--- 1/draft-ietf-l2vpn-vpls-mib-14.txt 2014-02-21 11:14:36.527104858 -0800 +++ 2/draft-ietf-l2vpn-vpls-mib-15.txt 2014-02-21 11:14:36.615107007 -0800 @@ -1,24 +1,24 @@ L2VPN Working Group Thomas D. Nadeau (Ed.) Internet Draft Lucid Vision Intended status: Standards Track -Expires: July 2014 A S Kiran Koushik (Ed.) +Expires: Aug 2014 Agrahara S Kiran Koushik (Ed.) Cisco Systems, Inc. Rohit Mediratta (Ed.) Alcatel-Lucent - January 30, 2014 + Feburary 19, 2014 Virtual Private Lan Services (VPLS) Management Information Base - draft-ietf-l2vpn-vpls-mib-14.txt + draft-ietf-l2vpn-vpls-mib-15.txt Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow @@ -38,21 +38,21 @@ Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 This Internet-Draft will expire on July 30, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents @@ -81,42 +81,42 @@ 4. VPLS MIB Module Architecture...................................4 4.1. VPLS-GENERIC-MIB Module Usage.............................5 4.2. VPLS-LDP-MIB Module Usage.................................5 4.3. VPLS-BGP-MIB Module Usage.................................5 4.4. Relations to other MIB modules............................6 5. Example of the VPLS MIB modules usage..........................6 6. Object definitions.............................................7 6.1. VPLS-GENERIC-MIB..........................................7 6.2. VPLS-LDP-MIB Object definitions..........................28 6.3. VPLS-BGP-MIB Object definitions..........................34 - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 7. Security Considerations.......................................42 8. IANA Considerations...........................................43 9. References....................................................43 9.1. Normative References.....................................43 9.2. Informative References...................................44 10. Acknowledgments..............................................45 11. Authors' Addresses...........................................45 12. Full Copyright Statement.....................................45 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet - community. In particular, it defines a MIB module that can be used - to manage VPLS (Virtual Private LAN Services) for transmission over - a packet Switched Network (PSN) using LDP [RFC4762] or BGP [RFC4761] - signaling. This MIB module provides generic management of VPLS - services as defined by the IETF L2VPN Working Group. Additional MIB - modules are also defined for management of LDP VPLS and BGP VPLS - services as defined by the IETF L2VPN Working Group. + community. In particular, it defines three MIB modules that can be + used to manage VPLS (Virtual Private LAN Services) for transmission + over a packet Switched Network (PSN) using LDP [RFC4762] or + BGP [RFC4761] signaling. This MIB module provides generic management + of VPLS services as defined by the IETF L2VPN Working Group. + Additional MIB modules are also defined for management of LDP VPLS + and BGP VPLS services as defined by the IETF L2VPN Working Group. 2. Terminology This document adopts the definitions, acronyms and mechanisms described in [RFC3985]. Unless otherwise stated, the mechanisms of [RFC3985] apply and will not be re-described here. 2.1. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", @@ -131,34 +131,37 @@ Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a set of MIB modules that are compliant to the SMIv2, which is described in STD 58 [RFC2578][RFC2579][RFC2580]. 4. VPLS MIB Module Architecture - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 The MIB structure for defining a VPLS service is composed from three MIB modules. - The first is the VPLS-GENERIC-MIB module, which configures general - parameters of the VPLS service that are common to all types of VPLS - services. + The first is the VPLS-GENERIC-MIB module, which configures + general parameters of the VPLS service that are common to all + types of VPLS services. - The second is the VPLS-LDP-MIB module, which configures VPLS-LDP - [RFC4762] specific parameters of the VPLS service. + The second is the VPLS-LDP-MIB module, which configures + VPLS-LDP [RFC4762] specific parameters of the VPLS service. - The third is the VPLS-BGP-MIB module, which configures VPLS-BGP - [RFC4761] specific parameters of the VPLS service. + The third is the VPLS-BGP-MIB module, which configures + VPLS-BGP [RFC4761] specific parameters of the VPLS service. + + The arrows in Figure A indicate whether we can map data from + one module into another. -------- ----------------- PW Mapping | | | | -----> | PW-MIB |-->|PW-ENET/MPLS-MIB | __________ / | | | | | | / -------- ----------------- | VPLS MIB | / ------------ | |----------------------> | | ---------- MAC addr. mapping using | BRIDGE-MIB | [SNMP-CONTEXT-MAP-MIB] | | @@ -179,21 +182,21 @@ A conceptual row can be created in the vplsConfigTable in one of the following ways: 1) An NMS creates a row in the vplsConfigTable using SNMP Set requests which causes the node to create and start a new VPLS service. The agent MUST support the creation of VPLS services in this way. 2) The agent MAY create a row in the vplsConfigTable automatically due to some auto discovery application, or based on - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 configuration that is done through non-SNMP applications. This mode is OPTIONAL. At least one entry in the vplsPwBindTable MUST exist for each VPLS service. This binding table links one VPLS service with one or many pseudowires (defined in [RFC5601]). Each pseudowire may be used as a spoke or as part of a mesh based on the parameters defined in this table. @@ -228,39 +231,39 @@ a mapping between the vacmContextName [RFC3415] to dot1dBasePort [RFC4188] and vplsConfigIndex. This mapping can be used to map the vplsConfigIndex to a dot1dBasePort in the BRIDGE-MIB. This resulting value of dot1dBasePort can be used to access corresponding MAC addresses that belong to a particular