--- 1/draft-ietf-bess-mvpn-mib-02.txt 2017-03-01 04:14:00.739519557 -0800 +++ 2/draft-ietf-bess-mvpn-mib-03.txt 2017-03-01 04:14:00.819521488 -0800 @@ -1,263 +1,355 @@ -INTERNET-DRAFT Zhaohui Zhang, Ed. -Intended Status: Proposed Standard Juniper -Expires: September 15, 2016 Saud Asif - AT&T - Andy Green +Network Working Group Z. Zhang, Ed. +Internet-Draft Juniper +Intended status: Standards Track S. Asif +Expires: September 1, 2017 AT&T + A. Green BT - Sameer Gulrajani + S. Gulranjani Cisco - Pradeep Jain + P. Jain Alcatel-Lucent - March 14, 2016 - - MPLS/BGP Layer 3 VPN Multicast - Management Information Base + H. Tsunoda, Ed. + Tohoku Institute of Technology + February 28, 2017 - draft-ietf-bess-mvpn-mib-02 + MPLS/BGP Layer 3 VPN Multicast Management Information Base + draft-ietf-bess-mvpn-mib-03 Abstract - This memo defines an portion of the Management Information Base (MIB) + This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. - In particular, it describes managed objects to configure and/or - monitor Multicast in MPLS/BGP IP VPNs (MVPN) on a router. + monitor MVPN, Multicast in MultiProtocol Label Switching/Border + Gateway Protocol (MPLS/BGP) IP Virtual Private Networks (VPNs) on a + router. -Status of this Memo +Status of This Memo - This Internet-Draft is submitted to IETF in full conformance with the + This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that - other groups may also distribute working documents as - Internet-Drafts. + Task Force (IETF). Note that other groups may also distribute + working documents as Internet-Drafts. The list of current Internet- + Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - The list of current Internet-Drafts can be accessed at - http://www.ietf.org/1id-abstracts.html - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html + This Internet-Draft will expire on September 1, 2017. -Copyright and License Notice +Copyright Notice - Copyright (c) 2016 IETF Trust and the persons identified as the + Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents - 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2 MVPN MIB . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2.1 Summary of MIB Module . . . . . . . . . . . . . . . . . . . 3 - 2.2 MIB Module Definitions . . . . . . . . . . . . . . . . . . 5 - 3 Security Considerations . . . . . . . . . . . . . . . . . . . . 29 - 4 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 29 - 5 Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . 29 - 6 References . . . . . . . . . . . . . . . . . . . . . . . . . . 30 - 6.1 Normative References . . . . . . . . . . . . . . . . . . . 30 - 6.2 Informative References . . . . . . . . . . . . . . . . . . 30 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 + 2. The Internet-Standard Management Framework . . . . . . . . . 3 + 3. MVPN MIB . . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 3.1. Summary of MIB Module . . . . . . . . . . . . . . . . . . 4 + 3.2. MIB Module Definitions . . . . . . . . . . . . . . . . . 6 + 4. Security Considerations . . . . . . . . . . . . . . . . . . . 31 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 + 6. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 33 + 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 + 7.1. Normative References . . . . . . . . . . . . . . . . . . 33 + 7.2. Informative References . . . . . . . . . . . . . . . . . 