Network Working Group
INTERNET-DRAFT Sam Aldrin
Intended Status: Standards Track Huawei Technologies
Expires: December 30, 2013 M.Venkatesan
Dell Inc.
Kannan KV Sampath
Redeem Software
Thomas D. Nadeau
Juniper Networks
June 28, 2013
BFD Management Information Base (MIB) extensions
for MPLS and MPLS-TP Networks
draft-ietf-bfd-mpls-mib-02
Abstract
This draft defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it extends the BFD Management Information Base BFD-
STD-MIB and describes the managed objects for modeling Bidirectional
Forwarding Detection (BFD) protocol for MPLS and MPLS-TP networks.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 30, 2013.
Aldrin, et al. Expires December 30, 2013 [Page 1]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Internet-Standard Management Framework . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Conventions used in this document . . . . . . . . . . . . . 3
3.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Brief description of MIB Objects . . . . . . . . . . . . . . . 4
5.1. Extensions to the BFD session table (bfdSessionTable) . . . 4
5.2. Example of BFD session configuration . . . . . . . . . . . 6
5.2.1 Example of BFD Session configuration for MPLS TE
tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.2.2 Example of BFD Session configuration for ME of MPLS-TP
TE tunnel . . . . . . . . . . . . . . . . . . . . . . . 7
5.3. BFD objects for session performance counters . . . . . . . 9
5.4. Notification Objects . . . . . . . . . . . . . . . . . . . 9
6. BFD MPLS-MPLS-TP MIB Module Definition . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 18
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 20
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
9.1 Normative References . . . . . . . . . . . . . . . . . . . . 20
9.2 Informative References . . . . . . . . . . . . . . . . . . . 21
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21
11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 21
Aldrin, et al. Expires December 30, 2013 [Page 2]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
1 Introduction
Current MIB for BFD as defined by BFD-STD-MIB is used for neighbor
monitoring in IP networks. The BFD session association to the
neighbors being monitored is done using the source and destination IP
addresses of the neighbors configured using the respective MIB
objects.
To monitor MPLS/MPLS-TP paths like tunnels or Pseudowires, there is a
necessity to identify or associate the BFD session to those paths.
This memo defines an portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it extends the BFD Management Information Base BFD-
STD-MIB and describes the managed objects to configure and/or monitor
Bidirectional Forwarding Detection (BFD) protocol for MPLS [BFD-MPLS]
and MPLS-TP networks [RFC6428].
2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC2578, STD 58, RFC2579 and STD58, RFC2580.
3. Overview
3.1 Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
3.2 Terminology
This document adopts the definitions, acronyms and mechanisms
described in [BFD], [BFD-1HOP], [BFD-MH], [BFD-MPLS], [RFC6428].
Unless otherwise stated, the mechanisms described therein will not be
re-described here.
Aldrin, et al. Expires December 30, 2013 [Page 3]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
4. Acronyms
BFD: Bidirectional Forwarding Detection
IP: Internet Protocol
LSP: Label Switching Path
LSR: Label Switching Router
MIB: Management Information Base
MPLS: Multi-Protocol Label Switching
MPLS-TP: MPLS Transport Profile
ME: Maintenance Entity
MEG: Maintenance Entity Group
MEP: Maintenance Entity End-Point
PW: Pseudowire
TP: Transport Profile
LOC: Loss Of Continuity
5. Brief description of MIB Objects
The objects described in this section support the functionality
described in documents [BFD-MPLS] and [RFC6428]. The objects are
defined as an extension to the BFD base MIB defined by BFD-STD-MIB.
5.1. Extensions to the BFD session table (bfdSessionTable)
The BFD session table used to identify a BFD session between a pair
of nodes, as defined in BFD-STD-MIB, is extended with managed objects
to achieve the required functionality in MPLS and MPLS-TP networks as
described below:
1. SessionRole - Active/Passive role specification for the BFD
session configured on the node. Either end of a BFD session
can be configured as Active/Passive to determine which
end starts transmitting the BFD control packets.
2. SessionMode - Defines the mode in which BFD
session is running, defined as below:
i. CC - Only Continuity Check and RDI functionality is
performed.
ii. CV - Provides for Continuity Check, Connectivity
Verification and RDI functionalities to be
supported.
