draft-ietf-softwire-map-mib-13.txt   rfc8389.txt 
Internet Engineering Task Force Y. Fu Internet Engineering Task Force (IETF) Y. Fu
Internet-Draft CNNIC Request for Comments: 8389 CNNIC
Intended status: Standards Track S. Jiang Category: Standards Track S. Jiang
Expires: November 30, 2018 B. Liu ISSN: 2070-1721 B. Liu
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
J. Dong J. Dong
Y. Chen Y. Chen
Tsinghua University Tsinghua University
May 29, 2018 December 2018
Definitions of Managed Objects for MAP-E Definitions of Managed Objects for
draft-ietf-softwire-map-mib-13 Mapping of Address and Port with Encapsulation (MAP-E)
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for Mapping Address and Port with encapsulation (MAP-E) for use with for Mapping of Address and Port with Encapsulation (MAP-E) for use
network management protocols. with network management protocols.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on November 30, 2018. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8389.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction ....................................................2
2. The Internet-Standard Management Framework . . . . . . . . . 2 2. The Internet-Standard Management Framework ......................2
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology .....................................................3
4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 4. Structure of the MIB Module .....................................3
4.1. The mapMIBObjects . . . . . . . . . . . . . . . . . . . . 3 4.1. The mapMIBObjects ..........................................3
4.1.1. The mapRule Subtree . . . . . . . . . . . . . . . . . 3 4.1.1. The mapRule Subtree .................................3
4.1.2. The mapSecurityCheck Subtree . . . . . . . . . . . . 3 4.1.2. The mapSecurityCheck Subtree ........................3
4.2. The mapMIBConformance Subtree . . . . . . . . . . . . . . 4 4.2. The mapMIBConformance Subtree ..............................4
5. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Definitions .....................................................4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 6. IANA Considerations ............................................12
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations ........................................12
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 8. References .....................................................13
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 8.1. Normative References ......................................13
9.1. Normative References . . . . . . . . . . . . . . . . . . 13 8.2. Informative References ....................................14
9.2. Informative References . . . . . . . . . . . . . . . . . 14 Acknowledgements ..................................................15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses ................................................16
1. Introduction 1. Introduction
Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597] is a Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597] is a
stateless, automatic tunnelling mechanism for providing an IPv4 stateless, automatic tunneling mechanism for providing an IPv4
connectivity service to end-users over a service provider's IPv6 connectivity service to end users over a service provider's IPv6
network. network.
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with monitoring MAP-E devices. (MIB) for use with monitoring MAP-E devices.
2. The Internet-Standard Management Framework 2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
[RFC3410]. RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in module that is compliant to the SMIv2, which is described in STD 58,
[RFC2578], [RFC2579] and [RFC2580]. RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
3. Terminology 3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
[RFC2119] [RFC8174] when, and only when, they appear in all capitals, BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
as shown here. capitals, as shown here.
4. Structure of the MIB Module 4. Structure of the MIB Module
The Interfaces MIB [RFC2863] defines generic managed objects for The IF-MIB [RFC2863] defines generic managed objects for managing
managing interfaces. Each logical interface (physical or virtual) interfaces. Each logical interface (physical or virtual) has an
has an ifEntry. Tunnels are handled by creating a logical interface ifEntry. Tunnels are handled by creating a logical interface
(ifEntry) for each tunnel. Each MAP-E tunnel endpoint also acts as a (ifEntry) for each tunnel. Each MAP-E tunnel endpoint also acts as a
virtual interface that has a corresponding entry in the Interface virtual interface that has a corresponding entry in the IF-MIB.
MIB. Those corresponding entries are indexed by ifIndex. MAP-E MIB Those corresponding entries are indexed by ifIndex. The MAP-E MIB is
is configurable on a per-interface basis, so it depends on several configurable on a per-interface basis, so it depends on several parts
parts (ifEntry) of the IF-MIB[RFC2863]. (ifEntry) of the IF-MIB [RFC2863].
4.1. The mapMIBObjects 4.1. The mapMIBObjects
4.1.1. The mapRule Subtree 4.1.1. The mapRule Subtree
The mapRule subtree describes managed objects used for managing the The mapRule subtree describes managed objects used for managing the
multiple mapping rules in MAP-E. multiple mapping rules in MAP-E.
