Network Working Group
INTERNET-DRAFT Sam Aldrin
Intended Status: Standards Track Google, Inc.
Expires: June 04, 2016 M.Venkatesan
Dell, Inc.
Kannan KV Sampath
Redeem Software
Thomas D. Nadeau
Brocade
December 02, 2015
BFD Management Information Base (MIB) extensions
for MPLS and MPLS-TP Networks
draft-ietf-bfd-mpls-mib-07
Abstract
This draft defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it extends the BFD Management Information Base and
describes the managed objects for modeling Bidirectional Forwarding
Detection (BFD) protocol for MPLS and MPLS-TP networks.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 04, 2016.
Aldrin, et al. Expires June 04, 2016 [Page 1]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Internet-Standard Management Framework . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Conventions used in this document . . . . . . . . . . . . . 3
3.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Brief description of MIB Objects . . . . . . . . . . . . . . . 4
5.1. Extensions to the BFD session table (bfdSessTable) . . . . 4
5.2. Example of BFD session configuration . . . . . . . . . . . 6
5.2.1 Example of BFD Session configuration for MPLS TE
tunnel . . . . . . . . . . . . . . . . . . . . . . . . . 6
5.2.2 Example of BFD Session configuration for ME of MPLS-TP
TE tunnel . . . . . . . . . . . . . . . . . . . . . . . 7
5.3. BFD objects for session performance counters . . . . . . . 9
6. BFD-EXT-STD-MIB Module Definition . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 18
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 20
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
9.1 Normative References . . . . . . . . . . . . . . . . . . . . 20
9.2 Informative References . . . . . . . . . . . . . . . . . . . 21
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22
11. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 22
Aldrin, et al. Expires June 04, 2016 [Page 2]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
1 Introduction
The current MIB for BFD as defined by [RFC7331] is used for neighbor
monitoring in IP networks. The BFD session association to the
neighbors being monitored is done using the source and destination IP
addresses of the neighbors configured using the respective MIB
objects.
To monitor MPLS/MPLS-TP paths like tunnels or Pseudowires, there is a
necessity to identify or associate the BFD session to those paths.
This memo defines an portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it extends the BFD Management Information Base
[RFC7331] and describes the managed objects to configure and/or
monitor Bidirectional Forwarding Detection (BFD) protocol for MPLS
[RFC5884] and MPLS-TP networks [RFC6428].
2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC2578, STD 58, RFC2579 and STD58, RFC2580.
3. Overview
3.1 Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
RFC-2119 [RFC2119].
3.2 Terminology
This document adopts the definitions, acronyms and mechanisms
described in [RFC5880], [RFC5881], [RFC5883], [RFC7130], [RFC5884],
and [RFC6428]. Unless otherwise stated, the mechanisms described
therein will not be re-described here.
Aldrin, et al. Expires June 04, 2016 [Page 3]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
4. Acronyms
BFD: Bidirectional Forwarding Detection
CC: Continuity Check
CV: Connectivity Verification
IP: Internet Protocol
LDP: Label Distribution Protocol
LOC: Loss Of Continuity
LSP: Label Switching Path
LSR: Label Switching Router
ME: Maintenance Entity
MEG: Maintenance Entity Group
MEP: Maintenance Entity End-Point
MIP: Maintenance Entity Group Intermediate Point
MIB: Management Information Base
MPLS: Multi-Protocol Label Switching
MPLS-TP: MPLS Transport Profile
OAM: Operations, Administration, and Maintenance
PW: Pseudo Wire
RDI: Remote Defect Indication
TE: Traffic Engineering
TP: Transport Profile
5. Brief description of MIB Objects
The objects described in this section support the functionality
described in documents [RFC5884] and [RFC6428]. The objects are
defined as an extension to the BFD base MIB defined by [RFC7331].
5.1. Extensions to the BFD session table (bfdSessTable)
The BFD session table used to identify a BFD session between a pair
of nodes, as defined in [RFC7331], is extended with managed objects
to achieve the required functionality in MPLS and MPLS-TP networks as
described below:
1. SessionRole - Active/Passive role specification for the BFD
session configured on the node. Either end of a BFD session
can be configured as Active/Passive to determine which
end starts transmitting the BFD control packets.
