Elwin Stelzer
Internet Draft Sam Hancock
Corona Networks, Inc.
July 2001
Expires: January 2002
Virtual Router Management Information Base Using SMIv2
draft-ietf-ppvpn-vr-mib-00.txt
1.0 Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups
may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference material
or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at:
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at:
http://www.ietf.org/shadow.html.
2.0 Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in TCP/IP based internets.
In paticular, it defines objects for managing networks using Virtual
Routers (VR).
This memo specifies a MIB module in a manner that is both compliant
to the SNMPv2 SMI.
Elwin & Sam [Page 1]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
3.0 Table of Contents
1.0 Status of this Memo .................................... 1
2.0 Abstract ............................................... 1
3.0 Table of Contents ...................................... 2
4.0 Terminologies .......................................... 2
5.0 Introduction ........................................... 3
6.0 The SNMP Network Management Framework .................. 3
7.0 Overview of the Virtual Router MIB ..................... 4
7.1 Community based VR contexts ............................ 5
7.2 VR Indexing ............................................ 6
7.3 Creation and Deletion of VRs ........................... 7
7.4 VrAdminStatus and VrOperStatus ......................... 7
7.5 Binding interfaces to a VR ............................. 7
7.6 VR Failover Handling ................................... 7
7.7 Setting per VR limits .................................. 8
7.8 Per VR Statistics ...................................... 8
7.9 Internal Virtual Interfaces ............................ 8
7.10 Traps .................................................. 8
7.11 VPN Internet Access .................................... 9
7.12 Tunnel Configurations .................................. 9
7.13 Tunnel Keepalive mechanism ............................. 10
8.0 Sample VR MIB Configuration Scenario ................... 10
8.1 Creation of a BVR followed by an SVR ................... 10
8.2 Creation of a tunnel and attaching that to a SVR ....... 11
8.3 Creation of an IVL and and connecting two BVRs ......... 12
9.0 Definition of the Virual Router MIB..................... 12
10.0 Summary for Sub-IP Area ................................ 26
10.1 Where does it fit in the Picture of the Sub-IP Work .... 26
10.2 Why is it Targeted at this WG .......................... 27
10.3 Justification .......................................... 27
11.0 Security Considerations ................................ 27
12.0 Acknowledgments ........................................ 27
13.0 References ............................................. 27
14.0 Authors' Addresses ..................................... 28
4.0 Terminologies
Provider Edge Router (PE)
Service Providers usually have a backbone network, and there are
several edge devices to the backbone network that interface with
external devices. PE routers are such edge routers, and this MIB
is primarily designed to achieve Provider Provisioned VPNs.
Virtual Router (VR)
A Virtual Router emulates a physical instance of a router, and
services that are available with a regular router are made available
with a Virtual Router. Each VR has a separate routing and forwarding
table.
Elwin & Sam [Page 2]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
Subscriber Virtual Router (SVR)
These are VRs dedicated for a subscriber to achieve VPN service for
the subscriber. Note that SVR do not have a backbone by itself, but
it relies on the Service Provider's backbone for VPN connectivity.
Backbone Virtual Router (BVR)
Providers having backbone connectivity have a BVR, and a BVR can
support multiple SVRs.
Internal Virtual Interface (IVI)
IVIs are internal interfaces that are used to associate two VRs
together.
Internal Virtual Link (IVL)
These are virtual links that are created within a PE router primarily
to connect two VRs together. Each IVL has two corresponding IVI,
representing the two endpoints.
5.0 Introduction
Provider Provisioned VPNs can be achieved through different models.
This MIB is designed to help providers to provision their VPNs, for the
models that emulate a physical router for a VPN subscriber, by having
separate routing and forwarding tables.
Following are the goals, in defining this MIB:
- To have a means for Service Providers to provision VPN service for
subscribers, at the PE router.
- To make the agent-side implementation simple, by not modifying the
existing standard MIBs.
- Define all the glueing tables that are needed towards this.
6.0 The SNMP Network Management Framework
The SNMP Management Framework presently consists of five major
components:
o An overall architecture, described in RFC 2571 [1].
Elwin & Sam [Page 3]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
o Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in
STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 [4].
The second version, called SMIv2, is described in STD 58, which
consists of RFC 2578 [5], RFC 2579 [6] and RFC 2580 [7].
o Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1 and
described in STD 15, RFC 1157 [8]. A second version of the
SNMP message protocol, which is not an Internet standards track
protocol, is called SNMPv2c and described in RFC 1901 [9] and
RFC 1906 [10]. The third version of the message protocol is
called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and
RFC 2574 [12].
o Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in STD 15, RFC 1157 [8]. A second set of protocol
operations and associated PDU formats is described in RFC 1905
[13].
o A set of fundamental applications described in RFC 2573 [14]
and the view-based access control mechanism described in RFC
2575 [15].