34 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 -1 Introduction +1. Introduction - Multicast in MPLS/BGP IP VPNs (MVPN) is specified in [MVPN], [BGP- - MVPN] and [MVPN-WILDCARD]. These specifications support either PIM or - BGP as the protocol for exchanging VPN multicast (referred to as C- - multicast states, where 'C-' stands for 'VPN Customer-') among PEs. - In the rest of this document we'll use the term "PIM-MVPN" to refer - to PIM being used for exchanging C-multicast states, and "BGP-MVPN" - to refer to BGP being used for exchanging C-multicast states. + Multicast in MultiProtocol Label Switching/Border Gateway Protocol + (MPLS/BGP) IP Virtual Private Networks (VPNs) is specified in + [RFC6513], [RFC6514], and [RFC6625]. The term "Multicast VPN (MVPN)" + [RFC6513] refers to a BGP/MPLS Layer 3 (IP) VPN service that supports + multicast. - This document defines a standard MIB for MVPN-specific objects that - are generic to both PIM-MVPN and BGP-MVPN. + These specifications support either Protocol Independent Multicast + (PIM) or BGP as the protocol for exchanging VPN multicast state + (referred to as C-multicast states, where 'C-' stands for 'VPN + Customer-') among Provider Edge routers (PEs). In the rest of this + document we will use the term "PIM-MVPN" to refer to PIM being used + for exchanging C-multicast states, and "BGP-MVPN" to refer to BGP + being used for exchanging C-multicast states. - This document borrowed some text from Cisco PIM-MVPN MIB [CISCO-MIB]. - For PIM-MVPN this document attempts to provide coverage comparable - to [CISCO-MIB], but in a generic way that applies to both PIM-MVPN - and BGP-MVPN. + This document defines a Management Information Base (MIB) for MVPN- + specific objects that are generic to both PIM-MVPN and BGP-MVPN. + + This document borrowed some text from Cisco PIM-MVPN MIB + [I-D.svaidya-mcast-vpn-mib]. For PIM-MVPN this document attempts to + provide coverage comparable to [I-D.svaidya-mcast-vpn-mib], but in a + generic way that applies to both PIM-MVPN and BGP-MVPN. + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. Comments should be made directly to the BESS WG at bess@ietf.org. -1.1 Terminology +1.1. Terminology This document adopts the definitions, acronyms and mechanisms - described in [MVPN] and other documents that [MVPN] refers to. + described in [RFC6513] and other documents that [RFC6513] refers to. Familiarity with Multicast, MPLS, L3VPN, MVPN concepts and/or - mechanisms is assumed. + mechanisms is assumed. Some terms specifically related to this + document are explained below. - Interchangeably, the term Multicast VRF (MVRF) and MVPN are used to - refer to a partiular Multicast VPN instantiation on a particular PE - device. + The term "Multicast VPN (MVPN)" [RFC6513] refers to a BGP/MPLS L3 + (IP) VPN service that supports multicast. -2 MVPN MIB + Interchangeably, the term Multicast Virtual Routing and Forwarding + table (MVRF) and MVPN are used to refer to a particular Multicast VPN + instantiation on a particular PE device. - This MIB enables configuring and/or monitoring of MVPNs on PE - devices: the whole multicast VPN machinery and the per-MVRFs - information, including the configuration, status and operational - details, such as different P-Multicast Service Interfaces (PMSIs) and - the provider tunnels implementing them. + "Provider Multicast Service Interface (PMSI)" [RFC6513] is a + conceptual interface instantiated by a Provider tunnel (P-tunnel), a + transport mechanism used to deliver multicast traffic. A PE uses to + send customer multicast traffic to all or some PEs in the same VPN. -2.1 Summary of MIB Module + There are two kinds of PMSI: "Inclusive PMSI (I-PMSI)" and "Selective + PMSI (S-PMSI)" [RFC6513]. An I-PMSI is a PMSI that enables a PE + attached to a particular MVPN to transmit a message to all PEs in the + same VPN. An S-PMSI is a PMSI that enables a PE attached to a + particular MVPN to transmit a message to some of the PEs in the same + VPN. + +2. The Internet-Standard Management Framework + + For a detailed overview of the documents that describe the current + Internet-Standard Management Framework, please refer to section 7 of + RFC 3410 [RFC3410]. + + Managed objects are accessed via a virtual information store, termed + the Management Information Base or MIB. MIB objects are generally + accessed through the Simple Network Management Protocol (SNMP). + Objects