2. SessionMode - Defines the mode in which BFD
session is running, defined as below:
i. CC - Indicates Continuity Check and RDI operations.
ii. CV - Indicates Continuity Check, Connectivity
Verification and RDI operations.
Aldrin, et al. Expires June 04, 2016 [Page 4]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
3. Timer Negotiation Flag - Provides for timer negotiation
to be enabled or disabled. This object can be used to tune
the detection of period mis-configuration.
4. Map Type - Indicates the type of the path being monitored by
the BFD session.
This object can take the following values:
For BFD session over MPLS based paths:
nonTeIpv4 (1) - BFD session configured for Non-TE
IPv4 path
nonTeIpv6 (2) - BFD session configured for Non-TE
IPv6 path
teIpv4 (3) - BFD session configured for a TE
IPv4 path
teIpv6 (4) - BFD session configured for a TE
IPv6 path
pw (5) - BFD session configured for a pseudowire
For MPLS-TP based paths:
mep (6) - BFD session configured for an MPLS-TP path
(Bidirectional tunnel, PW or Sections) will map to
the corresponding maintenance entity.
5. Map Pointer
A Row Pointer object which can be used to point to the first
accessible object in the respective instance of the table entry
identifying the path being monitored (mplsXCEntry[RFC3813]/
mplsTunnelEntry[RFC3812]/pwEntry[RFC5601] respectively for
LSP/Tunnel/PW).
For NON-TE LSP, the map pointer points to the corresponding
mplsXCEntry.
For TE based tunnel, the map pointer points to the corresponding
instance of the mplsTunnelEntry.
For PW, this object points to the corresponding instance of
pwEntry.
For MPLS-TP paths, this object points to the corresponding
instance of mplsOamIdMeEntry[MPLS-OAM-ID-STD-MIB] configured to
monitor the MPLS-TP path associated with the BFD session.
6. Usage of existing object bfdSessType:
Aldrin, et al. Expires June 04, 2016 [Page 5]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
Additionally existing object "bfdSessType" in the BFD base MIB
[RFC7331] can be used with the already defined value
multiHopOutOfBandSignaling(3) to specify an OOB (Out of band)
mechanism [E.g. LSP Ping] for bootstrapping the BFD session.
5.2. Example of BFD session configuration
This section provides an example of BFD session configuration
for an MPLS and MPLS-TP TE tunnel. This example is only meant
to enable an understanding of the proposed extension and does not
illustrate every permutation of the MIB.
5.2.1 Example of BFD Session configuration for MPLS TE tunnel
This section provides an example BFD session configuration
for an MPLS TE tunnel.
The following denotes the configured tunnel "head" entry:
In mplsTunnelTable:
{
mplsTunnelIndex = 100,
mplsTunnelInstance = 1,
mplsTunnelIngressLSRId = 192.0.2.1,
mplsTunnelEgressLSRId = 192.0.2.3,
mplsTunnelName = "Tunnel",
...
mplsTunnelSignallingProto = none (1),
mplsTunnelSetupPrio = 0,
mplsTunnelHoldingPrio = 0,
mplsTunnelSessionAttributes = 0,
mplsTunnelLocalProtectInUse = false (0),
mplsTunnelResourcePointer = mplsTunnelResourceMaxRate.5,
mplsTunnelInstancePriority = 1,
mplsTunnelHopTableIndex = 1,
mplsTunnelIncludeAnyAffinity = 0,
mplsTunnelIncludeAllAffinity = 0,
mplsTunnelExcludeAnyAffinity = 0,
mplsTunnelPathInUse = 1,
mplsTunnelRole = head (1),
...
mplsTunnelRowStatus = Active
}
BFD session parameters used to monitor this tunnel should be
configured on head-end as follows:
Aldrin, et al. Expires June 04, 2016 [Page 6]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
In bfdSessTable:
BfdSessEntry ::= SEQUENCE {
-- BFD session index
bfdSessIndex = 2,
bfdSessVersionNumber = 1,
-- LSP Ping used for OOB bootstrapping
bfdSessType = multiHopOutOfBandSignaling,
...
bfdSessAdminStatus = start,
...
bfdSessDemandModeDesiredFlag = false,
bfdSessControlPlaneIndepFlag = false,
bfdSessMultipointFlag = false,
bfdSessDesiredMinTxInterval = 100000,
bfdSessReqMinRxInterval = 100000,
...
