Internet Engineering Task Force J. Schoenwaelder
Internet-Draft A. Sehgal
Intended status: Standards Track Jacobs University
Expires: April 21, 2013 T. Tsou
Huawei Technologies (USA)
C. Zhou
Huawei Technologies
October 18, 2012
Definition of Managed Objects for IPv6 over Low-Power Wireless Personal
Area Networks (6LoWPANs)
draft-schoenw-6lowpan-mib-01
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it defines objects for managing IPv6 over Low-Power
Wireless Personal Area Networks (6LoWPANs).
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2013.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Schoenwaelder, et al. Expires April 21, 2013 [Page 1]
Internet-Draft LOWPAN-MIB October 2012
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Internet-Standard Management Framework . . . . . . . . . . 3
3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4
6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . 11
10.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. JSON Representation . . . . . . . . . . . . . . . . . 12
Schoenwaelder, et al. Expires April 21, 2013 [Page 2]
Internet-Draft LOWPAN-MIB October 2012
1. Introduction
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols. In particular it defines
objects for managing IPv6 over Low-Power Wireless Personal Area
Networks (6LoWPANs) [RFC4944].
2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
3. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
4. Overview
The MIB module is organized into groups of scalars and tables.
Schoenwaelder, et al. Expires April 21, 2013 [Page 3]
Internet-Draft LOWPAN-MIB October 2012
# LOWPAN-MIB registration tree (generated by smidump 0.4.8)
--lowpanMIB(1.3.6.1.2.1.XXXX)
+--lowpanNotifications(0)
+--lowpanObjects(1)
| +--lowpanGeneral(1)
| | +-- rwn Unsigned32 lowpanReasmTimeout(1)
| +--lowpanStats(2)
| +-- r-n Counter32 lowpanStatsInReceives(1)
| +-- r-n Counter32 lowpanStatsInHdrErrors(2)
| +-- r-n Counter32 lowpanStatsReasmReqds(3)
| +-- r-n Counter32 lowpanStatsReasmOKs(4)
| +-- r-n Counter32 lowpanStatsReasmFails(5)
| +-- r-n Counter32 lowpanStatsInDiscards(6)
| +-- r-n Counter32 lowpanStatsInDelivers(7)
| +-- r-n Counter32 lowpanStatsOutRequests(8)
| +-- r-n Counter32 lowpanStatsOutDiscards(9)
| +-- r-n Counter32 lowpanStatsOutFragReqds(10)
| +-- r-n Counter32 lowpanStatsOutFragOKs(11)
| +-- r-n Counter32 lowpanStatsOutFragFails(12)
| +-- r-n Counter32 lowpanStatsOutFragCreates(13)
| +-- r-n Counter32 lowpanStatsOutTransmits(14)
+--lowpanConformance(2)
+--lowpanGroups(1)
| +--lowpanGeneralGroup(1)
| +--lowpanStatsGroup(2)
+--lowpanCompliances(2)
+--lowpanFullCompliance(1)
+--lowpanReadOnlyCompliance(2)
5. Relationship to Other MIB Modules
The MIB module IMPORTS definitions from SNMPv2-SMI [RFC2578] and
SNMPv2-CONF [RFC2580].
6. Definitions
LOWPAN-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, mib-2
FROM SNMPv2-SMI -- RFC 2578
OBJECT-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF; -- RFC 2580
lowpanMIB MODULE-IDENTITY
LAST-UPDATED "201210180000Z"
ORGANIZATION
Schoenwaelder, et al. Expires April 21, 2013 [Page 4]
Internet-Draft LOWPAN-MIB October 2012
"Jacobs University Bremen"
CONTACT-INFO
"Juergen Schoenwaelder
Jacobs University Bremen
Email: j.schoenwaelder@jacobs-university.de
Anuj Sehgal
Jacobs University Bremen
Email: s.anuj@jacobs-university.de
Tina Tsou
Huawei Technologies
Email: tina.tsou.zouting@huawei.com
Cathy Zhou
Huawei Technologies
Email: cathyzhou@huawei.com"
DESCRIPTION
"The MIB module for monitoring nodes implementing the IPv6
over Low-Power Wireless Personal Area Networks (6LoWPAN)
protocol.
Copyright (c) 2012 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info)."
REVISION "201210180000Z"
DESCRIPTION
"Initial version, published as RFC XXXX."