in the MIB are defined using the mechanisms defined in the + Structure of Management Information (SMI). This memo specifies a MIB + module that is compliant to the SMIv2, which is described in STD 58, + RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 + [RFC2580]. + +3. MVPN MIB + + This section gives the overview of the MVPN MIB. The MIB module aims + to provide configuring and/or monitoring of MVPNs on PE devices: the + whole multicast VPN machinery and the per-MVRFs information, + including the configuration, status and operational details, such as + different P-Multicast Service Interfaces (PMSIs) and the provider + tunnels implementing them. + +3.1. Summary of MIB Module The configuration and states specific to an MVPN include the following: - - C-multicast routing exchange protocol (PIM or BGP) + o C-multicast routing exchange protocol (PIM or BGP) - - I-PMSI, S-PMSI and corresponding provider tunnels - - Mapping of c-multicast states to PMSI/tunnels + o I-PMSI, S-PMSI and corresponding provider tunnels - To represent them, the following tables are defined. + o Mapping of C-multicast states to PMSI/tunnels + + To represent them, the following tables are defined. The following + figure depicts relationships among tables defined in this document. + Each box in the figure represents a table defined in this document. + The label in each box corresponds to a table name. +--------------+ | MvpnBgp | - | General | + | GeneralTable | +--------------+ +-------------------+ +-----------------+ - | MvpnGeneral | -> | MvpnPmsiConfig | <- | MvpnSpmsiConfig | + | MvpnGeneral | MvpnPmsiConfig | | MvpnSpmsiConfig | + | Table | -> | Table | <- | Table | +--------------+ +-------------------+ +-----------------+ +--------------+ +-------------------+ +-----------------+ | MvpnIpmsi | -> | L2L3VpnMcastPmsi | <- | MvpnSpmsi | - +--------------+ | TunnelAttribute | +-----------------+ + | Table | | TunnelAttribute | | Table | + +--------------+ | Table | +-----------------+ -> +-------------------+ / ^ / | +--------------+ +-------------------+ - | MvpnInterAs | | MvpnMroute | - | Ipmsi | +-------------------+ + | MvpnInterAs | | MvpnMrouteTable | + | IpmsiTable | +-------------------+ +--------------+ - - mvpnGeneralTable + o mvpnGeneralTable An entry in this table is created for each MVRF in the device, for general configuration/states of the MVRF, including Inclusive PMSI (I-PMSI) configuration. - Existence of the corresponding VRF in [L3VPN-MIB] is necessary for - a row to exist in this table. + Existence of the corresponding VRF in [RFC4382] is necessary for a + row to exist in this table. - - mvpnBgpGeneralTable + o mvpnBgpGeneralTable This table augments mvpnGeneralTable and is for BGP-MVPN specific information. - - mvpnSpmsiConfigTable + o mvpnSpmsiConfigTable This table contains objects for Selective PMSI (S-PMSI) configurations in an MVRF. - - mvpnPmsiConfigTable + o mvpnPmsiConfigTable Both I-PMSI configuration (in mvpnGeneralEntry) and S-PMSI configuration (in mvpnSpmsiConfigEntry) refer to entries in this table. - - mvpnIpmsiTable - + o mvpnIpmsiTable This table contains all advertised and received intra-as I-PMSIs. With PIM-MVPN, it is applicable only when BGP-Based Autodiscovery of MVPN Membership is used. - - mvpnInterAsIpmsiTable + o mvpnInterAsIpmsiTable This table contains all advertised and received inter-as I-PMSIs. With PIM-MVPN, it is applicable only when BGP-Based Autodiscovery of MVPN Membership is used. - - mvpnSpmsiTable/Etnry + o mvpnSpmsiTable This table contains all advertised or received S-PMSIs. - - l2l3VpnMcastPmsiTunnelAttributeTable + o l2l3VpnMcastPmsiTunnelAttributeTable - This table is defined separately in l2L3VpnMcastMIB [L2L3MVPN-MIB], - which is common for both VPLS Multicast and MVPN. It contains - sent/received PMSI attribute entries referred to by mvpnIpmsiEntry, - mvpnSpmsiEntry, mvpnInterAsIpmsiEntry, and