-- Indicates that the BFD session is to monitor
-- an MPLS TE tunnel
bfdMplsSessMapType = teIpv4(3),
-- OID of the first accessible object (mplsTunnelName) of
-- the mplsTunnelEntry identifying the MPLS TE tunnel (being
-- monitored using BFD) in the MPLS tunnel table.
-- A value of zeroDotzero indicates that no association
-- has been made as yet between the BFD session and the path
-- being monitored.
-- In the above OID example:
-- 100 -> Tunnel Index
-- 1 -> Tunnel instance
-- 3221225985 -> Ingress LSR Id 192.0.2.1
-- 3221225987 -> Egress LSR Id 192.0.2.3
bfdMplsSessMapPointer
= mplsTunnelName.100.1.3221225985.3221225987,
bfdSessRowStatus = createAndGo
}
Similarly, the BFD session would be configured on the tail-end
of the tunnel. Creating the above row will trigger
the bootstrapping of the session using LSP Ping and its
subsequent establishment over the path by de-multiplexing of
the control packets using the BFD session discriminators.
5.2.2 Example of BFD Session configuration for ME of MPLS-TP TE tunnel
This example considers the OAM identifiers configuration on a
head-end LSR to manage and monitor a co-routed bidirectional MPLS
tunnel.
Only relevant objects which are applicable for IP based OAM
Aldrin, et al. Expires June 04, 2016 [Page 7]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
identifiers of co-routed MPLS tunnel are illustrated here.
In mplsOamIdMegTable:
{
-- MEG index (Index to the table)
mplsOamIdMegIndex = 1,
mplsOamIdMegName = "MEG1",
mplsOamIdMegOperatorType = ipCompatible (1),
mplsOamIdMegServiceType = lsp (1),
mplsOamIdMegMpLocation = perNode(1),
-- Mandatory parameters needed to activate the row go here
mplsOamIdMegRowStatus = createAndGo (4)
}
This will create an entry in the mplsOamIdMegTable to manage and
monitor the MPLS tunnel.
The following ME table is used to associate the path information
to a MEG.
In mplsOamIdMeTable:
{
-- ME index (Index to the table)
mplsOamIdMeIndex = 1,
-- MP index (Index to the table)
mplsOamIdMeMpIndex = 1,
mplsOamIdMeName = "ME1",
mplsOamIdMeMpIfIndex = 0,
-- Source MEP id is derived from the IP compatible MPLS tunnel
mplsOamIdMeSourceMepIndex = 0,
-- Source MEP id is derived from the IP compatible MPLS tunnel
mplsOamIdMeSinkMepIndex = 0,
mplsOamIdMeMpType = mep (1),
mplsOamIdMeMepDirection = down (2),
mplsOamIdMeProactiveOamPhbTCValue = 0,
mplsOamIdMeOnDemandOamPhbTCValue = 0,
-- RowPointer MUST point to the first accessible column of an
-- MPLS tunnel
mplsOamIdMeServicePointer = mplsTunnelName.1.1.1.2,
-- Mandatory parameters needed to activate the row go here
mplsOamIdMeRowStatus = createAndGo (4)
}
BFD session parameters used to monitor this tunnel should be
configured on head-end as follows:
In bfdSessTable:
BfdSessEntry ::= SEQUENCE {
Aldrin, et al. Expires June 04, 2016 [Page 8]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
-- BFD session index
bfdSessIndex = 2,
bfdSessVersionNumber = 1,
-- LSP Ping used for OOB bootstrapping
bfdSessType = multiHopOutOfBandSignaling,
...
bfdSessAdminStatus = start,
...
bfdSessDemandModeDesiredFlag = false,
bfdSessControlPlaneIndepFlag = false,
bfdSessMultipointFlag = false,
bfdSessDesiredMinTxInterval = 100000,
bfdSessReqMinRxInterval = 100000,
...