A more detailed introduction to the current SNMP Management Framework
can be found in RFC 2570 [22].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the mechanisms defined in the SMI.
This memo specifies a MIB module that is compliant to the SMIv2. A
MIB conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (e.g., use of Counter64). Some machine
readable information in SMIv2 will be converted into textual
descriptions in SMIv1 during the translation process. However, this
loss of machine readable information is not considered to change the
semantics of the MIB.
7.0 Overview of the Virtual Router MIB
This section gives an overview of some of the underlying concepts in
this MIB.
Elwin & Sam [Page 4]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
7.1 SNMP Contexts for Management for Virtual Routers
There is a need for a single agent to manage multiple Backbone and
Subscriber Virtual Routers. The Architecture for describing Internet
Management Frameworks [RFC2571] provides a way to support such cases.
Managing multiple virtual routers requires that the management plane be
divided into logical management domains. A single IP Service Router
contains many virtual routers. Different management entities can manage
the virtual routers and services.
Using SNMP contexts to group a collection of management information
provides the following benefits.
(1) Uses a standard framework defined by the IETF, allowing the
product to remain flexible to all implementations of virtual
routing.
(a) Use SNMPv2c Community String's
(b) Use SNMPv3 contextName's
(2) Prevents vendors from adding an extra index into the standard
MIBs, allowing the implementation to remain standards compliant.
(3) Provides a framework that will work for RIP, OSPF, IS-IS, BGP,
IP-FORWARDING, MPLS, and other entities which can be
administratively grouped with a VR.
The SNMP context for the Virtual Routing Instance can be specfied in the
VrConfigTable. The VrContextName columnar object is used to set the
SNMPv2c Community String or the SNMPv3 contextName.
A management system using the SNMP context of a particular virtual
router can manage the virtual router without disrupting other virtual
routers in the same entity.
For example, the ospfAreaTable of vr01 is different from the
ospfAreaTable of vr09. Thus it emulates two different physical
routers supporting the OSPF-MIB.
Elwin & Sam [Page 5]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
+-----------------------------------------------------------------+
| +------------------------------------------------------------+ |
| | SNMP entity (including Engine, Applications) | |
| | | |
| | example contextNames: | |
| | | |
| | "vr01" "vr09" "admin" | |
| | --------- --------- ------------ | |
| | | | | | |
| +------|------------------|-------------------|--------------+ |
| | | | |
| +------|------------------|-------------------|--------------+ |
| | MIB | instrumentation | | | |
| | +---v------------+ +---v------------+ +----v-----------+ | |
| | | context=vr01 | | context=vr09 | | context=admin | | |
| | | | | | | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | | OSPF MIB | | | | OSPF MIB | | | | VR MIB | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | | | | | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | | BGP MIB | | | | BGP MIB | | | | ATM MIB | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | | | | | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | | IP MIB | | | | IP MIB | | | | ENTITY MIB | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | | | | | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | | other MIB | | | | other MIB | | | | IF MIB | | | |
| | | +------------+ | | +------------+ | | +------------+ | | |
| | | ... | | ... | | ... | | |
+-----------------------------------------------------------------+
7.2 VR Indexing
While the common router based MIB tables are instantiated with the
context specified using SNMP contexts there are few tables that are
defined with the VRID as index.
The VRID is of local significance to a particular PE switch, and need
not be globally unique. Thus a VRID of 100 may mean a particular VR
in one PE switch and can mean a different VR in another PE switch,
and both these switches could be managed by the same SNMP manager.
Elwin & Sam [Page 6]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
The VRID is a 4-octet value, and this value is assigned by the
management station. To aid the management station to assign a VRID
without conflict, the management station can get the
'NextAvailableVRID' from the PE Switch.
7.3 Creation and Deletion of VRs
The VR Config Table is used for this purpose. This is a read-create
table and adding an entry into this table will create a VR. Removing
an entry from this table marks the deletion of a VR.
VR0 is a VR that exists by itself, and need not be created. Deletion
of VR0 will not be permitted. VR0 belongs to the Internet VPN (ID = 0)
by default.
7.4 VrAdminStatus and VrOperStatus
VRs can be administratively turned down. When this is done, the
interfaces attached to the VR also remain unoperational, and no
packet forwarding takes place.
