Internet Draft Thomas D. Nadeau (Ed.)
Expires: Dec 2007 A S Kiran Koushik (Ed.)
Cisco Systems, Inc.
June 2007
Pseudo Wire (PW) over L2TPv3 Management Information Base
draft-nadeau-l2tpext-pw-l2tpv3-mib-01.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
This memo defines an experimental portion of the Management
Information Base (MIB) for use with network management protocols in
the Internet community. In particular, it describes a MIB module
for PW operation over Layer Two Tunneling Protocol (Version 3)
"L2TPV3".
Table of Contents
Abstract..........................................................1
1 Introduction.................................................2
IETF L2TPEXT Working Group Expires Dec 2007 [Page 1]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
2 Terminology..................................................3
3 The Internet-Standard Management Framework...................3
4 Feature Checklist............................................4
5 MIB module usage.............................................4
5.1 PW L2TPv3 MIB module usage...................................4
6 Object definitions...........................................6
7 Security Considerations.....................................24
8 IANA considerations.........................................25
9 References..................................................25
9.1 Normative references........................................25
9.2 Informative references......................................26
10 Author's Addresses..........................................27
11 Full Copyright Statement....................................28
12 Intellectual Property Notice................................28
1 Introduction
This document describes a model for managing pseudo wire services
for transmission over different flavors of L2TP tunnels and IP. The
general PW MIB module [PW-MIB] defines the parameters global to the
PW regardless of underlying PSN and emulated service. Indicating
PSN type of L2TP or IP in PW-MIB references this module.
This document describes the MIB objects that define pseudo wire
association to the L2TP PSN and IP PSN, in a way that is not
specific to the carried service.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC-2119
[BCP14].
2 Terminology
This document uses terminology from the document describing the PW
architecture [RFC3985], [RFC3916] and [RFC4447].
"PSN Tunnel" is a general term indicating a virtual connection
between the two PWE3 edge devices. Each tunnel may potentially
carry multiple PWs inside. In the scope of this document, it is
L2TPv3 tunnel or IP.
In L2TPv3 PSN, a PW connection typically uses L2TPv3 session to
carry the traffic.
IETF L2TPEXT Working Group Expires Dec 2007 [Page 2]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
3 The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7
of RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store,
termed the Management Information Base or MIB. MIB objects are
generally accessed through the Simple Network Management Protocol
(SNMP). Objects in the MIB are defined using the mechanisms defined
in the Structure of Management Information (SMI). This memo
specifies a MIB module that is compliant to the SMIv2, which is
described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579]
and STD 58, RFC 2580 [RFC2580].
4 Feature Checklist
The PW L2TP and IP MIB modules are designed to satisfy the following
requirements and constraints:
- The MIB module supports both manually configured and signaled
PWs.
- The MIB module supports point-to-point PW connections.
- The MIB module enables the use of any emulated service.
5 MIB module usage
The MIB module structure for defining a PW service is composed from
three types of modules.
The first type is the PW MIB module [PW-MIB], which configures
general parameters of the PW that are common to all types of
emulated services and PSN.
The second type of modules is per PSN module. There is a separate
module for each type of PSN. This document defines the MIB module
for L2TPV3 and IP (PW-L2TPV3-MIB and PW-GEN-IP-MIB).
The third type of modules is service-specific module, which is
emulated signal type dependent. These modules are defined in other
documents; see for example [CEPMIB].
[PWTC] defines some of the object types used in this module.
IETF L2TPEXT Working Group Expires Dec 2007 [Page 3]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
5.1 PW L2TP or IP MIB module usage
- The PW table (pwTable) in [PW-MIB] is used for all PW types
(ATM, FR, Ethernet, SONET, etc.). This table contains high level
generic parameters related to the PW creation. The operator or the
agent create a row for each PW.
- If the selected PSN type in pwTable is L2TP, the agent creates a
row in the L2TP specific parameters table (pwL2tpv3Table) in this
module, which contains L2TP specific parameters such as session
ids etc.
- The operator configures the association to the desired L2TPv3
tunnel (required for manually configured PWs) through the
pwL2tpMappingTable[TBD].