3. Timer Negotiation Flag - Provides for timer negotiation
to be enabled or disabled. This object can be used to tune
the detection of period-misconfiguration.
4. Map Type - Indicates the type of the path being monitored by
Aldrin, et al. Expires December 30, 2013 [Page 4]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
the BFD session.
This object can take the following values:
For BFD session over MPLS based paths:
nonTeIpv4 (1) - BFD session configured for Non-TE
Ipv4 path
nonTeIpv6 (2) - BFD session configured for Non-TE
Ipv6 path
teIpv4 (3) - BFD session configured for a TE
Ipv4 path
teIpv6 (4) - BFD session configured for a TE
Ipv6 path
pw (5) - BFD session configured for a PW
For MPLS-TP based paths:
mep (6) - BFD session configured for an MPLS-TP path
(Bidirectional tunnel, PW or Sections) will map to
the corresponding maintenance entity.
5. Map Pointer
A Row Pointer object which can be used to point to the first
accessible object in the respective instance of the table entry
identifying the path being monitored (mplsXCEntry/mplsTunnelEntry/
pwEntry respectively for LSP/Tunnel/PW).
For NON-TE LSP, the Map pointer points to the corresponding
mplsXCEntry.
For TE based tunnel, the Map pointer points to the corresponding
instance of the mplsTunnelEntry.
For PW, this object points to the corresponding instance of
pwEntry.
For MPLS-TP paths, this object points to the corresponding
instance of mplsOamIdMeEntry configured to monitor the
MPLS-TP path associated with the BFD session.
6. Usage of existing object bfdSessType:
Additionally existing object "bfdSessType" in the base MIB can be
used with the already defined value multiHopOutOfBandSignaling(3)
to specify an OOB (Out of band) mechanism [E.g. LSP Ping] for
bootstrapping the BFD session.
Aldrin, et al. Expires December 30, 2013 [Page 5]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
5.2. Example of BFD session configuration
This section provides an example of BFD session configuration
for an MPLS and MPLS-TP TE tunnel. This example is only meant
to enable an understanding of the proposed extension and does not
illustrate every permutation of the MIB.
5.2.1 Example of BFD Session configuration for MPLS TE tunnel
This section provides an example BFD session configuration
for an MPLS TE tunnel. This example is only meant to enable
an understanding of the proposed extension and does not
illustrate every permutation of the MIB.
The following denotes the configured tunnel "head" entry:
In mplsTunnelTable:
{
mplsTunnelIndex = 100,
mplsTunnelInstance = 1,
mplsTunnelIngressLSRId = 192.0.2.1,
mplsTunnelEgressLSRId = 192.0.2.3,
mplsTunnelName = "Tunnel",
...
mplsTunnelSignallingProto = none (1),
mplsTunnelSetupPrio = 0,
mplsTunnelHoldingPrio = 0,
mplsTunnelSessionAttributes = 0,
mplsTunnelLocalProtectInUse = false (0),
mplsTunnelResourcePointer = mplsTunnelResourceMaxRate.5,
mplsTunnelInstancePriority = 1,
mplsTunnelHopTableIndex = 1,
mplsTunnelIncludeAnyAffinity = 0,
mplsTunnelIncludeAllAffinity = 0,
mplsTunnelExcludeAnyAffinity = 0,
mplsTunnelPathInUse = 1,
mplsTunnelRole = head (1),
...
mplsTunnelRowStatus = Active
}
BFD session parameters used to monitor this tunnel should be
configured on head-end as follows:
In bfdSessTable:
BfdSessEntry ::= SEQUENCE {
-- BFD session index
Aldrin, et al. Expires December 30, 2013 [Page 6]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
bfdSessIndex = 2,
bfdSessVersionNumber = 1,
-- LSP Ping used for OOB bootstrapping
bfdSessType = multiHopOutOfBandSignaling,
...
bfdSessAdminStatus = start,
...
bfdSessDemandModeDesiredFlag = false,
bfdSessControlPlaneIndepFlag = false,
bfdSessMultipointFlag = false,
bfdSessDesiredMinTxInterval = 100000,
bfdSessReqMinRxInterval = 100000,
...