other MIB objects (e.g., - VPLS Multicast ones). + This table is defined separately in l2L3VpnMcastMIB + [I-D.ietf-bess-l2l3-vpn-mcast-mib], which is common for both VPLS + Multicast and MVPN. It contains sent/received PMSI attribute + entries referred to by mvpnIpmsiEntry, mvpnSpmsiEntry, + mvpnInterAsIpmsiEntry, and other MIB objects (e.g., VPLS Multicast + ones). - - mvpnMrouteTable + o mvpnMrouteTable - This table augments ipMcastMIB.ipMcast.ipMcastRouteTable [MROUTE- - MIB], for some MVPN specific information. + This table augments + ipMcastMIB.ipMcast.ipMcastRouteTable [RFC5132], for some MVPN + specific information. -2.2 MIB Module Definitions +3.2. MIB Module Definitions MCAST-VPN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, - experimental, Unsigned32 + Gauge32, Unsigned32, mib-2 -- [RFC2578] FROM SNMPv2-SMI - MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP - FROM SNMPv2-CONF + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF -- [RFC2580] TruthValue, RowPointer, RowStatus, TimeStamp, TimeInterval - FROM SNMPv2-TC + FROM SNMPv2-TC -- [RFC2579] SnmpAdminString - FROM SNMP-FRAMEWORK-MIB + FROM SNMP-FRAMEWORK-MIB -- [RFC2571] InetAddress, InetAddressType - FROM INET-ADDRESS-MIB - - MplsLabel - FROM MPLS-TC-STD-MIB + FROM INET-ADDRESS-MIB -- [RFC2851] mplsL3VpnVrfName, MplsL3VpnRouteDistinguisher - FROM MPLS-L3VPN-STD-MIB + FROM MPLS-L3VPN-STD-MIB -- [RFC4382] ipMcastRouteEntry - FROM IPMCAST-MIB + FROM IPMCAST-MIB -- [RFC5132] L2L3VpnMcastProviderTunnelType FROM L2L3-VPN-MCAST-MIB; mvpnMIB MODULE-IDENTITY - LAST-UPDATED "201405071200Z" -- 07 May 2014 12:00:00 GMT - ORGANIZATION "IETF Layer-3 Virtual Private - Networks Working Group." + LAST-UPDATED "201702281200Z" -- 28th February 2017 12:00:00 GMT + ORGANIZATION "IETF BESS Working Group." CONTACT-INFO - " Jeffrey (Zhaohui) Zhang - zzhang@juniper.net + " Zhaohui Zhang + Juniper Networks, Inc. + 10 Technology Park Drive + Westford, MA 01886 + USA + Email: zzhang@juniper.net + + Saud Asif + AT&T + C5-3D30 200 South Laurel Avenue + Middletown, NJ 07748 + USA + Email: sasif@att.com + + Andy Green + BT Design 21CN Converged Core IP & Data + 01473 629360 Adastral Park, Martlesham Heath, + Ipswich IP5 3RE + UK + Email: andy.da.green@bt.com + + Sameer Gulrajani + Cisco Systems + Tasman Drive San Jose, CA 95134 + USA + Email: sameerg@cisco.com + + Pradeep G. Jain + Alcatel-Lucent Inc + 701 E Middlefield road Mountain view, CA 94043 + USA + Email: pradeep.jain@alcatel-lucent.com + Hiroshi Tsunoda + Tohoku Institute of Technology + 35-1, Yagiyama Kasumi-cho + Taihaku-ku, Sendai, 982-8577 + Japan + Email: tsuno@m.ieice.org Comments and discussion to bess@ietf.org" DESCRIPTION "This MIB contains managed object definitions for - multicast in BGP/MPLS IP VPNs defined by [MVPN]. + multicast in BGP/MPLS IP VPNs defined by [RFC6513]. Copyright (C) The Internet Society (2016)." -- Revision history. - REVISION "201405071200Z" -- 07 May 2014 12:00:00 GMT + + REVISION "201702281200Z" -- 28th February, 2017 DESCRIPTION - "Initial version of the draft." - ::= { experimental 99 } -- number to be assigned + "Initial version, published as RFC XXXX." + + -- RFC Ed. replace XXXX with actual RFC number and remove this note + + ::= { mib-2 YYYY } + + -- IANA Reg.: Please assign a value for "YYYY" under the + -- 'mib-2' subtree and record the assignment in the SMI + -- Numbers registry. + + -- RFC Ed.: When the above assignment has been made, please + -- remove the above note + -- replace "YYYY" here with the assigned value and + -- remove this note. -- Top level components of this MIB. mvpnNotifications OBJECT IDENTIFIER ::= { mvpnMIB 0 } -- tables, scalars mvpnObjects OBJECT IDENTIFIER ::= { mvpnMIB 1 } -- conformance information mvpnConformance OBJECT IDENTIFIER ::= { mvpnMIB 2 } @@ -259,88 +351,87 @@ mvpnObjects OBJECT IDENTIFIER ::= { mvpnMIB 1 } -- conformance information mvpnConformance OBJECT