According to the [RFC7597], the mapping rules are divided into two According to [RFC7597], the mapping rules are divided into two
categories, which are Basic Mapping Rule (BMR), and Forwarding categories: Basic Mapping Rule (BMR) and Forwarding Mapping Rule
Mapping Rule (FMR). And according to the section 4.1 of [RFC7598], (FMR). According to Section 4.1 of [RFC7598], an F-flag specifies
it defines a F-flag to specify whether the rule is to be used for whether the rule is to be used for forwarding (FMR). If set, this
forwarding (FMR). If set, this rule is used as an FMR; if not set, rule is used as an FMR; if not set, this rule is BMR only and MUST
this rule is a BMR only and MUST NOT be used for forwarding. And a NOT be used for forwarding. A BMR can also be used as an FMR for
BMR can also be used as an FMR for forwarding if the F-flag is set. forwarding if the F-flag is set. So, the RuleType definition in the
So in the RuleType definition of MAP-E MIB in section 5, it defines MAP-E MIB (see Section 5) defines bmrAndfmr to specify this scenario.
bmrAndfmr to specify this scenario.
4.1.2. The mapSecurityCheck Subtree 4.1.2. The mapSecurityCheck Subtree
The mapSecurityCheck subtree provides statistics for the number of The mapSecurityCheck subtree provides statistics for the number of
invalid packets that have been identified. There are two kinds of invalid packets that have been identified. [RFC7597] defines two
invalid packets which are defined in the [RFC7597] as below. kinds of invalid packets:
- The Border Relay (BR) will validate the received packet's source o The Border Relay (BR) will validate the received packet's source
IPv6 address against the configured MAP domain rule and the IPv6 address against the configured MAP domain rule and the
destination IPv6 address against the configured BR IPv6 address. destination IPv6 address against the configured BR IPv6 address.
- The MAP node (Customer Edge, CE and BR) will check that the o The MAP node (Customer Edge (CE) and BR) will check that the
received packets' source IPv4 address and port is in the range received packet's source IPv4 address and port are in the range
derived from the matching MAP Rule. derived from the matching MAP rule.
4.2. The mapMIBConformance Subtree 4.2. The mapMIBConformance Subtree
The mapMIBConformance subtree provides conformance information of MIB The mapMIBConformance subtree provides conformance information of MIB
objects. objects.
5. Definitions 5. Definitions
The following MIB module imports definitions from [RFC2578], The following MIB module imports definitions from [RFC2578],
[RFC2579], [RFC2580], [RFC2863], and [RFC4001]. [RFC2579], [RFC2580], [RFC2863], and [RFC4001].
MAP-E-MIB DEFINITIONS ::= BEGIN MAP-E-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, mib-2, MODULE-IDENTITY, OBJECT-TYPE, mib-2,
Unsigned32, Counter64 Unsigned32, Counter64
FROM SNMPv2-SMI --RFC2578 FROM SNMPv2-SMI --RFC 2578
TEXTUAL-CONVENTION TEXTUAL-CONVENTION
FROM SNMPv2-TC --RFC2579 FROM SNMPv2-TC --RFC 2579
ifIndex ifIndex
FROM IF-MIB --RFC2863 FROM IF-MIB --RFC 2863
InetAddressIPv6, InetAddressIPv4, InetAddressIPv6, InetAddressIPv4,
InetAddressPrefixLength InetAddressPrefixLength
FROM INET-ADDRESS-MIB --RFC4001 FROM INET-ADDRESS-MIB --RFC 4001
OBJECT-GROUP, MODULE-COMPLIANCE OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF; --RFC2580 FROM SNMPv2-CONF; --RFC 2580
mapMIB MODULE-IDENTITY mapMIB MODULE-IDENTITY
LAST-UPDATED "201805290000Z" LAST-UPDATED "201811260000Z"
ORGANIZATION ORGANIZATION
"IETF Softwire Working Group" "IETF Softwire Working Group"