-- Indicates that the BFD session is to monitor
-- a ME of an MPLS-TP TE tunnel
bfdMplsSessMapType = mep(6),
bfdMplsSessMapPointer
= mplsOamIdMeName.1.1.1,
bfdSessRowStatus = createAndGo
}
Similarly, the BFD session would be configured on the tail-end of
the tunnel and creating the above row will trigger
the bootstrapping of the session using LSP Ping and its subsequent
establishment over the path by de-multiplexing of the control
packets using the BFD session discriminators.
5.3. BFD objects for session performance counters
[RFC7331] defines BFD Session Performance Table
(bfdSessPerfTable), for collecting per-session BFD performance
counters, as an extension to the bfdSessTable.
The bfdSessPerfTable is extended with the performance counters
to collect Mis-connectivity Defect, Loss of Continuity Defect
and RDI (Remote Defect Indication) counters.
1. bfdMplsSessPerfMisDefCount - Mis-connectivity defect count
for this BFD session.
2. bfdMplsSessPerfLocDefCount - Loss of continuity defect count for
this BFD session.
3. bfdMplsSessPerfRdiInCount - Total number of RDI messages
received for this BFD session.
4. bfdMplsSessPerfRdiOutCount - Total number of RDI messages sent
for this BFD session.
Aldrin, et al. Expires June 04, 2016 [Page 9]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
6. BFD-EXT-STD-MIB Module Definition
BFD-EXT-STD-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, mib-2,
Counter32, zeroDotZero
FROM SNMPv2-SMI -- [RFC2578]
RowPointer, TruthValue, TEXTUAL-CONVENTION
FROM SNMPv2-TC -- [RFC2579]
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF -- [RFC2580]
bfdSessIndex
FROM BFD-STD-MIB; -- [RFC7331]
bfdMplsMib MODULE-IDENTITY
LAST-UPDATED "201504190000Z" -- April 19, 2015
ORGANIZATION "IETF Bidirectional Forwarding Detection
Working Group"
CONTACT-INFO
"
Sam Aldrin
Google, Inc.
1600 Amphitheatre Parkway
Mountain View, CA
USA
Email: aldrin.ietf@gmail.com
Venkatesan Mahalingam
Dell Inc.
5450 Great America Parkway,
Santa Clara, CA 95054, USA
Email: venkat.mahalingams@gmail.com
Kannan KV Sampath
Redeem Software
India
Email: kannankvs@gmail.com
Thomas D. Nadeau
Email: tnadeau@lucidvision.com"
DESCRIPTION
" Copyright (c) 2015 IETF Trust and the persons identified
as the document authors. All rights reserved.
This MIB module is an initial version containing objects
Aldrin, et al. Expires June 04, 2016 [Page 10]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
to provide a proactive mechanism to detect faults using
BFD for MPLS and MPLS-TP networks."
REVISION "201504190000Z" -- April 19, 2015
DESCRIPTION
"BFD MIB objects for MPLS paths"
-- RFC Ed.: RFC-editor pls fill in XXX
::= { mib-2 XXX } -- XXX to be replaced with correct value
-- RFC Ed.: assigned by IANA
-- ------------------------------------------------------------
-- groups in the MIB
-- ------------------------------------------------------------
bfdMplsObjects OBJECT IDENTIFIER ::= { bfdMplsMib 0 }
bfdMplsConformance OBJECT IDENTIFIER ::= { bfdMplsMib 1 }
-- ------------------------------------------------------------
-- Textual Conventions
-- ------------------------------------------------------------
SessionMapTypeTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Used to indicate the type of MPLS or MPLS-TP path
associated to the session"
SYNTAX INTEGER {
nonTeIpv4(1), -- mapping into LDP IPv4
nonTeIpv6(2), -- mapping into LDP IPv6
teIpv4(3), -- mapping into TE IPv4
teIpv6(4), -- mapping into TE IPv6
pw(5), -- mapping into Pseudowires
mep(6) -- mapping into MEPs in MPLS-TP
}
DefectActionTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The action to be taken when the mis-connectivity/loss of
connectivity defect occurs in the MPLS or MPLS-TP
path associated to the session"
SYNTAX INTEGER {
alarmOnly(1), -- Alarm only
alarmAndBlockData(2) -- Alarm and block the data
}
-- ------------------------------------------------------------------
-- BFD session table extensions for MPLS and MPLS-TP BFD sessions
-- ------------------------------------------------------------------
Aldrin, et al. Expires June 04, 2016 [Page 11]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
-- bfdMplsSessTable - bfdSessTable Extension
bfdMplsSessTable OBJECT-TYPE
SYNTAX SEQUENCE OF BfdMplsSessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is an extension to the bfdSessTable for
configuring BFD sessions for MPLS or MPLS-TP paths."
