draft-ietf-bess-mvpn-mib-10.txt   draft-ietf-bess-mvpn-mib-11.txt 
Network Working Group H. Tsunoda Network Working Group H. Tsunoda
Internet-Draft Tohoku Institute of Technology Internet-Draft Tohoku Institute of Technology
Intended status: Standards Track August 11, 2018 Intended status: Standards Track September 07, 2018
Expires: February 12, 2019 Expires: March 11, 2019
BGP/MPLS Layer 3 VPN Multicast Management Information Base BGP/MPLS Layer 3 VPN Multicast Management Information Base
draft-ietf-bess-mvpn-mib-10 draft-ietf-bess-mvpn-mib-11
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community. for use with network management protocols in the Internet community.
In particular, it describes managed objects to configure and/or In particular, it describes managed objects to configure and/or
monitor Multicast communication over IP Virtual Private Networks monitor Multicast communication over IP Virtual Private Networks
(VPNs) supported by MultiProtocol Label Switching/Border Gateway (VPNs) supported by MultiProtocol Label Switching/Border Gateway
Protcol (MPLS/BGP) on a Provider Edge router. Protcol (MPLS/BGP) on a Provider Edge router.
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 12, 2019. This Internet-Draft will expire on March 11, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 12 skipping to change at page 2, line 12
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Internet-Standard Management Framework . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . 3
3. MCAST-VPN-MIB . . . . . . . . . . . . . . . . . . . . . . . . 4 3. BGP-MPLS-LAYER3-VPN-MULTICAST-MIB . . . . . . . . . . . . . . 4
3.1. Summary of MIB Module . . . . . . . . . . . . . . . . . . 4 3.1. Summary of MIB Module . . . . . . . . . . . . . . . . . . 4
3.2. MIB Module Definitions . . . . . . . . . . . . . . . . . 5 3.2. MIB Module Definitions . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 50 4. Security Considerations . . . . . . . . . . . . . . . . . . . 50
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 53 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 53
6. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 53 6. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 53
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 53 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 54
7.1. Normative References . . . . . . . . . . . . . . . . . . 54 7.1. Normative References . . . . . . . . . . . . . . . . . . 54
7.2. Informative References . . . . . . . . . . . . . . . . . 56 7.2. Informative References . . . . . . . . . . . . . . . . . 56
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 56 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 56
1. Introduction 1. Introduction
[RFC6513], [RFC6514], and [RFC6625] specify procedures for supporting [RFC6513], [RFC6514], and [RFC6625] specify procedures for supporting
multicast in Border Gateway Protocol/MultiProtocol Label Switching multicast in Border Gateway Protocol/MultiProtocol Label Switching
(BGP/MPLS) Layer 3 (IP) Virtual Private Networks (VPNs). Throughout (BGP/MPLS) Layer 3 (IP) Virtual Private Networks (VPNs). Throughout
this document, we will use the term "Multicast VPN" (MVPN) [RFC6513] this document, we will use the term "Multicast VPN" (MVPN) [RFC6513]
skipping to change at page 4, line 5 skipping to change at page 4, line 5
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58, module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580]. [RFC2580].
3. MCAST-VPN-MIB 3. BGP-MPLS-LAYER3-VPN-MULTICAST-MIB
This document defines MCAST-VPN-MIB, a MIB module for monitoring and/ This document defines BGP-MPLS-LAYER3-VPN-MULTICAST-MIB, a MIB module
or configuring MVPNs on PEs. This MIB module will be used in for monitoring and/or configuring MVPNs on PEs. This MIB module will
conjunction with MPLS-L3VPN-STD-MIB [RFC4382] and IPMCAST-MIB be used in conjunction with MPLS-L3VPN-STD-MIB [RFC4382] and IPMCAST-
[RFC5132]. MIB [RFC5132].