VrOperStatus denotes the operational status of a VR. Currently the
VrOperStatus is expected to change along the VrAdminStatus; however
other cases are to be added in this.
7.5 Binding interfaces to a VR
Interfaces are bound to a VR, using the VR If Config Table. This is
a read-write table, and note that interfaces are not created through
this table. For each interface present in the system, this table is
used to provide the maping from IfIndex to a unique VR. An interface
can not be attached to more than one VRs.
By default, all interfaces are attached to VR0.
7.6 VR Failover Handling
For load-balancing purposes, the control-plane of different VRs may
run on different processors. When this processor or associated
hardware fails, a secondary processor can be chosen, to continue
the VR functions. This is achieved by configuring 'Primary' and
'Secondary' VR Control Processors.
The VrPrimaryCP and VrSecondaryCP in VR Config Table is used for this
purpose.
There can be cases when these are preferred to be chosen dynamically,
using internal load-balancing algorithms. In this case, the VrPrimaryCP
and VrSecondaryCP are configured as NULL.
Elwin & Sam [Page 7]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
7.7 Setting per VR limits
VRs consume resources, and hence the following parameters defined in
the VR Config Table, are used to specify an upperbound of resource
utilization.
VrMaxRoutes
Specify the maximum number of routes that will be permitted in this
VR. This includes the statically configured routes, and the routes
learnt via dynamic routing protocols.
VrMaxKbps
Specify the maximum bandwidth that is permitted to enter the
backbone interfaces of this VR. Packets crossing this value can be
dropped.
7.8 Per VR Statistics
In addition to the regular VR instantiated MIB tables, there are some
per-VR statistics available through the VR Statistics Table. Example:
VrStatFibEntries
VrStatRouteEntries
VrStatCpuUtilization
7.9 Internal Virtual Interfaces
These interfaces connect one VR to another. This connection gets
created when a SVR is created. Eg, SVR is dependent on a BVR for
backbone connectivity. Thus when a SVR is created, an associated IVI
is created and attached to the corresponding BVR.
In the VR Config Table, the 'ParentVR' field is used to specify
this dependency. The SVRs have this field set to the corresponding
BVR, and BVR will have this field NULL.
IVIs could also be used to connect two backbone VRs. For this purpose
IVLs are created explicitly, through the IVL Config Table. First an
IVL needs to be defined in this table, that will generate the
two ends of the IVL as two IVIs which are IfIndex values. These two
interfaces are then attached to the two backbone VRs that are to be
connected together, using the VR If Config Table.
7.10 Traps
This memo defines that VrUp and VrDown traps are generated just after
VrOperStatus leaves, or just before it enters, the down state,
respectively.
(1) A transition into the down state will occur when an error is
Elwin & Sam [Page 8]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
detected on a VR instance. Error conditions are presumably
of great interest to network managers.
(2) Departing the down state generally indicates that the
VR is going to up, which is considered a "healthy" state.
An exception to the above generation of VrUp/VrDown traps on changes
in VrOperStatus, occurs when an VR is "flapping", i.e., when it is
rapidly oscillating between the up and down states. If traps were
generated for each such oscillation, the network and the network
management system would be flooded with unnecessary traps. In such a
situation, the agent should limit the rate at which it generates traps.
This memo defines that enabling and disabling the VR traps is achieved
by setting the VrTrapEnable to true(1) or false(2), respectively. By
default, this object should have the value true(1) for VR's which do
not operate as children of any other VR, and false(2) otherwise.
7.11 VPN Internet Access
The DefaultForwardingAction, a field in the VR Config Table, takes
the following values:
DROP_PACKETS (default value)
INTERNET_ACCESS (this will enable VPN Internet Access)
When a packet arrives from a subscriber interface, the destination IP
address is looked up in the corresponding SVR forwarding table. If
route for the destination is not found, based on the defaultForwarding
flag, the packet is either dropped, or attempted to be forwarded to the
Internet.
7.12 Tunnel Configurations
Tunnels are integral parts of SVRs, and these tunnels are configured
using the Tunnel Config Table defined in [RFC 2667]. Each tunnel or
session within the tunnel has a corresponding IfIndex value, called a
tunnel interface, that is generated within the PE switch. The interface
thus created could be used for routing decisions.
The tunnel configuration needs to be made within a BVR context in the
Tunnel Config Table, and the resultant tunnel interface obtained can be
attached to a SVR, using VR If Config Table. Note that the VR If Config
Table will be cofigured using the admin or root context.