-- RFC Ed.: replace XXXX with actual RFC number & remove this note
::= { mib-2 XXXX }
-- object definitions
lowpanNotifications OBJECT IDENTIFIER ::= { lowpanMIB 0 }
lowpanObjects OBJECT IDENTIFIER ::= { lowpanMIB 1 }
lowpanConformance OBJECT IDENTIFIER ::= { lowpanMIB 2 }
lowpanGeneral OBJECT IDENTIFIER ::= { lowpanObjects 1 }
lowpanStats OBJECT IDENTIFIER ::= { lowpanObjects 2 }
Schoenwaelder, et al. Expires April 21, 2013 [Page 5]
Internet-Draft LOWPAN-MIB October 2012
lowpanReasmTimeout OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximum number of seconds that received fragments are
held while they are awaiting reassembly at this entity."
::= { lowpanGeneral 1 }
lowpanStatsInReceives OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of datagrams received, including those
received in error."
::= { lowpanStats 1 }
lowpanStatsInHdrErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received datagrams discarded due to errors
in their headers, including unknown dispatch values,
errors discovered during any decompression attempts, etc."
::= { lowpanStats 2 }
lowpanStatsReasmReqds OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received datagrams that needed to be
reassembled."
::= { lowpanStats 3 }
lowpanStatsReasmOKs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received datagrams successfully reassembled."
::= { lowpanStats 4 }
lowpanStatsReasmFails OBJECT-TYPE
SYNTAX Counter32
Schoenwaelder, et al. Expires April 21, 2013 [Page 6]
Internet-Draft LOWPAN-MIB October 2012
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of failures detected by the re-assembly algorithm
(e.g., timeouts)."
::= { lowpanStats 5 }
lowpanStatsInDiscards OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of received datagrams for which no problems were
encountered to prevent their continued processing, but
were discarded (e.g., for lack of buffer space). Note that
this counter does not include any datagrams discarded while
awaiting re-assembly."
::= { lowpanStats 6 }
lowpanStatsInDelivers OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of datagrams successfully delivered to the
IPv6 layer."
::= { lowpanStats 7 }
lowpanStatsOutRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of datagrams supplied by the IPv6 layer."
::= { lowpanStats 8 }
lowpanStatsOutDiscards OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of datagrams for which no problem was
encountered to prevent their transmission to their
destination, but were discarded (e.g., for lack of
buffer space).."
::= { lowpanStats 9 }
lowpanStatsOutFragReqds OBJECT-TYPE
Schoenwaelder, et al. Expires April 21, 2013 [Page 7]
Internet-Draft LOWPAN-MIB October 2012
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of datagrams that would require fragmentation
in order to be transmitted."
::= { lowpanStats 10 }
lowpanStatsOutFragOKs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of IP datagrams that have been successfully
fragmented."
::= { lowpanStats 11 }
lowpanStatsOutFragFails OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of IP datagrams that have been discarded because
they needed to be fragmented but could not be."
::= { lowpanStats 12 }
lowpanStatsOutFragCreates OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of datagram fragments that have been
generated as a result of fragmentation."
::= { lowpanStats 13 }
lowpanStatsOutTransmits OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of datagram fragments that this entity
supplied to the lower layers for transmission."
::= { lowpanStats 14 }
-- conformance definitions
lowpanGroups OBJECT IDENTIFIER ::= { lowpanConformance 1 }
lowpanCompliances OBJECT IDENTIFIER ::= { lowpanConformance 2 }
Schoenwaelder, et al. Expires April 21, 2013 [Page 8]
Internet-Draft LOWPAN-MIB October 2012
lowpanFullCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for implementations supporting
read/write access, according to the object definitions."
MODULE -- this module
MANDATORY-GROUPS {
lowpanGeneralGroup,
lowpanStatsGroup
}
::= { lowpanCompliances 1 }
lowpanReadOnlyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for implementations supporting
only readonly access."
MODULE -- this module
MANDATORY-GROUPS {
lowpanGeneralGroup,
lowpanStatsGroup
}
OBJECT lowpanReasmTimeout
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { lowpanCompliances 2 }
lowpanGeneralGroup OBJECT-GROUP
OBJECTS {
lowpanReasmTimeout
}
STATUS current
DESCRIPTION
"A collection of objects providing general information about
the 6LoWPAN implementation."
