IPCDN Working Group
INTERNET DRAFT Doug Jones, Ed.
draft-jones-cable-gateway-device-mib-00 YAS Broadband
Expires April 2003 October, 2002
Cable Gateway Device MIB
Cable Gateway Device Management Information Base
for CableHome Compliant WAN Gateway Devices
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it defines a basic set of managed objects for SNMP-
based management of CableHome compliant WAN Gateway Devices and home
routers.
This memo specifies a MIB module in a manner that is compliant to the
SNMP SMIv2 [5][6][7]. The set of objects is consistent with the SNMP
framework and existing SNMP standards.
This memo is a product of the IPCDN working group within the Internet
Engineering Task Force. Comments are solicited and should be
addressed to the working group's mailing list at ipcdn@ietf.org
and/or the editor.
Jones Expires April 2003 [Page 1]
Internet Draft Cable Gateway Device MIB October 2002
Table of Contents
1 The SNMP Management Framework ................................... 3
2 Glossary ........................................................ 4
2.1 Cable Gateway Device .......................................... 4
2.2 Portal Services ............................................... 4
2.3 WAN-Management ................................................ 4
2.4 WAN-Data ...................................................... 4
3 Overview ........................................................ 4
3.1 Structure of the MIB .......................................... 4
3.2 Management requirements ....................................... 5
3.2.1 Portal Services device-specific parameters .................. 5
3.2.2 Portal Services provisioning paramters ...................... 5
3.2.3 Portal Services notification objects ........................ 6
4 Definitions ..................................................... 6
5 Acknowledgments ................................................ 20
6 References ..................................................... 20
7 Security Considerations ........................................ 21
8 Intellectual Property .......................................... 22
9 Author's Address ............................................... 23
10 Full Copyright Statement ...................................... 23
Jones Expires April 2003 [Page 2]
Internet Draft Cable Gateway Device MIB October 2002
1. The SNMP Management Framework
The SNMP Management Framework presently consists of five major
components:
o An overall architecture, described in RFC 2571 [1].
o Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in STD
16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 [4]. The
second version, called SMIv2, is described in STD 58, RFC 2578
[5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7].
o Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1 and
described in STD 15, RFC 1157 [8]. A second version of the SNMP
message protocol, which is not an Internet standards track
protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC
1906 [10]. The third version of the message protocol is called
SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574
[12].
o Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in STD 15, RFC 1157 [8]. A second set of protocol
operations and associated PDU formats is described in RFC 1905
[13].
o A set of fundamental applications described in RFC 2573 [14] and
the view-based access control mechanism described in RFC 2575
[15].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the mechanisms defined in the SMI.
This memo specifies a MIB module that is compliant to the SMIv2. A
MIB conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the
MIB.
Jones Expires April 2003 [Page 3]
Internet Draft Cable Gateway Device MIB October 2002
2. Glossary
The terms in this document are derived either from normal cable
system usage, or from the documents associated with CableLabs'
CableHome specification process.
2.1. Cable Gateway Device
A cable gateway device passes data traffic between the cable
operator's broadband data network (the Wide Area Network, WAN) and
the Local Area Network (LAN) in the cable data service subscriber's
residence or business. In addition to passing traffic between the
WAN and LAN, the cable gateway device provides several services
including a DHCP client and a DHCP server [RFC2131], a TFTP server
[RFC1350], management services as enabled by SNMPv1/v2c/v3 agent
compliant with the RFCs listed in Section 1, and security services
including stateful packet inspection firewall functionality and
software code image verification using techniques described in
[RFC3280].
2.2 Portal Services (PS)
A logical element aggregating the set of CableHome-specified
functionality in a CableHome compliant cable gateway device. The
Portal Services set of functions is described in [16].
2.3. WAN-Management (WAN-Man)
The Portal Services interface to the cable operator's data network,
also referred to in [16] as the Wide Area Network (WAN),
specifically intended for the exchange of management messages
between the PS and the cable operator's network management entity.
2.4 WAN-Data
The Portal Services interface to the cable operator's data network
specifically intended for the exchange of user data between the PS
and host devices accessible via the public Internet.
