idnits 2.17.1 draft-ops-rfc2096-update-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 2 instances of too long lines in the document, the longest one being 5 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 646 has weird spacing: '...ntifies the l...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2001) is 8471 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 2096 (ref. '1') (Obsoleted by RFC 4292) ** Obsolete normative reference: RFC 2571 (ref. '2') (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '5') ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '9') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '10') ** Obsolete normative reference: RFC 1906 (ref. '11') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (ref. '12') (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (ref. '13') (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (ref. '14') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (ref. '15') (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (ref. '16') (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (ref. '17') (Obsoleted by RFC 3410) Summary: 16 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Bill Fenner 2 INTERNET-DRAFT AT&T Research 3 Expires: August 2001 Brian Haberman 4 Nortel Networks 5 Juergen Schoenwalder 6 TU Braunschweig 7 Dave Thaler 8 Microsoft 9 February 2001 11 IP Forwarding Table MIB 12 draft-ops-rfc2096-update-00.txt 14 Status of this Document 16 This document is an Internet-Draft and is in full conformance with all 17 provisions of Section 10 of RFC2026. 19 Internet-Drafts are working documents of the Internet Engineering Task 20 Force (IETF), its areas, and its working groups. Note that other groups 21 may also distribute working documents as Internet-Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference material 26 or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This document is a product of the IPv6 MIB Revision Design Team. 35 Comments should be addressed to the authors, or the mailing list at 36 ipv6mib@ibr.cs.tu-bs.de. 38 Copyright Notice 40 Copyright (C) The Internet Society (2001). All Rights Reserved. 42 Abstract 44 This memo defines a portion of the Management Information Base (MIB) for 45 use with network management protocols in the Internet community. In 46 particular, it describes managed objects used for implementations of the 47 Internet Protocol (IP) in an IP version independent manner. 49 Table of Contents 51 1. The SNMP Management Framework . . . . . . . . . . . . . . . . . . 2 52 2. Revision History. . . . . . . . . . . . . . . . . . . . . . . . . 3 53 3. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 5. Open Issues / To Do . . . . . . . . . . . . . . . . . . . . . . . 26 56 6. Acknoledgments. . . . . . . . . . . . . . . . . . . . . . . . . . 26 57 7. References. . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 58 8. Security Considerations . . . . . . . . . . . . . . . . . . . . . 27 59 9. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . . 28 60 10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 28 62 1. The SNMP Management Framework 64 The SNMP Management Framework presently consists of five major 65 components: 67 o An overall architecture, described in RFC 2571 [2]. 69 o Mechanisms for describing and naming objects and events for the 70 purpose of management. The first version of this Structure of 71 Management Information (SMI) is called SMIv1 and described in STD 16, 72 RFC 1155 [3], STD 16, RFC 1212 [4] and RFC 1215 [5]. The second 73 version, called SMIv2, is described in STD 58, RFC 2578 [6], STD 58, 74 RFC 2579 [7] and STD 58, RFC 2580 [8]. 76 o Message protocols for transferring management information. The first 77 version of the SNMP message protocol is called SNMPv1 and described in 78 STD 15, RFC 1157 [9]. A second version of the SNMP message protocol, 79 which is not an Internet standards track protocol, is called SNMPv2c 80 and described in RFC 1901 [10] and RFC 1906 [11]. The third version of 81 the message protocol is called SNMPv3 and described in RFC 1906 [11], 82 RFC 2572 [12] and RFC 2574 [13]. 84 o Protocol operations for accessing management information. The first 85 set of protocol operations and associated PDU formats is described in 86 STD 15, RFC 1157 [9]. A second set of protocol operations and 87 associated PDU formats is described in RFC 1905 [14]. 89 o A set of fundamental applications described in RFC 2573 [15] and the 90 view-based access control mechanism described in RFC 2575 [16]. 92 A more detailed introduction to the current SNMP Management Framework 93 can be found in RFC 2570 [17]. 95 Managed objects are accessed via a virtual information store, termed the 96 Management Information Base or MIB. Objects in the MIB are defined 97 using the mechanisms defined in the SMI. 99 This memo specifies a MIB module that is compliant to the SMIv2. A MIB 100 conforming to the SMIv1 can be produced through the appropriate 101 translations. The resulting translated MIB must be semantically 102 equivalent, except where objects or events are omitted because no 103 translation is possible (use of Counter64). Some machine readable 104 information in SMIv2 will be converted into textual descriptions in 105 SMIv1 during the translation process. However, this loss of machine 106 readable information is not considered to change the semantics of the 107 MIB. 109 2. Revision History 111 Changes from first draft posted to v6mib mailing list: 113 23 Feb 2001 115 Update MODULE-IDENTITY 117 Delete inetCidrRouteTos, add inetCidrRouteInstance in INDEX of 118 inetCidrRouteTable. 120 Use InterfaceIndex, InetAddressPrefixLength and 121 InetAutonomousSystemNumber TC's, and limit the SIZE of 122 inetCidrRouteDest and inetCidrRouteNextHop 124 Update conformance info. 126 Added copyright and table of contents. 