CONTACT-INFO CONTACT-INFO
"Yu Fu "Yu Fu
CNNIC CNNIC
No.4 South 4th Street, Zhongguancun No. 4 South 4th Street, Zhongguancun
Beijing, P.R. China 100190 Beijing 100190
EMail: fuyu@cnnic.cn China
Email: eleven711711@foxmail.com
Sheng Jiang Sheng Jiang
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Huawei Building, 156 Beiqing Rd., Hai-Dian District Q14, Huawei Campus, No. 156 Beiqing Road
Beijing, P.R. China 100095 Hai-Dian District, Beijing 100095
EMail: jiangsheng@huawei.com China
Bing Liu Email: jiangsheng@huawei.com
Huawei Technologies Co., Ltd
Huawei Building, 156 Beiqing Rd., Hai-Dian District
Beijing, P.R. China 100095
EMail: leo.liubing@huawei.com
Jiang Dong Bing Liu
Tsinghua University Huawei Technologies Co., Ltd
Department of Computer Science, Tsinghua University Q14, Huawei Campus, No. 156 Beiqing Road
Beijing 100084 Hai-Dian District, Beijing 100095
P.R. China China
Email: knight.dongjiang@gmail.com Email: leo.liubing@huawei.com
Yuchi Chen Jiang Dong
Tsinghua University Tsinghua University
Department of Computer Science, Tsinghua University Department of Computer Science, Tsinghua University
Beijing 100084 Beijing 100084
P.R. China China
Email: chenycmx@gmail.com" Email: knight.dongjiang@gmail.com
DESCRIPTION Yuchi Chen
"The MIB module is defined for management of objects for Tsinghua University
MAP-E BRs or CEs." Department of Computer Science, Tsinghua University
REVISION "201805290000Z" Beijing 100084
DESCRIPTION China
"Initial version. Published as RFC xxxx." Email: chenycmx@gmail.com"
--RFC Ed.: RFC-edtitor pls fill in xxxx
::= { mib-2 xxx }
--xxx to be replaced withIANA-assigned value
mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1} DESCRIPTION
"This MIB module is defined for management of objects for
MAP-E BRs or CEs.
mapRule OBJECT IDENTIFIER Copyright (c) 2018 IETF Trust and the persons identified as
::= { mapMIBObjects 1 } authors of the code. All rights reserved.
mapSecurityCheck OBJECT IDENTIFIER Redistribution and use in source and binary forms, with or
::= { mapMIBObjects 2 } without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info)."
REVISION "201811260000Z"
DESCRIPTION
"Initial version. Published as RFC 8389."
::= { mib-2 242 }
-- ============================================================== mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1}
-- Textual Conventions used in this MIB module
-- ==============================================================
RulePSID ::= TEXTUAL-CONVENTION mapRule OBJECT IDENTIFIER
DISPLAY-HINT "0x:" ::= { mapMIBObjects 1 }
STATUS current
DESCRIPTION
"Indicates that the PSID is represented as hexadecimal for
clarity."
SYNTAX OCTET STRING (SIZE (2)) mapSecurityCheck OBJECT IDENTIFIER
::= { mapMIBObjects 2 }
RuleType ::= TEXTUAL-CONVENTION -- ==============================================================
STATUS current -- Textual Conventions Used in This MIB Module
DESCRIPTION -- ==============================================================
"Enumerates the type of the mapping rule. It RulePSID ::= TEXTUAL-CONVENTION
defines three types of mapping rules here: DISPLAY-HINT "0x:"
bmr: Basic Mapping Rule (Not Forwarding Mapping Rule), STATUS current
fmr: Forwarding Mapping Rule (Not Basic Mapping Rule), DESCRIPTION
bmrAndfmr: Basic and Forwarding Mapping Rule. The Basic "Indicates that the Port Set ID (PSID) is represented as
Mapping Rule may also be a Forwarding Mapping Rule for hexadecimal for clarity."
mesh mode." SYNTAX OCTET STRING (SIZE (2))
REFERENCE "bmr, fmr: section 5 of RFC 7597.
bmrAndfmr: section 5 of RFC 7597, section 4.1
of RFC 7598."