3. Overview
This MIB provides a set of objects required for the management of
CableHome compliant residential gateway devices. The specification
is derived from the CableHome 1.0 specifications [16]. Please note
that the CableHome 1.0 specification requires residential gateways
to implement SNMPv1, SNMPv2c, and SNMPv3 and to process IPv4
customer traffic. Design choices in this MIB reflect those
requirements.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [17].
3.1. Structure of the MIB
This MIB is structured into three groups:
Jones Expires April 2003 [Page 4]
Internet Draft Cable Gateway Device MIB October 2002
o The cabhPsDevBase group extends the CableLabs projects-
CableHome group with objects needed to implement and
configure the CableHome Portal Services set of functions.
o The cabhPsDevProv Group provides objects allowing the
manager to configure residential gateway device provisioning
parameters.
o The cabhPsNotification group provides SNMP notification
objects for the reporting of Portal Services status and
exception conditions.
3.2. Management requirements
3.2.1. Portal Services device-specific parameters
The PsDevBase group consists largely of read-only parameters
providing information specific to the device, primarily for
identification purposes. By reading these parameters the device
manager can gain unique identification information about the cable
gateway device in which the Portal Services set of functions
resides.
In addition to device-specific identification parameters the
PsDevBase group provides device-specific provisioning and operating
parameters such as the current date and time and time of day
synchronization status indicator.
The PsDevBase group also includes manager-controlled parameters
enabling the reset of the Portal Services functionality and enabling
the reset of cable gateway device MIB objects to their default
values without resetting all Portal Services functionality.
3.2.2 Portal Services provisioning parameters
The second group of OIDs in the Cable Gateway Device MIB, the
PsDevProv group, includes parameters required by Portal Services
functions that are responsible for provisioning processes,
particularly the Portal Services configuration file download
processes.
The provisioning process, described in Section 13 of [16], is timed
so that it does not get stuck waiting for a failed process to
complete. The timeout value for the provisioning process is
configurable by the manager but has a default value of 5 minutes.
When the Portal Services is configured to operate in the DHCP
Provisioning mode as described in Section 5.5 and Section 7.1.1 of
[16], it is required to download via TFTP a file containing zero or
more configuration parameters. The name in URL format and location
of this configuration file are passed to the Portal Services in a
DHCP Option field. The file name and location are stored in
PsDevProv objects for retrieval by the manager using the management
messaging interface between the manager's console and the Portal
Services element. Also stored are the length of the configuration
Jones Expires April 2003 [Page 5]
Internet Draft Cable Gateway Device MIB October 2002
file and the number of Type-Length-Value (TLV) fields passed in the
configuration file, and the number of those TLV fields that were
rejected by the configuration file processing function. These
parameters allow the manager to verify that configuration parameters
he or she passed to the Portal Services element were received and
processed correctly.
Integrity of the Portal Services configuration file is verified
through the use of a SHA-1 hash value. This process is described in
Section 7.3.3.3.1 in [16]. The hash value used to verify the
integrity of the configuration file is stored and is accessible to
the manager via an object of the PsDevProv group.
The PsDevProv group also includes status parameters such as an
indication about the progress of the provisioning process, the
configuration file name and location (URL format), hash value for
configuration file integrity checking, and the size of the
configuration file. The PsDevProv group also includes statistics
variables for keeping track of the number of Type-Length-Value (TLV)
objects passed in the configuration file, that the PS processed and
that were rejected. This group also contains objects for keeping
track of whether the file was authenticated, and an object to store
the timeout value for the authentication process key exchange.
The location of the Time of Day server, passed from the cable data
network DHCP server to the Portal Services element in a DHCP option
code, is stored by the Portal Services and accessible to the manager
via an object in the PsDevProv group.