- If the selected PSN type in pwTable is IP, the agent creates a
row in the IP specific parameters table (pwGenIpTable ) in this
module, which contains IP specific parameters such as address etc.
6 Object definitions
6.1 PW L2TPv3 MIB definitions:
PW-L2TPv3-DRAFT-00-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, transmission
FROM SNMPv2-SMI -- [RFC2578]
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF -- [RFC2580]
StorageType, RowStatus
FROM SNMPv2-TC -- [RFC2579]
InterfaceIndexOrZero
FROM IF-MIB -- [RFC2863]
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
pwIndex -- [RFCxxxx]
-- RFC Editor: Please replace XXXX with RFC number & remove this
-- note.
FROM PW-STD-MIB
IETF L2TPEXT Working Group Expires Dec 2007 [Page 4]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
;
pwL2tpv3Draft00MIB MODULE-IDENTITY
LAST-UPDATED "200610051200Z" -- 05 Oct 2006 12:00:00 GMT
ORGANIZATION "IETF L2TP Working Group"
CONTACT-INFO
"Layer Two Tunneling Protocol Extensions WG
Working Group Area: Internet
Working Group Name: l2tpext
General Discussion: l2tp@l2tp.net"
DESCRIPTION
"This MIB module complements the PW-STD-MIB module for PW
operation over L2TPv3.
Copyright (C) The Internet Society (2006). This version
of this MIB module is part of RFC yyyy; see the RFC
itself for full legal notices.
-- RFC Ed.: replace yyyy with actual RFC number & remove
-- this note
"
-- Revision history.
REVISION "200610051200Z" -- 05 Oct 2006 12:00:00 GMT
DESCRIPTION
" First published as RFCWXYZ. "
-- RFC Editor: Please replace WXYZ with correct # and remove this
-- note
::= { transmission XXX }
-- RFC Editor: To be assigned by IANA. Please replace XXX
-- with the assigned value and remove this note.
-- Top-level components of this MIB.
-- Notifications
pwL2tpv3Notifications OBJECT IDENTIFIER
::= { pwL2tpv3Draft00MIB 0 }
-- Tables, Scalars
pwL2tpv3Objects OBJECT IDENTIFIER
::= { pwL2tpv3Draft00MIB 1 }
-- Conformance
pwL2tpv3Conformance OBJECT IDENTIFIER
::= { pwL2tpv3Draft00MIB 2 }
IETF L2TPEXT Working Group Expires Dec 2007 [Page 5]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
-- PW L2TPv3 table
pwL2tpv3Table OBJECT-TYPE
SYNTAX SEQUENCE OF PwL2tpv3Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table controls L2TPv3 specific parameters when the PW is
going to be carried over L2TPv3."
::= { pwL2tpv3Objects 1 }
pwL2tpv3Entry OBJECT-TYPE
SYNTAX PwL2tpv3Entry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row in this table represents parameters
specific to L2TPv3 for a pseudo wire (PW).
A row MUST be created automatically by the local agent
for every entry in the pwTable if the pwPsnType is
l2tp. Each entry is indexed by pwIndex, which uniquely
identifies a singular PW.
A row can also be created manually in this table.
"
INDEX { pwIndex }
-- Ed Note: Do we need to have pwL2tpv3CtrlCfgIfIndex as an index?
::= { pwL2tpv3Table 1 }
PwL2tpv3Entry ::= SEQUENCE {
pwL2tpv3SessionCfgIfIndex InterfaceIndexOrZero,
pwL2tpv3CtrlCfgRouterID SnmpAdminString,
pwL2tpv3LocalSessionID Unsigned32,
pwL2tpv3RemoteSessionID Unsigned32,
pwL2tpv3OperType BITS,
pwL2tpv3DataSequencing INTEGER,
pwL2tpv3AddrResol INTEGER,
pwL2tpv3Mtu Unsigned32,
pwL2tpv3StorageType StorageType,
pwL2tpv3RowStatus RowStatus
}
pwL2tpv3SessionCfgIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-create
IETF L2TPEXT Working Group Expires Dec 2007 [Page 6]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
STATUS current
DESCRIPTION
"The interface index for the corresponding L2TP
interface to which this PW session is associated.