3.1. Summary of MIB Module 3.1. Summary of MIB Module
MCAST-VPN-MIB provides the following functionalities. BGP-MPLS-LAYER3-VPN-MULTICAST-MIB provides the following
functionalities.
o Monitoring attributes of MVPNs on a PE o Monitoring attributes of MVPNs on a PE
o Configuring timers and thresholds related to an MVPN on a PE o Configuring timers and thresholds related to an MVPN on a PE
o Notifying creation, deletion, and modification of MVRFs on a PE o Notifying creation, deletion, and modification of MVRFs on a PE
o Monitoring PMSI attributes o Monitoring PMSI attributes
o Monitoring statistics of advertisements exchanged by a PE o Monitoring statistics of advertisements exchanged by a PE
o Monitoring routing information for multicast destinations o Monitoring routing information for multicast destinations
o Monitoring next-hops for each multicast destination o Monitoring next-hops for each multicast destination
To provide these functionalities, MCAST-VPN-MIB defines following To provide these functionalities, BGP-MPLS-LAYER3-VPN-MULTICAST-MIB
tables. defines following tables.
o mvpnGenericTable o mvpnGenericTable
This table contains generic information about MVPNs on a PE. Each This table contains generic information about MVPNs on a PE. Each
entry in this table represents an instance of an MVPN on a PE and entry in this table represents an instance of an MVPN on a PE and
contains generic information related to the MVPN. For each entry contains generic information related to the MVPN. For each entry
in this table there MUST be a corresponding VRF in MPLS-L3VPN-STD- in this table there MUST be a corresponding VRF in MPLS-L3VPN-STD-
MIB [RFC4382]. MIB [RFC4382].
o mvpnBgpTable o mvpnBgpTable
skipping to change at page 5, line 25 skipping to change at page 5, line 25
This table contains multicast routing information in MVRFs on a This table contains multicast routing information in MVRFs on a
PE. PE.
o mvpnMrouteNextHopTable o mvpnMrouteNextHopTable
This table contains information on the next-hops for routing IP This table contains information on the next-hops for routing IP
multicast datagrams in MVPNs on a PE. multicast datagrams in MVPNs on a PE.
3.2. MIB Module Definitions 3.2. MIB Module Definitions
MCAST-VPN-MIB DEFINITIONS ::= BEGIN BGP-MPLS-LAYER3-VPN-MULTICAST-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
Counter32, Counter64, Gauge32, Unsigned32, TimeTicks, Counter32, Counter64, Gauge32, Unsigned32, TimeTicks,
mib-2 mib-2
FROM SNMPv2-SMI -- [RFC2578] FROM SNMPv2-SMI -- [RFC2578]
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF -- [RFC2580] FROM SNMPv2-CONF -- [RFC2580]
skipping to change at page 6, line 4 skipping to change at page 6, line 4
InetAddress, InetAddressType, InetAddressPrefixLength InetAddress, InetAddressType, InetAddressPrefixLength
FROM INET-ADDRESS-MIB -- [RFC4001] FROM INET-ADDRESS-MIB -- [RFC4001]
mplsL3VpnVrfName, MplsL3VpnRouteDistinguisher mplsL3VpnVrfName, MplsL3VpnRouteDistinguisher
FROM MPLS-L3VPN-STD-MIB -- [RFC4382] FROM MPLS-L3VPN-STD-MIB -- [RFC4382]
IANAipRouteProtocol, IANAipMRouteProtocol IANAipRouteProtocol, IANAipMRouteProtocol
FROM IANA-RTPROTO-MIB -- [RTPROTO] FROM IANA-RTPROTO-MIB -- [RTPROTO]
L2L3VpnMcastProviderTunnelType L2L3VpnMcastProviderTunnelType
FROM L2L3-VPN-MCAST-TC-MIB; -- [RFCXXXX] FROM L2L3-VPN-MULTICAST-TC-MIB; -- [RFCXXXX]
-- RFC Ed.: replace XXXX with actual RFC number and remove this note -- RFC Ed.: replace XXXX here and in the References Section
-- with the actual RFC number assigned to
-- I-D ietf-bess-l2l3-vpn-mcast-mib and remove this note.
mvpnMIB MODULE-IDENTITY mvpnMIB MODULE-IDENTITY
LAST-UPDATED "201808101200Z" -- 10th August 2018 12:00:00 GMT LAST-UPDATED "201809071200Z" -- 7th September 2018 12:00:00 GMT
ORGANIZATION "IETF BESS Working Group." ORGANIZATION "IETF BESS Working Group."