vplsConfigIndex. - Unless all the necessary entries in the applicable tables have been created and all the parameters have been consistently configured in those tables, signaling cannot be performed - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 from the local node, and the vplsConfigRowStatus should report 'notReady'. - Statistics can be gathered from the Pseudowire performance tables in [RFC5601] 5. Example of the VPLS MIB modules usage In this section we provide an example of using the MIB objects described in section 7 to set up a VPLS service over MPLS. While this example is not meant to illustrate every permutation of the MIB, it is intended as an aid to understanding some of the key concepts. It is meant to be read after going through the MIB itself. In this example a VPLS service (VPLS-A) is setup using LDP for - signaling the pseudowire. The binding between the VPLS service and - the pseudowire is reflected in the VplsPwBindTable. + signaling the pseudowire. The binding between the VPLS service + and the pseudowire is reflected in the VplsPwBindTable. The pseudowire configuration is defined in RFC 5601. In the VPLS-GENERIC-MIB module: Row in vplsConfigTable: { vplsConfigIndex 10, vplsConfigName "VPLS-A" vplsConfigAdminStatus 1(up), vplsConfigMacLearning 1(true), @@ -276,21 +279,21 @@ vplsStatusPeerCount 1 } Row in VplsPwBindTable : { vplsPwBindConfigType manual, vplsPwBindType spoke, vplsPwBindRowStatus 1(active), vplsPwBindStorageType volatile } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 In the VPLS-LDP-MIB module: Row in vplsLdpConfigTable: { vplsLdpConfigMacAddrWithdraw 1(true), } Row in vplsLdpPwBindTable: @@ -322,21 +325,21 @@ SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC3411 pwIndex FROM PW-STD-MIB VPNIdOrZero FROM VPN-TC-STD-MIB -- RFC4265 - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 ; vplsGenericDraft01MIB MODULE-IDENTITY -- RFC Editor: Please replace vplsGenericDraft01MIB with -- vplsGenericMIB throughout the MIB and remove -- this note. LAST-UPDATED "201401301200Z" -- 30 Jan 2014 12:00:00 GMT ORGANIZATION "Layer 2 Virtual Private Networks (L2VPN) Working Group" @@ -351,92 +354,73 @@ DESCRIPTION "Copyright (C) The IETF Trust (2014). The initial version of this MIB module was published in RFC XXXX. -- RFC Editor: Please replace XXXX with RFC number & remove -- this note. For full legal notices see the RFC itself or see: http://www.ietf.org/copyrights/ianamib.html This MIB module contains generic managed object definitions - for Virtual Private LAN Services as define in [RFC4762] and - [RFC4761] + for Virtual Private LAN Services as define in RFC4762 and + RFC4761. This MIB module enables the use of any underlying Pseudowire network." -- Revision history. REVISION "201401301200Z" -- 30 Jan 2014 12:00:00 GMT - - DESCRIPTION - "1) Changed the OID for vplsBgpRteTargetTable from vplsObjects.6 - to vplsObjects.5 - 2) Index to VplsPwBindTable is now pwIndex, not vplsPwBindIndex. - 3) vplsConfigMtu increased to 9192 - 4) Default value for vplsConfigStorageType changed to - nonvolatile. - 5) vplsConfigServiceType should be a property of each PW. Deleting - this object and adjusting the corresponding object indexes." - REVISION - VPLS Management Information Base Jan, 2014 - - "200608301200Z" -- 30 August 2006 12:00:00 GMT - - DESCRIPTION - "Changes from previous version: - 1) Moved LDP Specific information to VPLS-LDP-MIB - 2) Created the vplsStatusTable to store status information. - " - REVISION - "200606041200Z" -- 4 June 2006 12:00:00 GMT + VPLS Management Information Base Feb, 2014 DESCRIPTION "Initial version published as part of RFC YYYY." -- RFC Editor: please replace YYYY with IANA assigned value, and -- delete this note. - ::= { transmission XXXX } + ::= { transmission AAA } - -- RFC Editor: please replace XXXX with IANA assigned value, and + -- RFC Editor: please replace AAA with IANA assigned value, and -- delete this note. -- VPLS BGP Auto-Discovery specific Textual Convention VplsBgpRouteDistinguisher ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION - "Syntax for a route distinguisher. For a complete - definition of a route distinguisher, see [RFC4364]. + "Syntax for a route distinguisher that matches the + definition in RFC4364. For a complete + definition of a route distinguisher, see RFC4364. For more details on use of a route distinguisher - for a VPLS service, see [RFC4761]" + for a VPLS service, see RFC4761." REFERENCE - "[RFC4364]" + "RFC4364" SYNTAX OCTET STRING(SIZE (0..256)) VplsBgpRouteTarget ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION - "Syntax for a route target. For a complete - definition of a route target, see [RFC4364]." + "Syntax for a route target that matches the + definition in RFC4364. For a complete + definition of a route target, see RFC4364." REFERENCE - "[RFC4364]" + "RFC4364" SYNTAX OCTET STRING(SIZE (0..256)) VplsBgpRouteTargetType ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "Used to define the type of a route target usage. Route targets can be specified to be imported, exported, or both. For a complete definition of a - route target, see [RFC4364]." + route target, see RFC4364." REFERENCE - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 - "[RFC4364]" + "RFC4364" SYNTAX INTEGER { import(1), export(2), both(3) } -- Top-level components of this MIB. -- Notifications vplsNotifications OBJECT IDENTIFIER ::= { vplsGenericDraft01MIB 0 } -- Tables, Scalars vplsObjects OBJECT IDENTIFIER ::= { vplsGenericDraft01MIB 1 } @@ -468,41 +452,41 @@ vplsConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF VplsConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies information for configuring and monitoring Virtual Private Lan Services(VPLS). " ::= { vplsObjects 2 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 vplsConfigEntry OBJECT-TYPE SYNTAX VplsConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table represents a Virtual Private Lan Service(VPLS) in a packet network. It is indexed by