2575 [19] is recommended. 540 It is then a customer/user responsibility to ensure that the SNMP entity 541 giving access to an instance of this MIB, is properly configured to give 542 access to the objects only to those principals (users) that have 543 legitimate rights to indeed GET or SET (change/create/delete) them. 545 8. Editor's Address 546 Bill Fenner 547 AT&T Labs -- Research 548 75 Willow Rd 549 Menlo Park, CA 94025 550 USA 552 Email: fenner@research.att.com 554 9. Full Copyright Statement 556 Copyright (C) The Internet Society (2001). All Rights Reserved. 558 This document and translations of it may be copied and furnished to 559 others, and derivative works that comment on or otherwise explain it or 560 assist in its implementation may be prepared, copied, published and 561 distributed, in whole or in part, without restriction of any kind, 562 provided that the above copyright notice and this paragraph are included 563 on all such copies and derivative works. However, this document itself 564 may not be modified in any way, such as by removing the copyright notice 565 or references to the Internet Society or other Internet organizations, 566 except as needed for the purpose of developing Internet standards in 567 which case the procedures for copyrights defined in the Internet 568 Standards process must be followed, or as required to translate it into 569 languages other than English. 571 The limited permissions granted above are perpetual and will not be 572 revoked by the Internet Society or its successors or assigns. 574 This document and the information contained herein is provided on an "AS 575 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 576 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 577 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 578 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 579 FITNESS FOR A PARTICULAR PURPOSE.