The ConfigID in the Tunnel Config Table can correspond to SPI value, for
the case of IPSec based tunnels.
Elwin & Sam [Page 9]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
7.13 Tunnel Keepalive mechanism
There are additional parameters defined in the Extended Tunnel Config
Table, where Keepalive for tunnels could be configured and controlled.
The result of the keepalive mechanism are reflected as oper status in
the corresponding IfTable entry.
Following MIB variables are present in this table:
KeepaliveControl
This can be used to enable or disable keepalive on this tunnel.
KeepalivePeriod
This is the time in seconds between the keepalive messages.
KeepaliveTimeout
This is the timeout in seconds, to decide the tunnel is operationaly
down.
KeepaliveTimeoutAction
The actions could be a combination of:
NONE
GENERATE-TRAP
RE-ESTABLISH-TUNNEL
This table will be defined in a separate MIB.
8.0 Sample VR MIB Configuration Scenario
8.1 Creation of a BVR followed by an SVR
Creating BVR and SVR instances can be achieved using the following
example.
(1) Get the next available Virtual Router Id using the
NextAvailableVrId, to create a BVR:
Using a context with 'read' access for system level entities.
GetRequest { NextAvailableVrId.0 }
Response { NextAvailableVrId.0 = 5555 }
(2) In VrConfigTable, create BVR Instance using VrRowStatus:
Using a context with 'read-write' access for system level entities
SetRequest {
VrRowStatus.5555 createAndGo(4),
VrName.5555 "BigTelcoBVR",
VrParent.5555 0,
VrContextName.5555 "vr5555",
VrTrapEnable.5555 true(1),
VrPrimaryCP.5555 1,
Elwin & Sam [Page 10]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
VrSecondaryCP.5555 15,
VrAdminStatus.5555 up(1)
}
(3) Get the next available Virtual Router Id using the
NextAvailableVrId, to create a SVR:
Using a context with 'read' access for system level entities
GetRequest { NextAvailableVrId.0 }
Response { NextAvailableVrId.0 = 5556 }
(4) In VrConfigTable, create SVR Instance using VrRowStatus:
Using a context with 'read-write' access for system level entities
SetRequest {
VrRowStatus.5556 createAndGo(4),
VrName.5556 "BigTelcoSVR-01",
VrParent.5556 5555,
VrContextName.5556 "vr5556",
VrTrapEnable.5556 false(1),
VrPrimaryCP.5556 0,
VrSecondaryCP.5556 0,
VrAdminStatus.5556 up(1)
}
8.2 Creation of a tunnel [TUNNEL-MIB] and attaching that to a SVR
(1) In tunnelConfigTable, create a Tunnel Instance using
tunnelConfigStatus:
Using a context with 'read-write' access for the SVR
SetRequest {
tunnelConfigStatus.172.24.32.1.172.24.32.1.5.99 createAndGo(4)
}
(2) Get the Resultant tunnelConfigIfIndex from the above row creation:
Using a context with 'read' access for the SVR
GetRequest { tunnelConfigIfIndex.172.24.32.1.172.24.32.1.5.99 }
Response { tunnelConfigIfIndex.172.24.32.1.172.24.32.1.5.99 = 2025 }
(3) In the VrIfConfigTable, assign the tunnel the the SVR:
Using a context with 'read-write' access for system level entities
SetRequest {
VrIfNetPrefixType.2025 ospf(3),???
VrIfNetPrefix.2025 10.1.1.1,???
VrIfVrId.2025 5556
}
Elwin & Sam [Page 11]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
8.3 Creation of an IVL and and connecting two BVRs
<TBD>
9.0 Definition of the Virtual Router MIB
-- *****************************************************************
--
-- *****************************************************************
VIRTUAL-ROUTER-MIB DEFINITIONS ::= BEGIN
IMPORTS
InetAddressType
FROM INET-ADDRESS-MIB
InterfaceIndex
FROM IF-MIB
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF
experimental, IpAddress, Integer32, Unsigned32,
OBJECT-TYPE, MODULE-IDENTITY, Gauge32, TimeTicks,
NOTIFICATION-TYPE
FROM SNMPv2-SMI
TruthValue, TimeStamp, DisplayString, RowStatus,
TEXTUAL-CONVENTION
FROM SNMPv2-TC;
virtualRouterMIB MODULE-IDENTITY
LAST-UPDATED "200107101200Z"
ORGANIZATION
"Corona Networks Inc."
CONTACT-INFO
"Corona Networks Inc.