128 3. Overview 130 The MIB consists of three tables and one? global object. 132 (1) The object ipForwardNumber indicates the number of current routes. 133 This is primarily to avoid having to read the table in order to 134 determine this number. 136 (2) The ipForwardTable updates the RFC 1213 ipRouteTable to display 137 multipath IP Routes. This is in turn obsoleted by the 138 ipCidrRouteTable. 140 (3) The ipCidrRouteTable updates the RFC 1213 ipRouteTable to display 141 multipath IP Routes having the same network number but differing 142 network masks. 144 (4) The inetCidrRouteTable updates the RFC 2096 ipCidrRouteTable to 145 contain IP version independent routing information. 147 4. Definitions 149 IP-FORWARD-MIB DEFINITIONS ::= BEGIN 151 IMPORTS 152 MODULE-IDENTITY, OBJECT-TYPE, 153 IpAddress, Integer32, Gauge32, 154 Unsigned32 FROM SNMPv2-SMI 155 RowStatus FROM SNMPv2-TC 156 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 157 InterfaceIndex FROM IF-MIB 158 ip FROM IP-MIB 159 IANAipRouteProtocol FROM IANA-RTPROTO-MIB 160 InetAddress, InetAddressType, 161 InetAddressPrefixLength, 162 InetAutonomousSystemNumber FROM INET-ADDRESS-MIB; 164 ipForward MODULE-IDENTITY 165 LAST-UPDATED "200102220000Z" 166 ORGANIZATION "IETF IPv6 MIB Revision Team" 167 CONTACT-INFO 168 "Editor: 169 Bill Fenner 170 AT&T Labs - Research 171 75 Willow Rd 172 Menlo Park, CA 174 Phone: +1 650 330-7893 175 Email: " 176 DESCRIPTION 177 "The MIB module for the management of CIDR multipath IP 178 Routes." 179 REVISION "200102220000Z" 180 DESCRIPTION 181 "IP version neutral revision, published as RFC XXXX." 182 REVISION "9609190000Z" 183 DESCRIPTION 184 "Revised to support CIDR routes." 185 ::= { ip 24 } 187 inetCidrRouteNumber OBJECT-TYPE 188 SYNTAX Gauge32 189 MAX-ACCESS read-only 190 STATUS current 191 DESCRIPTION 192 "The number of current inetCidrRouteTable entries that are 193 not invalid." 194 ::= { ipForward 6 } 196 -- Inet CIDR Route Table 198 -- The Inet CIDR Route Table deprecates and replaces the ipCidrRoute 199 -- Table currently in the IP Forwarding Table MIB. 200 -- It adds IP protocol independence. 202 inetCidrRouteTable OBJECT-TYPE 203 SYNTAX SEQUENCE OF InetCidrRouteEntry 204 MAX-ACCESS not-accessible 205 STATUS current 206 DESCRIPTION 207 "This entity's IP Routing table." 208 REFERENCE 209 "RFC 1213 Section 6.6, The IP Group" 210 ::= { ipForward 7 } 212 inetCidrRouteEntry OBJECT-TYPE 213 SYNTAX InetCidrRouteEntry 214 MAX-ACCESS not-accessible 215 STATUS current 216 DESCRIPTION 217 "A particular route to a particular destination, under a 218 particular policy." 219 INDEX { 220 inetCidrRouteInstance, 221 inetCidrRouteDestType, 222 inetCidrRouteDest, 223 inetCidrRoutePfxLen, 224 inetCidrRouteNextHopType, 225 inetCidrRouteNextHop 226 } 227 ::= { inetCidrRouteTable 1 } 229 InetCidrRouteEntry ::= SEQUENCE { 230 inetCidrRouteInstance Unsigned32, 231 inetCidrRouteDestType InetAddressType, 232 inetCidrRouteDest InetAddress, 233 inetCidrRoutePfxLen InetAddressPrefixLength, 234 inetCidrRouteNextHopType InetAddressType, 235 inetCidrRouteNextHop InetAddress, 236 inetCidrRouteIfIndex InterfaceIndex, 237 inetCidrRouteType INTEGER, 238 inetCidrRouteProto IANAipRouteProtocol, 239 inetCidrRouteAge Integer32, 240 inetCidrRouteNextHopAS InetAutonomousSystemNumber, 241 inetCidrRouteMetric1 Integer32, 242 inetCidrRouteMetric2 Integer32, 243 inetCidrRouteMetric3 Integer32, 244 inetCidrRouteMetric4 Integer32, 245 inetCidrRouteMetric5 Integer32, 246 inetCidrRouteStatus RowStatus 247 } 249 inetCidrRouteInstance OBJECT-TYPE 250 SYNTAX Unsigned32 251 MAX-ACCESS not-accessible 252 STATUS current 253 DESCRIPTION 254 "The instance identifier of the (conceptual) routing table 255 containing this route. This identifier may be used to 256 represent multiple routing tables, type-of-service routing, 257 or any other use of multiple tables. 259 XXX This needs more discussion." 260 ::= { inetCidrRouteEntry 1 } 262 inetCidrRouteDestType OBJECT-TYPE 263 SYNTAX InetAddressType 264 MAX-ACCESS not-accessible 265 STATUS current 266 DESCRIPTION 267 "The type of ipCidrRouteDest. Only IPv4 and IPv6 addresses 268 are expected." 269 ::= { inetCidrRouteEntry 2 } 271 inetCidrRouteDest OBJECT-TYPE 272 SYNTAX InetAddress (SIZE(0..36)) 273 MAX-ACCESS not-accessible 274 STATUS current 275 DESCRIPTION 276 "The destination IP address of this route. 278 Any assignment (implicit or otherwise) of an instance of 279 this object to a value x must be rejected if the bitwise 280 logical-AND of x with the value of the mask formed from the 281 corresponding instance of the inetCidrRoutePfxLen object is 282 not equal to x." 283 ::= { inetCidrRouteEntry 3 } 285 inetCidrRoutePfxLen OBJECT-TYPE 286 SYNTAX InetAddressPrefixLength 287 MAX-ACCESS not-accessible 288 STATUS current 289 DESCRIPTION 290 "Indicate the number of leading one bits which form the mask 291 to be logical-ANDed with the destination address before 292 being compared to the value in the ipCidrRouteDest field. 294 Any assignment (implicit or otherwise) of an instance of 295 this object to a value x must be rejected if the bitwise 296 logical-AND of the mask formed from x with the value of the 297 corresponding instance of the inetCidrRouteDest object is 298 not equal to inetCidrRouteDest." 299 ::= { inetCidrRouteEntry 4 } 301 inetCidrRouteNextHopType OBJECT-TYPE 302 SYNTAX InetAddressType 303 MAX-ACCESS not-accessible 304 STATUS current 305 DESCRIPTION 306 "The address type of inetCidrRouteNextHop. Must be the same 307 as that of inetCidrRouteDestType, or unknown if there is no 308 next hop." 309 ::= { inetCidrRouteEntry 5 } 311 inetCidrRouteNextHop OBJECT-TYPE 312 SYNTAX InetAddress (SIZE(0..36)) 313 MAX-ACCESS not-accessible 314 STATUS current 315 DESCRIPTION 316 "On remote routes, the address of the next system en route; 317 Otherwise, a zero-length string." 