-- Indicates that the BFD session is to monitor
-- an MPLS TE tunnel
bfdMplsSessMapType = teIpv4(3),
-- OID of the first accessible object (mplsTunnelName) of
-- the mplsTunnelEntry identifying the MPLS TE tunnel (being
-- monitored using BFD) in the MPLS tunnel table.
-- A value of zeroDotzero indicates that no association
-- has been made as yet between the BFD session and the path
-- being monitored.
-- In the above OID example:
-- 100 -> Tunnel Index
-- 1 -> Tunnel instance
-- 3221225985 -> Ingress LSR Id 192.0.2.1
-- 3221225987 -> Egress LSR Id 192.0.2.3
bfdMplsSessMapPointer
= mplsTunnelName.100.1.3221225985.3221225987,
bfdSessRowStatus = createAndGo
}
Similarly BFD session would be configured on the tail-end of
the tunnel. Creating the above row will trigger
the bootstrapping of the session using LSP Ping and its
subsequent establishment over the path by de-multiplexing of
the control packets using the BFD session discriminators.
5.2.2 Example of BFD Session configuration for ME of MPLS-TP TE tunnel
This example considers the OAM identifiers configuration on a
head-end LSR to manage and monitor a co-routed bidirectional MPLS
tunnel.
Only relevant objects which are applicable for IP based OAM
identifiers of co-routed MPLS tunnel are illustrated here.
In mplsOamIdMegTable:
Aldrin, et al. Expires December 30, 2013 [Page 7]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
{
-- MEG index (Index to the table)
mplsOamIdMegIndex = 1,
mplsOamIdMegName = "MEG1",
mplsOamIdMegOperatorType = ipCompatible (1),
mplsOamIdMegServiceType = lsp (1),
mplsOamIdMegMpLocation = perNode(1),
-- Mandatory parameters needed to activate the row go here
mplsOamIdMegRowStatus = createAndGo (4)
}
This will create an entry in the mplsOamIdMegTable to manage and
monitor the MPLS tunnel.
The following ME table is used to associate the path information
to a MEG.
In mplsOamIdMeTable:
{
-- ME index (Index to the table)
mplsOamIdMeIndex = 1,
-- MP index (Index to the table)
mplsOamIdMeMpIndex = 1,
mplsOamIdMeName = "ME1",
mplsOamIdMeMpIfIndex = 0,
-- Source MEP id is derived from the IP compatible MPLS tunnel
mplsOamIdMeSourceMepIndex = 0,
-- Source MEP id is derived from the IP compatible MPLS tunnel
mplsOamIdMeSinkMepIndex = 0,
mplsOamIdMeMpType = mep (1),
mplsOamIdMeMepDirection = down (2),
mplsOamIdMeProactiveOamPhbTCValue = 0,
mplsOamIdMeOnDemandOamPhbTCValue = 0,
-- RowPointer MUST point to the first accessible column of an
-- MPLS tunnel
mplsOamIdMeServicePointer = mplsTunnelName.1.1.1.2,
-- Mandatory parameters needed to activate the row go here
mplsOamIdMeRowStatus = createAndGo (4)
}
BFD session parameters used to monitor this tunnel should be
configured on head-end as follows:
In bfdSessTable:
BfdSessEntry ::= SEQUENCE {
-- BFD session index
bfdSessIndex = 2,
bfdSessVersionNumber = 1,
Aldrin, et al. Expires December 30, 2013 [Page 8]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
-- LSP Ping used for OOB bootstrapping
bfdSessType = multiHopOutOfBandSignaling,
...
bfdSessAdminStatus = start,
...
bfdSessDemandModeDesiredFlag = false,
bfdSessControlPlaneIndepFlag = false,
bfdSessMultipointFlag = false,
bfdSessDesiredMinTxInterval = 100000,
bfdSessReqMinRxInterval = 100000,
...
-- Indicates that the BFD session is to monitor
-- a ME of an MPLS-TP TE tunnel
bfdMplsSessMapType = mep(6),
bfdMplsSessMapPointer
= mplsOamIdMeName.1.1.1,
bfdSessRowStatus = createAndGo
}
Similarly BFD session would be configured on the tail-end of
the tunnel. Creating the above row will trigger the bootstrapping
of the session using LSP Ping and its subsequent establishment
over the path by de-multiplexing of the control packets using
the BFD session discriminators.