CONTACT-INFO CONTACT-INFO
" Hiroshi Tsunoda " Hiroshi Tsunoda
Tohoku Institute of Technology Tohoku Institute of Technology
35-1, Yagiyama Kasumi-cho 35-1, Yagiyama Kasumi-cho
Taihaku-ku, Sendai, 982-8577 Taihaku-ku, Sendai, 982-8577
Japan Japan
Email: tsuno@m.ieice.org Email: tsuno@m.ieice.org
Comments and discussion to bess@ietf.org" Comments and discussion to bess@ietf.org"
DESCRIPTION DESCRIPTION
"This MIB module contains managed object definitions to "This MIB module contains managed object definitions to
configure and/or monitor Multicast communication over IP configure and/or monitor Multicast communication over IP
Virtual Private Networks (VPNs) supported by MultiProtocol Virtual Private Networks (VPNs) supported by MultiProtocol
Label Switching/Border Gateway Protcol (MPLS/BGP) on a Label Switching/Border Gateway Protocol (MPLS/BGP) on a
Provider Edge router (PE). Provider Edge router (PE).
Copyright (C) The Internet Society (2018). Copyright (C) The Internet Society (2018).
" "
-- Revision history. -- Revision history.
REVISION "201808101200Z" -- 10th August, 2018 REVISION "201809071200Z" -- 7th September, 2018
DESCRIPTION DESCRIPTION
"Initial version, published as RFC YYYY." "Initial version, published as RFC YYYY."
-- RFC Ed. replace YYYY with the actual RFC number and -- RFC Ed.: replace YYYY with the actual RFC number and
-- remove this note -- remove this note
::= { mib-2 AAAA } ::= { mib-2 AAAA }
-- IANA Reg.: Please assign a value for "AAAA" under the -- IANA Reg.: Please assign a value for "AAAA" under the
-- 'mib-2' subtree and record the assignment in the SMI -- 'mib-2' subtree and record the assignment in the SMI
-- Numbers registry. -- Numbers registry.
-- RFC Ed.: When the above assignment has been made, please -- RFC Ed.: When the above assignment has been made, please
-- remove the above note -- remove the above note
skipping to change at page 9, line 51 skipping to change at page 10, line 4
-- Generic MVRF Information Table -- Generic MVRF Information Table
mvpnGenericTable OBJECT-TYPE mvpnGenericTable OBJECT-TYPE
SYNTAX SEQUENCE OF MvpnGenericEntry SYNTAX SEQUENCE OF MvpnGenericEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A conceptual table containing generic information about MVPNs "A conceptual table containing generic information about MVPNs
on this PE. on this PE.
"
"
::= { mvpnObjects 2 } ::= { mvpnObjects 2 }
mvpnGenericEntry OBJECT-TYPE mvpnGenericEntry OBJECT-TYPE
SYNTAX MvpnGenericEntry SYNTAX MvpnGenericEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A conceptual row that represents an MVPN on this PE. "A conceptual row that represents an MVPN on this PE.
The MVPN represented by this entry will have one or more The MVPN represented by this entry will have one or more
corresponding P-Multicast Service Interfaces (PMSIs) corresponding P-Multicast Service Interfaces (PMSIs)
skipping to change at page 20, line 51 skipping to change at page 21, line 4
mvpnSpmsiPmsiPointer RowPointer mvpnSpmsiPmsiPointer RowPointer
} }
mvpnSpmsiCmcastGroupAddrType OBJECT-TYPE mvpnSpmsiCmcastGroupAddrType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The InetAddressType of the mvpnSpmsiCmcastGroupAddr object "The InetAddressType of the mvpnSpmsiCmcastGroupAddr object
that follows. that follows.
"
"
::= { mvpnSpmsiEntry 1 } ::= { mvpnSpmsiEntry 1 }
mvpnSpmsiCmcastGroupAddr OBJECT-TYPE mvpnSpmsiCmcastGroupAddr OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The group address of the C-flow assigned to the "The group address of the C-flow assigned to the
S-PMSI corresponding to this entry." S-PMSI corresponding to this entry."
REFERENCE REFERENCE
skipping to change at page 22, line 51 skipping to change at page 23, line 4
octets in mplsL3VpnVrfName and mvpnAdvtPeerAddr exceeds 115, octets in mplsL3VpnVrfName and mvpnAdvtPeerAddr exceeds 115,
then OIDs of column instances in this row will have more than then OIDs of column instances in this row will have more than
128 sub-identifiers and cannot be accessed using SNMPv1, 128 sub-identifiers and cannot be accessed using SNMPv1,
SNMPv2c, or SNMPv3. SNMPv2c, or SNMPv3.