vplsConfigIndex, which uniquely identifies a single VPLS. A row is created via SNMP or by the agent if a VPLS service is created by a non-SNMP application or due to the Auto-Discovery process. All of the read-create objects values except vplsConfigSignalingType can be changed when vplsConfigRowStatus is in the active(1) - state. Changes for vplsConfigSignalingType are only allowed - when the vplsConfigRowStatus is in notInService(2) or - notReady(3) states. + state. Changes for vplsConfigSignalingType are only + allowed when the vplsConfigRowStatus is in + notInService(2) or notReady(3) states. " INDEX { vplsConfigIndex } ::= { vplsConfigTable 1 } VplsConfigEntry ::= SEQUENCE { vplsConfigIndex Unsigned32, vplsConfigName SnmpAdminString, vplsConfigDescr SnmpAdminString, vplsConfigAdminStatus INTEGER, @@ -514,21 +498,21 @@ vplsConfigRowStatus RowStatus, vplsConfigMtu Unsigned32, vplsConfigVpnId VPNIdOrZero, vplsConfigStorageType StorageType, vplsConfigSignalingType INTEGER } vplsConfigIndex OBJECT-TYPE SYNTAX Unsigned32 (1..2147483647) MAX-ACCESS not-accessible - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 STATUS current DESCRIPTION "Unique index for the conceptual row identifying a VPLS service." ::= { vplsConfigEntry 1 } vplsConfigName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create @@ -564,21 +548,21 @@ STATUS current DESCRIPTION "The desired administrative state of the VPLS service. If the administrative status of the VPLS service is changed to enabled then this service is able to utilize pseudowires to perform the tasks of a VPLS service. The testing(3) state indicates that no operational packets can be passed. " DEFVAL { down } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 ::= { vplsConfigEntry 4 } vplsConfigMacLearning OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies if MAC Learning is enabled in this service. If this object is true then MAC @@ -613,37 +597,40 @@ vplsConfigFwdFullHighWatermark OBJECT-TYPE SYNTAX Unsigned32 (0..100) UNITS "percentage" MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the utilization of the forwarding database for this VPLS instance at which the vplsFwdFullAlarmRaised notification - will be sent." + will be sent. The value of this object must + be higher than vplsConfigFwdFullLowWatermark." - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 DEFVAL { 95 } ::= { vplsConfigEntry 10 } vplsConfigFwdFullLowWatermark OBJECT-TYPE - SYNTAX Unsigned32 (0..100) + SYNTAX Unsigned32 (0..99) UNITS "percentage" MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the utilization of the forwarding database for this VPLS instance at which the vplsFwdFullAlarmCleared - notification will be sent." + notification will be sent. The value of this + object must be less than + vplsConfigFwdFullHighWatermark" DEFVAL { 90 } ::= { vplsConfigEntry 11 } vplsConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "For creating, modifying, and deleting this row. @@ -664,21 +651,21 @@ SYNTAX Unsigned32 (64..9192) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object specifies the MTU of this vpls instance. This can be used to limit the MTU to a value lower than the MTU supported by the associated Pseudowires" DEFVAL { 1518 } ::= { vplsConfigEntry 13 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 vplsConfigVpnId OBJECT-TYPE SYNTAX VPNIdOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "This objects indicates the IEEE 802-1990 VPN ID of the associated VPLS service." ::= { vplsConfigEntry 14 } @@ -713,21 +700,21 @@ indicates a static configuration of PW labels." DEFVAL { none } ::= { vplsConfigEntry 16 } -- VPLS Status table vplsStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF VplsStatusEntry MAX-ACCESS not-accessible STATUS current - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 DESCRIPTION "This table provides information for monitoring Virtual Private Lan Services (VPLS). " ::= { vplsObjects 3 } vplsStatusEntry OBJECT-TYPE SYNTAX VplsStatusEntry MAX-ACCESS not-accessible @@ -762,21 +749,21 @@ ::= { vplsStatusEntry 1 } vplsStatusPeerCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This objects specifies the number of peers (pseudowires) present in this VPLS instance." ::= { vplsStatusEntry 2 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 -- VPLS PW Binding Table vplsPwBindTable OBJECT-TYPE SYNTAX SEQUENCE OF VplsPwBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table provides an association between a VPLS service and the corresponding pseudowires. @@ -812,21 +799,21 @@ VplsPwBindEntry ::= SEQUENCE { vplsPwBindConfigType INTEGER, vplsPwBindType INTEGER, vplsPwBindRowStatus RowStatus, vplsPwBindStorageType StorageType } vplsPwBindConfigType OBJECT-TYPE SYNTAX INTEGER { - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 manual (1), autodiscovery (2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The value of this object indicates whether the Pseudo Wire binding was created via SNMP/Console or via Auto-Discovery. @@ -863,21 +850,21 @@ All other objects in this row must be set to valid values before this object can be set to active(1). None of the read-create objects in the conceptual rows may be changed when this object is in the active(1) state. If autodiscovered entries are deleted they would likely re-appear in the next autodiscovery interval." - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 ::= { vplsPwBindEntry 3 } vplsPwBindStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This variable indicates the storage type for this row." DEFVAL { volatile } @@ -905,70 +892,70 @@ A row in this table is indexed by vplsConfigIndex, which uniquely identifies a single VPLS. Entries in this table may be created or deleted through SNMP, as side-effects of console or other non-SNMP management commands, or upon learning via autodiscovery. All of the read-create objects can be changed when vplsBGPADConfigRowStatus is in active(1) state." - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 INDEX { vplsConfigIndex } ::= { vplsBgpADConfigTable 1 } VplsBgpADConfigEntry ::= SEQUENCE { vplsBgpADConfigRouteDistinguisher VplsBgpRouteDistinguisher, vplsBgpADConfigPrefix Unsigned32, vplsBgpADConfigVplsId VplsBgpRouteDistinguisher, vplsBgpADConfigRowStatus RowStatus, vplsBgpADConfigStorageType StorageType } vplsBgpADConfigRouteDistinguisher OBJECT-TYPE SYNTAX VplsBgpRouteDistinguisher MAX-ACCESS read-create STATUS current DESCRIPTION - " The route distinguisher for this VPLS. See [RFC4364] + " The route distinguisher for this VPLS. See RFC4364 for a complete definition of a route distinguisher. for more details on use of a route distinguisher - for a VPLS service, see [RFC4761]. When not configured, the + for a VPLS service, see RFC4761. When not configured, the value is derived from the lower 6 bytes of vplsBgpADConfigVplsId. " ::= { vplsBgpADConfigEntry 1 } vplsBgpADConfigPrefix OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION " In case of auto-discovery the default prefix advertised is the IP address of the loopback. In case the user wants to override the loopback address, vplsBgpADConfigPrefix should be set. When this value is non-zero this value is used along with vplsBgpADConfigRouteDistinguisher in the - NLRI, see [RFC6074] + NLRI, see RFC6074 " DEFVAL { 0 } ::= { vplsBgpADConfigEntry 2 } vplsBgpADConfigVplsId OBJECT-TYPE SYNTAX VplsBgpRouteDistinguisher MAX-ACCESS read-create STATUS current DESCRIPTION " VplsId is a unique identifier for all VSIs belonging to - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 the same VPLS. It is advertised as an extended community. " ::= { vplsBgpADConfigEntry 3 } vplsBgpADConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION @@ -992,38 +979,39 @@ ::= { vplsBgpADConfigEntry 5 } -- vplsBgpRteTargetTable vplsBgpRteTargetTable OBJECT-TYPE SYNTAX SEQUENCE OF VplsBgpRteTargetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION " This table specifies the list of Route Targets - imported or exported by BGP during auto-discovery of VPLS. + imported or exported by BGP during + auto-discovery of VPLS. " ::= { vplsObjects 6 } vplsBgpRteTargetEntry OBJECT-TYPE SYNTAX VplsBgpRteTargetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table specifies the value of the Route Target being used by BGP. Depending on the value - of vplsBgpRteTargetType a Route Target might be exported or - VPLS Management Information Base Jan, 2014 + of vplsBgpRteTargetType a Route Target might be + VPLS Management Information Base Feb, 2014 - imported or both. Every VPLS which - uses auto-discovery for finding peer nodes can import and - export multiple Route Targets. This representation allows - support for hierarchical VPLS. + exported or imported or both. Every VPLS which + uses auto-discovery for finding peer nodes can + import and export multiple Route Targets. This + representation allows support for hierarchical VPLS. Entries in this table may be created or deleted through SNMP, as side-effects of console or other non-SNMP management commands, or upon learning via autodiscovery. It is optional for the agent to allow entries to be created that point to non-existent entries in vplsConfigTable." INDEX { vplsConfigIndex, vplsBgpRteTargetIndex } @@ -1039,45 +1027,45 @@ } vplsBgpRteTargetIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "This index along with vplsConfigIndex, identifies one entry in the vplsBgpRteTargetTable. By keeping vplsConfigIndex constant and using new value of - vplsBgpRteTargetIndex users can configure multiple Route - Targets for the same VPLS. + vplsBgpRteTargetIndex users can configure multiple + Route Targets for the same VPLS. " ::= { vplsBgpRteTargetEntry 1 } vplsBgpRteTargetRTType OBJECT-TYPE SYNTAX VplsBgpRouteTargetType MAX-ACCESS read-create STATUS current DESCRIPTION " Used to define the type of a route target usage. Route targets can be specified to be imported, exported, or both. For a complete definition of a - route target, see [RFC4364]." + route target, see RFC4364." ::= { vplsBgpRteTargetEntry 2 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 vplsBgpRteTargetRT OBJECT-TYPE SYNTAX VplsBgpRouteTarget MAX-ACCESS read-create STATUS current DESCRIPTION " The route target associated with the VPLS service. For more details on use of route targets - for a VPLS service, see [RFC4761] + for a VPLS service, see RFC4761. " ::= { vplsBgpRteTargetEntry 3 } vplsBgpRteTargetRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This variable is used to create, modify, and/or delete a row in this table. @@ -1102,25 +1090,25 @@ ::= { vplsBgpRteTargetEntry 5 } vplsStatusNotifEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is set to true(1), then it enables the emission of vplsStatusChanged notification, otherwise this notification is not - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 emitted." REFERENCE - "See also [RFC3413] for explanation that + "See also RFC3413 for explanation that notifications are under the ultimate control of the MIB module in this document." DEFVAL { false } ::= { vplsObjects 7 } vplsNotificationMaxRate OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION @@ -1140,60 +1128,60 @@ vplsConfigVpnId, vplsConfigAdminStatus, vplsStatusOperStatus } STATUS current DESCRIPTION "The vplsStatusChanged notification is generated when there is a change in the administrative or operating status of a VPLS service. - The object instances included in the notification are - the ones associated with the VPLS service whose - status has changed." + The object instances included in the notification + are the ones associated with the VPLS service + whose status has changed." ::= { vplsNotifications 1 } vplsFwdFullAlarmRaised NOTIFICATION-TYPE OBJECTS { vplsConfigVpnId, vplsConfigFwdFullHighWatermark, vplsConfigFwdFullLowWatermark } STATUS current - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 DESCRIPTION "The vplsFwdFullAlarmRaised notification is generated when the utilization of the Forwarding database is above the value specified by