5.3. BFD objects for session performance counters
BFD-STD-MIB defines BFD Session Performance Table
(bfdSessionPerfTable), for collecting per-session BFD performance
counters, as an extension to the bfdSessionTable.
The bfdSessionPerfTable is extended with the performance counters
to collect Mis-connectivity Defect, Loss of Continuity Defect
and RDI (Remote Defect Indication) counters.
1. bfdMplsSessPerfMisDefCount - Mis-connectivity defect count
for this BFD session.
2. bfdMplsSessPerfLocDefCount - Loss of continuity defect count for
this BFD session.
3. bfdMplsSessPerfRdiInCount - Total number of RDI messages
received for this BFD session.
4. bfdMplsSessPerfRdiOutCount - Total number of RDI messages sent
for this BFD session.
5.4. Notification Objects
To be added in the next version of this document.
Aldrin, et al. Expires December 30, 2013 [Page 9]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
6. BFD MPLS-MPLS-TP MIB Module Definition
BFD-EXT-STD-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, mib-2,
Counter32, zeroDotZero
FROM SNMPv2-SMI -- [RFC2578]
RowPointer,TruthValue,TEXTUAL-CONVENTION
FROM SNMPv2-TC -- [RFC2579]
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF -- [RFC2580]
bfdSessIndex
FROM BFD-STD-MIB;
bfdMplsMib MODULE-IDENTITY
LAST-UPDATED "201306260000Z" -- June 26 2013
ORGANIZATION "IETF Bidirectional Forwarding Detection
Working Group"
CONTACT-INFO
"
Sam Aldrin
Huawei Technologies
2330 Central Express Way,
Santa Clara, CA 95051, USA
Email: aldrin.ietf@gmail.com
Venkatesan Mahalingam
Dell Inc.
350 Holger Way,
San Jose, CA 95134, USA
Email: venkat.mahalingams@gmail.com
Kannan KV Sampath
Redeem Software
India
Email: kannankvs@gmail.com
Thomas D. Nadeau
Juniper Networks
10 Technology Park Drive, Westford, MA 01886
Email: tnadeau@juniper.net"
DESCRIPTION
" Copyright (c) 2013 IETF Trust and the persons identified
as the document authors. All rights reserved.
Aldrin, et al. Expires December 30, 2013 [Page 10]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
This MIB module is an initial version containing objects
to provide a proactive mechanism to detect faults using
BFD for MPLS and MPLS-TP networks"
REVISION "201306260000Z" -- June 26 2013
DESCRIPTION
" Initial version published as RFC xxx "
-- RFC Ed.: RFC-editor pls fill in xxxx
::= { mib-2 XXX } -- XXX to be replaced with correct value
-- RFC Ed.: assigned by IANA
-- ------------------------------------------------------------
-- groups in the MIB
-- ------------------------------------------------------------
bfdMplsObjects OBJECT IDENTIFIER ::= { bfdMplsMib 0 }
bfdMplsConformance OBJECT IDENTIFIER ::= { bfdMplsMib 1 }
-- ------------------------------------------------------------
-- Textual Conventions
-- ------------------------------------------------------------
SessionMapTypeTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Used to indicate the type of MPLS or MPLS-TP path
associated to the session"
SYNTAX INTEGER {
nonTeIpv4(1), -- mapping into LDP IPv4
nonTeIpv6(2), -- mapping into LDP IPv6
teIpv4(3), -- mapping into TE IPv4
teIpv6(4), -- mapping into TE IPv6
pw(5), -- mapping into Pseudowires
mep(6) -- mapping into MEPs in MPLS-TP
}
DefectActionTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The action to be taken when the mis-connectivity/loss of
connectivity defect occurs in the MPLS or MPLS-TP
path associated to the session"
SYNTAX INTEGER {
alarmOnly(1), -- Alarm only
alarmAndBlockData(2) -- Alarm and block the data
Aldrin, et al. Expires December 30, 2013 [Page 11]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
}
-- ------------------------------------------------------------------
-- BFD session table extensions for BFD on MPLS and MPLS-TP
-- ------------------------------------------------------------------
-- bfdMplsSessTable - bfdSessTable Extension
bfdMplsSessTable OBJECT-TYPE
SYNTAX SEQUENCE OF BfdMplsSessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is an extension to the bfdSessTable for
configuring BFD sessions for MPLS or MPLS-TP paths."