630 Alder Drive
Milpitas, CA 95035
USA
Tel: +1 408 519 3800
Fax: +1 408 519 3830
Email: sam@coronanetworks.com
elwinietf@yahoo.com"
DESCRIPTION
"The MIB is the definition of the managed
objects for the Virtual Router."
REVISION "200107101200Z"
DESCRIPTION
"Initial submission."
Elwin & Sam [Page 12]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
::= { experimental XXXX } -- To be assigned
--
-- Textual conventions
--
VrIndex ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Virtual Router Identifier."
SYNTAX Unsigned32
VpnIdentifier ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"RFC2685: The global VPN Identifier format is:
3 octet VPN authority Organizationally Unique Identifier
followed by
4 octet VPN index identifying VPN according to OUI"
SYNTAX OCTET STRING(SIZE (0..7))
RDType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A route distinguisher."
SYNTAX OCTET STRING(SIZE (0..256))
NetPrefixType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The type of network prefix for use in PE-CE Connections."
SYNTAX INTEGER
{ other(1),
rip(2),
ospf(3),
isis(4)
}
--
-- Node definitions
--
vrMIBObjects OBJECT IDENTIFIER ::= { virtualRouterMIB 1 }
vrConfig OBJECT IDENTIFIER ::= { vrMIBObjects 1 }
vrConfigScalars OBJECT IDENTIFIER ::= { vrConfig 1 }
vrConfigNextAvailableVrId OBJECT-TYPE
SYNTAX Unsigned32
Elwin & Sam [Page 13]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The next available Virtual Router Id (index).
This object provides a hint for the vrID value
to use when administratively creating a new
vrConfigEntry.
A GET of this object returns the next available vrId
value to be used to create an entry in the associated
vrConfigTable; or zero, if no valid vrId
value is available. A value of zero(0) indicates that
it is not possible to create a new vrConfigEntry
This object also returns a value of zero when it is the
lexicographic successor of a varbind presented in an
SNMP GETNEXT or GETBULK request, for which circumstance
it is assumed that ifIndex allocation is unintended.
Successive GETs will typically return different
values, thus avoiding collisions among cooperating
management clients seeking to create table entries
simultaneously.
Unless specified otherwise by its MAX-ACCESS and DESCRIPTION
clauses, an object of this type is read-only, and a SET of
such an object returns a notWritable error."
::= { vrConfigScalars 1 }
vrConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF VrConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is for creating new virtual routers."
::= { vrConfig 2 }
vrConfigEntry OBJECT-TYPE
SYNTAX VrConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The entries in this table can be added/deleted
using the vrRowStatus."
INDEX { vrId }
::= { vrConfigTable 1 }
VrConfigEntry ::=
SEQUENCE {
vrId
VrIndex,
Elwin & Sam [Page 14]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
vrName
DisplayString,
vrParent
VrIndex,
vrContextName
DisplayString,
vrTrapEnable
TruthValue,
vrPrimaryCP
Unsigned32,
vrSecondaryCP
Unsigned32,
vrMaxRoutes
Unsigned32,
vrMaxKbps
Unsigned32,
vrDefaultFwdAction
INTEGER,
vrBackboneVR
TruthValue,
vrAdminStatus
INTEGER,
vrOperStatus
INTEGER,
vrRowStatus
RowStatus,
vrVpnId
VpnIdentifier
}
vrId OBJECT-TYPE
SYNTAX VrIndex
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The unique id of this virtual router instance."
::= { vrConfigEntry 1 }
vrName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Name of the Virtual Router."
::= { vrConfigEntry 2 }
vrParent OBJECT-TYPE
SYNTAX VrIndex
MAX-ACCESS read-create
STATUS current
Elwin & Sam [Page 15]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
DESCRIPTION
"The 'corornaVrId' of the parent of this
virtual forwarding instance."
::= { vrConfigEntry 3 }
vrContextName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The SNMPv2 Community String or SNMPv3 contextName
denotes the VR 'context' and is used to logically
separate the MIB management.
RFC2571 and RFC2737 describe this approach."
::= { vrConfigEntry 4 }
vrTrapEnable OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This objects is used to enable the generation
of the VpnUp and VpnDown traps.
true(1) - VR/VPN Traps Enabled
false(2) - VR/VPN Traps Disabled
By default, this object should have the value true(1)
for VR's which do not operate as childen of any other VR,
and false(2) otherwise."
::= { vrConfigEntry 5 }
vrPrimaryCP OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object speficies the Primary CPU, Slot, or Entity to
run the VR Process."
::= { vrConfigEntry 6 }
vrSecondaryCP OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object speficies the Secondary CPU, Slot, or Entity
to run the VR Process."