SYNTAX INTEGER {
bmr(1),
fmr(2),
bmrAndfmr(3)
}
mapRuleTable OBJECT-TYPE RuleType ::= TEXTUAL-CONVENTION
SYNTAX SEQUENCE OF MapRuleEntry STATUS current
MAX-ACCESS not-accessible DESCRIPTION
STATUS current "Enumerates the type of the mapping rule. It
DESCRIPTION defines three types of mapping rules here:
"The (conceptual) table containing rule information for bmr: Basic Mapping Rule (not Forwarding Mapping Rule)
a specific mapping rule. It can also be used for row fmr: Forwarding Mapping Rule (not Basic Mapping Rule)
creation." bmrAndfmr: Basic and Forwarding Mapping Rule
::= { mapRule 1 } The Basic Mapping Rule may also be a Forwarding Mapping
Rule for mesh mode."
REFERENCE "bmr, fmr: Section 5 of RFC 7597.
bmrAndfmr: Section 5 of RFC 7597, Section 4.1
of RFC 7598."
SYNTAX INTEGER {
bmr(1),
fmr(2),
bmrAndfmr(3)
}
mapRuleEntry OBJECT-TYPE mapRuleTable OBJECT-TYPE
SYNTAX MapRuleEntry SYNTAX SEQUENCE OF MapRuleEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry in this table contains the information on a "The (conceptual) table containing rule information for
particular mapping rule." a specific mapping rule. It can also be used for row
INDEX { ifIndex, creation."
mapRuleID } ::= { mapRule 1 }
::= { mapRuleTable 1 }
MapRuleEntry ::= mapRuleEntry OBJECT-TYPE
SEQUENCE { SYNTAX MapRuleEntry
mapRuleID Unsigned32, MAX-ACCESS not-accessible
mapRuleIPv6Prefix InetAddressIPv6, STATUS current
mapRuleIPv6PrefixLen InetAddressPrefixLength, DESCRIPTION
mapRuleIPv4Prefix InetAddressIPv4, "Each entry in this table contains the information on a
mapRuleIPv4PrefixLen InetAddressPrefixLength, particular mapping rule."
mapRuleBRIPv6Address InetAddressIPv6, INDEX { ifIndex,
mapRulePSID RulePSID, mapRuleID }
mapRulePSIDLen Unsigned32, ::= { mapRuleTable 1 }
mapRuleOffset Unsigned32,
mapRuleEALen Unsigned32,
mapRuleType RuleType
}
mapRuleID OBJECT-TYPE MapRuleEntry ::=
SYNTAX Unsigned32 (1..4294967295) SEQUENCE {
MAX-ACCESS not-accessible mapRuleID Unsigned32,
STATUS current mapRuleIPv6Prefix InetAddressIPv6,
DESCRIPTION mapRuleIPv6PrefixLen InetAddressPrefixLength,
"A unique identifier used to distinguish mapping mapRuleIPv4Prefix InetAddressIPv4,
rules." mapRuleIPv4PrefixLen InetAddressPrefixLength,
::= { mapRuleEntry 1 } mapRuleBRIPv6Address InetAddressIPv6,
mapRulePSID RulePSID,
mapRulePSIDLen Unsigned32,
mapRuleOffset Unsigned32,
mapRuleEALen Unsigned32,
mapRuleType RuleType
}
-- The object mapRuleIPv6Prefix is IPv6 specific and hence it does mapRuleID OBJECT-TYPE
-- not use the version agnostic InetAddress. SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique identifier used to distinguish mapping
rules."
::= { mapRuleEntry 1 }
mapRuleIPv6Prefix OBJECT-TYPE -- The object mapRuleIPv6Prefix is IPv6 specific; hence, it does
SYNTAX InetAddressIPv6 -- not use the version-agnostic InetAddress.
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IPv6 prefix defined in the mapping rule which will be
assigned to CE."
::= { mapRuleEntry 2 }
mapRuleIPv6PrefixLen OBJECT-TYPE mapRuleIPv6Prefix OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX InetAddressIPv6
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of the IPv6 prefix defined in the mapping rule "The IPv6 prefix defined in the mapping rule that will be
which will be assigned to CE." assigned to CEs."
::= { mapRuleEntry 3 } ::= { mapRuleEntry 2 }
-- The object mapRuleIPv4Prefix is IPv4 specific and hence it does mapRuleIPv6PrefixLen OBJECT-TYPE
-- not use the version agnostic InetAddress. SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of the IPv6 prefix defined in the mapping rule
that will be assigned to CEs."