::= { bfdMplsObjects 1 }
bfdMplsSessEntry OBJECT-TYPE
SYNTAX BfdMplsSessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row in this table extends a row in bfdSessTable."
INDEX { bfdSessIndex }
::= { bfdMplsSessTable 1 }
BfdMplsSessEntry ::= SEQUENCE {
bfdMplsSessRole INTEGER,
bfdMplsSessMode INTEGER,
bfdMplsSessTmrNegotiate TruthValue,
bfdMplsSessMapType SessionMapTypeTC,
bfdMplsSessMapPointer RowPointer,
bfdMplsSessMisConnectivityDefectAction DefectActionTC,
bfdMplsSessLOCDefect DefectActionTC
}
bfdMplsSessRole OBJECT-TYPE
SYNTAX INTEGER {
active(1),
passive(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies whether the system is playing the
active(1) role or the passive(2) role for this
Aldrin, et al. Expires December 30, 2013 [Page 12]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
BFD session."
REFERENCE
"RFC 5880, Section 6.1"
DEFVAL { active }
::= { bfdMplsSessEntry 1 }
bfdMplsSessMode OBJECT-TYPE
SYNTAX INTEGER {
cc(1),
cv(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies whether the BFD session is running
in Continuity Check(CC) or the Connectivity
Verification(CV) mode."
REFERENCE
"1.RFC6428, Proactive Connectivity Verification,
Continuity Check and Remote Defect Indication
for MPLS Transport Profile."
DEFVAL { cc }
::= { bfdMplsSessEntry 2 }
bfdMplsSessTmrNegotiate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies if timer negotiation is required for
the BFD session. When set to false, timer negotiation is
disabled"
DEFVAL { true }
::= { bfdMplsSessEntry 3 }
bfdMplsSessMapType OBJECT-TYPE
SYNTAX SessionMapTypeTC
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the type of path being monitored
by this BFD session entry."
Aldrin, et al. Expires December 30, 2013 [Page 13]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
DEFVAL { nonTeIpv4 }
::= { bfdMplsSessEntry 4 }
bfdMplsSessMapPointer OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If bfdMplsSessMapType is nonTeIpv4(1) or nonTeIpv6(2),
then this object MUST contain zeroDotZero or point to
an instance of the mplsXCEntry indicating the LDP-based
LSP associated with this BFD session.
If bfdMplsSessMapType is teIpv4(3) or teIpv6(4), then
this object MUST contain zeroDotZero or point to
an instance of the mplsTunnelEntry indicating
the RSVP-based MPLS TE tunnel associated with this
BFD session.
If bfdMplsSessMapType is pw(5), then this object MUST
contain zeroDotZero or point to an instance of
the pwEntry indicating the MPLS Pseudowire associated
with this BFD session.
If bfdMplsSessMapTpye is mep(6). then this object MUST
contain zeroDotZero or point to an instance identifying
the mplsOamIdMeEntry configured for monitoring the MPLS-TP
path associated with this BFD session.
If this object points to a conceptual row instance
in a table consistent with bfdMplsSessMapType but this
instance does not currently exist then no valid
path is associated with this session entry.
If this object contains zeroDotZero then no valid path is
associated with this BFD session entry till it is
populated with a valid pointer consistent with
the value of bfdMplsSessMapType as explained above."
DEFVAL { zeroDotZero }
::= { bfdMplsSessEntry 5 }
bfdMplsSessMisConnectivityDefectAction OBJECT-TYPE
SYNTAX DefectActionTC
MAX-ACCESS read-create
STATUS current
DESCRIPTION
Aldrin, et al. Expires December 30, 2013 [Page 14]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
"This object indicates the action to be taken when
the mis-connectivity defect is detected on
this BFD session."
DEFVAL { alarmOnly }
::= { bfdMplsSessEntry 6 }
bfdMplsSessLOCDefect OBJECT-TYPE
SYNTAX DefectActionTC
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the action to be taken when
the loss of continuity defect is detected on
this BFD session."