3.2.3. Portal Services Notification objects
The Portal Services element is required to report about exception
conditions that occur as well as to report on the status of certain
parameters. CableHome specifications defines four ways to report
these events: SNMP trap as defined in [RFC1157] or SNMP notification
described in [RFC2571] and [RFC2572], reporting to a SYSLOG server,
writing to a volatile local log, or writing to a nonvolatile local
log. Local log information is accessible to the manager via the
DOCSIS device MIB [RFC2669]. The CableHome event reporting process
is described in Section 6.5 of [16], and defined events are listed
in Appendix II Format and Content for Event, SYSLOG and SNMP Trap,
in the same reference.
4. Definitions
CABH-PS-DEV-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Integer32,
NOTIFICATION-TYPE
FROM SNMPv2-SMI
Jones Expires April 2003 [Page 6]
Internet Draft Cable Gateway Device MIB October 2002
TruthValue,
PhysAddress,
DateAndTime,
TEXTUAL-CONVENTION
FROM SNMPv2-TC
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
OBJECT-GROUP,
MODULE-COMPLIANCE,
NOTIFICATION-GROUP FROM SNMPv2-CONF
InetAddressType,
InetAddress
FROM INET-ADDRESS-MIB
docsDevSwCurrentVers,
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
docsDevSwFilename,
docsDevSwServer FROM DOCS-CABLE-DEVICE-MIB -- RFC2669
cabhCdpServerDhcpAddress,
cabhCdpWanDataAddrClientId,
cabhCdpLanTransThreshold,
cabhCdpLanTransCurCount FROM CABH-CDP-MIB
clabProjCableHome FROM CLAB-DEF-MIB;
--============================================================================
--
-- History:
--
-- Date Modified by Reason
-- 04/05/02 Issued I01
-- 09/20/02 Issued I02
-- 10/25/02 IETF I-D revisions
--
--=============================================================================
cabhPsDevMib MODULE-IDENTITY
LAST-UPDATED "200210250000Z" -- October 25, 2002
ORGANIZATION "CableLabs Broadband Access Department"
CONTACT-INFO
"Kevin Luehrs
Postal: Cable Television Laboratories, Inc.
400 Centennial Parkway
Louisville, Colorado 80027-1266
U.S.A.
Phone: +1 303-661-9100
Fax: +1 303-661-9199
E-mail: k.luehrs@cablelabs.com"
Jones Expires April 2003 [Page 7]
Internet Draft Cable Gateway Device MIB October 2002
DESCRIPTION
"This MIB module supplies the basic management objects
for the PS Device. The PS device parameter describe
general PS Device attributes and behavior characteristics.
Most the PS Device MIB is need for configuration download.
Acknowledgements:
Roy Spitzer - Consultant to CableLabs
Mike Mannette - Consultant to CableLabs
Itay Sherman - Texas Instruments
Chris Zacker - Broadcom
Rick Vetter - Consultant to CableLabs "
::= { clabProjCableHome 1 }
-- Textual conventions
X509Certificate ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An X509 digital certificate encoded as an ASN.1 DER object."
SYNTAX OCTET STRING (SIZE (0..4096))
cabhPsDevMibObjects OBJECT IDENTIFIER ::= { cabhPsDevMib 1 }
cabhPsDevBase OBJECT IDENTIFIER ::= { cabhPsDevMibObjects 1 }
cabhPsDevProv OBJECT IDENTIFIER ::= { cabhPsDevMibObjects 2 }
--
-- The following group describes the base objects in the PS.
-- These are device based parameters.
--
cabhPsDevDateTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The date and time, with optional timezone
information."
::= { cabhPsDevBase 1 }
cabhPsDevResetNow OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to true(1) causes the stand-alone or
embedded PS functions to reboot. Device code initializes as
if starting from a power-on reset. MIB object values persist
as specified in Appendix I of the CableHome 1.0
specification. Reading this object always returns false(2)."
::= { cabhPsDevBase 2 }
cabhPsDevSerialNumber OBJECT-TYPE
Jones Expires April 2003 [Page 8]
Internet Draft Cable Gateway Device MIB October 2002
SYNTAX SnmpAdminString (SIZE (0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The manufacturer's serial number for the Cable Gateway
device implementing this Portal Services element. This
parameter is manufacturer provided and is stored in non-
volatile memory."