::= { vrConfigEntry 7 }
vrMaxRoutes OBJECT-TYPE
Elwin & Sam [Page 16]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the maximum number of routes that
this VR can support."
::= { vrConfigEntry 8 }
vrMaxKbps OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the maximum bandwidth, in kbps,
that this VR can support."
::= { vrConfigEntry 9 }
vrDefaultFwdAction OBJECT-TYPE
SYNTAX INTEGER
{
internetAccess(1),
dropPackets(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If route for the destination is not found, based on
the defaultForwardingfla g, the packet is either dropped,
or attempted to be forwarded to the Internet. "
::= { vrConfigEntry 10 }
vrBackboneVR OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This objects is used to mark the VR as a Backbone VR
Virtual Router
true(1) - Backbone
false(2) - Not-Backbone
This object is used to determine if internal virtual
interfaces should be created. These IVI connect one VR
to another. This connection gets created when a SVR is
created. Eg, SVR is dependent on a BVR for backbone
connectivity. Thus when a SVR is created, an associated
IVI is created and attached to the corresponding BVR.
In the VR Config Table, the 'BackboneVR' field is used
to specify this dependency. The SVRs have this field
Elwin & Sam [Page 17]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
set to the corresponding BVR, and BVR will have this
field NULL."
::= { vrConfigEntry 11 }
vrAdminStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
unknown(3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The administrative state of the Virtual Router."
DEFVAL { down }
::= { vrConfigEntry 12 }
vrOperStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1),
down(2),
unknown(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The operational state of the Virtual Router."
::= { vrConfigEntry 13 }
vrRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status column has three defined values:
- `active', which indicates that the conceptual row is
available for use by the managed device;
- `createAndGo', which is supplied by a management
station wishing to create a new instance of a
conceptual row and to have its status automatically set
to active, making it available for use by the managed
device;
- `destroy', which is supplied by a management station
wishing to delete all of the instances associated with
an existing conceptual row.
"
::= { vrConfigEntry 14 }
Elwin & Sam [Page 18]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
vrVpnId OBJECT-TYPE
SYNTAX VpnIdentifier
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The Virtual Private Network Identifier of the Virtual
Router."
::= { vrConfigEntry 15 }
vrStat OBJECT IDENTIFIER ::= { vrMIBObjects 2 }
vrStatScalars OBJECT IDENTIFIER ::= { vrStat 1 }
vrConfiguredBVRs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of BVRs configured on this network element."
::= { vrStatScalars 1 }
vrActiveBVRs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of BVRs that are active on the network element.
These are BVRs for which the
vrStatOperationalStatus = up(1)"
::= { vrStatScalars 2 }
vrConfiguredSVRs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of SVRs configured on this network element."
::= { vrStatScalars 3 }
vrActiveSVRs OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of BVRs that are active on the network element.
These are BVRs for which the
vrStatOperationalStatus = up(1)"
::= { vrStatScalars 4 }
Elwin & Sam [Page 19]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
vrStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF VrStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains statistics for the Virtual Router."
::= { vrStat 2 }
vrStatEntry OBJECT-TYPE
SYNTAX VrStatEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entries in this table a per vrId."
INDEX { vrId }
::= { vrStatTable 1 }
VrStatEntry ::=
SEQUENCE {
vrStatRouteEntries
Unsigned32,
vrStatFIBEntries
Unsigned32,
vrStatUpTime
TimeTicks,
vrStatCpuUtil
Gauge32,
vrStatBwUtil
Unsigned32
}
vrStatRouteEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of routes for this VR."
::= { vrStatEntry 1 }
vrStatFIBEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of FIB Entries for this VR."
::= { vrStatEntry 2 }
vrStatUpTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
Elwin & Sam [Page 20]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
STATUS current
DESCRIPTION
"The time in (in hundredths of a second) since
this VRF entry has been operational."
::= { vrStatEntry 3 }
vrStatCpuUtil OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The overall CPU busy percentage in the last 5 minute
period."
::= { vrStatEntry 4 }
vrStatBwUtil OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The average total bandwidth utilization, in kpbs, in the
last 5 minute period."
::= { vrStatEntry 5 }
vrIfConfig OBJECT IDENTIFIER ::= { vrMIBObjects 3 }
vrIfConfigScalars OBJECT IDENTIFIER ::= { vrIfConfig 1 }
vrIfConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF VrIfConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is for confioguring VR Interfaces."