DEFVAL { alarmOnly }
::= { bfdMplsSessEntry 7 }
-- ------------------------------------------------------------------
-- BFD Objects for Session performance
-- -----------------------------------------------------------------
-- bfdMplsSessPerfTable - bfdSessPerfTable Extension
bfdMplsSessPerfTable OBJECT-TYPE
SYNTAX SEQUENCE OF BfdMplsSessPerfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is an extension to the bfdSessPerfTable"
::= { bfdMplsObjects 2 }
bfdMplsSessPerfEntry OBJECT-TYPE
SYNTAX BfdMplsSessPerfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row in this table extends the bfdSessPerfTable"
INDEX { bfdSessIndex }
::= { bfdMplsSessPerfTable 1 }
BfdMplsSessPerfEntry ::= SEQUENCE {
bfdMplsSessPerfMisDefCount Counter32,
bfdMplsSessPerfLocDefCount Counter32,
bfdMplsSessPerfRdiInCount Counter32,
Aldrin, et al. Expires December 30, 2013 [Page 15]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
bfdMplsSessPerfRdiOutCount Counter32
}
bfdMplsSessPerfMisDefCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the mis-connectivity defects
detected for the BFD session. For instance, this count
will be incremented when the received BFD control packet
carries an incorrect globally unique source
MEP identifier."
::= { bfdMplsSessPerfEntry 1 }
bfdMplsSessPerfLocDefCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the Loss of continuity
defects detected in MPLS and MPLS-TP paths"
::= { bfdMplsSessPerfEntry 2 }
bfdMplsSessPerfRdiInCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the Remote Defect
Indications received for the BFD session."
::= { bfdMplsSessPerfEntry 3 }
bfdMplsSessPerfRdiOutCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the Remote Defect
Indications sent by the BFD session"
::= { bfdMplsSessPerfEntry 4 }
-- Module compliance
Aldrin, et al. Expires December 30, 2013 [Page 16]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
bfdMplsGroups
OBJECT IDENTIFIER ::= { bfdMplsConformance 1 }
bfdMplsCompliances
OBJECT IDENTIFIER ::= { bfdMplsConformance 2 }
-- Compliance requirement for fully compliant implementations.
bfdMplsModuleFullCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for agents that provide full
support for the BFD-EXT-STD-MIB module. "
MODULE -- This module.
MANDATORY-GROUPS {
bfdSessionExtGroup,
bfdSessionExtPerfGroup
}
::= { bfdMplsCompliances 1 }
bfdMplsModuleReadOnlyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance requirement for implementations that only
provide read-only support for BFD-EXT-STD-MIB. Such devices
can then be monitored but cannot be configured using
this MIB module."
MODULE -- This module.
MANDATORY-GROUPS {
bfdSessionExtGroup,
bfdSessionExtPerfGroup
}
OBJECT bfdMplsSessRole
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT bfdMplsSessMode
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT bfdMplsSessTmrNegotiate
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
Aldrin, et al. Expires December 30, 2013 [Page 17]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
OBJECT bfdMplsSessMapType
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT bfdMplsSessMapPointer
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
::= { bfdMplsCompliances 2 }
-- Units of conformance.
bfdSessionExtGroup OBJECT-GROUP
OBJECTS {
bfdMplsSessRole,
bfdMplsSessMode,
bfdMplsSessTmrNegotiate,
bfdMplsSessMapType,
bfdMplsSessMapPointer,
bfdMplsSessMisConnectivityDefectAction,
bfdMplsSessLOCDefect
}
STATUS current
DESCRIPTION
"Collection of objects needed for BFD monitoring for
MPLS and MPLS-TP paths"
::= { bfdMplsGroups 1 }
bfdSessionExtPerfGroup OBJECT-GROUP
OBJECTS {
bfdMplsSessPerfMisDefCount,
bfdMplsSessPerfLocDefCount,
bfdMplsSessPerfRdiInCount,
bfdMplsSessPerfRdiOutCount
}
STATUS current
DESCRIPTION
"Collection of objects needed to monitor the
performance of BFD sessions on MPLS and MPLS-TP
paths"
::= { bfdMplsGroups 2 }
END
7. Security Considerations
Aldrin, et al. Expires December 30, 2013 [Page 18]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
As BFD session for MPLS path may be tied into the stability of
the MPLS network infrastructure, the effects of an attack on a BFD
session may be very serious. This ultimately has denial-of-service
effects, as links may be declared to be down (or falsely declared to
be up.) As such, improper configuration of the objects represented
by this MIB may result in denial of service to a large number of end-
users.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. It is thus important to control even GET and/or NOTIFY
access to these objects and possibly to even encrypt the values of
these objects when sending them over the network via SNMP.
o The bfdMplsSessTable may be used to directly configure BFD
sessions for MPLS path.