::= { cabhPsDevBase 3 }
cabhPsDevHardwareVersion OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..48))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The manufacturer's hardware version for the Cable Gateway
device implementing this Portal Services elemenet. This
parameter is manufacturer provided and is stored in non-
volatile memory."
::= { cabhPsDevBase 4 }
cabhPsDevWanManMacAddress OBJECT-TYPE
SYNTAX PhysAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The PS WAN-Man MAC address. This is the PS hardware address
to be used to uniquely identify the PS to the cable data
network DHCP server for the acquisition of an IP address to
be used for management messaging between the cable network
management entity and the Portal Services element."
::= { cabhPsDevBase 5 }
cabhPsDevWanDataMacAddress OBJECT-TYPE
SYNTAX PhysAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The PS WAN-Data hardware address. The CableHome Portal
Services supports acquisition of zero or more globally-
routable IP addresses to map to private IP addresses in the
data service subscriber's LAN. The Portal Services could have
multiple WAN-Data Interfaces, which share the same hardware
address. In the case of two or more WAN-Data Interfaces, the
client identifiers provided in DHCP Option Code 61 of the
DHCP OFFER message issued by the PS will be unique so that
each WAN-Data Interface may be assigned a unique WAN-Data IP
address."
::= { cabhPsDevBase 6 }
cabhPsDevTypeIdentifier OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
Jones Expires April 2003 [Page 9]
Internet Draft Cable Gateway Device MIB October 2002
DESCRIPTION
"This is a copy of the device type identifier used in the
DHCP option 60 exchanged between the PS and the DHCP
server."
::= { cabhPsDevBase 7 }
cabhPsDevSetToFactory OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Setting this object to true(1) sets all PsDev MIB objects
to the factory default values. Reading this object always
returns false(2)."
::= { cabhPsDevBase 8 }
cabhPsDevTodSyncStatus OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates whether the PS was able to
successfully synchronize with the Time of Day (ToD)
Server in the cable network. The PS sets this object
to true(1) if the PS successfully synchronizes its time
with the ToD server. The PS sets this object to
false(2) if the PS does not successfully synchronize
with the ToD server"
DEFVAL { false }
::= { cabhPsDevBase 9 }
cabhPsDevProvMode OBJECT-TYPE
SYNTAX INTEGER
{
dhcpmode(1),
snmpmode(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the provisioning mode in which the
PS is operating. If the PS is operating in DHCP Provisioning
Mode as described in the CableHome 1.0 specification, the PS
sets this object to dhcpmode(1). If the PS is operating in
SNMP Provisioning Mode, the PS sets this object to
snmpmode(2)."
::={ cabhPsDevBase 10 }
--
-- The following group defines Provisioning Specific parameters
--
Jones Expires April 2003 [Page 10]
Internet Draft Cable Gateway Device MIB October 2002
cabhPsDevProvisioningTimer OBJECT-TYPE
SYNTAX INTEGER (0..16383)
UNITS "minutes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object enables the user to set the duration of the
provisioning timeout timer. The provisioning timeout timer
is intended to act as a watchdog timer for the PS
provisioning process. If it expires before the PS
provisioning process completes, the PS is required to repeat
its initialization process. Setting the timer to 0 disables
the provisioning timeout timer."
DEFVAL {5}
::= {cabhPsDevProv 1}
cabhPsDevProvConfigFile OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..128))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The URL of the TFTP host for downloading provisioning
and configuration parameters to this device. Returns NULL
if the server address is unknown."
::= { cabhPsDevProv 2 }
cabhPsDevProvConfigHash OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(20))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Hash of the contents of the config file, calculated and
sent to the PS prior to sending the config file. For the
SHA-1 authentication algorithm the hash length is 160 bits."
::= { cabhPsDevProv 3 }
cabhPsDevProvConfigFileSize OBJECT-TYPE
SYNTAX Integer32
UNITS "bytes"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of the configuration file in bytes, including
the end of file marker."