318 ::= { inetCidrRouteEntry 6 } 320 inetCidrRouteIfIndex OBJECT-TYPE 321 SYNTAX InterfaceIndex 322 MAX-ACCESS read-create 323 STATUS current 324 DESCRIPTION 325 "The ifIndex value which identifies the local interface 326 through which the next hop of this route should be reached." 327 ::= { inetCidrRouteEntry 7 } 329 inetCidrRouteType OBJECT-TYPE 330 SYNTAX INTEGER { 331 other (1), -- not specified by this MIB 332 reject (2), -- route which discards traffic and 333 -- returns notification 334 local (3), -- local interface 335 remote (4), -- remote destination 336 blackhole(5) -- route which discards traffic silently 337 } 338 MAX-ACCESS read-create 339 STATUS current 340 DESCRIPTION 341 "The type of route. Note that local(3) refers to a route for 342 which the next hop is the final destination; remote(4) 343 refers to a route for which the next hop is not the final 344 destination. 346 Routes which do not result in traffic forwarding or 347 rejection should not be displayed even if the implementation 348 keeps them stored internally. 350 reject(2) refers to a route which, if matched, discards the 351 message as unreachable and returns a notification (e.g. ICMP 352 error) to the message sender. This is used in some 353 protocols as a means of correctly aggregating routes. 354 blackhole(5) refers to a route which, if matched, discards 355 the message silently." 356 ::= { inetCidrRouteEntry 8 } 358 inetCidrRouteProto OBJECT-TYPE 359 SYNTAX IANAipRouteProtocol 360 MAX-ACCESS read-only 361 STATUS current 362 DESCRIPTION 363 "The routing mechanism via which this route was learned. 364 Inclusion of values for gateway routing protocols is not 365 intended to imply that hosts should support those 366 protocols." 367 ::= { inetCidrRouteEntry 9 } 369 -- XXX new type? TimeTicks? 370 inetCidrRouteAge OBJECT-TYPE 371 SYNTAX Integer32 372 MAX-ACCESS read-only 373 STATUS current 374 DESCRIPTION 375 "The number of seconds since this route was last updated or 376 otherwise determined to be correct. Note that no semantics 377 of `too old' can be implied except through knowledge of the 378 routing protocol by which the route was learned." 379 ::= { inetCidrRouteEntry 10 } 381 inetCidrRouteNextHopAS OBJECT-TYPE 382 SYNTAX InetAutonomousSystemNumber 383 MAX-ACCESS read-create 384 STATUS current 385 DESCRIPTION 386 "The Autonomous System Number of the Next Hop. The semantics 387 of this object are determined by the routing-protocol 388 specified in the route's inetCidrRouteProto value. When this 389 object is unknown or not relevant its value should be set to 390 zero." 391 DEFVAL { 0 } 392 ::= { inetCidrRouteEntry 11 } 394 inetCidrRouteMetric1 OBJECT-TYPE 395 SYNTAX Integer32 396 MAX-ACCESS read-create 397 STATUS current 398 DESCRIPTION 399 "The primary routing metric for this route. The semantics of 400 this metric are determined by the routing-protocol specified 401 in the route's inetCidrRouteProto value. If this metric is 402 not used, its value should be set to -1." 403 DEFVAL { -1 } 404 ::= { inetCidrRouteEntry 12 } 406 inetCidrRouteMetric2 OBJECT-TYPE 407 SYNTAX Integer32 408 MAX-ACCESS read-create 409 STATUS current 410 DESCRIPTION 411 "An alternate routing metric for this route. The semantics 412 of this metric are determined by the routing-protocol 413 specified in the route's inetCidrRouteProto value. If this 414 metric is not used, its value should be set to -1." 415 DEFVAL { -1 } 416 ::= { inetCidrRouteEntry 13 } 418 inetCidrRouteMetric3 OBJECT-TYPE 419 SYNTAX Integer32 420 MAX-ACCESS read-create 421 STATUS current 422 DESCRIPTION 423 "An alternate routing metric for this route. The semantics 424 of this metric are determined by the routing-protocol 425 specified in the route's inetCidrRouteProto value. If this 426 metric is not used, its value should be set to -1." 427 DEFVAL { -1 } 428 ::= { inetCidrRouteEntry 14 } 430 inetCidrRouteMetric4 OBJECT-TYPE 431 SYNTAX Integer32 432 MAX-ACCESS read-create 433 STATUS current 434 DESCRIPTION 435 "An alternate routing metric for this route. The semantics 436 of this metric are determined by the routing-protocol 437 specified in the route's inetCidrRouteProto value. If this 438 metric is not used, its value should be set to -1." 439 DEFVAL { -1 } 440 ::= { inetCidrRouteEntry 15 } 442 inetCidrRouteMetric5 OBJECT-TYPE 443 SYNTAX Integer32 444 MAX-ACCESS read-create 445 STATUS current 446 DESCRIPTION 447 "An alternate routing metric for this route. The semantics 448 of this metric are determined by the routing-protocol 449 specified in the route's inetCidrRouteProto value. If this 450 metric is not used, its value should be set to -1." 451 DEFVAL { -1 } 452 ::= { inetCidrRouteEntry 16 } 454 inetCidrRouteStatus OBJECT-TYPE 455 SYNTAX RowStatus 456 MAX-ACCESS read-create 457 STATUS current 458 DESCRIPTION 459 "The row status variable, used according to row installation 460 and removal conventions." 461 ::= { inetCidrRouteEntry 17 } 463 -- Conformance information 465 ipForwardConformance OBJECT IDENTIFIER ::= { ipForward 5 } 467 ipForwardGroups OBJECT IDENTIFIER ::= { ipForwardConformance 1 } 468 ipForwardCompliances OBJECT IDENTIFIER ::= { ipForwardConformance 2 } 470 -- Compliance statements 471 ipForwardCompliance2 MODULE-COMPLIANCE 472 STATUS current 473 DESCRIPTION 474 "The compliance statement for systems which have routing 475 tables. XXX is this right?" 476 MODULE -- this module 477 MANDATORY-GROUPS { inetForwardCidrRouteGroup } 478 ::= { ipForwardCompliances 3 } 480 -- units of conformance 482 inetForwardCidrRouteGroup OBJECT-GROUP 483 OBJECTS { inetCidrRouteNumber, 484 inetCidrRouteIfIndex, inetCidrRouteType, 485 inetCidrRouteProto, inetCidrRouteAge, 486 inetCidrRouteNextHopAS, inetCidrRouteMetric1, 487 inetCidrRouteMetric2, inetCidrRouteMetric3, 488 inetCidrRouteMetric4, inetCidrRouteMetric5, inetCidrRouteStatus 489 } 490 STATUS current 491 DESCRIPTION 492 "The IP version independent CIDR Route Table." 