" "
INDEX { INDEX {
mplsL3VpnVrfName, mplsL3VpnVrfName,
mvpnAdvtType, mvpnAdvtType,
mvpnAdvtPeerAddrType, mvpnAdvtPeerAddrType,
mvpnAdvtPeerAddr mvpnAdvtPeerAddr
}
}
::= { mvpnAdvtStatsTable 1 } ::= { mvpnAdvtStatsTable 1 }
MvpnAdvtStatsEntry ::= SEQUENCE { MvpnAdvtStatsEntry ::= SEQUENCE {
mvpnAdvtType INTEGER, mvpnAdvtType INTEGER,
mvpnAdvtPeerAddrType InetAddressType, mvpnAdvtPeerAddrType InetAddressType,
mvpnAdvtPeerAddr InetAddress, mvpnAdvtPeerAddr InetAddress,
mvpnAdvtSent Counter32, mvpnAdvtSent Counter32,
mvpnAdvtReceived Counter32, mvpnAdvtReceived Counter32,
mvpnAdvtReceivedError Counter32, mvpnAdvtReceivedError Counter32,
mvpnAdvtReceivedMalformedTunnelType Counter32, mvpnAdvtReceivedMalformedTunnelType Counter32,
skipping to change at page 44, line 50 skipping to change at page 45, line 4
mvpnGenMvrfLastAction. mvpnGenMvrfLastAction.
" "
::= { mvpnNotifications 1 } ::= { mvpnNotifications 1 }
-- MVPN MIB Conformance Information -- MVPN MIB Conformance Information
mvpnGroups OBJECT IDENTIFIER ::= { mvpnConformance 1 } mvpnGroups OBJECT IDENTIFIER ::= { mvpnConformance 1 }
mvpnCompliances OBJECT IDENTIFIER ::= { mvpnConformance 2 } mvpnCompliances OBJECT IDENTIFIER ::= { mvpnConformance 2 }
-- Compliance Statements -- Compliance Statements
mvpnModuleFullCompliance MODULE-COMPLIANCE mvpnModuleFullCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Compliance statement for agents that provide full support "Compliance statement for agents that provide full support
for the MCAST-VPN-MIB for the BGP-MPLS-LAYER3-VPN-MULTICAST-MIB
" "
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { MANDATORY-GROUPS {
mvpnScalarGroup, mvpnScalarGroup,
mvpnGenericGroup, mvpnGenericGroup,
mvpnPmsiGroup, mvpnPmsiGroup,
mvpnAdvtStatsGroup, mvpnAdvtStatsGroup,
mvpnMrouteGroup, mvpnMrouteGroup,
mvpnMrouteNextHopGroup, mvpnMrouteNextHopGroup,
mvpnNotificationGroup mvpnNotificationGroup
skipping to change at page 45, line 36 skipping to change at page 45, line 38
DESCRIPTION DESCRIPTION
"This group is mandatory for systems that support "This group is mandatory for systems that support
BGP-MVPN. BGP-MVPN.
" "
::= { mvpnCompliances 1 } ::= { mvpnCompliances 1 }
mvpnModuleReadOnlyCompliance MODULE-COMPLIANCE mvpnModuleReadOnlyCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION "Compliance requirement for implementations that DESCRIPTION "Compliance requirement for implementations that
only provide read-only support for MCAST-VPN-MIB. only provide read-only support for
Such devices can then be monitored but cannot be BGP-MPLS-LAYER3-VPN-MULTICAST-MIB. Such devices
configured using this MIB module. can then be monitored but cannot be configured
using this MIB module.
" "
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { MANDATORY-GROUPS {
mvpnScalarGroup, mvpnScalarGroup,
mvpnGenericGroup, mvpnGenericGroup,
mvpnPmsiGroup, mvpnPmsiGroup,
mvpnAdvtStatsGroup, mvpnAdvtStatsGroup,
mvpnMrouteGroup, mvpnMrouteGroup,
mvpnMrouteNextHopGroup, mvpnMrouteNextHopGroup,
mvpnNotificationGroup mvpnNotificationGroup
skipping to change at page 50, line 36 skipping to change at page 50, line 39
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects required for MVPN notifications." "Objects required for MVPN notifications."