::={ cabhPsDevProv 4 }
cabhPsDevProvConfigFileStatus OBJECT-TYPE
SYNTAX INTEGER
{
idle (1),
busy (2)
}
Jones Expires April 2003 [Page 11]
Internet Draft Cable Gateway Device MIB October 2002
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the current status of the
configuration file download process. It is provided to
indicate to the management entity that the PS will reject PS
Configuration File triggers (set request to
cabhPsDevProvConfigFile) when busy."
::={ cabhPsDevProv 5 }
cabhPsDevProvConfigTLVProcessed OBJECT-TYPE
SYNTAX INTEGER (0..16383)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of TLVs processed in config file."
::={ cabhPsDevProv 6 }
cabhPsDevProvConfigTLVRejected OBJECT-TYPE
SYNTAX INTEGER (0..16383)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of TLVs rejected in config file."
::={ cabhPsDevProv 7 }
cabhPsDevProvSolicitedKeyTimeout OBJECT-TYPE
SYNTAX Integer32 (15..600)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This timeout applies only when the Provisioning Server
initiated key management (with a Wake Up message) for SNMPv3.
It is the period during which the PS will save a number
(inside the sequence number field) from the sent out AP
Request and wait for the matching AP Reply from the
Provisioning Server."
DEFVAL { 120 }
::= { cabhPsDevProv 8 }
cabhPsDevProvState OBJECT-TYPE
SYNTAX INTEGER
{
pass (1),
inProgress (2),
fail (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the completion state of the PS
initialization process. Pass or Fail states occur after
completion of the initialization flow. InProgress occurs
Jones Expires April 2003 [Page 12]
Internet Draft Cable Gateway Device MIB October 2002
from PS initialization start to PS initialization end."
::= { cabhPsDevProv 9 }
cabhPsDevProvAuthState OBJECT-TYPE
SYNTAX INTEGER
{
accepted (1),
rejected (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the authentication state
of the configuration file."
::= { cabhPsDevProv 10 }
cabhPsDevTimeServerAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address type of the Time server (RFC-868).
IP version 4 is typically used."
::= { cabhPsDevProv 11 }
cabhPsDevTimeServerAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address of the Time server (RFC-868). Returns
0.0.0.0 if the time server IP address is unknown."
::= { cabhPsDevProv 12 }
--
-- notification group is for future extension.
--
cabhPsNotification OBJECT IDENTIFIER ::= { cabhPsDevMib 2 0 }
cabhPsConformance OBJECT IDENTIFIER ::= { cabhPsDevMib 3 }
cabhPsCompliances OBJECT IDENTIFIER ::= { cabhPsConformance 1 }
cabhPsGroups OBJECT IDENTIFIER ::= { cabhPsConformance 2 }
--
-- Notification Group
--
cabhPsDevInitTLVUnknownTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress
Jones Expires April 2003 [Page 13]
Internet Draft Cable Gateway Device MIB October 2002
}
STATUS current
DESCRIPTION
"Event due to detection of unknown TLV during
the TLV parsing process. The values of docsDevEvLevel,
docsDevId, and docsDevEvText are from the entry which logs
this event in the docsDevEventTable. The value of
cabhPsDevWanManMacAddress indicates the WAN-Man MAC address
of the PS.
"
::= { cabhPsNotification 1 }
cabhPsDevInitTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress,
cabhPsDevProvConfigFile,
cabhPsDevProvConfigTLVProcessed,
cabhPsDevProvConfigTLVRejected
}
STATUS current
DESCRIPTION
"This inform is issued to confirm the successful completion
of the CableHome provisioning process.
"
::= { cabhPsNotification 2 }
cabhPsDevInitRetryTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress
}
STATUS current
DESCRIPTION
"An event to report a failure during the PS initialization
process.
"
::= { cabhPsNotification 3 }
cabhPsDevDHCPFailTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress,
cabhCdpServerDhcpAddress
}
STATUS current
DESCRIPTION
Jones Expires April 2003 [Page 14]
Internet Draft Cable Gateway Device MIB October 2002
"An event to report the failure of the PS to successfully
complete message exchange with a DHCP server on its WAN-Man
interface. The value of cabhCdpServerDhcpAddress is the IP
address of the DHCP server.