493 ::= { ipForwardGroups 4 } 495 -- Deprecated Objects 497 ipCidrRouteNumber OBJECT-TYPE 498 SYNTAX Gauge32 499 MAX-ACCESS read-only 500 STATUS deprecated 501 DESCRIPTION 502 "The number of current ipCidrRouteTable entries that are not 503 invalid. This object is deprecated in favor of 504 inetCidrRouteNumber and the inetCidrRouteTable." 505 ::= { ipForward 3 } 507 -- IP CIDR Route Table 509 -- The IP CIDR Route Table obsoletes and replaces the ipRoute 510 -- Table current in MIB-I and MIB-II and the IP Forwarding Table. 511 -- It adds knowledge of the autonomous system of the next hop, 512 -- multiple next hops, and policy routing, and Classless 513 -- Inter-Domain Routing. 515 ipCidrRouteTable OBJECT-TYPE 516 SYNTAX SEQUENCE OF IpCidrRouteEntry 517 MAX-ACCESS not-accessible 518 STATUS deprecated 519 DESCRIPTION 520 "This entity's IP Routing table. This table has been 521 deprecated in favor of the IP version neutral 522 inetCidrRouteTable." 523 REFERENCE 524 "RFC 1213 Section 6.6, The IP Group" 525 ::= { ipForward 4 } 527 ipCidrRouteEntry OBJECT-TYPE 528 SYNTAX IpCidrRouteEntry 529 MAX-ACCESS not-accessible 530 STATUS deprecated 531 DESCRIPTION 532 "A particular route to a particular destination, under a 533 particular policy." 534 INDEX { 535 ipCidrRouteDest, 536 ipCidrRouteMask, 537 ipCidrRouteTos, 538 ipCidrRouteNextHop 539 } 540 ::= { ipCidrRouteTable 1 } 542 IpCidrRouteEntry ::= SEQUENCE { 543 ipCidrRouteDest IpAddress, 544 ipCidrRouteMask IpAddress, 545 ipCidrRouteTos Integer32, 546 ipCidrRouteNextHop IpAddress, 547 ipCidrRouteIfIndex Integer32, 548 ipCidrRouteType INTEGER, 549 ipCidrRouteProto INTEGER, 550 ipCidrRouteAge Integer32, 551 ipCidrRouteInfo OBJECT IDENTIFIER, 552 ipCidrRouteNextHopAS Integer32, 553 ipCidrRouteMetric1 Integer32, 554 ipCidrRouteMetric2 Integer32, 555 ipCidrRouteMetric3 Integer32, 556 ipCidrRouteMetric4 Integer32, 557 ipCidrRouteMetric5 Integer32, 558 ipCidrRouteStatus RowStatus 559 } 561 ipCidrRouteDest OBJECT-TYPE 562 SYNTAX IpAddress 563 MAX-ACCESS read-only 564 STATUS deprecated 565 DESCRIPTION 566 "The destination IP address of this route. 568 This object may not take a Multicast (Class D) address 569 value. 571 Any assignment (implicit or otherwise) of an instance of 572 this object to a value x must be rejected if the bitwise 573 logical-AND of x with the value of the corresponding 574 instance of the ipCidrRouteMask object is not equal to x." 575 ::= { ipCidrRouteEntry 1 } 577 ipCidrRouteMask OBJECT-TYPE 578 SYNTAX IpAddress 579 MAX-ACCESS read-only 580 STATUS deprecated 581 DESCRIPTION 582 "Indicate the mask to be logical-ANDed with the destination 583 address before being compared to the value in the 584 ipCidrRouteDest field. For those systems that do not 585 support arbitrary subnet masks, an agent constructs the 586 value of the ipCidrRouteMask by reference to the IP Address 587 Class. 589 Any assignment (implicit or otherwise) of an instance of 590 this object to a value x must be rejected if the bitwise 591 logical-AND of x with the value of the corresponding 592 instance of the ipCidrRouteDest object is not equal to 593 ipCidrRouteDest." 594 ::= { ipCidrRouteEntry 2 } 596 -- The following convention is included for specification 597 -- of TOS Field contents. At this time, the Host Requirements 598 -- and the Router Requirements documents disagree on the width 599 -- of the TOS field. This mapping describes the Router 600 -- Requirements mapping, and leaves room to widen the TOS field 601 -- without impact to fielded systems. 603 ipCidrRouteTos OBJECT-TYPE 604 SYNTAX Integer32 (0..2147483647) 605 MAX-ACCESS read-only 606 STATUS deprecated 607 DESCRIPTION 608 "The policy specifier is the IP TOS Field. The encoding 609 of IP TOS is as specified by the following convention. 610 Zero indicates the default path if no more specific 611 policy applies. 613 +-----+-----+-----+-----+-----+-----+-----+-----+ 614 | | | | 615 | PRECEDENCE | TYPE OF SERVICE | 0 | 616 | | | | 617 +-----+-----+-----+-----+-----+-----+-----+-----+ 619 IP TOS IP TOS 620 Field Policy Field Policy 621 Contents Code Contents Code 622 0 0 0 0 ==> 0 0 0 0 1 ==> 2 623 0 0 1 0 ==> 4 0 0 1 1 ==> 6 624 0 1 0 0 ==> 8 0 1 0 1 ==> 10 625 0 1 1 0 ==> 12 0 1 1 1 ==> 14 626 1 0 0 0 ==> 16 1 0 0 1 ==> 18 627 1 0 1 0 ==> 20 1 0 1 1 ==> 22 628 1 1 0 0 ==> 24 1 1 0 1 ==> 26 629 1 1 1 0 ==> 28 1 1 1 1 ==> 30" 630 ::= { ipCidrRouteEntry 3 } 632 ipCidrRouteNextHop OBJECT-TYPE 633 SYNTAX IpAddress 634 MAX-ACCESS read-only 635 STATUS deprecated 636 DESCRIPTION 637 "On remote routes, the address of the next system en route; 638 Otherwise, 0.0.0.0." 639 ::= { ipCidrRouteEntry 4 } 641 ipCidrRouteIfIndex OBJECT-TYPE 642 SYNTAX Integer32 643 MAX-ACCESS read-create 644 STATUS deprecated 645 DESCRIPTION 646 "The ifIndex value which identifies the local interface 647 through which the next hop of this route should be reached." 648 DEFVAL { 0 } 649 ::= { ipCidrRouteEntry 5 } 651 ipCidrRouteType OBJECT-TYPE 652 SYNTAX INTEGER { 653 other (1), -- not specified by this MIB 654 reject (2), -- route which discards traffic 655 local (3), -- local interface 656 remote (4) -- remote destination 657 } 658 MAX-ACCESS read-create 659 STATUS deprecated 660 DESCRIPTION 661 "The type of route. Note that local(3) refers to a route for 662 which the next hop is the final destination; remote(4) 663 refers to a route for which the next hop is not the final 664 destination. 666 Routes which do not result in traffic forwarding or 667 rejection should not be displayed even if the implementation 668 keeps them stored internally. 670 reject (2) refers to a route which, if matched, discards the 671 message as unreachable. This is used in some protocols as a 672 means of correctly aggregating routes." 