The value of this object must correspond to the
value of l2tpv3SessionCfgIfIndex in the
l2tpv3SessionCfgTable."
::= { pwL2tpv3Entry 1 }
pwL2tpv3CtrlCfgRouterID OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The local router ID of this peer, as communicated via
the Router ID AVP for this control connection.
The value of this object corresponds to the
value of l2tpv3CtrlCfgRouterID in l2tpv3CtrlCfgTable."
::= { pwL2tpv3Entry 2 }
pwL2tpv3LocalSessionID OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The local L2TPv3 session id for this PW. The value
of this object corresponds to the
l2tpv3SessionCfgLocalID in l2tpv3SessionCfgTable."
::= { pwL2tpv3Entry 3 }
pwL2tpv3RemoteSessionID OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The remote L2TPv3 session id for this PW. The value
of this object corresponds to the
l2tpv3SessionCfgRemoteID in l2tpv3SessionCfgTable."
::= { pwL2tpv3Entry 4 }
pwL2tpv3OperType OBJECT-TYPE
SYNTAX BITS {
ifToIf (0),
vcToVc (1),
IETF L2TPEXT Working Group Expires Dec 2007 [Page 7]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
ifToVc (2),
vcToIf (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set by the operator to indicate the operation type of this
PW. "
REFERENCE
"[PW-IP] section 6."
::= { pwL2tpv3Entry 5 }
pwL2tpv3DataSequencing OBJECT-TYPE
SYNTAX INTEGER {
noSeq (0),
nonIpSeq (1),
allSeq (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set by the operator to indicate data sequencing.
noSeq(0) - No incoming data packets require sequencing.
nonIpSeq(0)- Only non-IP data packets require sequencing.
allSeq(2) - All incoming data packets require sequencing."
REFERENCE
"[PW-IP] section 4.2."
DEFVAL { allSeq }
::= { pwL2tpv3Entry 6 }
pwL2tpv3AddrResol OBJECT-TYPE
SYNTAX INTEGER {
static (0),
dynamic (1)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object indicates the point-to-point
address resolution mechanism for this PW."
REFERENCE
"[PW-IP] section 5."
DEFVAL { static }
::= { pwL2tpv3Entry 7 }
pwL2tpv3Mtu OBJECT-TYPE
SYNTAX Unsigned32
IETF L2TPEXT Working Group Expires Dec 2007 [Page 8]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Set by the operator to indicate the PW MTU value to be
used on the PW."
REFERENCE
"[PW-IP] section 4.3."
DEFVAL { 1500 }
::= { pwL2tpv3Entry 8 }
pwL2tpv3StorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This variable indicates the storage type for this row.
Conceptual rows having the value 'permanent'
need not allow write-access to any columnar
objects in the row."
DEFVAL { volatile }
::= { pwL2tpv3Entry 9 }
pwL2tpv3RowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This variable is used to create, modify, and/or
delete a row in this table. When a row in this
table is in active(1) state, no objects in that row
can be modified by the agent except
pwL2tpv3RowStatus and pwL2tpv3StorageType."
::= { pwL2tpv3Entry 10 }
-- End of PW L2TPv3 table
-- conformance information
pwL2tpv3Groups OBJECT IDENTIFIER ::= { pwL2tpv3Conformance 1 }
pwL2tpv3Compliances OBJECT IDENTIFIER ::= { pwL2tpv3Conformance 2 }
-- Compliance requirement for fully compliant implementations.
pwL2tpv3ModuleFullCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
IETF L2TPEXT Working Group Expires Dec 2007 [Page 9]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
"The compliance statement for agents that provide full
support for PW-L2TP MIB Module. Such devices can
then be monitored and also be configured using
this MIB module."
MODULE -- this module
MANDATORY-GROUPS { pwL2tpv3Group
}
::= { pwL2tpv3Compliances 1 }
-- Compliance requirement for Read Only compliant implementations.
pwL2tpv3ModuleReadOnlyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for agents that provide read
only support for PW-L2TP MIB Module. Such devices can
then be monitored but cannot be configured using this
MIB module."
