ForCES
   Internet Draft                                               R. Haas
   Document: draft-haas-forces-mib-00.txt                           IBM
   Expires: April 18, 2006                                 October 2005


                                ForCES MIB


Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.html.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 18, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on
   an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE


Haas                   Expires – April 18, 2006               [Page 1]


                              ForCES MIB              October 15, 2005


   INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Abstract

  This memo defines a Management Information Base (MIB) for use with
  network management protocols in the Internet community. In
  particular, it defines a MIB for the Forwarding and Control Element
  Separation (ForCES) Network Element (NE). The ForCES working group
  is defining a protocol to allow a Control Element (CE) to control the
  behavior of a Forwarding Element (FE).

Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [RFC2119]i.

Table of Contents

   1. Introduction...................................................2
   2. Design of ForCES MIB...........................................4
   3. Capturing State Before Association Establishment...............4
   4. MIB Definition(s)..............................................5
   Security Considerations...........................................5
   References........................................................6
   Acknowledgments...................................................6
   Author's Addresses................................................6



1.
  Introduction


   The ForCES MIB is a read-only MIB that captures information related
   to the ForCES protocol. This includes state information about the
   associations between CE(s) and FE(s) in the NE.

   The ForCES MIB does not include information that is specified in
   other MIBs, such as packet counters for interfaces, etc.

   The information in the ForCES MIB relative to associations includes
   more specifically:

   - identifiers of the elements in the association


Haas                   Expires – April 18, 2006               [Page 2]


                              ForCES MIB              October 15, 2005


   - state of the association
   - configuration parameters of the association
   - statistics of the association

   The relevant references from the ForCES requirements and architecture
   documents are repeated below:

   From the ForCES requirements RFC [RFC 3654], Section 4, point 4:

     “A NE MUST support the appearance of a single functional device.
     For example, in a router, the TTL of the packet should be
     decremented only once as it traverses the NE regardless of how many
     FEs through which it passes.  However, external entities (e.g., FE
     managers and CE managers) MAY have direct access to individual
     ForCES protocol elements for providing information to transition
     them from the pre-association to post-association phase.”

   And [RFC 3654], Section 4, point 14:

     “1. The ability for a management tool (e.g., SNMP) to be used to
     read(but not change) the state of FE SHOULD NOT be precluded.
     2. It MUST NOT be possible for management tools (e.g., SNMP, etc)
     to change the state of a FE in a manner that affects overall NE
     behavior without the CE being notified.”

   According to the ForCES architecture RFC [RFC 3746], Section 3.3:

     “CE managers may be physically and logically separate entities that
     configure the CE with FE information via such mechanisms as COPS-PR
     [7] or SNMP [5].”

   and [RFC 3746], Section 5.7:

     “RFC 1812 [2] also dictates that "Routers MUST be manageable by
     SNMP". In general, for the post-association phase, most external
     management tasks (including SNMP) should be done through
     interaction with the CE in order to support the appearance of a
     single functional device. Therefore, it is recommended that an SNMP
     agent be implemented by CEs and that the SNMP messages received by
     FEs be redirected to their CEs. AgentX framework defined in RFC
     2741 ([6]) may be applied here such that CEs act in the role of
     master agent to process SNMP protocol messages while FEs act in the
     role of subagent to provide access to the MIB objects residing on
     FEs.  AgentX protocol messages between the master agent (CE) and
     the subagent (FE) are encapsulated and transported via ForCES, just
     like data packets from any other application layer protocols.”





Haas                   Expires – April 18, 2006               [Page 3]


                              ForCES MIB              October 15, 2005


2.
  Design of ForCES MIB

   As state information is distributed across FEs and CEs, the following
   alternatives may be considered:

   1) CE MIBs
   Each CE in the NE implements a CE MIB. The external SNMP-based
   management tool must therefore be aware of each CE in order to obtain
   a complete view of the NE by collecting state information obtained
   from each CE MIB.
   [Note: this may or may not comply with requirement #4 ("A NE MUST
   support the appearance of a single functional device")]

   2) single NE MIB
   An entity in the NE implements an NE MIB that aggregates state
   information collected from each CE (CEs are possibly from various
   vendors). This requires a standard protocol in order to support
   multi-vendor environment. AgentX with the NE as the master and the
   CE(s) as the agent(s) may be considered here.