::= { mapRuleEntry 3 }
mapRuleIPv4Prefix OBJECT-TYPE -- The object mapRuleIPv4Prefix is IPv4 specific; hence, it does
SYNTAX InetAddressIPv4 -- not use the version-agnostic InetAddress.
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" The IPv4 prefix defined in the mapping rule which will be
assigned to CE."
::= { mapRuleEntry 4 }
mapRuleIPv4PrefixLen OBJECT-TYPE mapRuleIPv4Prefix OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX InetAddressIPv4
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of the IPv4 prefix defined in the mapping "The IPv4 prefix defined in the mapping rule that will be
rule which will be assigned to CE." assigned to CEs."
::= { mapRuleEntry 5 } ::= { mapRuleEntry 4 }
-- The object mapRuleBRIPv6Address is IPv6 specific and hence it does mapRuleIPv4PrefixLen OBJECT-TYPE
-- not use the version agnostic InetAddress. SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of the IPv4 prefix defined in the mapping
rule that will be assigned to CEs."
::= { mapRuleEntry 5 }
mapRuleBRIPv6Address OBJECT-TYPE -- The object mapRuleBRIPv6Address is IPv6 specific; hence, it does
SYNTAX InetAddressIPv6 -- not use the version-agnostic InetAddress.
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IPv6 address of the BR which will be conveyed to CE.
If the BR IPv6 address is anycast, the relay must use
this anycast IPv6 address as the source address in
packets relayed to CEs."
::= { mapRuleEntry 6 }
mapRulePSID OBJECT-TYPE mapRuleBRIPv6Address OBJECT-TYPE
SYNTAX RulePSID SYNTAX InetAddressIPv6
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The PSID value algorithmically identifies a set of "The IPv6 address of the BR that will be conveyed to CEs.
ports assigned to a CE." If the BR IPv6 address is anycast, the relay must use
REFERENCE this anycast IPv6 address as the source address in
"PSID: section 5.1 of RFC 7597." packets relayed to CEs."
::= { mapRuleEntry 7 } ::= { mapRuleEntry 6 }
mapRulePSIDLen OBJECT-TYPE mapRulePSID OBJECT-TYPE
SYNTAX Unsigned32(0..16) SYNTAX RulePSID
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The bit length value of the number of significant bits in "The PSID value algorithmically identifies a set of
the PSID field. When it is set to 0, the PSID ports assigned to a CE."
field is to be ignored." REFERENCE
::= { mapRuleEntry 8 } "PSID: Section 5.1 of RFC 7597."
::= { mapRuleEntry 7 }
mapRuleOffset OBJECT-TYPE mapRulePSIDLen OBJECT-TYPE
SYNTAX Unsigned32(0..15) SYNTAX Unsigned32(0..16)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of the mapRuleOffset is 6 by default as to "The bit length value of the number of significant bits in
exclude the System ports (0-1023). It is provided via the PSID field. When it is set to 0, the PSID
the Rule Port Mapping Parameters in the Basic Mapping field is to be ignored."
Rule." ::= { mapRuleEntry 8 }
DEFVAL {6}
::= { mapRuleEntry 9 }
mapRuleEALen OBJECT-TYPE mapRuleOffset OBJECT-TYPE
SYNTAX Unsigned32(0..48) SYNTAX Unsigned32(0..15)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The length of the Embedded-Address (EA) defined in "The number of the mapRuleOffset is 6 by default to
mapping rule which will be assigned to CE." exclude the system ports (0-1023). It is provided via
REFERENCE the Rule Port Mapping Parameters in the Basic Mapping
"EA: section 3 of RFC 7597." Rule."
::= { mapRuleEntry 10 } DEFVAL {6}
::= { mapRuleEntry 9 }
mapRuleType OBJECT-TYPE mapRuleEALen OBJECT-TYPE
SYNTAX RuleType SYNTAX Unsigned32(0..48)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates the type of mapping rule. "The length of the Embedded Address (EA) defined in
'1' represents a BMR. mapping rule that will be assigned to CEs."
'2' represents a FMR and '3' is for a BMR which
is also an FMR for mesh mode."
REFERENCE REFERENCE
"bmr, fmr: section 5 of RFC 7597. "EA: Section 3 of RFC 7597."
bmrAndfmr: section 5 of RFC 7597, section 4.1 of ::= { mapRuleEntry 10 }
RFC 7598."