673 ::= { ipCidrRouteEntry 6 } 675 ipCidrRouteProto OBJECT-TYPE 676 SYNTAX INTEGER { 677 other (1), -- not specified 678 local (2), -- local interface 679 netmgmt (3), -- static route 680 icmp (4), -- result of ICMP Redirect 682 -- the following are all dynamic 683 -- routing protocols 684 egp (5), -- Exterior Gateway Protocol 685 ggp (6), -- Gateway-Gateway Protocol 686 hello (7), -- FuzzBall HelloSpeak 687 rip (8), -- Berkeley RIP or RIP-II 688 isIs (9), -- Dual IS-IS 689 esIs (10), -- ISO 9542 690 ciscoIgrp (11), -- Cisco IGRP 691 bbnSpfIgp (12), -- BBN SPF IGP 692 ospf (13), -- Open Shortest Path First 693 bgp (14), -- Border Gateway Protocol 694 idpr (15), -- InterDomain Policy Routing 695 ciscoEigrp (16) -- Cisco EIGRP 696 } 697 MAX-ACCESS read-only 698 STATUS deprecated 699 DESCRIPTION 700 "The routing mechanism via which this route was learned. 701 Inclusion of values for gateway routing protocols is not 702 intended to imply that hosts should support those 703 protocols." 704 ::= { ipCidrRouteEntry 7 } 706 ipCidrRouteAge OBJECT-TYPE 707 SYNTAX Integer32 708 MAX-ACCESS read-only 709 STATUS deprecated 710 DESCRIPTION 711 "The number of seconds since this route was last updated or 712 otherwise determined to be correct. Note that no semantics 713 of `too old' can be implied except through knowledge of the 714 routing protocol by which the route was learned." 715 DEFVAL { 0 } 716 ::= { ipCidrRouteEntry 8 } 718 ipCidrRouteInfo OBJECT-TYPE 719 SYNTAX OBJECT IDENTIFIER 720 MAX-ACCESS read-create 721 STATUS deprecated 722 DESCRIPTION 723 "A reference to MIB definitions specific to the particular 724 routing protocol which is responsible for this route, as 725 determined by the value specified in the route's 726 ipCidrRouteProto value. If this information is not present, 727 its value should be set to the OBJECT IDENTIFIER { 0 0 }, 728 which is a syntactically valid object identifier, and any 729 implementation conforming to ASN.1 and the Basic Encoding 730 Rules must be able to generate and recognize this value." 731 ::= { ipCidrRouteEntry 9 } 733 ipCidrRouteNextHopAS OBJECT-TYPE 734 SYNTAX Integer32 735 MAX-ACCESS read-create 736 STATUS deprecated 737 DESCRIPTION 738 "The Autonomous System Number of the Next Hop. The semantics 739 of this object are determined by the routing-protocol 740 specified in the route's ipCidrRouteProto value. When this 741 object is unknown or not relevant its value should be set to 742 zero." 743 DEFVAL { 0 } 744 ::= { ipCidrRouteEntry 10 } 746 ipCidrRouteMetric1 OBJECT-TYPE 747 SYNTAX Integer32 748 MAX-ACCESS read-create 749 STATUS deprecated 750 DESCRIPTION 751 "The primary routing metric for this route. The semantics of 752 this metric are determined by the routing-protocol specified 753 in the route's ipCidrRouteProto value. If this metric is 754 not used, its value should be set to -1." 755 DEFVAL { -1 } 756 ::= { ipCidrRouteEntry 11 } 758 ipCidrRouteMetric2 OBJECT-TYPE 759 SYNTAX Integer32 760 MAX-ACCESS read-create 761 STATUS deprecated 762 DESCRIPTION 763 "An alternate routing metric for this route. The semantics 764 of this metric are determined by the routing-protocol 765 specified in the route's ipCidrRouteProto value. If this 766 metric is not used, its value should be set to -1." 767 DEFVAL { -1 } 768 ::= { ipCidrRouteEntry 12 } 770 ipCidrRouteMetric3 OBJECT-TYPE 771 SYNTAX Integer32 772 MAX-ACCESS read-create 773 STATUS deprecated 774 DESCRIPTION 775 "An alternate routing metric for this route. The semantics 776 of this metric are determined by the routing-protocol 777 specified in the route's ipCidrRouteProto value. If this 778 metric is not used, its value should be set to -1." 779 DEFVAL { -1 } 780 ::= { ipCidrRouteEntry 13 } 782 ipCidrRouteMetric4 OBJECT-TYPE 783 SYNTAX Integer32 784 MAX-ACCESS read-create 785 STATUS deprecated 786 DESCRIPTION 787 "An alternate routing metric for this route. The semantics 788 of this metric are determined by the routing-protocol 789 specified in the route's ipCidrRouteProto value. If this 790 metric is not used, its value should be set to -1." 791 DEFVAL { -1 } 792 ::= { ipCidrRouteEntry 14 } 794 ipCidrRouteMetric5 OBJECT-TYPE 795 SYNTAX Integer32 796 MAX-ACCESS read-create 797 STATUS deprecated 798 DESCRIPTION 799 "An alternate routing metric for this route. The semantics 800 of this metric are determined by the routing-protocol 801 specified in the route's ipCidrRouteProto value. If this 802 metric is not used, its value should be set to -1." 803 DEFVAL { -1 } 804 ::= { ipCidrRouteEntry 15 } 806 ipCidrRouteStatus OBJECT-TYPE 807 SYNTAX RowStatus 808 MAX-ACCESS read-create 809 STATUS deprecated 810 DESCRIPTION 811 "The row status variable, used according to row installation 812 and removal conventions." 813 ::= { ipCidrRouteEntry 16 } 815 -- compliance statements 817 ipForwardCompliance MODULE-COMPLIANCE 818 STATUS deprecated 819 DESCRIPTION 820 "The compliance statement for SNMPv2 entities which implement 821 the ipForward MIB." 823 MODULE -- this module 824 MANDATORY-GROUPS { ipForwardCidrRouteGroup } 826 ::= { ipForwardCompliances 1 } 828 -- units of conformance 830 ipForwardCidrRouteGroup OBJECT-GROUP 831 OBJECTS { ipCidrRouteNumber, 832 ipCidrRouteDest, ipCidrRouteMask, ipCidrRouteTos, 833 ipCidrRouteNextHop, ipCidrRouteIfIndex, ipCidrRouteType, 834 ipCidrRouteProto, ipCidrRouteAge, ipCidrRouteInfo, 835 ipCidrRouteNextHopAS, ipCidrRouteMetric1, 836 ipCidrRouteMetric2, ipCidrRouteMetric3, 837 ipCidrRouteMetric4, ipCidrRouteMetric5, ipCidrRouteStatus 838 } 839 STATUS deprecated 840 DESCRIPTION 841 "The CIDR Route Table." 842 ::= { ipForwardGroups 3 } 844 -- Obsoleted Definitions - Objects 846 ipForwardNumber OBJECT-TYPE 847 SYNTAX Gauge32 848 MAX-ACCESS read-only 849 STATUS obsolete 850 DESCRIPTION 851 "The number of current ipForwardTable entries that are not 852 invalid." 