IDENTIFIER ::= { mvpnMIB 2 } -- mvpn Objects mvpnScalars OBJECT IDENTIFIER ::= { mvpnObjects 1 } mvpnGeneral OBJECT IDENTIFIER ::= { mvpnObjects 2 } mvpnConfig OBJECT IDENTIFIER ::= { mvpnObjects 3 } mvpnStates OBJECT IDENTIFIER ::= { mvpnObjects 4 } - -- Scalar Objects - mvpnMvrfNumber OBJECT-TYPE - SYNTAX Unsigned32 + mvpnMvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of MVRFs that are present on this device, whether for IPv4, IPv6, or mLDP C-Multicast." ::= { mvpnScalars 1 } - mvpnMvrfNumberV4 OBJECT-TYPE - SYNTAX Unsigned32 + mvpnV4Mvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of MVRFs for IPv4 C-Multicast that are present in this device." ::= { mvpnScalars 2 } - mvpnMvrfNumberV6 OBJECT-TYPE - SYNTAX Unsigned32 + mvpnV6Mvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of MVRFs for IPv6 C-Multicast that are present in this device." ::= { mvpnScalars 3 } - mvpnMvrfNumberPimV4 OBJECT-TYPE - SYNTAX Unsigned32 + mvpnPimV4Mvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PIM-MVPN MVRFs for IPv4 C-Multicast that are present in this device." ::= { mvpnScalars 4 } - mvpnMvrfNumberPimV6 OBJECT-TYPE - SYNTAX Unsigned32 + mvpnPimV6Mvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of PIM-MVPN MVRFs for IPv6 C-Multicast that are present in this device." ::= { mvpnScalars 5 } - mvpnMvrfNumberBgpV4 OBJECT-TYPE - SYNTAX Unsigned32 + mvpnBgpV4Mvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BGP-MVPN MVRFs for IPv4 C-Multicast that are present in this device." ::= { mvpnScalars 6 } - mvpnMvrfNumberBgpV6 OBJECT-TYPE - SYNTAX Unsigned32 + mvpnBgpV6Mvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BGP-MVPN MVRFs for IPv6 C-Multicast that are present in this device." ::= { mvpnScalars 7 } - mvpnMvrfNumberMldp OBJECT-TYPE - SYNTAX Unsigned32 + mvpnMldpMvrfs OBJECT-TYPE + SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BGP-MVPN MVRFs for mLDP C-Multicast that are present in this device." ::= { mvpnScalars 8 } mvpnNotificationEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write @@ -386,21 +477,21 @@ mvpnGenRowStatus RowStatus } mvpnGenAddressFamily OBJECT-TYPE SYNTAX INTEGER { ipv4(1), ipv6(2) } MAX-ACCESS not-accessible STATUS current DESCRIPTION - "The Address Fammily that this entry is for" + "The Address Family that this entry is for" ::= { mvpnGeneralEntry 1 } mvpnGenOperStatusChange OBJECT-TYPE SYNTAX INTEGER { createdMvrf(1), deletedMvrf(2), modifiedMvrfIpmsiConfig(3), modifiedMvrfSpmsiConfig(4) } MAX-ACCESS read-only STATUS current @@ -463,57 +554,58 @@ MAX-ACCESS read-write STATUS current DESCRIPTION "This points to a row in mvpnPmsiConfigTable, for inter-as I-PMSI configuration, in case of segmented inter-as provider tunnels." ::= { mvpnGeneralEntry 6 } mvpnGenUmhSelection OBJECT-TYPE SYNTAX INTEGER { - highest-pe-address (1), - c-root-group-hashing (2), - ucast-umh-route (3) + highestPeAddress (1), + cRootGroupHashing (2), + ucastUmhRoute (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "The UMH selection method for this mvpn, as specified in - section 5.1.3 of [MVPN]: - highest-pe-address (1): PE with the highest address - c-root-group-hashing (2): hashing based on (c-root, c-group) - uncast-umh-route (3): per ucast route towards c-root" + section 5.1.3 of [RFC6513]: + highestPeAddress (1): PE with the highest address + cRootGroupHashing (2): hashing based on (c-root, c-group) + uncastUmhRoute (3): per ucast route towards c-root" ::= { mvpnGeneralEntry 7} mvpnGenSiteType OBJECT-TYPE SYNTAX INTEGER { - sender-receiver (1), - receiver-only (2), - sender-only (3) + senderReceiver (1), + receiverOnly (2), + senderOnly (3) } MAX-ACCESS read-write STATUS current DESCRIPTION "Whether this site is a receiver-only site or not. - sender-receiver (1): both sender and receiver site. - receiver-only (2): receiver-only site. - sender-only (3): sender-only site." + senderReceiver (1): both sender and receiver