MODULE -- this module
MANDATORY-GROUPS { pwL2tpv3Group
}
::= { pwL2tpv3Compliances 2 }
-- Units of conformance.
pwL2tpv3Group OBJECT-GROUP
OBJECTS {
pwL2tpv3SessionCfgIfIndex,
pwL2tpv3CtrlCfgRouterID,
pwL2tpv3LocalSessionID,
pwL2tpv3RemoteSessionID,
pwL2tpv3OperType,
pwL2tpv3DataSequencing,
pwL2tpv3AddrResol,
pwL2tpv3Mtu,
pwL2tpv3StorageType,
pwL2tpv3RowStatus
}
STATUS current
DESCRIPTION
"Collection of objects needed for PW over L2TPv3 PSN
IETF L2TPEXT Working Group Expires Dec 2007 [Page 10]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
configuration."
::= { pwL2tpv3Groups 1 }
END
6.1 PW GENERIC IP MIB definitions:
-- PW-GEN-IP-MIB module
PW-GEN-IP-DRAFT-00-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, transmission
FROM SNMPv2-SMI -- [RFC2578]
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF -- [RFC2580]
StorageType, RowStatus
FROM SNMPv2-TC -- [RFC2579]
InterfaceIndexOrZero
FROM IF-MIB -- [RFC2863]
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
InetAddress, InetAddressType
FROM INET-ADDRESS-MIB -- [RFC4001]
pwIndex -- [RFCxxxx]
-- RFC Editor: Please replace XXXX with RFC number & remove this
-- note.
FROM PW-STD-MIB
;
pwGenIpDraft00MIB MODULE-IDENTITY
LAST-UPDATED "200702011200Z" -- 01 Feb 2007 12:00:00 GMT
ORGANIZATION "IETF L2TP Working Group"
CONTACT-INFO
"Layer Two Tunneling Protocol Extensions WG
Working Group Area: Internet
Working Group Name: l2tpext
General Discussion: l2tp@l2tp.net"
DESCRIPTION
"This MIB module complements the PW-STD-MIB module for PW
IETF L2TPEXT Working Group Expires Dec 2007 [Page 11]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
operation over IP.
Copyright (C) The Internet Society (2006). This version
of this MIB module is part of RFC yyyy; see the RFC
itself for full legal notices.
-- RFC Ed.: replace yyyy with actual RFC number & remove
-- this note
"
-- Revision history.
REVISION "200702011200Z" -- 01 Feb 2007 12:00:00 GMT
DESCRIPTION
" First published as RFCWXYZ. "
-- RFC Editor: Please replace WXYZ with correct # and remove this
-- note
::= { transmission XXX }
-- RFC Editor: To be assigned by IANA. Please replace XXX
-- with the assigned value and remove this note.
-- Top-level components of this MIB.
-- Notifications
pwGenIpNotifications OBJECT IDENTIFIER
::= { pwGenIpDraft00MIB 0 }
-- Tables, Scalars
pwGenIpObjects OBJECT IDENTIFIER
::= { pwGenIpDraft00MIB 1 }
-- Conformance
pwGenIpConformance OBJECT IDENTIFIER
::= { pwGenIpDraft00MIB 2 }
-- PW IP table
pwGenIpTable OBJECT-TYPE
SYNTAX SEQUENCE OF PwGenIpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains the Pseudo wire objects for
Generic IP PSN type."
::= { pwGenIpObjects 2 }
pwGenIpEntry OBJECT-TYPE
SYNTAX PwGenIpEntry
IETF L2TPEXT Working Group Expires Dec 2007 [Page 12]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A row in this table represents Generic parameters
specific to pseudo wire (PW) over IP PSN .
A row MUST be created automatically by the local agent
for every entry in the pwTable if the pwPsnType is
udpOverIp. Each entry is indexed by pwIndex, which uniquely
identifies a singular PW.
"
INDEX { pwIndex }
::= { pwGenIpTable 1 }
PwGenIpEntry ::= SEQUENCE {
pwGenSourceIpAddressType InetAddressType,
pwGenSourceIpAddress InetAddress,
pwGenIpTos Unsigned32,
pwGenIpTosDropPrecedence Unsigned32
}
pwGenSourceIpAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates the type of IP address stored in
pwGenSourceIpAddress."