Unauthorized access to objects in this table could result in
disruption of traffic on the network. This is especially true if
an unauthorized user configures enough tables to invoke a denial
of service attack on the device where they are configured, or on
a remote device where the sessions terminate.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
o The bfdSessPerfTable and bfdMplsSessPerfTable both allows access
to the performance characteristics of BFD sessions for MPLS
paths. Network administrators not wishing to show
this information should consider this table sensitive.
The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and
bfdSessAuthenticationKey objects hold security methods and
associated security keys of BFD sessions for MPLS paths. These
objects SHOULD be considered highly sensitive objects. In order
for these sensitive information from being improperly accessed,
Aldrin, et al. Expires December 30, 2013 [Page 19]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
implementers MAY wish to disallow read and create access to these
objects.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure "for example by using IPSec",
even then, there is no control as to who on the secure network is
allowed to access and GET/SET "read/change/create/delete" the objects
in these MIB modules.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms "for
authentication and privacy".
Further, deployment of SNMP versions prior to SNMPv3 is not
recommended. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module, is properly configured to give access to
the objects only to those principals "users" that have legitimate
rights to indeed GET or SET "change/create/delete" them.
8. IANA Considerations
The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
bfdMplsMib { mib-2 XXX }
[Editor's Note (to be removed prior to publication): the IANA is
requested to assign a value for "XXX" under the 'mib-2' subtree
and to record the assignment in the SMI Numbers registry. When
the assignment has been made, the RFC Editor is asked to replace
"XXX" here and in the MIB module) with the assigned value and
to remove this note.]
9. References
9.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[BFD] Katz, D. and D. Ward, "Bidirectional Forwarding
Aldrin, et al. Expires December 30, 2013 [Page 20]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
Detection (BFD)", RFC 5880, June 2010.
[BFD-1HOP] Katz, D. and D. Ward, "Bidirectional Forwarding
Detection (BFD) for IPv4 and IPv6 (Single Hop)",
RFC 5881, June 2010.
[BFD-MH] Katz, D. and D. Ward, "Bidirectional Forwarding
Detection (BFD) for Multihop Paths", RFC 5883,
June 2010.
[BFD-MPLS] Aggarwal, R. et.al., "Bidirectional Forwarding
Detection (BFD) for MPLS Label Switched Paths (LSPs)",
RFC 5884, June 2010
[RFC6428] Allan, D., Swallow, G., Drake, J., "Proactive
Connectivity Verification, Continuity Check and Remote
Defect indication for MPLS Transport Profile", RFC
6428, November 2011.
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)",
STD 58, RFC 2578, April 1999.
[RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Textual Conventions for SMIv2", STD 58, RFC 2579, April
1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999.
9.2 Informative References
[RFC3410] J. Case, R. Mundy, D. pertain, B.Stewart, "Introduction
and Applicability Statement for Internet Standard
Management Framework", RFC 3410, December 2002.
10. Acknowledgments
The authors would like to thank Jeffrey Haas, Mukund Mani,
Lavanya Srivatsa, Muly Ilan and John Salloway for their valuable
comments.
11. Authors' Addresses
Sam Aldrin
Huawei Technologies
Aldrin, et al. Expires December 30, 2013 [Page 21]
INTERNET DRAFT BFD Extensions for MPLS MIB June 28, 2013
2330 Central Express Way,
Santa Clara, CA 95051, USA
Email: aldrin.ietf@gmail.com
Venkatesan Mahalingam
Dell Inc.
350 Holger Way,
San Jose, CA 95134, USA
Email: venkat.mahalingams@gmail.com
Kannan KV Sampath
Redeem Software
India
Email: kannankvs@gmail.com
Thomas D. Nadeau
Juniper Networks
10 Technology Park Drive, Westford, MA 01886
Email: tnadeau@juniper.net
Aldrin, et al. Expires December 30, 2013 [Page 22]