853 ::= { ipForward 1 } 855 -- IP Forwarding Table 857 -- The IP Forwarding Table obsoletes and replaces the ipRoute 858 -- Table current in MIB-I and MIB-II. It adds knowledge of 859 -- the autonomous system of the next hop, multiple next hop 860 -- support, and policy routing support. 862 ipForwardTable OBJECT-TYPE 863 SYNTAX SEQUENCE OF IpForwardEntry 864 MAX-ACCESS not-accessible 865 STATUS obsolete 866 DESCRIPTION 867 "This entity's IP Routing table." 868 REFERENCE 869 "RFC 1213 Section 6.6, The IP Group" 870 ::= { ipForward 2 } 872 ipForwardEntry OBJECT-TYPE 873 SYNTAX IpForwardEntry 874 MAX-ACCESS not-accessible 875 STATUS obsolete 876 DESCRIPTION 877 "A particular route to a particular destination, under a 878 particular policy." 879 INDEX { 880 ipForwardDest, 881 ipForwardProto, 882 ipForwardPolicy, 883 ipForwardNextHop 884 } 885 ::= { ipForwardTable 1 } 887 IpForwardEntry ::= SEQUENCE { 888 ipForwardDest IpAddress, 889 ipForwardMask IpAddress, 890 ipForwardPolicy Integer32, 891 ipForwardNextHop IpAddress, 892 ipForwardIfIndex Integer32, 893 ipForwardType INTEGER, 894 ipForwardProto INTEGER, 895 ipForwardAge Integer32, 896 ipForwardInfo OBJECT IDENTIFIER, 897 ipForwardNextHopAS Integer32, 898 ipForwardMetric1 Integer32, 899 ipForwardMetric2 Integer32, 900 ipForwardMetric3 Integer32, 901 ipForwardMetric4 Integer32, 902 ipForwardMetric5 Integer32 904 } 906 ipForwardDest OBJECT-TYPE 907 SYNTAX IpAddress 908 MAX-ACCESS read-only 909 STATUS obsolete 910 DESCRIPTION 911 "The destination IP address of this route. An entry with a 912 value of 0.0.0.0 is considered a default route. 914 This object may not take a Multicast (Class D) address 915 value. 917 Any assignment (implicit or otherwise) of an instance of 918 this object to a value x must be rejected if the bitwise 919 logical-AND of x with the value of the corresponding 920 instance of the ipForwardMask object is not equal to x." 921 ::= { ipForwardEntry 1 } 923 ipForwardMask OBJECT-TYPE 924 SYNTAX IpAddress 925 MAX-ACCESS read-create 926 STATUS obsolete 927 DESCRIPTION 928 "Indicate the mask to be logical-ANDed with the destination 929 address before being compared to the value in the 930 ipForwardDest field. For those systems that do not support 931 arbitrary subnet masks, an agent constructs the value of the 932 ipForwardMask by reference to the IP Address Class. 934 Any assignment (implicit or otherwise) of an instance of 935 this object to a value x must be rejected if the bitwise 936 logical-AND of x with the value of the corresponding 937 instance of the ipForwardDest object is not equal to 938 ipForwardDest." 939 DEFVAL { '00000000'h } -- 0.0.0.0 940 ::= { ipForwardEntry 2 } 942 -- The following convention is included for specification 943 -- of TOS Field contents. At this time, the Host Requirements 944 -- and the Router Requirements documents disagree on the width 945 -- of the TOS field. This mapping describes the Router 946 -- Requirements mapping, and leaves room to widen the TOS field 947 -- without impact to fielded systems. 949 ipForwardPolicy OBJECT-TYPE 950 SYNTAX Integer32 (0..2147483647) 951 MAX-ACCESS read-only 952 STATUS obsolete 953 DESCRIPTION 954 "The general set of conditions that would cause 955 the selection of one multipath route (set of 956 next hops for a given destination) is referred 957 to as 'policy'. 959 Unless the mechanism indicated by ipForwardProto 960 specifies otherwise, the policy specifier is 961 the IP TOS Field. The encoding of IP TOS is as 962 specified by the following convention. Zero 963 indicates the default path if no more specific 964 policy applies. 966 +-----+-----+-----+-----+-----+-----+-----+-----+ 967 | | | | 968 | PRECEDENCE | TYPE OF SERVICE | 0 | 969 | | | | 970 +-----+-----+-----+-----+-----+-----+-----+-----+ 972 IP TOS IP TOS 973 Field Policy Field Policy 974 Contents Code Contents Code 975 0 0 0 0 ==> 0 0 0 0 1 ==> 2 976 0 0 1 0 ==> 4 0 0 1 1 ==> 6 977 0 1 0 0 ==> 8 0 1 0 1 ==> 10 978 0 1 1 0 ==> 12 0 1 1 1 ==> 14 979 1 0 0 0 ==> 16 1 0 0 1 ==> 18 980 1 0 1 0 ==> 20 1 0 1 1 ==> 22 981 1 1 0 0 ==> 24 1 1 0 1 ==> 26 982 1 1 1 0 ==> 28 1 1 1 1 ==> 30 984 Protocols defining 'policy' otherwise must either 985 define a set of values which are valid for 986 this object or must implement an integer-instanced 987 policy table for which this object's 988 value acts as an index." 989 ::= { ipForwardEntry 3 } 991 ipForwardNextHop OBJECT-TYPE 992 SYNTAX IpAddress 993 MAX-ACCESS read-only 994 STATUS obsolete 995 DESCRIPTION 996 "On remote routes, the address of the next system en route; 997 Otherwise, 0.0.0.0." 998 ::= { ipForwardEntry 4 } 1000 ipForwardIfIndex OBJECT-TYPE 1001 SYNTAX Integer32 1002 MAX-ACCESS read-create 1003 STATUS obsolete 1004 DESCRIPTION 1005 "The ifIndex value which identifies the local interface 1006 through which the next hop of this route should be reached." 1007 DEFVAL { 0 } 1008 ::= { ipForwardEntry 5 } 1010 ipForwardType OBJECT-TYPE 1011 SYNTAX INTEGER { 1012 other (1), -- not specified by this MIB 1013 invalid (2), -- logically deleted 1014 local (3), -- local interface 1015 remote (4) -- remote destination 1016 } 1017 MAX-ACCESS read-create 1018 STATUS obsolete 1019 DESCRIPTION 1020 "The type of route. Note that local(3) refers to a route for 1021 which the next hop is the final destination; remote(4) 1022 refers to a route for which the next hop is not the final 1023 destination. 1025 Setting this object to the value invalid(2) has the effect 1026 of invalidating the corresponding entry in the 1027 ipForwardTable object. That is, it effectively 1028 disassociates the destination identified with said entry 1029 from the route identified with said entry. It is an 1030 implementation-specific matter as to whether the agent 1031 removes an invalidated entry from the table. Accordingly, 1032 management stations must be prepared to receive tabular 1033 information from agents that corresponds to entries not 1034 currently in use. Proper interpretation of such entries 1035 requires examination of the relevant ipForwardType object." 