::= { pwGenIpEntry 1 }
pwGenSourceIpAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object indicates source IP Address for PW having
pwPsnType= udpOverIp (3)"
::= { pwGenIpEntry 2 }
pwGenIpTos OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
IETF L2TPEXT Working Group Expires Dec 2007 [Page 13]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
"This object indicates TOS field value for PW having
pwPsnType= udpOverIp (3), IP precedence (bits 0-2 in IP
TOS byte),DSCP (bits 0-5 in IP TOS byte)."
::= { pwGenIpEntry 3 }
pwGenIpTosDropPrecedence OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"In implementations that support two level of drop
precedence marking, this object defines the DSCP
or TOS field to be used for packets with higher drop
precedence compared to packets marked with pwGenIpTos,
otherwise this object should return the the value equal
to pwGenIpTos ."
::= { pwGenIpEntry 4 }
-- End of PW IP table
-- conformance information
pwGenIpGroups OBJECT IDENTIFIER ::= { pwGenIpConformance 1 }
pwGenIpCompliances OBJECT IDENTIFIER ::= { pwGenIpConformance 2 }
-- Compliance requirement for fully compliant implementations.
pwGenIpModuleFullCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for agents that provide full
support for PW-IP MIB Module. Such devices can
then be monitored and also be configured using
this MIB module."
MODULE -- this module
MANDATORY-GROUPS { pwGenIpGroup
}
::= { pwGenIpCompliances 1 }
-- Compliance requirement for Read Only compliant implementations.
pwGenIpModuleReadOnlyCompliance MODULE-COMPLIANCE
STATUS current
IETF L2TPEXT Working Group Expires Dec 2007 [Page 14]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
DESCRIPTION
"The compliance statement for agents that provide read
only support for PW-IP MIB Module. Such devices can
then be monitored but cannot be configured using this
MIB module."
MODULE -- this module
MANDATORY-GROUPS { pwGenIpGroup
}
::= { pwGenIpCompliances 2 }
-- Units of conformance.
pwGenIpGroup OBJECT-GROUP
OBJECTS {
pwGenSourceIpAddressType,
pwGenSourceIpAddress,
pwGenIpTos,
pwGenIpTosDropPrecedence
}
STATUS current
DESCRIPTION
"Collection of objects needed for PW over IP PSN
configuration."
::= { pwGenIpGroups 1 }
END
7 Security Considerations
It is clear that this MIB module is potentially useful for
monitoring of PW capable PEs. This MIB module can also be used for
configuration of certain objects, and anything that can be
configured can be incorrectly configured, with potentially
disastrous results.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their
sensitivity/vulnerability:
IETF L2TPEXT Working Group Expires Dec 2007 [Page 15]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
o The pwL2tpv3Table and pwL2tpv3MappingTable[TBD] collectively
contain objects to provision PW over L2TPV3 tunnels.
Unauthorized access to objects in these tables, could
result in disruption of traffic on the network. The use of
stronger mechanisms such as SNMPv3 security should be
considered where possible. Specifically, SNMPv3 VACM and
USM MUST be used with any v3 agent which implements this MIB
module.
Administrators should consider whether read access to these
objects should be allowed, since read access may be
undesirable under certain circumstances.
Some of the readable objects in this MIB module "i.e., objects with
a MAX-ACCESS other than not-accessible" may be considered sensitive
or vulnerable in some network environments. It is thus important
to control even GET and/or NOTIFY access to these objects and
possibly to even encrypt the values of these objects when sending
them over the network via SNMP. These are the tables and objects
and their sensitivity/vulnerability:
o the pwL2tpv3Table and pwL2tpv3MappingTable[TBD],
collectively show the PW over L2TPV3 association.
If an Administrator does not want to reveal this
information, then these tables should be
considered sensitive/vulnerable.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure "for example by using IPSec",
even then, there is no control as to who on the secure network is
allowed to access and GET/SET "read/change/create/delete" the
objects in this MIB module.
It is RECOMMENDED that implementers consider the security features
as provided by the SNMPv3 framework "see [RFC3410], section 8",
including full support for the SNMPv3 cryptographic mechanisms "for
authentication and privacy".
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module, is properly configured to give access
to the objects only to those principals "users" that have
legitimate rights to indeed GET or SET "change/create/delete" them.