vplsConfigFwdFullHighWatermark. - The object instances included in the notification are - the ones associated with the VPLS service which has - exceeded the threshold." + The object instances included in the notification + are the ones associated with the VPLS service + which has exceeded the threshold." ::= { vplsNotifications 2 } vplsFwdFullAlarmCleared NOTIFICATION-TYPE OBJECTS { vplsConfigVpnId, vplsConfigFwdFullHighWatermark, vplsConfigFwdFullLowWatermark } STATUS current DESCRIPTION "The vplsFwdFullAlarmCleared notification is generated when the utilization of the Forwarding database is below the value specified by vplsConfigFwdFullLowWatermark. - The object instances included in the notification are - the ones associated with the VPLS service which has - fallen below the threshold." + The object instances included in the notification + are the ones associated with the VPLS service + which has fallen below the threshold." ::= { vplsNotifications 3 } -- Conformance Section vplsCompliances OBJECT IDENTIFIER ::= { vplsConformance 1 } -- Compliance requirement for fully compliant implementations vplsModuleFullCompliance MODULE-COMPLIANCE STATUS current @@ -1202,21 +1190,21 @@ provide full support for VPLS-GENERIC-MIB. Such devices can then be monitored and configured using this MIB module." MODULE -- this module MANDATORY-GROUPS { vplsGroup, vplsPwBindGroup, vplsNotificationGroup } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 ::= { vplsCompliances 1 } -- Compliance requirement for read-only implementations. vplsModuleReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance requirement for implementations that only provide read-only support for VPLS-GENERIC-MIB. @@ -1250,21 +1238,21 @@ OBJECT vplsConfigMacLearning MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT vplsConfigDiscardUnknownDest MIN-ACCESS read-only DESCRIPTION "Write access is not required." - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 OBJECT vplsConfigMacAging MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT vplsConfigFwdFullHighWatermark MIN-ACCESS read-only DESCRIPTION @@ -1299,21 +1287,21 @@ MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { vplsCompliances 2 } -- Units of conformance. vplsGroups OBJECT IDENTIFIER ::= { vplsConformance 2 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 vplsGroup OBJECT-GROUP OBJECTS { vplsConfigName, vplsBgpADConfigRouteDistinguisher, vplsBgpRteTargetRTType, vplsBgpRteTargetRT, vplsBgpRteTargetRowStatus, vplsBgpRteTargetStorageType, vplsBgpADConfigPrefix, @@ -1349,21 +1337,21 @@ vplsPwBindConfigType, vplsPwBindType, vplsPwBindRowStatus, vplsPwBindStorageType } STATUS current DESCRIPTION "The group of objects supporting management of - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 Pseudo Wire (PW) Binding to VPLS." ::= { vplsGroups 2 } vplsNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { vplsStatusChanged, vplsFwdFullAlarmRaised, vplsFwdFullAlarmCleared } @@ -1398,70 +1386,67 @@ FROM PW-STD-MIB vplsConfigIndex, vplsConfigName FROM VPLS-GENERIC-MIB; vplsLdpDraft01MIB MODULE-IDENTITY -- RFC Editor: Please replace vplsLdpDraft01MIB with -- vplsLdpMIB throughout the MIB and remove -- this note. - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 LAST-UPDATED "201401301200Z" -- 30 Jan 2014 12:00:00 GMT ORGANIZATION "Layer 2 Virtual Private Networks (L2VPN) Working Group" CONTACT-INFO " Rohit Mediratta Email: Rohit.mediratta@alcatel-lucent.com - The L2VPN Working Group (email distribution l2vpn@ietf.org, + The L2VPN Working Group + (email distribution l2vpn@ietf.org, http://www.ietf.org/html.charters/l2vpn-charter.html) " DESCRIPTION "Copyright (C) The IETF Trust (2014). The initial version of this MIB module was published in RFC XXXX. -- RFC Editor: Please replace XXXX with RFC number & remove -- this note. For full legal notices see the RFC itself or see: http://www.ietf.org/copyrights/ianamib.html This MIB module contains managed object definitions for LDP signaled Virtual Private LAN Services as in - [RFC4762] + RFC4762 - This MIB module enables the use of any underlying pseudowire - network. " + This MIB module enables the use of any + underlying pseudowire network. " -- Revision history. REVISION "201401230200Z" -- 30 Jan 2014 12:00:00 GMT - DESCRIPTION "Editorial changes." - - REVISION - "200608301200Z" -- 30 Aug 2006 12:00:00 GMT DESCRIPTION "Initial version published as part of RFC YYYY." -- RFC Editor: please replace YYYY with IANA assigned value, and -- delete this note. - ::= { transmission XXXX } - -- RFC Editor: please replace XXXX with IANA assigned value, and + ::= { transmission BBB } + -- RFC Editor: please replace BBB with IANA assigned value, and -- delete this note. -- Top-level components of this MIB. -- Notifications - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 vplsLdpNotifications OBJECT IDENTIFIER ::= { vplsLdpDraft01MIB 0 } -- Tables, Scalars vplsLdpObjects OBJECT IDENTIFIER ::= { vplsLdpDraft01MIB 1 } -- Conformance vplsLdpConformance OBJECT IDENTIFIER ::= { vplsLdpDraft01MIB 2 } @@ -1475,48 +1460,48 @@ and monitoring LDP specific parameters for Virtual Private Lan Services (VPLS)." ::= { vplsLdpObjects 1 } vplsLdpConfigEntry OBJECT-TYPE SYNTAX VplsLdpConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table represents LDP specific information - for Virtual Private Lan Services (VPLS) in a packet network. - It is indexed by vplsConfigIndex, which uniquely + for Virtual Private Lan Services (VPLS) in a packet + network. It is indexed by vplsConfigIndex, which uniquely identifies a single VPLS. A row is automatically created when a VPLS service is configured using LDP signaling. All of the writable objects values can be changed when vplsConfigRowStatus is in the active(1) state. " INDEX { vplsConfigIndex } ::= { vplsLdpConfigTable 1 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 VplsLdpConfigEntry ::= SEQUENCE { vplsLdpConfigMacAddrWithdraw TruthValue } vplsLdpConfigMacAddrWithdraw OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies if MAC address withdrawal - is enabled in this service. If this object is true then - MAC address withdrawal is enabled. If false, + is enabled in this service. If this object is true + then MAC address withdrawal is enabled. If false, then MAC address withdrawal is disabled." DEFVAL { true } ::= { vplsLdpConfigEntry 1 } -- VPLS LDP PW Binding Table vplsLdpPwBindTable OBJECT-TYPE SYNTAX SEQUENCE OF VplsLdpPwBindEntry MAX-ACCESS not-accessible STATUS current @@ -1539,38 +1524,38 @@ in describing an entry in this table. However both indexes are required to define the one to many association of service to pseudowire. An entry in this table in instantiated only when LDP signaling is used to configure VPLS service. Each entry in this table provides LDP specific information for the VPLS represented by - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 vplsConfigIndex." INDEX { vplsConfigIndex, pwIndex } ::= { vplsLdpPwBindTable 1 } VplsLdpPwBindEntry ::= SEQUENCE { vplsLdpPwBindMacAddressLimit Unsigned32 } vplsLdpPwBindMacAddressLimit OBJECT-TYPE SYNTAX Unsigned32 (0..4294967295) MAX-ACCESS read-write STATUS current DESCRIPTION - "The value of this object specifies the maximum number - of learned and static entries allowed in the + "The value of this object specifies the maximum + number of learned and static entries allowed in the Forwarding database for this PW Binding. The value 0 means there is no limit for this PW Binding." DEFVAL { 0 } ::= { vplsLdpPwBindEntry 1 } -- VPLS LDP Service Notifications vplsLdpPwBindMacTableFull NOTIFICATION-TYPE OBJECTS { vplsConfigName, @@ -1587,21 +1572,21 @@ vplsLdpCompliances OBJECT IDENTIFIER ::= { vplsLdpConformance 1 } -- Compliance requirement for fully compliant implementations vplsLdpModuleFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance requirement for implementations that - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 provide full support for VPLS-LDP-MIB. Such devices can then be monitored and configured using this MIB module." MODULE -- this module MANDATORY-GROUPS { vplsLdpGroup, vplsLdpNotificationGroup @@ -1635,21 +1620,21 @@ MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { vplsLdpCompliances 2 } -- Units of conformance. vplsLdpGroups OBJECT IDENTIFIER ::= { vplsLdpConformance 2 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 vplsLdpGroup OBJECT-GROUP OBJECTS { vplsLdpConfigMacAddrWithdraw, vplsLdpPwBindMacAddressLimit } STATUS current DESCRIPTION "The group of objects supporting management of L2VPN VPLS services using LDP." @@ -1684,21 +1669,21 @@ RowStatus, StorageType FROM SNMPv2-TC -- RFC2579 SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC3411 pwIndex FROM PW-STD-MIB -- RFC5601 vplsConfigIndex - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 FROM VPLS-GENERIC-MIB ; vplsBgpDraft01MIB MODULE-IDENTITY -- RFC Editor: Please replace vplsBgpDraft01MIB with -- vplsBgpMIB throughout the MIB and remove -- this note. LAST-UPDATED "201401301200Z" -- 30 Jan 2014 12:00:00 GMT ORGANIZATION "Layer 2 Virtual Private Networks (L2VPN) @@ -1717,38 +1702,38 @@ "Copyright (C) The IETF Trust (2014). The initial version of this MIB module was published in RFC XXXX. -- RFC Editor: Please replace XXXX with RFC number & remove -- this note. For full legal notices see the RFC itself or see: http://www.ietf.org/copyrights/ianamib.html This MIB module contains managed object definitions for BGP signaled Virtual Private LAN Services as in - [RFC4761] + RFC4761 - This MIB module enables the use of any underlying pseudowire - network. " + This MIB module enables the use of any underlying + pseudowire network. " -- Revision history. REVISION "201401301200Z" -- 30 Jan 2014 12:00:00 GMT DESCRIPTION "Initial version published as part of RFC YYYY." -- RFC Editor: please replace YYYY with IANA assigned value, and -- delete this note. - ::= { transmission XXXX } - -- RFC Editor: please replace XXXX with IANA assigned value, and + ::= { transmission CCC } + -- RFC Editor: please replace CCC with IANA assigned value, and -- delete this note. -- Top-level components of this MIB. - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 -- Tables, Scalars vplsBgpObjects OBJECT IDENTIFIER ::= { vplsBgpDraft01MIB 1 } -- Conformance vplsBgpConformance OBJECT IDENTIFIER ::= { vplsBgpDraft01MIB 2 } -- Vpls Bgp Config Table @@ -1761,51 +1746,55 @@ and monitoring BGP specific parameters for Virtual Private LAN Services (VPLS)." ::= { vplsBgpObjects 1 } vplsBgpConfigEntry OBJECT-TYPE SYNTAX VplsBgpConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A row in this table represents BGP specific information - for Virtual Private LAN Services (VPLS) in a packet network. - It is indexed by vplsConfigIndex, which uniquely + for Virtual Private LAN Services (VPLS) in a packet + network. It is indexed by vplsConfigIndex, which uniquely identifies a single instance of a VPLS service. A row is automatically created when a VPLS service is created that is configured to use BGP signaling. All of the writable objects values can be changed when vplsConfigRowStatus is in the active(1) state. " INDEX { vplsConfigIndex } ::= { vplsBgpConfigTable 1 } VplsBgpConfigEntry ::= - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 SEQUENCE { vplsBgpConfigVERangeSize Unsigned32 } vplsBgpConfigVERangeSize OBJECT-TYPE SYNTAX Unsigned32 (0..65535) MAX-ACCESS read-write STATUS current DESCRIPTION - "Specifies the size of the range of VE ids in this + "Specifies the size of the range of VE ID in this VPLS service. This number controls the size of the label block advertised for this VE by the PE. A value of 0 indicates that the range is not configured and the PE derives the range value - from received advertisements from other PEs." + from received advertisements from other PEs. + + The VE ID takes 2 octets in VPLS BGP NLRI according + to RFC 4761. Hence we have limited the the range of + this object to 65535." DEFVAL { 0 } ::= { vplsBgpConfigEntry 1 } -- Vpls