::= { bfdMplsObjects 1 }
bfdMplsSessEntry OBJECT-TYPE
SYNTAX BfdMplsSessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row in this table extends a row in bfdSessTable
and note that not all of the objects defined in
bfdSessTable are used for MPLS BFD sessions."
INDEX { bfdSessIndex }
::= { bfdMplsSessTable 1 }
BfdMplsSessEntry ::= SEQUENCE {
bfdMplsSessRole INTEGER,
bfdMplsSessMode INTEGER,
bfdMplsSessTmrNegotiate TruthValue,
bfdMplsSessMapType SessionMapTypeTC,
bfdMplsSessMapPointer RowPointer,
bfdMplsSessMisConnectivityDefectAction DefectActionTC,
bfdMplsSessLOCDefect DefectActionTC
}
bfdMplsSessRole OBJECT-TYPE
SYNTAX INTEGER {
active(1),
passive(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies whether the system is playing the
active(1) role or the passive(2) role for this
BFD session."
REFERENCE
"Bidirectional Forwarding Detection, RFC 5880,
Section 6.1"
DEFVAL { active }
::= { bfdMplsSessEntry 1 }
Aldrin, et al. Expires June 04, 2016 [Page 12]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
bfdMplsSessMode OBJECT-TYPE
SYNTAX INTEGER {
cc(1),
cv(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies whether the BFD session is running
in Continuity Check(CC) or the Connectivity
Verification(CV) mode."
REFERENCE
"Proactive Connectivity Verification, Continuity Check
and Remote Defect Indication for MPLS Transport Profile,
RFC 6428."
DEFVAL { cc }
::= { bfdMplsSessEntry 2 }
bfdMplsSessTmrNegotiate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies if timer negotiation is required for
the BFD session. When set to false, timer negotiation is
disabled."
DEFVAL { true }
::= { bfdMplsSessEntry 3 }
bfdMplsSessMapType OBJECT-TYPE
SYNTAX SessionMapTypeTC
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the type of path being monitored
by this BFD session entry."
DEFVAL { nonTeIpv4 }
::= { bfdMplsSessEntry 4 }
bfdMplsSessMapPointer OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If bfdMplsSessMapType is nonTeIpv4(1) or nonTeIpv6(2),
then this object MUST contain zeroDotZero or point to
an instance of the mplsXCEntry indicating the LDP-based
LSP associated with this BFD session.
Aldrin, et al. Expires June 04, 2016 [Page 13]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
If bfdMplsSessMapType is teIpv4(3) or teIpv6(4), then
this object MUST contain zeroDotZero or point to
an instance of the mplsTunnelEntry indicating
the RSVP-based MPLS TE tunnel associated with this
BFD session.
If bfdMplsSessMapType is pw(5), then this object MUST
contain zeroDotZero or point to an instance of
the pwEntry indicating the MPLS Pseudowire associated
with this BFD session.
If bfdMplsSessMapTpye is mep(6). then this object MUST
contain zeroDotZero or point to an instance identifying
the mplsOamIdMeEntry configured for monitoring the MPLS-TP
path associated with this BFD session.