::= { mvpnGroups 9 } ::= { mvpnGroups 9 }
END END
4. Security Considerations 4. Security Considerations
This MIB module contains some read-only objects that may be deemed This MIB module contains some read-only objects that may be deemed
senstive. It also contains some read-write objects, whose setting sensitive. It also contains some read-write objects, whose setting
will change the device's MVPN related behavior. Appropriate security will change the device's MVPN related behavior. Appropriate security
procedures related to SNMP in general but not specific to this MIB procedures related to SNMP in general but not specific to this MIB
module need to be implemented by concerned operators. module need to be implemented by concerned operators.
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write. Such objects may be with a MAX-ACCESS clause of read-write. Such objects may be
considered sensitive or vulnerable in some network environments. The considered sensitive or vulnerable in some network environments. The
support for SET operations in a non-secure environment without proper support for SET operations in a non-secure environment without proper
protection opens devices to attack. These are the tables and objects protection opens devices to attack. These are the tables and objects
and their sensitivity/vulnerability: and their sensitivity/vulnerability:
skipping to change at page 50, line 49 skipping to change at page 51, line 4
module need to be implemented by concerned operators. module need to be implemented by concerned operators.
There are a number of management objects defined in this MIB module There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write. Such objects may be with a MAX-ACCESS clause of read-write. Such objects may be
considered sensitive or vulnerable in some network environments. The considered sensitive or vulnerable in some network environments. The
support for SET operations in a non-secure environment without proper support for SET operations in a non-secure environment without proper
protection opens devices to attack. These are the tables and objects protection opens devices to attack. These are the tables and objects
and their sensitivity/vulnerability: and their sensitivity/vulnerability:
o mvpnSPTunnelLimit o mvpnSPTunnelLimit
The value of this object is used to control the maximum number of The value of this object is used to control the maximum number of
selective provider tunnels that a PE allows for a particular MVPN. selective provider tunnels that a PE allows for a particular MVPN.
Access to this object may be abused to impact the peformance of Access to this object may be abused to impact the performance of
the PE or prevent the PE from having new selective provider the PE or prevent the PE from having new selective provider
tunnels. tunnels.
o mvpnBgpCmcastRouteWithdrawalTimer o mvpnBgpCmcastRouteWithdrawalTimer
The value of this object is used to control the delay for the The value of this object is used to control the delay for the
advertisement of withdrawals of C-multicast routes. Access to advertisement of withdrawals of C-multicast routes. Access to
this object may be abused to impact the peformance of a PE. this object may be abused to impact the performance of a PE.
o mvpnBgpSrcSharedTreeJoinTimer o mvpnBgpSrcSharedTreeJoinTimer
The value of this object is used to control the delay for the The value of this object is used to control the delay for the
advertisement of Source/Shared Tree Join C-multicast routes. advertisement of Source/Shared Tree Join C-multicast routes.
Access to this object may be abused to impact the propagation of Access to this object may be abused to impact the propagation of
C-multicast routing information. C-multicast routing information.
o mvpnBgpMsgRateLimit o mvpnBgpMsgRateLimit
The value of this object is used to control the upper bound for The value of this object is used to control the upper bound for
the rate of BGP C-multicast routing information message exchange the rate of BGP C-multicast routing information message exchange
among PEs. Access to this object may be abused to impact the among PEs. Access to this object may be abused to impact the
peformance of the PE or disrupt the C-multicast routing performance of the PE or disrupt the C-multicast routing
information message exchange using BGP. information message exchange using BGP.
o mvpnBgpMaxSpmsiAdRoutes o mvpnBgpMaxSpmsiAdRoutes
The value of this object is used to control the upper bound for The value of this object is used to control the upper bound for
the number of S-PMSI A-D routes. Access to this object may be the number of S-PMSI A-D routes. Access to this object may be
abused to impact the peformance of the PE or prevent the PE from abused to impact the performance of the PE or prevent the PE from
receiving S-PMSI A-D routes. receiving S-PMSI A-D routes.
o mvpnBgpMaxSpmsiAdRouteFreq o mvpnBgpMaxSpmsiAdRouteFreq
The value of this object is used to control the upper bound for The value of this object is used to control the upper bound for
the frequency of S-PMSI A-D route generation. Access to this the frequency of S-PMSI A-D route generation. Access to this
object may be abused to impact the peformance of the PE or prevent object may be abused to impact the performance of the PE or
the PE from generating new S-PMSI A-D routes. prevent the PE from generating new S-PMSI A-D routes.