site. + receiverOnly (2): receiver-only site. + senderOnly (3): sender-only site." ::= { mvpnGeneralEntry 8} mvpnGenSptnlLimit OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The max number of selective provider tunnels this device allows for this mvpn." + ::= { mvpnGeneralEntry 9} mvpnGenRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This is used to create or delete a row in this table." ::= { mvpnGeneralEntry 10 } @@ -540,30 +632,29 @@ ::= { mvpnBgpGeneralTable 1 } MvpnBgpGeneralEntry ::= SEQUENCE { mvpnBgpGenMode INTEGER, mvpnBgpGenVrfRtImport MplsL3VpnRouteDistinguisher, mvpnBgpGenSrcAs Unsigned32 } mvpnBgpGenMode OBJECT-TYPE SYNTAX INTEGER { - rpt-spt (1), - spt-only (2) + rptSpt (1), + sptOnly (2) } - MAX-ACCESS read-write STATUS current DESCRIPTION "For two different BGP-MVPN modes: - rpt-spt(1): inter-site shared tree mode - spt-only(2): inter-site source-only tree mode." + rptSpt(1): inter-site shared tree mode + sptOnly(2): inter-site source-only tree mode." ::= { mvpnBgpGeneralEntry 1} mvpnBgpGenVrfRtImport OBJECT-TYPE SYNTAX MplsL3VpnRouteDistinguisher MAX-ACCESS read-write STATUS current DESCRIPTION "The VRF Route Import Extended Community that this device adds to unicast vpn routes that it advertises for this mvpn." ::= { mvpnBgpGeneralEntry 2} @@ -1179,21 +1274,21 @@ more than one (three at most) notifications for a MVRF may be generated serially, and it is really not necessary to generate all three of them. An agent may choose to generate a notification for the last event only, that is for S-PMSI configuration. Similarly, deletion of I-PMSI and S-PMSI configuration on a MVRF happens before a MVRF is deleted and it is recommended that the agent send the notification for MVRF deletion event only." - ::= { mvpnNotifications 2 } + ::= { mvpnNotifications 1 } -- MVPN MIB Conformance Information mvpnGroups OBJECT IDENTIFIER ::= { mvpnConformance 1 } mvpnCompliances OBJECT IDENTIFIER ::= { mvpnConformance 2 } -- Compliance Statements mvpnCompliance MODULE-COMPLIANCE STATUS current @@ -1219,31 +1314,30 @@ Inter-AS Segmented I-PMSI." GROUP mvpnBgpGeneralGroup DESCRIPTION "This group is mandatory for systems that support BGP-MVPN." ::= { mvpnCompliances 1 } -- units of conformance - mvpnScalarGroup OBJECT-GROUP OBJECTS { - mvpnMvrfNumber, - mvpnMvrfNumberV4, - mvpnMvrfNumberV6, - mvpnMvrfNumberPimV4, - mvpnMvrfNumberPimV6, - mvpnMvrfNumberBgpV4, - mvpnMvrfNumberBgpV6, - mvpnMvrfNumberMldp, + mvpnMvrfs, + mvpnV4Mvrfs, + mvpnV6Mvrfs, + mvpnPimV4Mvrfs, + mvpnPimV6Mvrfs, + mvpnBgpV4Mvrfs, + mvpnBgpV6Mvrfs, + mvpnMldpMvrfs, mvpnNotificationEnable } STATUS current DESCRIPTION "These objects are used to monitor/manage global MVPN parameters." ::= { mvpnGroups 1 } mvpnGeneralGroup OBJECT-GROUP OBJECTS { @@ -1346,103 +1440,219 @@ OBJECTS { mvpnMroutePmsiPointer } STATUS current DESCRIPTION "Support of these object is not required." ::= { mvpnGroups 10} END -3 Security Considerations +4. Security Considerations This MIB contains some read-only objects that may be deemed senstive - by some though perhaps not all operators. It also contains some read- - write objects, whose setting will change the device's behavior related - to MVPN. Appropriate security procedures related to SNMP in general - but not specific to this MIB need to be implemented by concerned - operators. + by some though perhaps not all operators. It also contains some + read- write objects, whose setting will change the device's behavior + related to MVPN. Appropriate security procedures related to SNMP in + general but not specific to this MIB need to be implemented by + concerned operators. -4 IANA Considerations + There are a number of management objects defined in this MIB module + with a MAX-ACCESS clause of read-write and/or read-create. Such + objects may be considered sensitive or vulnerable in some network + environments. The support for SET operations in a non-secure + environment without proper protection opens devices to attack. These + are the tables and objects and their sensitivity/vulnerability: + + o mvpnNotificationEnable, mvpnGenCmcastRouteProtocol, + mvpnGenIpmsiConfig, mvpnGenInterAsPmsiConfig, mvpnGenUmhSelection, + mvpnGenSiteType, mvpnGenSptnlLimit, mvpnBgpGenMode, + mvpnBgpGenVrfRtImport, mvpnPmsiConfigEncapsType, + mvpnSpmsiConfigThreshold, mvpnSpmsiConfigPmsiPointer + + o mvpnGenRowStatus, mvpnPmsiConfigRowStatus, + mvpnSpmsiConfigRowStatus + + Some of the readable objects in this MIB module (i.e., objects with a + MAX-ACCESS other than not-accessible) may be considered sensitive or + vulnerable in some network environments. It is thus important to + control even GET and/or NOTIFY access to these objects and possibly + to even encrypt the values of these objects when sending them over + the network via SNMP. These are the tables and objects and their + sensitivity/vulnerability: + + o [TBD] + + SNMP versions prior to SNMPv3 did not include adequate security. + Even if the network itself is secure (for example by using IPsec), + there is no control as to who on the secure network is allowed to + access and GET/SET (read/change/create/delete) the objects in this + MIB module. + + Implementations SHOULD provide the security features described by the + SNMPv3 framework (see [RFC3410]), and implementations claiming + compliance to the SNMPv3 standard MUST include full support for + authentication and privacy via the User-based Security Model (USM) + [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations + MAY also provide support for the Transport Security Model (TSM) + [RFC5591] in combination with a secure transport such as SSH + [RFC5592] or TLS/DTLS [RFC6353]. + + Further, deployment of SNMP versions prior to SNMPv3 is NOT + RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to + enable cryptographic security. It is then a customer/operator + responsibility to ensure that the SNMP entity giving access to an + instance of this MIB module is properly configured to give access to + the objects only to those principals (users) that have legitimate + rights to indeed GET or SET (change/create/delete) them. + +5. IANA Considerations IANA is requested to root MIB objects in the MIB module contained in this document under the mib-2 subtree. -5 Acknowledgement +6. Acknowledgement - Some of the text has been taken almost verbatim from [CISCO-MIB]. + Some of the text has been taken almost verbatim from + [I-D.svaidya-mcast-vpn-mib]. We would like to thank Yakov Rekhter, + Jeffrey Haas, Huajin Jeng, Durga Prasad Velamuri for their helpful + comments. - We would like to thank Yakov Rekhter, Jeffrey Haas, Huajin Jeng, Durga - Prasad Velamuri for their helpful comments. +7. References -6 References +7.1. Normative References -6.1 Normative References + [I-D.ietf-bess-l2l3-vpn-mcast-mib] + Zhang, Z. and H. Tsunoda, "L2L3 VPN Multicast MIB", draft- + ietf-bess-l2l3-vpn-mcast-mib-06 (work in progress), + February 2017. - [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ + RFC2119, March 1997, + . - [L3VPN-MIB] Nadeau, T., Ed., and H. van der Linde, Ed., "MPLS/BGP - Layer 3 Virtual Private Network (VPN) Management - Information Base", RFC 4382, February 2006. + [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. + Schoenwaelder, Ed., "Structure of Management Information + Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/ + RFC2578, April 1999, + . - [MROUTE-MIB] McWalter, D., Thaler, D., and A. Kessler, "IP Multicast - MIB", RFC 5132, December 2007. + [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. + Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD + 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, + . - [MVPN] Eric C. Rosen, Rahul Aggarwal, et. al., Multicast in MPLS/BGP - IP VPNs, RFC 6513, February 2012. + [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. + Schoenwaelder, Ed., "Conformance