   [Note: comments on the suitability of AgentX]

   [Note: must choose between the two alternatives]

3.
  Capturing State Before Association Establishment

   The ForCES protocol may be used by the CE to query the FE Protocol
   LFB about some of the configuration parameters. But such queries may
   obviously be issued only once the association is established.

   In the ForCES protocol, the FE first issues an Association Setup
   Request message to the CE which in turns responds with an Association
   Setup Response message. It may be useful to capture in the MIB in
   which state the association is seen from each of the FE and the CE
   sides, as a means to detect PL-level communication anomalies. For
   instance, from the FE side, the association is in the ATTEMPT state
   as long as no response to the Association Setup message has been
   received from the CE. Similarly, the association is in the
   ESTABLISHING state as long as no message has been received from the
   FE after the CE has issued a positive Association Setup Response
   message (this is because configuration mistakes in the FE may cause
   messages from the CE to be ignored, and the MIB could help in tracing
   such errors).

   The transient state in the FE until the association is established
   cannot be queried using ForCES.

   [Note: If such information is critical, then an FE MIB has to be
   provided that can be queried separately]


Haas                   Expires – April 18, 2006               [Page 4]


                              ForCES MIB              October 15, 2005




4.
  MIB Definition(s)

   For each association identified by the pair CE ID and FE ID, the
   following information is included in the MIB:

   [Note: the MIB includes all associations for the particular CE in the
   case of a CE MIB, same for FE MIBs (if any), or all associations in
   the NE in the case of a NE MIB]

   - Current state of the association:

    UP:   the CE(s) indicated by the CE ID and FE(s) indicated by
   the FE ID are associated.
    ESTABLISHING/ATTEMPT: transient state unitl the association is
   established. See section 3 above for details.

   Note that associations that are not UP and for which no association
   setup is in progress are NOT listed in the MIB.

   [Note: otherwise how do we decide which old associations to remove
   from the MIB ?]

   - Hearbeat timers values of the FE and CE for this association.

   - Heartbeat timer settings of the FE and CE for this association:

    ENABLED:  hearbeats are transmitted (by default virtual piggybacking
   is used)
    DISABLED: heartbeats are not transmitted

   - Backup information: the FE(s)/CE(s) that are configured to work as
   backups for this association.
   [Note: is this necessary, useful ?]

   - Association statistics:
    Date/time when the association came to the UP state.

   [Note: what about the Number of commands executed or some indications
   of the ForCES control traffic ?]


   [Note: add actual MIB specification]

Security Considerations

   Some of the readable objects in this MIB module may be considered
   sensitive or vulnerable in some network environment.


Haas                   Expires – April 18, 2006               [Page 5]


                              ForCES MIB              October 15, 2005



   [Note: expand on this if necessary]

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementers consider the security features as
   provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.


References


   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
   Requirement Levels", BCP 14, RFC 2119, March 1997.


   [RFC3654] Khosravi, H,, and Anderson, T., “Requirements for
   Separation of IP Control and Forwarding”, RFC 3654, November 2003.

   [RFC3746] Yang, L., Dantu, R., Anderson, T., Gopal, R., “Forwarding
   and Control Element Separation (ForCES) Framework”, RFC 3746, April
   2004.

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
   "Introduction and Applicability Statements for Internet- Standard
   Management Framework", RFC 3410, December 2002.

Acknowledgments



Author's Addresses

   Robert Haas



Haas                   Expires – April 18, 2006               [Page 6]


                              ForCES MIB              October 15, 2005


   IBM Research
   Zurich Research Lab
   Saeumerstrasse 4
   8803 Rueschlikon
   Switzerland
   Email: rha@zurich.ibm.com













































Haas                   Expires – April 18, 2006               [Page 7]