Edge Device (VE) Identifier Table vplsBgpVETable OBJECT-TYPE SYNTAX SEQUENCE OF VplsBgpVEEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION @@ -1824,37 +1813,40 @@ Entries in this table may be created or deleted through SNMP, as side-effects of console or other non-SNMP management commands, or upon learning via autodiscovery. It is optional for the agent to allow entries to be created that point to non-existent entries in vplsConfigTable." INDEX { vplsConfigIndex, vplsBgpVEId } ::= { vplsBgpVETable 1 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 VplsBgpVEEntry ::= SEQUENCE { vplsBgpVEId Unsigned32, vplsBgpVEName SnmpAdminString, vplsBgpVEPreference Unsigned32, vplsBgpVERowStatus RowStatus, vplsBgpVEStorageType StorageType } vplsBgpVEId OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS not-accessible STATUS current DESCRIPTION "A secondary index identifying a VE within an - instance of a VPLS service." + instance of a VPLS service. + The VE ID takes 2 octets in VPLS BGP NLRI according + to RFC 4761. Hence we have limited the the range of + this object to 65535." ::= { vplsBgpVEEntry 1 } vplsBgpVEName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "Descriptive name for the site or u-PE associated with this VE Id." DEFVAL { "" } @@ -1874,33 +1866,34 @@ SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This variable is used to create, modify, and/or delete a row in this table. All other objects in this row must be set to valid values before this object can be set to active(1). - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 When a row in this table is in active(1) state, no objects in that row can be modified except vplsBgpSiteRowStatus." ::= { vplsBgpVEEntry 5 } vplsBgpVEStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION - "This variable indicates the storage type for this row." + "This variable indicates the storage type for this + row." DEFVAL { volatile } ::= { vplsBgpVEEntry 6 } -- VPLS BGP PW Binding Table vplsBgpPwBindTable OBJECT-TYPE SYNTAX SEQUENCE OF VplsBgpPwBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION @@ -1924,43 +1917,49 @@ to many association of service to pseudowire. An entry in this table in instantiated only when BGP signaling is used to configure VPLS service. Each entry in this table provides BGP specific information for the VPlS represented by vplsConfigIndex." INDEX { vplsConfigIndex, pwIndex } ::= { vplsBgpPwBindTable 1 } - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 VplsBgpPwBindEntry ::= SEQUENCE { vplsBgpPwBindLocalVEId Unsigned32, vplsBgpPwBindRemoteVEId Unsigned32 } vplsBgpPwBindLocalVEId OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the local VE that this pseudowire - is associated with." + is associated with. + The VE ID takes 2 octets in VPLS BGP NLRI according + to RFC 4761. Hence we have limited the the range of + this object to 65535." ::= { vplsBgpPwBindEntry 1 } vplsBgpPwBindRemoteVEId OBJECT-TYPE SYNTAX Unsigned32 (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Identifies the remote VE that this pseudowire - is associated with." + is associated with. + The VE ID takes 2 octets in VPLS BGP NLRI according + to RFC 4761. Hence we have limited the the range of + this object to 65535." ::= { vplsBgpPwBindEntry 2 } -- Conformance Section -- Compliance requirement for fully compliant implementations vplsBgpCompliances OBJECT IDENTIFIER ::= { vplsBgpConformance 1 } vplsBgpModuleFullCompliance MODULE-COMPLIANCE @@ -1971,21 +1970,21 @@ Such devices can then be monitored and configured using this MIB module." MODULE -- this module MANDATORY-GROUPS { vplsBgpConfigGroup, vplsBgpVEGroup, vplsBgpPwBindGroup - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 } ::= { vplsBgpCompliances 1 } -- Compliance requirement for read-only implementations. vplsBgpModuleReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance requirement for implementations that only @@ -2019,21 +2018,21 @@ OBJECT vplsBgpVERowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { vplsBgpCompliances 2 } -- Units of conformance. vplsBgpGroups - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 OBJECT IDENTIFIER ::= { vplsBgpConformance 2 } vplsBgpConfigGroup OBJECT-GROUP OBJECTS { vplsBgpConfigVERangeSize } STATUS current DESCRIPTION "The group of objects supporting configuration @@ -2061,41 +2060,102 @@ STATUS current DESCRIPTION "The group of objects supporting management of Pseudo Wires for L2VPN VPLS services using BGP" ::= { vplsBgpGroups 3 } END 7. Security Considerations - It is clear that the MIB modules described in this document in - association with the PW-STD-MIB [RFC5601] are potentially - useful for monitoring of VPLS capable LERs. These MIB modules can - also be used for configuration of certain objects, and anything that - can be configured can be incorrectly configured, with potentially - undesirable results. + There are a number of management objects defined in this MIB + module with a MAX-ACCESS clause of read-write and/or read-create. + Such objects may be considered sensitive or vulnerable in some + network environments.The support for SET operations in a + non-secure environment without proper protection can have a + negative effect on network operations. These are the tables + and their sensitivity/vulnerability: - While the read-write and read-create objects must be protected by - VPLS Management Information Base Jan, 2014 + VPLS Management Information Base Feb, 2014 + o vplsConfigTable: + o vplsPwBindTable: + o vplsBgpADConfigTable: + o vplsBgpRteTargetTable: + o vplsLdpPwBindTable: + o vplsLdpConfigTable: + o vplsBgpConfigTable: + o vplsBgpVETable: + These tables contain read-create/read-write objects which + can be used to configure or modify a LDP/BGP VPLS service. + Any improper configuration or modification of objects in + these tables can disrupt VPLS services. + The use of stronger mechanisms such as SNMPv3 security + should be considered where possible for configuring these + objects. Specifically, SNMPv3 