o mvpnBgpMaxSrcActiveAdRoutes o mvpnBgpMaxSrcActiveAdRoutes
The value of this object is used to control the upper bound for The value of this object is used to control the upper bound for
the number of Source Active A-D routes. Access to this object may the number of Source Active A-D routes. Access to this object may
be abused to impact the peformance of the PE or prevent the PE be abused to impact the performance of the PE or prevent the PE
from receiving Source Active A-D routes. from receiving Source Active A-D routes.
o mvpnBgpMaxSrcActiveAdRouteFreq o mvpnBgpMaxSrcActiveAdRouteFreq
The value of this object is used to control the upper bound for The value of this object is used to control the upper bound for
the frequency of Source Active A-D route generation. Access to the frequency of Source Active A-D route generation. Access to
this object may be abused to impact the peformance of the PE or this object may be abused to impact the performance of the PE or
prevent the PE from generating new Source Active A-D routes. prevent the PE from generating new Source Active A-D routes.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
skipping to change at page 52, line 35 skipping to change at page 52, line 38
* mvpnSpmsiCmcastSourceAddr * mvpnSpmsiCmcastSourceAddr
* mvpnAdvtPeerAddr * mvpnAdvtPeerAddr
* mvpnMrouteCmcastGroupAddr * mvpnMrouteCmcastGroupAddr
* mvpnMrouteCmcastSourceAddrs * mvpnMrouteCmcastSourceAddrs
* mvpnMrouteUpstreamNeighborAddr * mvpnMrouteUpstreamNeighborAddr
* mvpnMrouteRtAddr
* mvpnMrouteNextHopGroupAddr * mvpnMrouteNextHopGroupAddr
* mvpnMrouteNextHopSourceAddrs * mvpnMrouteNextHopSourceAddrs
* mvpnMrouteNextHopAddr * mvpnMrouteNextHopAddr
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec), Even if the network itself is secure (for example by using IPsec),
there is no control as to who on the secure network is allowed to there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this access and GET/SET (read/change/create/delete) the objects in this
skipping to change at page 53, line 21 skipping to change at page 53, line 27
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
5. IANA Considerations 5. IANA Considerations
The MIB module in this document uses the following IANA-assigned The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value Name Description OBJECT IDENTIFIER value
---------- ----------------------- ------- --------------------------------- ----------------------
mvpnMIB { mib-2 AAAA } mvpnMIB BGP-MPLS-LAYER3-VPN-MULTICAST-MIB { mib-2 AAAA }
Editor's Note (to be removed prior to publication): the IANA is Editor's Note (to be removed prior to publication): the IANA is
requested to assign a value for "AAAA" under the 'mib-2' subtree and requested to assign a value for "AAAA" under the 'mib-2' subtree and
to record the assignment in the SMI Numbers registry. When the to record the assignment in the SMI Numbers registry. When the
assignment has been made, the RFC Editor is asked to replace "AAAA" assignment has been made, the RFC Editor is asked to replace "AAAA"
(here and in the MIB module) with the assigned value and to remove (here and in the MIB module) with the assigned value and to remove
this note. this note.
6. Acknowledgement 6. Acknowledgement
skipping to change at page 56, line 20 skipping to change at page 56, line 20
[RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I.,
Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent
Multicast - Sparse Mode (PIM-SM): Protocol Specification Multicast - Sparse Mode (PIM-SM): Protocol Specification
(Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March
2016, <https://www.rfc-editor.org/info/rfc7761>. 2016, <https://www.rfc-editor.org/info/rfc7761>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFCXXXX] Zhang, Z. and H. Tsunoda, "L2L3 VPN Multicast MIB", draft-
ietf-bess-l2l3-vpn-mcast-mib-16 (work in progress),
September 2018.
[RTPROTO] IANA, "IP Route Protocol MIB", 2016, [RTPROTO] IANA, "IP Route Protocol MIB", 2016,
<http://www.iana.org/assignments/ianaiprouteprotocol-mib>. <http://www.iana.org/assignments/ianaiprouteprotocol-mib>.
7.2. Informative References 7.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, DOI 10.17487/ Standard Management Framework", RFC 3410, DOI 10.17487/
RFC3410, December 2002, <https://www.rfc-editor.org/info/ RFC3410, December 2002, <https://www.rfc-editor.org/info/
rfc3410>. rfc3410>.
 End of changes. 38 change blocks. 
42 lines changed or deleted 51 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/