::= { mapRuleEntry 11 }
mapSecurityCheckTable OBJECT-TYPE mapRuleType OBJECT-TYPE
SYNTAX SEQUENCE OF MapSecurityCheckEntry SYNTAX RuleType
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The (conceptual) table containing information on "Indicates the type of mapping rule.
MAP security checks. This table can be used for '1' represents a BMR.
statistics on the number of invalid packets that '2' represents an FMR.
have been identified." '3' represents a BMR that is also an FMR for mesh mode."
::= { mapSecurityCheck 1 } REFERENCE
"bmr, fmr: Section 5 of RFC 7597.
bmrAndfmr: Section 5 of RFC 7597, Section 4.1 of
RFC 7598."
::= { mapRuleEntry 11 }
mapSecurityCheckEntry OBJECT-TYPE mapSecurityCheckTable OBJECT-TYPE
SYNTAX MapSecurityCheckEntry SYNTAX SEQUENCE OF MapSecurityCheckEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry in this table contains information on a "The (conceptual) table containing information on
particular MAP SecurityCheck." MAP security checks. This table can be used for
INDEX { ifIndex } statistics on the number of invalid packets that
::= { mapSecurityCheckTable 1 } have been identified."
::= { mapSecurityCheck 1 }
MapSecurityCheckEntry ::= mapSecurityCheckEntry OBJECT-TYPE
SEQUENCE { SYNTAX MapSecurityCheckEntry
mapSecurityCheckInvalidv4 Counter64, MAX-ACCESS not-accessible
mapSecurityCheckInvalidv6 Counter64 STATUS current
} DESCRIPTION
"Each entry in this table contains information on a
particular MAP security check."
INDEX { ifIndex }
::= { mapSecurityCheckTable 1 }
mapSecurityCheckInvalidv4 OBJECT-TYPE MapSecurityCheckEntry ::=
SYNTAX Counter64 SEQUENCE {
MAX-ACCESS read-only mapSecurityCheckInvalidv4 Counter64,
STATUS current mapSecurityCheckInvalidv6 Counter64
DESCRIPTION }
"Indicates the number of received IPv4 packets
which do not have a payload source IPv4 address or
port within the range defined in the matching MAP
rule. It is corresponding to the second kind of
invalid packets described in section 4.1.2."
::= { mapSecurityCheckEntry 1 }
mapSecurityCheckInvalidv6 OBJECT-TYPE mapSecurityCheckInvalidv4 OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Indicates the number of received IPv6 packets which "Indicates the number of received IPv4 packets
do not have a source or destination IPv6 address that do not have a payload source IPv4 address or
matching a Basic Mapping Rule. It is corresponding port within the range defined in the matching MAP
to the first kind of invalid packets described rule. It corresponds to the second kind of
in section 4.1.2." invalid packet described in Section 4.1.2."
::= { mapSecurityCheckEntry 2 } ::= { mapSecurityCheckEntry 1 }
-- Conformance Information mapSecurityCheckInvalidv6 OBJECT-TYPE
mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2} SYNTAX Counter64
mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 } MAX-ACCESS read-only
mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 } STATUS current
-- compliance statements DESCRIPTION
mapMIBCompliance MODULE-COMPLIANCE "Indicates the number of received IPv6 packets that
STATUS current do not have a source or destination IPv6 address
DESCRIPTION matching a Basic Mapping Rule. It corresponds
"Describes the minimal requirements for conformance to the first kind of invalid packet described
to the MAP-E MIB." in Section 4.1.2."
MODULE -- this module ::= { mapSecurityCheckEntry 2 }
MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup }
::= { mapMIBCompliances 1 }
-- Units of Conformance -- Conformance Information
mapMIBRuleGroup OBJECT-GROUP mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2}
OBJECTS { mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 }
mapRuleIPv6Prefix, mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 }
mapRuleIPv6PrefixLen,
mapRuleIPv4Prefix, -- compliance statements
mapRuleIPv4PrefixLen, mapMIBCompliance MODULE-COMPLIANCE
mapRuleBRIPv6Address, STATUS current
mapRulePSID, DESCRIPTION
mapRulePSIDLen, "Describes the minimal requirements for conformance
mapRuleOffset, to the MAP-E MIB."