"
::= { cabhPsNotification 4 }
cabhPsDevSwUpgradeInitTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress,
docsDevSwFilename,
docsDevSwServer
}
STATUS current
DESCRIPTION
"An event to report a software upgrade initiated
event. The values of docsDevSwFilename, and
docsDevSwServer indicate the software image name and the
server IP address the image is from. This trap is only
issued by a PS if the PS is not embedded with a cable modem.
Software upgrade for a PS embedded with a cable modem is
initiated and controlled by the cable modem software.
"
::= { cabhPsNotification 5 }
cabhPsDevSwUpgradeFailTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress,
docsDevSwFilename,
docsDevSwServer
}
STATUS current
DESCRIPTION
"An event to report the failure of a software upgrade
attempt. The values of docsDevSwFilename, and
docsDevSwServer indicate the software image name
and the server IP address the image is from.
"
::= { cabhPsNotification 6 }
cabhPsDevSwUpgradeSuccessTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress,
docsDevSwFilename,
docsDevSwServer
}
Jones Expires April 2003 [Page 15]
Internet Draft Cable Gateway Device MIB October 2002
STATUS current
DESCRIPTION
"An event to report the Software upgrade success event. The
values of docsDevSwFilename, and docsDevSwServer indicate the
software image name and the IP address of the TFTP server on
which the software image is stored.
"
::= { cabhPsNotification 7 }
cabhPsDevSwUpgradeCVCFailTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress
}
STATUS current
DESCRIPTION
"An event to report the failure of the software image
verification during a secure software upgrade attempt.
"
::= { cabhPsNotification 8 }
cabhPsDevTODFailTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevTimeServerAddr,
cabhPsDevWanManMacAddress
}
STATUS current
DESCRIPTION
"An event to report the failure of a time of day server.
The value of cabhPsDevTimeServerAddr indicates the time
server's IP address.
"
::= { cabhPsNotification 9 }
cabhPsDevCdpWanDataIpTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhCdpWanDataAddrClientId,
cabhPsDevWanManMacAddress
}
STATUS current
DESCRIPTION
"An event to report the failure of PS to obtain all needed
WAN-Data IP addresses. The PS is configured by the manager
for the number of WAN-Data IP address leases it is required
Jones Expires April 2003 [Page 16]
Internet Draft Cable Gateway Device MIB October 2002
to acquire. If the PS is unable to acquire the configured
number of leases it reports the error using this trap. The
object cabhCdpWanDataAddrClientId indicates the ClientId for
which the failure occurred.
"
::= { cabhPsNotification 10 }
cabhPsDevCdpThresholdTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress,
cabhCdpLanTransThreshold
}
STATUS current
DESCRIPTION
"An event to report that the LAN-Trans threshold has been
exceeded. The LAN-Trans threshold is a parameter defined in
the Cable Gateway Configuration MIB that enables the manager
to manage the Cable Gateway address configuration.
"
::= { cabhPsNotification 11 }
cabhPsDevCspTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress
}
STATUS current
DESCRIPTION
"To report an event with the CableHome Security Portal.
This includes reporting on firewall hacker attacks, changes
in firewall parameters, and problems with transferring the
firewall policy file via TFTP.
"
::= { cabhPsNotification 12 }
cabhPsDevCapTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress
}
STATUS current
DESCRIPTION
"To report an event with the CableHome Address Portal (CAP).
CAP events include reporting on problems with creating
network address mappings.
"
::= { cabhPsNotification 13 }
Jones Expires April 2003 [Page 17]
Internet Draft Cable Gateway Device MIB October 2002
cabhPsDevCtpTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress
}
STATUS current
DESCRIPTION
"To report an event with the CableHome Test Portal (CTP).
CTP events include status of remote diagnostic tests
executed by the PS at the direction of the manager.