Statements for SMIv2", + STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, + . - [BGP-MVPN] R. Aggarwal, E. Rosen, T. Morin, Y. Rekhter, BGP Encodings - and Procedures for Multicast in MPLS/BGP IP VPNs, - RFC 6514, February 2012. + [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model + (USM) for version 3 of the Simple Network Management + Protocol (SNMPv3)", STD 62, RFC 3414, DOI 10.17487/ + RFC3414, December 2002, + . - [MVPN-WILDCARD] E. Rosen, Y. Rekhter, Wildcards in Multicast VPN - Auto-Discovery Routes, RFC 6625, May 2012. + [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The + Advanced Encryption Standard (AES) Cipher Algorithm in the + SNMP User-based Security Model", RFC 3826, DOI 10.17487/ + RFC3826, June 2004, + . - [L2L3MVPN-MIB] Zhang, J., L2L3 VPN Multicast MIB, draft-ietf-bess- - l2l3-vpn-mcast-mib, Work In Progress. + [RFC4382] Nadeau, T., Ed. and H. van der Linde, Ed., "MPLS/BGP Layer + 3 Virtual Private Network (VPN) Management Information + Base", RFC 4382, DOI 10.17487/RFC4382, February 2006, + . -6.2 Informative References + [RFC5132] McWalter, D., Thaler, D., and A. Kessler, "IP Multicast + MIB", RFC 5132, DOI 10.17487/RFC5132, December 2007, + . - [CISCO-MIB] Susheela Vaidya, Thomas D. Nadeau, Harmen Van der Linde, - Multicast in BGP/MPLS IP VPNs Management Information Base, - draft-svaidya-mcast-vpn-mib-02.txt, Work In Progress, - April 2005. + [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model + for the Simple Network Management Protocol (SNMP)", STD + 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, + . + + [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure + Shell Transport Model for the Simple Network Management + Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June + 2009, . + + [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport + Model for the Simple Network Management Protocol (SNMP)", + STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, + . + + [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ + BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February + 2012, . + + [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP + Encodings and Procedures for Multicast in MPLS/BGP IP + VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, + . + + [RFC6625] Rosen, E., Ed., Rekhter, Y., Ed., Hendrickx, W., and R. + Qiu, "Wildcards in Multicast VPN Auto-Discovery Routes", + RFC 6625, DOI 10.17487/RFC6625, May 2012, + . + +7.2. Informative References + + [I-D.svaidya-mcast-vpn-mib] + Vaidya, S., "Multicast in BGP/MPLS IP VPNs Management + Information Base", draft-svaidya-mcast-vpn-mib-02 (work in + progress), March 2005. + + [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, + "Introduction and Applicability Statements for Internet- + Standard Management Framework", RFC 3410, DOI 10.17487/ + RFC3410, December 2002, + . Authors' Addresses - Zhaohui Zhang (Editor) + Zhaohui (Jeffrey) Zhang (editor) Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886 USA + Email: zzhang@juniper.net Saud Asif AT&T - C5-3D30 - 200 South Laurel Avenue + C5-3D30 200 South Laurel Avenue Middletown, NJ 07748 USA + Email: sasif@att.com Andy Green BT Design 21CN Converged Core IP & Data - 01473 629360 - Adastral Park, Martlesham Heath, Ipswich IP5 3RE + 01473 629360 Adastral Park, Martlesham Heath, Ipswich IP5 3RE UK + Email: andy.da.green@bt.com Sameer Gulrajani Cisco Systems - Tasman Drive - San Jose, CA 95134 + Tasman Drive San Jose, CA 95134 USA - EMail: sameerg@cisco.com + Email: sameerg@cisco.com Pradeep G. Jain Alcatel-Lucent Inc - 701 E Middlefield road - Mountain view, CA 94043 + 701 E Middlefield road Mountain view, CA 94043 USA + Email: pradeep.jain@alcatel-lucent.com + Hiroshi Tsunoda (editor) + Tohoku Institute of Technology + 35-1, Yagiyama Kasumi-cho, Taihaku-ku + Sendai 982-8577 + Japan + + Phone: +81-22-305-3411 + Email: tsuno@m.ieice.org