mapRuleEALen, MODULE -- this module
mapRuleType } MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup }
::= { mapMIBCompliances 1 }
-- Units of Conformance
mapMIBRuleGroup OBJECT-GROUP
OBJECTS {
mapRuleIPv6Prefix,
mapRuleIPv6PrefixLen,
mapRuleIPv4Prefix,
mapRuleIPv4PrefixLen,
mapRuleBRIPv6Address,
mapRulePSID,
mapRulePSIDLen,
mapRuleOffset,
mapRuleEALen,
mapRuleType }
STATUS current
DESCRIPTION
"The group of objects used to describe the MAP-E mapping
rule."
::= { mapMIBGroups 1 }
mapMIBSecurityGroup OBJECT-GROUP
OBJECTS {
mapSecurityCheckInvalidv4,
mapSecurityCheckInvalidv6 }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The group of objects used to describe the MAP-E mapping "The group of objects used to provide information on the
rule." MAP-E security checks."
::= { mapMIBGroups 1 } ::= { mapMIBGroups 2 }
mapMIBSecurityGroup OBJECT-GROUP
OBJECTS {
mapSecurityCheckInvalidv4,
mapSecurityCheckInvalidv6 }
STATUS current
DESCRIPTION
"The group of objects used to provide information on the
MAP-E security checks."
::= { mapMIBGroups 2 }
END END
6. IANA Considerations 6. IANA Considerations
The MIB module in this document uses the following IANA-assigned The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value Descriptor OBJECT IDENTIFIER value
---------- ----------------------- ---------- -----------------------
MAP-E-MIB { mib-2 XXX } MAP-E-MIB { mib-2 242 }
7. Security Considerations 7. Security Considerations
There are no management objects defined in this MIB module that have There are no management objects defined in this MIB module that have
a MAX-ACCESS clause of read-write and/or read-create. So, if this a MAX-ACCESS clause of read-write and/or read-create. So, if this
MIB module is implemented correctly, then there is no risk that an MIB module is implemented correctly, then there is no risk that an
intruder can alter or create any management objects of this MIB intruder can alter or create any management objects of this MIB
module via direct SNMP SET operations. module via direct SNMP SET operations.
Some of the readable objects in this MIB module (i.e., objects with a Some of the objects in this MIB module may be considered sensitive or
MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. This includes INDEX objects
vulnerable in some network environments. It is thus important to with a MAX-ACCESS of not-accessible, and any indices from other
control even GET and/or NOTIFY access to these objects and possibly modules exposed via AUGMENTS. It is thus important to control even
to even encrypt the values of these objects when sending them over GET and/or NOTIFY access to these objects and possibly to even
the network via SNMP. encrypt the values of these objects when sending them over the
network via SNMP. These are the tables and objects and their
Some of the MIB model's objects are vulnerable as the information sensitivity/vulnerability:
which they hold may be used for targeting an attack against a MAP
node (CE or BR). E.g., an intruder could use the information to help
deduce the customer IPv4 and IPv6 topologies and address-sharing
ratios in use by the ISP.
The following is a list of the objects that have this vulnerability:
mapRuleIPv6Prefix mapRuleIPv6Prefix
mapRuleIPv6PrefixLen mapRuleIPv6PrefixLen
mapRuleIPv4Prefix mapRuleIPv4Prefix
mapRuleIPv4PrefixLen mapRuleIPv4PrefixLen
mapRuleBRIPv6Address mapRuleBRIPv6Address
skipping to change at page 13, line 5 skipping to change at page 13, line 5
mapRulePSID mapRulePSID
mapRulePSIDLen mapRulePSIDLen
mapRuleOffset mapRuleOffset
mapRuleEALen mapRuleEALen
mapRuleType mapRuleType
Some of the MIB model's objects are vulnerable because the
information that they hold may be used for targeting an attack
against a MAP node (CE or BR). For example, an intruder could use
the information to help deduce the customer IPv4 and IPv6 topologies
and address-sharing ratios in use by the ISP.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec), Even if the network itself is secure (for example by using IPsec),
there is no control as to who on the secure network is allowed to there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this access and GET/SET (read/change/create/delete) the objects in this
MIB module. MIB module.