If this object points to a conceptual row instance
in a table consistent with bfdMplsSessMapType but this
instance does not currently exist then no valid
path is associated with this session entry.
If this object contains zeroDotZero then no valid path is
associated with this BFD session entry till it is
populated with a valid pointer consistent with
the value of bfdMplsSessMapType as explained above.
When the bfdSessRowStatus is active, this object value
change would lead to set failure and the bfdSessRowStatus
should be in notReady or notInService state in order to
change the value of this object.
"
REFERENCE
"1. Multiprotocol Label Switching (MPLS) Traffic
Engineering (TE)Management Information Base (MIB),
[RFC3812].
2. Multiprotocol Label Switching (MPLS) Label Switching
Router (LSR) Management Information Base (MIB),
[RFC3813].
3. Pseudowire (PW) Management Information Base (MIB,
[RFC5601].
4. MPLS-TP Operations, Administration, and Management
(OAM) Identifiers Management Information Base (MIB), ID
draft-ietf-mpls-tp-oam-id-mib-04, December 2013."
DEFVAL { zeroDotZero }
::= { bfdMplsSessEntry 5 }
bfdMplsSessMisConnectivityDefectAction OBJECT-TYPE
SYNTAX DefectActionTC
Aldrin, et al. Expires June 04, 2016 [Page 14]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the action to be taken when
the mis-connectivity defect is detected on
this BFD session."
DEFVAL { alarmOnly }
::= { bfdMplsSessEntry 6 }
bfdMplsSessLOCDefect OBJECT-TYPE
SYNTAX DefectActionTC
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object indicates the action to be taken when
the loss of continuity defect is detected on
this BFD session."
DEFVAL { alarmOnly }
::= { bfdMplsSessEntry 7 }
-- ------------------------------------------------------------------
-- BFD Objects for Session performance
-- -----------------------------------------------------------------
-- bfdMplsSessPerfTable - bfdSessPerfTable Extension
bfdMplsSessPerfTable OBJECT-TYPE
SYNTAX SEQUENCE OF BfdMplsSessPerfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is an extension to the bfdSessPerfTable"
::= { bfdMplsObjects 2 }
bfdMplsSessPerfEntry OBJECT-TYPE
SYNTAX BfdMplsSessPerfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row in this table extends the bfdSessPerfTable"
INDEX { bfdSessIndex }
::= { bfdMplsSessPerfTable 1 }
BfdMplsSessPerfEntry ::= SEQUENCE {
bfdMplsSessPerfMisDefCount Counter32,
bfdMplsSessPerfLocDefCount Counter32,
bfdMplsSessPerfRdiInCount Counter32,
bfdMplsSessPerfRdiOutCount Counter32
}
Aldrin, et al. Expires June 04, 2016 [Page 15]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
bfdMplsSessPerfMisDefCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the mis-connectivity defects
detected for the BFD session. For instance, this count
will be incremented when the received BFD control packet
carries an incorrect globally unique source
MEP identifier."
::= { bfdMplsSessPerfEntry 1 }
bfdMplsSessPerfLocDefCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the Loss of continuity
defects detected in MPLS and MPLS-TP paths"
::= { bfdMplsSessPerfEntry 2 }
bfdMplsSessPerfRdiInCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the Remote Defect
Indications received for the BFD session."
::= { bfdMplsSessPerfEntry 3 }
bfdMplsSessPerfRdiOutCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object gives a count of the Remote Defect
Indications sent by the BFD session"
::= { bfdMplsSessPerfEntry 4 }
-- Module compliance
bfdMplsGroups
OBJECT IDENTIFIER ::= { bfdMplsConformance 1 }
bfdMplsCompliances
OBJECT IDENTIFIER ::= { bfdMplsConformance 2 }
-- Compliance requirement for fully compliant implementations.
Aldrin, et al. Expires June 04, 2016 [Page 16]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
bfdMplsModuleFullCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for agents that provide full
support for the BFD-EXT-STD-MIB module. "
MODULE -- This module.