1036 DEFVAL { invalid } 1037 ::= { ipForwardEntry 6 } 1039 ipForwardProto OBJECT-TYPE 1040 SYNTAX INTEGER { 1041 other (1), -- not specified 1042 local (2), -- local interface 1043 netmgmt (3), -- static route 1044 icmp (4), -- result of ICMP Redirect 1046 -- the following are all dynamic 1047 -- routing protocols 1049 egp (5), -- Exterior Gateway Protocol 1050 ggp (6), -- Gateway-Gateway Protocol 1051 hello (7), -- FuzzBall HelloSpeak 1052 rip (8), -- Berkeley RIP or RIP-II 1053 is-is (9), -- Dual IS-IS 1054 es-is (10), -- ISO 9542 1055 ciscoIgrp (11), -- Cisco IGRP 1056 bbnSpfIgp (12), -- BBN SPF IGP 1057 ospf (13), -- Open Shortest Path First 1058 bgp (14), -- Border Gateway Protocol 1059 idpr (15) -- InterDomain Policy Routing 1060 } 1061 MAX-ACCESS read-only 1062 STATUS obsolete 1063 DESCRIPTION 1064 "The routing mechanism via which this route was learned. 1065 Inclusion of values for gateway routing protocols is not 1066 intended to imply that hosts should support those 1067 protocols." 1068 ::= { ipForwardEntry 7 } 1070 ipForwardAge OBJECT-TYPE 1071 SYNTAX Integer32 1072 MAX-ACCESS read-only 1073 STATUS obsolete 1074 DESCRIPTION 1075 "The number of seconds since this route was last updated or 1076 otherwise determined to be correct. Note that no semantics 1077 of `too old' can be implied except through knowledge of the 1078 routing protocol by which the route was learned." 1079 DEFVAL { 0 } 1080 ::= { ipForwardEntry 8 } 1082 ipForwardInfo OBJECT-TYPE 1083 SYNTAX OBJECT IDENTIFIER 1084 MAX-ACCESS read-create 1085 STATUS obsolete 1086 DESCRIPTION 1087 "A reference to MIB definitions specific to the particular 1088 routing protocol which is responsible for this route, as 1089 determined by the value specified in the route's 1090 ipForwardProto value. If this information is not present, 1091 its value should be set to the OBJECT IDENTIFIER { 0 0 }, 1092 which is a syntactically valid object identifier, and any 1093 implementation conforming to ASN.1 and the Basic Encoding 1094 Rules must be able to generate and recognize this value." 1095 ::= { ipForwardEntry 9 } 1097 ipForwardNextHopAS OBJECT-TYPE 1098 SYNTAX Integer32 1099 MAX-ACCESS read-create 1100 STATUS obsolete 1101 DESCRIPTION 1102 "The Autonomous System Number of the Next Hop. When this is 1103 unknown or not relevant to the protocol indicated by 1104 ipForwardProto, zero." 1105 DEFVAL { 0 } 1106 ::= { ipForwardEntry 10 } 1108 ipForwardMetric1 OBJECT-TYPE 1109 SYNTAX Integer32 1110 MAX-ACCESS read-create 1111 STATUS obsolete 1112 DESCRIPTION 1113 "The primary routing metric for this route. The semantics of 1114 this metric are determined by the routing-protocol specified 1115 in the route's ipForwardProto value. If this metric is not 1116 used, its value should be set to -1." 1117 DEFVAL { -1 } 1118 ::= { ipForwardEntry 11 } 1120 ipForwardMetric2 OBJECT-TYPE 1121 SYNTAX Integer32 1122 MAX-ACCESS read-create 1123 STATUS obsolete 1124 DESCRIPTION 1125 "An alternate routing metric for this route. The semantics 1126 of this metric are determined by the routing-protocol 1127 specified in the route's ipForwardProto value. If this 1128 metric is not used, its value should be set to -1." 1129 DEFVAL { -1 } 1130 ::= { ipForwardEntry 12 } 1132 ipForwardMetric3 OBJECT-TYPE 1133 SYNTAX Integer32 1134 MAX-ACCESS read-create 1135 STATUS obsolete 1136 DESCRIPTION 1137 "An alternate routing metric for this route. The semantics 1138 of this metric are determined by the routing-protocol 1139 specified in the route's ipForwardProto value. If this 1140 metric is not used, its value should be set to -1." 1141 DEFVAL { -1 } 1142 ::= { ipForwardEntry 13 } 1144 ipForwardMetric4 OBJECT-TYPE 1145 SYNTAX Integer32 1146 MAX-ACCESS read-create 1147 STATUS obsolete 1148 DESCRIPTION 1149 "An alternate routing metric for this route. The semantics 1150 of this metric are determined by the routing-protocol 1151 specified in the route's ipForwardProto value. If this 1152 metric is not used, its value should be set to -1." 1153 DEFVAL { -1 } 1154 ::= { ipForwardEntry 14 } 1156 ipForwardMetric5 OBJECT-TYPE 1157 SYNTAX Integer32 1158 MAX-ACCESS read-create 1159 STATUS obsolete 1160 DESCRIPTION 1161 "An alternate routing metric for this route. The semantics 1162 of this metric are determined by the routing-protocol 1163 specified in the route's ipForwardProto value. If this 1164 metric is not used, its value should be set to -1." 1165 DEFVAL { -1 } 1166 ::= { ipForwardEntry 15 } 1168 -- Obsoleted Definitions - Groups 1169 -- compliance statements 1171 ipForwardOldCompliance MODULE-COMPLIANCE 1172 STATUS obsolete 1173 DESCRIPTION 1174 "The compliance statement for SNMP entities which implement 1175 the ipForward MIB." 1177 MODULE -- this module 1178 MANDATORY-GROUPS { ipForwardMultiPathGroup } 1180 ::= { ipForwardCompliances 2 } 1182 ipForwardMultiPathGroup OBJECT-GROUP 1183 OBJECTS { ipForwardNumber, 1184 ipForwardDest, ipForwardMask, ipForwardPolicy, 1185 ipForwardNextHop, ipForwardIfIndex, ipForwardType, 1186 ipForwardProto, ipForwardAge, ipForwardInfo, 1187 ipForwardNextHopAS, 1188 ipForwardMetric1, ipForwardMetric2, ipForwardMetric3, 1189 ipForwardMetric4, ipForwardMetric5 1190 } 1192 STATUS obsolete 1193 DESCRIPTION 1194 "IP Multipath Route Table." 1195 ::= { ipForwardGroups 2 } 1197 END 1199 5. Open Issues / To Do 1201 Trash this completely and start from scratch with a new MIB? 1203 Routing table instance identifier? 1205 Any other objects from RFC 2465's ipv6RouteTable? 1207 Figure out what the inetCidrRouteTos object really should be -- DSCP? 1208 Arbitrary mapped with no specified default? 1210 Better wording for ipForwardCompliance2? 