VACM and USM MUST be used + with any v3 agent which provides SET access to these tables. - secure SNMP, none of them are especially disruptive. Similarly, - while the read-only objects might present privacy concerns and due - consideration should be given to protecting them with secure SNMP, - none of these objects contain especially sensitive information. + o vplsNotificationMaxRate + Setting of a very high value to this object can cause a + notification storm which may disrupt network service. + + Most of the readable objects in this MIB module (i.e., objects + with a MAX-ACCESS other than not-accessible) may be considered + sensitive or vulnerable in some network environments.It is + thus important to control even GET and/or NOTIFY access to these + objects and possibly to even encrypt the values of these objects + when sending them over the network via SNMP. + + SNMP versions prior to SNMPv3 did not include adequate security. + Even if the network itself is secure (for example by using + IPsec), there is no control as to who on the secure network + is allowed to access and GET/SET (read/change/create/delete) + the objects in this MIB module. + + Implementations SHOULD provide the security features described + by the SNMPv3 framework (see [RFC3410]), and implementations + claiming compliance to the SNMPv3 standard MUST include full + support for authentication and privacy via the User-based Security + Model (USM) [RFC3414] with the AES cipher algorithm [RFC3826]. + Implementations MAY also provide support for the Transport Security + Model (TSM) [RFC5591] in combination with a secure transport such + as SSH [RFC5592] or TLS/DTLS [RFC6353]. + + Further, deployment of SNMP versions prior to SNMPv3 is NOT + RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to + enable cryptographic security. It is then a customer/operator + responsibility to ensure that the SNMP entity giving access to an + instance of this MIB module is properly configured to give access + to the objects only to those principals (users) that have + legitimate rights to indeed GET or SET (change/create/delete) them. + + VPLS Management Information Base Feb, 2014 8. IANA Considerations --- (Note to RFC-Editor:) --- IANA is requested to root the MIB modules --- contained in this document under the transmission subtree. --- + The MIB modules in this document uses the following IANA-assigned + OBJECT IDENTIFIER values recorded in the SMI Numbers registry: +8.1. IANA Considerations for VPLS-GENERIC-MIB + The IANA is requested to assign { transmission AAA } to the + VPLS-GENERIC-MIB module specified in this document. +8.2. IANA Considerations for VPLS-LDP-MIB + The IANA is requested to assign { transmission BBB } to the + VPLS-LDP-MIB module specified in this document. +8.3. IANA Considerations for VPLS-BGP-MIB + The IANA is requested to assign { transmission CCC } to the + VPLS-BGP-MIB MIB module specified in this document. +-- Editor's Note (to be removed prior to publication): the IANA is +-- requested to assign a value for "AAA", "BBB" and "CCC" under +-- the transmission subtree and to record the assignments in the +-- SMI Numbers registry. When the assignments have been made, the +-- RFC Editor is asked to replace "AAA", "BBB" and "CCC" (here and +-- in the MIB modules) with the assigned values and to remove this +-- note. 9. References 9.1. Normative References [RFC2119] S. Bradner, "Key Words for use in RFCs to Indicate Requirement Levels", RFC 2119, BCP 14, March 1997. [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of @@ -2103,57 +2163,59 @@ 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. + VPLS Management Information Base Feb, 2014 + [RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December 2002. [RFC3415] Wijnen, B., Presuhn, R. and K. McCloghrie, "View- based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3415, December 2002. [RFC4188] Norseth, K., and Bell, E., "Definitions of Managed Objects for Bridges", RFC 4188, Sept 2006. [RFC4265] Schliesser, B. and T. Nadeau, "Definition of Textual Conventions for Virtual Private Network (VPN) Management", RFC 4265, November 2005. - VPLS Management Information Base Jan, 2014 - [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006. [RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling",RFC 4761, January 2007. [RFC4762] Lasserre, M. and Kompella, V. (Editors), "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC 4762, January 2007. [RFC5601] T. Nadeau, Ed., D. Zelig, Ed., "Pseudowire (PW) Management Information Base (MIB)", RFC 5601, July 2009. 9.2. Informative References [RFC2863] McCloghrie, K. and F. Kastenholtz, "The Interfaces Group MIB", RFC 2863, June 2000. + VPLS Management Information Base Feb, 2014 + [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. @@ -2165,21 +2227,20 @@ [SNMP-CONTEXT-MAP-MIB] SNMP Context Mapping MIB, AS, Kiran Koushik, Nadeau, T, draft-kkoushik-snmp-context-map-mib. [RFC3985] Bryant, S. and P. Pate, "Pseudo Wire Emulation Edge-to- Edge (PWE3) Architecture", RFC 3985, March 2005. [RFC6074] E. Rosen et. al., "Provisioning, Autodiscovery, and Signaling in L2VPNs", RFC 6074, January 2011. 10. Acknowledgments - VPLS Management Information Base Jan, 2014 We wish to thank Marcelo Mourier and Reva Bailey for their valuable feedback. Some portion of the work has been referenced from their original Timetra Enterprise MIB work. We wish to thank Praveen Muley, VJ Shah, Li Wentao, Kong Yong, Luo Jian, Feng Jun, Takeshi Usui for their feedback. 11. Authors' Addresses @@ -2191,39 +2252,39 @@ Cisco Systems Inc. 12515 Research Blvd, Bldg 4, Austin, TX 78759 Email: kkoushik@cisco.com Rohit Mediratta Alcatel-Lucent, 701 E Middlefield Rd. Mountain View, CA 94040 Email: rohit.mediratta@alcatel-lucent.com + VPLS Management Information Base Feb, 2014 12. Full Copyright Statement Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this - VPLS Management Information Base Jan, 2014 material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.