MANDATORY-GROUPS {
bfdSessionExtGroup,
bfdSessionExtPerfGroup
}
::= { bfdMplsCompliances 1 }
-- Compliance requirement for read-only implementations.
bfdMplsModuleReadOnlyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance requirement for implementations that only
provide read-only support for BFD-EXT-STD-MIB. Such devices
can then be monitored but cannot be configured using
this MIB module."
MODULE -- This module.
MANDATORY-GROUPS {
bfdSessionExtGroup,
bfdSessionExtPerfGroup
}
OBJECT bfdMplsSessRole
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT bfdMplsSessMode
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT bfdMplsSessTmrNegotiate
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT bfdMplsSessMapType
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
OBJECT bfdMplsSessMapPointer
Aldrin, et al. Expires June 04, 2016 [Page 17]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
MIN-ACCESS read-only
DESCRIPTION "Write access is not required."
::= { bfdMplsCompliances 2 }
-- Units of conformance.
bfdSessionExtGroup OBJECT-GROUP
OBJECTS {
bfdMplsSessRole,
bfdMplsSessMode,
bfdMplsSessTmrNegotiate,
bfdMplsSessMapType,
bfdMplsSessMapPointer,
bfdMplsSessMisConnectivityDefectAction,
bfdMplsSessLOCDefect
}
STATUS current
DESCRIPTION
"Collection of objects needed for BFD monitoring for
MPLS and MPLS-TP paths"
::= { bfdMplsGroups 1 }
bfdSessionExtPerfGroup OBJECT-GROUP
OBJECTS {
bfdMplsSessPerfMisDefCount,
bfdMplsSessPerfLocDefCount,
bfdMplsSessPerfRdiInCount,
bfdMplsSessPerfRdiOutCount
}
STATUS current
DESCRIPTION
"Collection of objects needed to monitor the
performance of BFD sessions on MPLS and MPLS-TP
paths"
::= { bfdMplsGroups 2 }
END
7. Security Considerations
As BFD session for MPLS path may be tied into the stability of
the MPLS network infrastructure, the effects of an attack on a BFD
session may be very serious. This ultimately has denial-of-service
effects, as links may be declared to be down (or falsely declared to
be up.) As such, improper configuration of the objects represented
Aldrin, et al. Expires June 04, 2016 [Page 18]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
by this MIB may result in denial of service to a large number of end-
users.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. It is thus important to control even GET and/or NOTIFY
access to these objects and possibly to even encrypt the values of
these objects when sending them over the network via SNMP.
o The bfdMplsSessTable may be used to directly configure BFD
sessions for MPLS path.
Unauthorized access to objects in this table could result in
disruption of traffic on the network. This is especially true if
an unauthorized user configures enough tables to invoke a denial
of service attack on the device where they are configured, or on
a remote device where the sessions terminate.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
o The bfdSessPerfTable and bfdMplsSessPerfTable both allows access
to the performance characteristics of BFD sessions for MPLS
paths. Network administrators not wishing to show
this information should consider this table sensitive.
The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and
bfdSessAuthenticationKey objects hold security methods and
associated security keys of BFD sessions for MPLS paths. These
objects SHOULD be considered highly sensitive objects. In order
for these sensitive information from being improperly accessed,
implementers MAY wish to disallow read and create access to these
objects.
SNMP versions prior to SNMPv3 did not include adequate security. Even
if the network itself is secure (for example by using IPsec), there
Aldrin, et al. Expires June 04, 2016 [Page 19]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
is no control as to who on the secure network is allowed to access
and GET/SET (read/change/create/delete) the objects in this MIB
module.
Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM)
[RFC5591] in combination with a secure transport such as SSH
[RFC5592] or TLS/DTLS [RFC6353].
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
8. IANA Considerations
The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
bfdMplsMib { mib-2 XXX }
[Editor's Note (to be removed prior to publication): the IANA is
requested to assign a value for "XXX" under the 'mib-2' subtree
and to record the assignment in the SMI Numbers registry. When
the assignment has been made, the RFC Editor is asked to replace
"XXX" here and in the MIB module) with the assigned value and
to remove this note.]
9. References
9.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)",
Aldrin, et al. Expires June 04, 2016 [Page 20]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
STD 58, RFC 2578, April 1999.
[RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Textual Conventions for SMIv2", STD 58, RFC 2579, April
1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding
Detection (BFD)", RFC 5880, June 2010.
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding
Detection (BFD) for IPv4 and IPv6 (Single Hop)",
RFC 5881, June 2010.
[RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding
Detection (BFD) for Multihop Paths", RFC 5883,
June 2010
[RFC5884] Aggarwal, R. et.al., "Bidirectional Forwarding
Detection (BFD) for MPLS Label Switched Paths (LSPs)",
RFC 5884, June 2010
[RFC6428] Allan, D., Swallow, G., Drake, J., "Proactive
Connectivity Verification, Continuity Check and Remote
Defect indication for MPLS Transport Profile", RFC
6428, November 2011.
9.2 Informative References
[RFC3410] J. Case, R. Mundy, D. pertain, B.Stewart, "Introduction
and Applicability Statement for Internet Standard
Management Framework", RFC 3410, December 2002.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security
Model(USM) for version 3 of the Simple Network
Management Protocol (SNMPv3)", STD 62, RFC 3414,
December 2002.
[RFC3812] Srinivasan, C., Viswanathan, A., and T. Nadeau,
"Multiprotocol Label Switching (MPLS) Traffic Engineering
(TE) Management Information Base (MIB)", RFC 3812, June
2004.
[RFC3813] Srinivasan, C., Viswanathan, A., and T. Nadeau,
"Multiprotocol Label Switching (MPLS) Label Switching
Aldrin, et al. Expires June 04, 2016 [Page 21]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
(LSR) Router Management Information Base (MIB)",
RFC 3813, June 2004.
[RFC3826] Blumenthal, U., F. Maino and K. McCloghrie, "The
Advanced Encryption Standard (AES) Cipher Algorithm in
the SNMP User-based Security Model", RFC 3826, June
2004.
[RFC5591] Harrington, D. and W. Hardaker, "Transport Security
Model for the Simple Network Management Protocol
(SNMP)",RFC 5591, June 2009.
[RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure
Shell Transport Model for the Simple Network Management
Protocol (SNMP)", RFC 5592, June 2009.
[RFC5601] T. Nadeau, Ed., D. Zelig, Ed., "Pseudowire (PW)
Management Information Base (MIB)", RFC 5601,
July 2009.
[RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport
Model for the Simple Network Management Protocol
(SNMP)", STD 78, RFC 6353, July 2011.
[RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and
J. Haas, "Bidirectional Forwarding Detection (BFD) on
Link Aggregation Group (LAG) Interfaces", RFC 7130,
February 2014.
[RFC7331] T. Nadeau, Z. Ali, N. Akiya "BFD Management
Information Base", RFC 7331, August 2014.
[MPLS-OAM-ID-STD-MIB] Sam Aldrin, M.Venkatesan, Kannan KV Sampath,
Thomas D. Nadeau, Sami Boutros, Ping Pan,
"MPLS-TP Operations, Administration, and
Management (OAM) Identifiers Management
Information Base (MIB)", ID
draft-ietf-mpls-tp-oam-id-mib-11,
September 2015.
10. Acknowledgments
The authors would like to thank Jeffrey Haas, Mukund Mani,
Lavanya Srivatsa, Muly Ilan and John Salloway for their valuable
comments.
11. Authors' Addresses
Aldrin, et al. Expires June 04, 2016 [Page 22]
INTERNET DRAFT BFD Extensions for MPLS MIB December 02, 2015
Sam Aldrin
Google, Inc.
600 Amphitheatre Parkway
Mountain View, CA
USA
Email: aldrin.ietf@gmail.com
Venkatesan Mahalingam
Dell Inc.
5450 Great America Parkway,
Santa Clara, CA 95054, USA
Email: venkat.mahalingams@gmail.com
Kannan KV Sampath
Redeem Software
India
Email: kannankvs@gmail.com
Thomas D. Nadeau
Brocade
Email: tnadeau@lucidvision.com
Aldrin, et al. Expires June 04, 2016 [Page 23]