"
::= { cabhPsNotification 14 }
cabhPsDevProvEnrollTrap NOTIFICATION-TYPE
OBJECTS {
cabhPsDevHardwareVersion,
docsDevSwCurrentVers,
cabhPsDevTypeIdentifier,
cabhPsDevWanManMacAddress,
cabhPsDevProvCorrelationId
}
STATUS current
DESCRIPTION
"This inform is issued to enroll the PS with the SNMPv3
management entity in the cable operator's network.
"
REFERENCE
"Inform as defined in RFC 1902"
::= { cabhPsNotification 15 }
cabhPsDevCdpLanIpPoolTrap NOTIFICATION-TYPE
OBJECTS {
docsDevEvLevel,
docsDevEvId,
docsDevEvText,
cabhPsDevWanManMacAddress,
cabhCdpLanTransCurCount
}
STATUS current
DESCRIPTION
"An event to report that the pool of IP addresses for LAN
clients, as defined by cabh CdpLanPoolStart and
cabhCdpLanPoolEnd, is exhausted.
"
::= { cabhPsNotification 16}
-- compliance statements
cabhPsBasicCompliance MODULE-COMPLIANCE
STATUS current
Jones Expires April 2003 [Page 18]
Internet Draft Cable Gateway Device MIB October 2002
DESCRIPTION
"The compliance statement for devices that implement
the CableHome Portal Services functionality.
"
MODULE --cabhPsMib
-- unconditionally mandatory groups
MANDATORY-GROUPS {
cabhPsGroup
}
::= { cabhPsCompliances 1}
cabhPsGroup OBJECT-GROUP
OBJECTS {
cabhPsDevDateTime,
cabhPsDevResetNow,
cabhPsDevSerialNumber,
cabhPsDevHardwareVersion,
cabhPsDevWanManMacAddress,
cabhPsDevWanDataMacAddress,
cabhPsDevTypeIdentifier,
cabhPsDevSetToFactory,
cabhPsDevTodSyncStatus,
cabhPsDevProvMode,
cabhPsDevProvisioningTimer,
cabhPsDevProvConfigFile,
cabhPsDevProvConfigHash,
cabhPsDevProvConfigFileSize,
cabhPsDevProvConfigFileStatus,
cabhPsDevProvConfigTLVProcessed,
cabhPsDevProvConfigTLVRejected,
cabhPsDevProvSolicitedKeyTimeout,
cabhPsDevProvState,
cabhPsDevProvAuthState,
cabhPsDevTimeServerAddrType,
cabhPsDevTimeServerAddr
}
STATUS current
DESCRIPTION
"Group of objects for the Cable Gateway Device MIB."
::= { cabhPsGroups 1 }
cabhPsNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
cabhPsDevInitTLVUnknownTrap,
cabhPsDevInitTrap,
Jones Expires April 2003 [Page 19]
Internet Draft Cable Gateway Device MIB October 2002
cabhPsDevInitRetryTrap,
cabhPsDevDHCPFailTrap,
cabhPsDevSwUpgradeInitTrap,
cabhPsDevSwUpgradeFailTrap,
cabhPsDevSwUpgradeSuccessTrap,
cabhPsDevSwUpgradeCVCFailTrap,
cabhPsDevTODFailTrap,
cabhPsDevCdpWanDataIpTrap,
cabhPsDevCdpThresholdTrap,
cabhPsDevCspTrap,
cabhPsDevCapTrap,
cabhPsDevCtpTrap,
cabhPsDevProvEnrollTrap,
cabhPsDevCdpLanIpPoolTrap
}
STATUS current
DESCRIPTION
"These notifications indicate change in status of the Portal
Services set of functions in a device complying with
CableLabs CableHome(tm) specifications."
::= { cabhPsGroups 2 }
END
5. Acknowledgements
This document was produced by the IPCDN Working Group. It is based
on a document written by Kevin Luehrs from CableLabs, consultant to
CableLabs Roy Spitzer, consultant to CableLabs Mike Mannette,
consultant to CableLabs Rick Vetter, Chris Zacker from Broadcom, and
Itay Sherman from Texas Instruments.