8 IANA considerations
IETF L2TPEXT Working Group Expires Dec 2007 [Page 16]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
9 References
9.1 Normative references
[PW-IP] C. Pignataro, W. Luo, "Signaling and Encapsulation for
the Transport of IP over L2TPv3", work-in-progress.
[L2TPv3-MIB] Nadeau,T., et al, "Layer Two Tunneling Protocol
(Version 3) L2TPv3 Management Information Base",
work-in-progress.
[PWTC] Nadeau, T., et al, "Definitions for Textual Conventions
and OBJECT-IDENTITIES for Pseudo-Wires Management",
work-in-progress.
[PW-MIB] Zelig, D., et al, "Pseudo Wire (PW) Management
Information Base", work-in-progress.
[BCP14] Bradner, S., "Key words for use in RFCs to Indicate
requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,
J.,Rose, M. and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,
J., Rose, M. and S. Waldbusser, "Textual Conventions
for SMIv2", STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,
J., Rose, M. and S. Waldbusser, "Conformance Statements
for SMIv2", STD 58, RFC 2580, April 1999.
[RFC2863] McCloghrie, K., F. Kastenholz, "The Interfaces Group
MIB using SMIv2", RFC 2863, June 2000.
[RFC3031] Rosen, E., Viswanathan, A., and R. Callon,
"Multiprotocol Label Switching Architecture", RFC 3031,
Jan 2001.
[RFC3036] Andersson, L., et al, "LDP specification", RFC 3036,
January 2001.
[RFC3811] Nadeau, T., Cucchiara, J., "Definitions of Textual
Conventions (TCs) for Multiprotocol Label Switching
(MPLS) Management", RFC 3811, June 2004.
IETF L2TPEXT Working Group Expires Dec 2007 [Page 17]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
[RFC3812] Srinivasan, C., Viswanathan, A., and Nadeau, T.,
"Multiprotocol Label Switching (MPLS) Traffic
Engineering (TE) Management Information Base (MIB)",
RFC 3812, June 2004.
[RFC3813] Srinivasan, C., Viswanathan, A., and Nadeau, T.,
"Multiprotocol Label Switching (MPLS) Label Switching
Router (LSR) Management Information Base (MIB)", RFC
3813, June 2004.
[RFC4447] Martini et al, "Pseudowire Setup and Maintenance using
the Label Distribution Protocol (LDP)", RFC 4447, April
2006.
9.2 Informative references
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing
an IANA Considerations Section in RFCs", BCP: 26, RFC
2434, October 1998.
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction and Applicability Statements for
Internet-Standard Management Framework", RFC 3410,
December 2002.
[RFC3916] Xio, X., et al, "Requirements for Pseudo-Wire Emulation
Edge-to-Edge (PWE3)", RFC 3916, September 2004.
[RFC3985] Bryant, S., and Pate, P., "Pseudo Wire Emulation Edge-
to-Edge (PWE3) Architecture", RFC 3985, March 2005.
10 Author's Addresses
Thomas D. Nadeau
Cisco Systems, Inc.
1414 Massachusetts Ave,
Boxborough, MA 01719
Email: tnadeau@cisco.com
A S Kiran Koushik
Cisco Systems, Inc.
12515 Research Blvd, Bldg 4
Austin, TX 78759
Email: kkoushik@cisco.com
Carlos Pignataro
IETF L2TPEXT Working Group Expires Dec 2007 [Page 18]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
cisco Systems, Inc.
7025-1 Kit Creek Rd
PO Box 14987
Research Triangle Park, NC 27709-4987
cpignata@cisco.com
Orly Nicklass
RAD Data Communications
24 Raoul Wallenberg St., Bldg C
Tel Aviv 69719
ISRAEL
Phone: +972 3 7659969
Email: orly_n@rad.com
11 Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE
IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.
12 Intellectual Property Notice
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
IETF L2TPEXT Working Group Expires Dec 2007 [Page 19]
draft-nadeau-l2tpext-pw-l2tpv3-mib-01 PW-L2TPV3-MIB June 27, 2007
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided
on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE
IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.
IETF L2TPEXT Working Group Expires Dec 2007 [Page 20]