1212 Note: more open issues / to do items scattered in comments in MIB. 1214 6. Acknoledgments 1216 This document contains objects modified from RFC 2096 [1]. 1218 7. References 1220 [1] F. Baker, "IP Forwarding Table MIB", RFC 2096, January 1997. 1222 [2] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 1223 Describing SNMP Management Frameworks", RFC 2571, April 1999. 1225 [3] Rose, M., and K. McCloghrie, "Structure and Identification of 1226 Management Information for TCP/IP-based Internets", STD 16, RFC 1227 1155, May 1990. 1229 [4] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1230 1212, March 1991. 1232 [5] Rose, M., "A Convention for Defining Traps for use with the SNMP", 1233 RFC 1215, March 1991. 1235 [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 1236 and S. Waldbusser, "Structure of Management Information Version 2 1237 (SMIv2)", STD 58, RFC 2578, April 1999. 1239 [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 1240 and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 1241 2579, April 1999. 1243 [8] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., 1244 and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 1245 2580, April 1999. 1247 [9] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 1248 Management Protocol", STD 15, RFC 1157, May 1990. 1250 [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1251 "Introduction to Community-based SNMPv2", RFC 1901, January 1996. 1253 [11] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 1254 Mappings for Version 2 of the Simple Network Management Protocol 1255 (SNMPv2)", RFC 1906, January 1996. 1257 [12] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1258 Processing and Dispatching for the Simple Network Management 1259 Protocol (SNMP)", RFC 2572, April 1999. 1261 [13] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for 1262 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 1263 2574, April 1999. 1265 [14] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 1266 Operations for Version 2 of the Simple Network Management Protocol 1267 (SNMPv2)", RFC 1905, January 1996. 1269 [15] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 1270 2573, April 1999. 1272 [16] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 1273 Control Model (VACM) for the Simple Network Management Protocol 1274 (SNMP)", RFC 2575, April 1999. 1276 [17] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to 1277 Version 3 of the Internet-standard Network Management Framework", 1278 RFC 2570, April 1999. 1280 8. Security Considerations 1282 There are a number of management objects defined in this MIB that have a 1283 MAX-ACCESS clause of read-write and/or read-create. Such objects may be 1284 considered sensitive or vulnerable in some network environments. The 1285 support for SET operations in a non-secure environment without proper 1286 protection can have a negative effect on network operations. 1288 There are a number of managed objects in this MIB that may contain 1289 sensitive information. These are: 1291 The routing table can be used to discover information about the network 1292 topology within a domain. 1294 It is thus important to control even GET access to these objects and 1295 possibly to even encrypt the values of these object when sending them 1296 over the network via SNMP. Not all versions of SNMP provide features 1297 for such a secure environment. 1299 SNMPv1 by itself is not a secure environment. Even if the network 1300 itself is secure (for example by using IPSec), even then, there is no 1301 control as to who on the secure network is allowed to access and GET/SET 1302 (read/change/create/delete) the objects in this MIB. 1304 It is recommended that the implementers consider the security features 1305 as provided by the SNMPv3 framework. Specifically, the use of the User- 1306 based Security Model RFC 2574 [13] and the View-based Access Control 1307 Model RFC 2575 [16] is recommended. 1309 It is then a customer/user responsibility to ensure that the SNMP entity 1310 giving access to an instance of this MIB, is properly configured to give 1311 access to the objects only to those principals (users) that have 1312 legitimate rights to indeed GET or SET (change/create/delete) them. 1314 9. Editor's Address 1316 Bill Fenner 1317 AT&T Labs -- Research 1318 75 Willow Rd 1319 Menlo Park, CA 94025 1320 USA 1322 Email: fenner@research.att.com 1324 10. Full Copyright Statement 1326 Copyright (C) The Internet Society (2001). All Rights Reserved. 1328 This document and translations of it may be copied and furnished to 1329 others, and derivative works that comment on or otherwise explain it or 1330 assist in its implementation may be prepared, copied, published and 1331 distributed, in whole or in part, without restriction of any kind, 1332 provided that the above copyright notice and this paragraph are included 1333 on all such copies and derivative works. However, this document itself 1334 may not be modified in any way, such as by removing the copyright notice 1335 or references to the Internet Society or other Internet organizations, 1336 except as needed for the purpose of developing Internet standards in 1337 which case the procedures for copyrights defined in the Internet 1338 Standards process must be followed, or as required to translate it into 1339 languages other than English. 1341 The limited permissions granted above are perpetual and will not be 1342 revoked by the Internet Society or its successors or assigns. 1344 This document and the information contained herein is provided on an "AS 1345 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 1346 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 1347 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 1348 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 1349 FITNESS FOR A PARTICULAR PURPOSE.