Additional thanks go to Jean-Francois Mule from CableLabs for his
guidance.
6. References
[1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for
Describing SNMP Management Frameworks", RFC 2571, April 1999.
[2] Rose, M. and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based Internets", STD 16, RFC
1155, May 1990.
[3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16,
RFC 1212, March 1991.
[4] Rose, M., "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991.
[5] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Structure of
Management Information for Version 2 (SMIv2)", STD 58, RFC 2578,
April 1999.
Jones Expires April 2003 [Page 20]
Internet Draft Cable Gateway Device MIB October 2002
[6] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual
Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[7] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Conformance
Statements for SMIv2", STD 58, RFC 2580, April 1999.
[8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple
Network Management Protocol", STD 15, RFC 1157, May 1990.
[9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901, January
1996.
[10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport
Mappings for Version 2 of the Simple Network Management Protocol
(SNMPv2)", RFC 1906, January 1996.
[11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", RFC 2572, April 1999.
[12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM)
for version 3 of the Simple Network Management Protocol
(SNMPv3)", RFC 2574, April 1999.
[13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol
Operations for Version 2 of the Simple Network Management
Protocol (SNMPv2)", RFC 1905, January 1996.
[14] Levi, D., Meyer, P. and B. Stewart, "SNMP Applications", RFC
2573, April 1999.
[15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
Control Model (VACM) for the Simple Network Management Protocol
(SNMP)", RFC 2575, April 1999.
[16] "CableHome 1.0 Specification CH-SP-I02-020920", CableLabs,
September 2002,
http://www.cablelabs.com/projects/cablehome/specifications.
[17] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[18] "Data-Over-Cable Service Interface Specifications: Baseline
Privacy Plus Interface Specification SP-BPI+-I09-020830",
CableLabs, August 2002,
http://www.cablemodem.com/downloads/specs/SP-BPI+-I09-020830.pdf.
7. Security Considerations
This MIB relates to a system which will provide metropolitan public
Jones Expires April 2003 [Page 21]
Internet Draft Cable Gateway Device MIB October 2002
Internet access for a cable data service subscriber, via a DOCSIS
cable modem. As such, improper manipulation of the objects
represented by this MIB may result in denial of service to a large
number of end-users. In addition, manipulation of the
cabhPsDevConfigFile and cabhPsDevConfigHash may allow an end-user to
increase their service levels, change the permitted IP address
leases, or affect end-users in either a positive or negative way.
There are a number of management objects defined in this MIB that
have a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations.
o The Cable Gateway Device may have its Portal Services software
changed by the actions of the management system. An improper
software load may result in substantial vulnerabilities and the
loss of the ability of the management system to control the cable modem.
o The device may be reset by setting cabhPsDevResetNow = true(1).
This causes the device to reload its configuration files as well
as eliminating all previous non-persistent network management
settings. As such, this may provide a vector for attacking the
system.
This MIB does not affect confidentiality of services on a Cable
Gateway device. Since a CableLabs CableHome-compliant Cable Gateway
Device accesses the Internet through a DOCSIS compliant cable modem,
the privacy mechanism defined for a DOCSIS cable modem in [18]
is a mechanism by which a Cable Gateway device could be ensured
confidentiality of service.
SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPSec), even then, there is no
control as to who on the secure network is allowed to access and
GET/SET (read/change/create/delete) the objects in this MIB.
It is recommended that the implementers consider the security
features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model [12] and the View-based Access
Control Model [15] is recommended.
It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those principals
(users) that have legitimate rights to indeed GET or SET
(change/create/delete) them.
8. Intellectual Property
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
Jones Expires April 2003 [Page 22]
Internet Draft Cable Gateway Device MIB October 2002
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
9. Author's Address
Doug Jones
YAS Broadband Ventures, LLC
300 Brickstone Square
Andover, MA 01810
U.S.A
Phone: +1 303 661 3823
EMail: doug@yas.com
10. Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
Jones Expires April 2003 [Page 23]
Internet Draft Cable Gateway Device MIB October 2002
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Jones Expires April 2003 [Page 24]