::= { vrIfConfig 1 }
vrIfConfigEntry OBJECT-TYPE
SYNTAX VrIfConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entries in this table correspond to the entries in
the ifTable that apply to the Virtual Router."
INDEX { vrIfId }
::= { vrIfConfigTable 1 }
VrIfConfigEntry ::=
Elwin & Sam [Page 21]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
SEQUENCE {
vrIfId
InterfaceIndex,
vrIfVrId
VrIndex,
vrIfNetPrefixType
NetPrefixType,
vrIfNetPrefix
IpAddress
}
vrIfId OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Virtual Router Interface Index."
::= { vrIfConfigEntry 1 }
vrIfVrId OBJECT-TYPE
SYNTAX VrIndex
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Denotes the VrIndex that this Interface is associated."
::= { vrIfConfigEntry 2 }
vrIfNetPrefixType OBJECT-TYPE
SYNTAX NetPrefixType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Denotes the type network prefix in use for the PE-CE
connections. If this value is set to rip(2), then the
operators should consult the value found in
vrIfNetPrefix. If the value is set to ospf(2),
the operator should consult vrIfNetPrefix.
If the value is set to isis(4), then
the administrator should see vrIfNetPrefix. In all
cases, when a particular value is selected, the other
remaining two values should ignored as their values
MAY be invalid."
::= { vrIfConfigEntry 3 }
vrIfNetPrefix OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Denotes the network prefix for the PE-CE connections."
Elwin & Sam [Page 22]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
::= { vrIfConfigEntry 4 }
vrIVLConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF VrIVLConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table is for creating Internal Virtual Links."
::= { vrIfConfig 3 }
vrIVLConfigEntry OBJECT-TYPE
SYNTAX VrIVLConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Creating/Deleting IVL in this table adds/removes
entries in the ifTable."
INDEX { vrIVLIndex }
::= { vrIVLConfigTable 1 }
VrIVLConfigEntry ::=
SEQUENCE {
vrIVLIndex
Unsigned32,
vrIVLName
DisplayString,
vrIVLInterfaceA
InterfaceIndex,
vrIVLInterfaceB
InterfaceIndex,
vrIVLRowStatus
RowStatus
}
vrIVLIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The IVL Index"
::= { vrIVLConfigEntry 1 }
vrIVLName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The name representing the IVL."
::= { vrIVLConfigEntry 2 }
Elwin & Sam [Page 23]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
vrIVLInterfaceA OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Interface associated with the one endpoint
of the IVL."
::= { vrIVLConfigEntry 3 }
vrIVLInterfaceB OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Interface associated with the second endpoint
of the IVL."
::= { vrIVLConfigEntry 4 }
vrIVLRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"See SNMPv2-TC MIB"
::= { vrIVLConfigEntry 5 }
vrNotificationsPrefix OBJECT IDENTIFIER ::= { virtualRouterMIB 2 }
vrNotifications OBJECT IDENTIFIER ::= { vrNotificationsPrefix 0 }
vrUp NOTIFICATION-TYPE
OBJECTS { vrId }
STATUS current
DESCRIPTION
"This notification is generated when the specified
VR is about to initialized or change the status from
down to up."
::= { vrNotifications 1 }
vrDown NOTIFICATION-TYPE
OBJECTS { vrId }
STATUS current
DESCRIPTION
"This notification is generated when the specified
VR is about to go down."
::= { vrNotifications 2 }
vrMaxRoutesExceeded NOTIFICATION-TYPE
OBJECTS { vrId, vrMaxRoutes, vrStatRouteEntries }
Elwin & Sam [Page 24]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
STATUS current
DESCRIPTION
"This notification is generated when the specified VR has
exceeded the maximum number of routes specified"
::= { vrNotifications 3 }
vrMaxKbpsExceeded NOTIFICATION-TYPE
OBJECTS { vrId, vrMaxKbps, vrStatBwUtil }
STATUS current
DESCRIPTION
"This notification is generated when the specified VR has
exceeded the maximum bandwidth specified."
::= { vrNotifications 4 }
vrConformance OBJECT IDENTIFIER ::= { virtualRouterMIB 3 }
vrCompliances OBJECT IDENTIFIER ::= { vrConformance 1 }
vrMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for entities that implement the
VIRTUAL-ROUTER-MIB. Implementation of this MIB
is strongly recommended for any platform targeted for a
carrier-class environment."