Implementations SHOULD provide the security features described by the Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), and implementations claiming SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM) authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM) MAY also provide support for the Transport Security Model (TSM)
skipping to change at page 13, line 28 skipping to change at page 13, line 34
[RFC5592] or TLS/DTLS [RFC6353]. [RFC5592] or TLS/DTLS [RFC6353].
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
8. Acknowledgements 8. References
The authors would like to thank for valuable comments from David
Harrington, Mark Townsley, Shishio Tsuchiya, Yong Cui, Suresh
Krishnan, Bert Wijnen, Ian Farrer and Juergen Schoenwaelder.
This document was produced using the xml2rfc tool [RFC7991].
9. References
9.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, Version 2 (SMIv2)", STD 58, RFC 2578,
DOI 10.17487/RFC2578, April 1999, DOI 10.17487/RFC2578, April 1999,
skipping to change at page 14, line 40 skipping to change at page 14, line 35
[RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec,
W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for
Configuration of Softwire Address and Port-Mapped Configuration of Softwire Address and Port-Mapped
Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015,
<https://www.rfc-editor.org/info/rfc7598>. <https://www.rfc-editor.org/info/rfc7598>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 8.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, Standard Management Framework", RFC 3410,
DOI 10.17487/RFC3410, December 2002, DOI 10.17487/RFC3410, December 2002,
<https://www.rfc-editor.org/info/rfc3410>. <https://www.rfc-editor.org/info/rfc3410>.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management (USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", STD 62, RFC 3414, Protocol (SNMPv3)", STD 62, RFC 3414,
skipping to change at page 15, line 26 skipping to change at page 15, line 26
[RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure
Shell Transport Model for the Simple Network Management Shell Transport Model for the Simple Network Management
Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June
2009, <https://www.rfc-editor.org/info/rfc5592>. 2009, <https://www.rfc-editor.org/info/rfc5592>.
[RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport
Model for the Simple Network Management Protocol (SNMP)", Model for the Simple Network Management Protocol (SNMP)",
STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011,
<https://www.rfc-editor.org/info/rfc6353>. <https://www.rfc-editor.org/info/rfc6353>.
[RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", Acknowledgements
RFC 7991, DOI 10.17487/RFC7991, December 2016,
<https://www.rfc-editor.org/info/rfc7991>. The authors would like to thank the following individuals for their
valuable comments: David Harrington, Mark Townsley, Shishio Tsuchiya,
Yong Cui, Suresh Krishnan, Bert Wijnen, Ian Farrer, and Juergen
Schoenwaelder.
Authors' Addresses Authors' Addresses
Yu Fu Yu Fu
CNNIC CNNIC
No.4 South 4th Street, Zhongguancun No. 4 South 4th Street, Zhongguancun
Beijing 100190 Beijing 100190
P.R. China China
Email: fuyu@cnnic.cn Email: eleven711711@foxmail.com
Sheng Jiang Sheng Jiang
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Q14, Huawei Campus, No.156 Beiqing Road Q14, Huawei Campus, No. 156 Beiqing Road
Hai-Dian District, Beijing, 100095 Hai-Dian District, Beijing 100095
P.R. China China
Email: jiangsheng@huawei.com Email: jiangsheng@huawei.com
Bing Liu Bing Liu
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Q14, Huawei Campus, No.156 Beiqing Road Q14, Huawei Campus, No. 156 Beiqing Road
Hai-Dian District, Beijing, 100095 Hai-Dian District, Beijing 100095
P.R. China China
Email: leo.liubing@huawei.com Email: leo.liubing@huawei.com
Jiang Dong Jiang Dong
Tsinghua University Tsinghua University
Department of Computer Science, Tsinghua University Department of Computer Science, Tsinghua University
Beijing 100084 Beijing 100084
P.R. China China
Email: knight.dongjiang@gmail.com Email: knight.dongjiang@gmail.com
Yuchi Chen Yuchi Chen
Tsinghua University Tsinghua University
Department of Computer Science, Tsinghua University Department of Computer Science, Tsinghua University
Beijing 100084 Beijing 100084
P.R. China China
Email: flashfoxmx@gmail.com Email: flashfoxmx@gmail.com
 End of changes. 74 change blocks. 
426 lines changed or deleted 430 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/