MODULE -- this module
MANDATORY-GROUPS { vrConfigGroup, vrIfGroup}
::= { vrCompliances 1 }
vrGroups OBJECT IDENTIFIER ::= { vrConformance 2 }
vrConfigGroup OBJECT-GROUP
OBJECTS { vrName, vrParent,
vrContextName,
vrTrapEnable, vrPrimaryCP,
vrSecondaryCP, vrMaxRoutes,
vrMaxKbps, vrAdminStatus,
vrOperStatus, vrRowStatus,
vrBackboneVR, vrDefaultFwdAction,
vrConfigNextAvailableVrId }
STATUS current
DESCRIPTION
"A collection of attributes that support provisioning of a
virtual router."
::= { vrGroups 1 }
vrStatGroup OBJECT-GROUP
OBJECTS { vrStatRouteEntries, vrStatFIBEntries,
vrStatUpTime, vrStatCpuUtil,
Elwin & Sam [Page 25]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
vrStatBwUtil }
STATUS current
DESCRIPTION
"A collection of attributes that contain stats about the
virtual router."
::= { vrGroups 2 }
vrIfGroup OBJECT-GROUP
OBJECTS { vrIfId, vrIfVrId,
vrIfNetPrefixType, vrIfNetPrefix}
STATUS current
DESCRIPTION
"A collection of attributes that support provisioning of a
virtual router interfaces."
::= { vrGroups 3 }
vrIVLGroup OBJECT-GROUP
OBJECTS { vrIVLInterfaceA, vrIVLInterfaceB,
vrIVLRowStatus }
STATUS current
DESCRIPTION
"A collection of attributes that support provisioning of a
virtual router IVL's."
::= { vrGroups 4 }
vrNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { vrUp, vrDown,
vrMaxRoutesExceeded,
vrMaxKbpsExceeded }
STATUS current
DESCRIPTION
"A collection of traps that are supported by the VR"
::= { vrGroups 5 }
END
--
-- VIRTUAL-ROUTER-MIB.mib
--
10.0 Summary for Sub-IP Area
This draft defines a MIB that provides a way to provision VPNs at
the PE routers having virtual routers.
10.1 Where does it fit in the Picture of the Sub-IP Work
This work fits in the PPVPN Working Group.
Elwin & Sam [Page 26]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
10.2 Why is it Targeted at this WG
The WG is chartered with developing Provider Provisioned VPN
solutions. This draft contributes to this.
10.3 Justification
The WG should consider this document since it provides a means to
configure and manage Virtual Router based PPVPNs.
11.0 Security Considerations
TBD
12.0 Acknowledgments
13.0 References
[1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for
Describing SNMP Management Frameworks", RFC 2571, April 1999.
[2] Rose, M. and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based Internets", STD 16, RFC
1155, May 1990.
[3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16,
RFC 1212, March 1991.
[4] Rose, M., "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991.
[5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
M. and S. Waldbusser, "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58,
RFC 2579, April 1999.
[7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose,
M. and S. Waldbusser, "Conformance Statements for SMIv2", STD
58, RFC 2580, April 1999.
[8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple
Elwin & Sam [Page 27]
draft-ietf-ppvpn-vr-mib-00 Virtual Router MIB July 2001
Network Management Protocol", STD 15, RFC 1157, May 1990.
[9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901, January
1996.
[10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport
Mappings for Version 2 of the Simple Network Management Protocol
(SNMPv2)", RFC 1906, January 1996
[15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
Control Model (VACM) for the Simple Network Management Protocol
(SNMP)", RFC 2575, January 1998.
[16] Bradner, S., "Key words for use in RFCs to Indicate Requirements
Levels", BCP 14, RFC 2119, March 1997.
[17] Ouldbrahim's VR draft, "Network Based IP VPN Architecture Using
Virtual Routers", draft-ouldbrahim-vpn-vr-01.txt
[18] RFC 2685, "Virtual Private Networks Identifier"
[19] RFC 2764, "A Framework for IP Based Vitual Private Networks"
[20] RFC 2547bis, "BGP/MPLS VPNs", draft-rosen-rfc2547bis-03.txt
[21] "BGP/IPsec VPN", draft-declercq-bgp-ipsec-vpn-00.txt
[22] RFC 2667, "IP Tunnel MIB"
14.0 Authors' Addresses
Elwin Stelzer Eliazer
Corona Networks, Inc.
630 Alder Drive
Milpitas, CA 95035
Phone: 408-519-3832
Email: elwinietf@yahoo.com
Samuel Hancock
Corona Networks, Inc.
630 Alder Drive
Milpitas, CA 95035
Phone: 408-519-3800 Ext 421
Email: sam@coronanetworks.com
Elwin & Sam [Page 28]