::= { lowpanGroups 1 }
lowpanStatsGroup OBJECT-GROUP
OBJECTS {
lowpanStatsInReceives,
lowpanStatsInHdrErrors,
lowpanStatsReasmReqds,
lowpanStatsReasmOKs,
lowpanStatsReasmFails,
lowpanStatsInDiscards,
Schoenwaelder, et al. Expires April 21, 2013 [Page 9]
Internet-Draft LOWPAN-MIB October 2012
lowpanStatsInDelivers,
lowpanStatsOutRequests,
lowpanStatsOutDiscards,
lowpanStatsOutFragReqds,
lowpanStatsOutFragOKs,
lowpanStatsOutFragFails,
lowpanStatsOutFragCreates,
lowpanStatsOutTransmits
}
STATUS current
DESCRIPTION
"A collection of objects providing statistics about
the 6LoWPAN implementation."
::= { lowpanGroups 2 }
END
7. Security Considerations
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their
sensitivity/vulnerability:
o lowpanReasmTimeout: This object controls how long received
fragments are kept in memory awaiting reassembly. An attacker
might set this object to a very small value in order to prevent
successful reassembly of fragmented IPv6 packets. An attacker
might as well set this object to a very large value in order to
reserve memory for a long time as part of a denial of service
attack.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
The read-only counters provide insights into the amount of 6LoWPAN
traffic a node is receiving or transmitting. This might provide
information whether a device is regularly exchanging information with
other devices or whether a device is mostly not participating in any
communication (e.g., the device might be "easier" to take away
Schoenwaelder, et al. Expires April 21, 2013 [Page 10]
Internet-Draft LOWPAN-MIB October 2012
unnoticed). The reassembly counters could be used to direct denial
of service attacks on the reassembly mechanism.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
8. IANA Considerations
IANA is requested to assign a value for "XXXX" under the 'mib-2'
subtree and to record the assignment in the SMI Numbers registry.
When the assignment has been made, the RFC Editor is asked to replace
"XXXX" (here and in the MIB module) with the assigned value and to
remove this note.
9. Acknowledgements
This specification borrows heavily from the IP-MIB defined in
[RFC4293].
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in
RFCs to Indicate Requirement Levels",
BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed.,
and J. Schoenwaelder, Ed., "Structure
of Management Information Version 2
(SMIv2)", STD 58, RFC 2578,
April 1999.
Schoenwaelder, et al. Expires April 21, 2013 [Page 11]
Internet-Draft LOWPAN-MIB October 2012
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed.,
and J. Schoenwaelder, Ed., "Textual
Conventions for SMIv2", STD 58,
RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J.
Schoenwaelder, "Conformance Statements
for SMIv2", STD 58, RFC 2580,
April 1999.
[RFC4944] Montenegro, G., Kushalnagar, N., Hui,
J., and D. Culler, "Transmission of
IPv6 Packets over IEEE 802.15.4
Networks", RFC 4944, September 2007.
10.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and
B. Stewart, "Introduction and
Applicability Statements for Internet-
Standard Management Framework",
RFC 3410, December 2002.
[RFC4293] Routhier, S., "Management Information
Base for the Internet Protocol (IP)",
RFC 4293, April 2006.
[RFC6643] Schoenwaelder, J., "Translation of
Structure of Management Information
Version 2 (SMIv2) MIB Modules to YANG
Modules", RFC 6643, July 2012.
[I-D.lhotka-netmod-yang-json] Lhotka, L., "Modeling JSON Text with
YANG",
draft-lhotka-netmod-yang-json-00 (work
in progress), October 2012.
Appendix A. JSON Representation
Using the translation algorithm defined in [RFC6643], the SMIv2
module can be translated to YANG. Using the JSON representation of
data modeled in YANG defined in [I-D.lhotka-netmod-yang-json], the
objects defined in the MIB module can be represented in JSON as shown
below. The compact representation without any white space uses 468
octets. (Of course, this number depends on the number of octets
needed for the counter values.)
Schoenwaelder, et al. Expires April 21, 2013 [Page 12]
Internet-Draft LOWPAN-MIB October 2012
{
"LOWPAN-MIB:LOWPAN-MIB": {
"lowpanGeneral": {
"lowpanReasmTimeout": 120
},
"lowpanStats": {
"lowpanStatsInReceives": 42,
"lowpanStatsInHdrErrors": 0,
"lowpanStatsReasmReqds": 22,
"lowpanStatsReasmOKs": 20,
"lowpanStatsReasmFails": 2,
"lowpanStatsInDiscards": 1,
"lowpanStatsInDelivers": 12,
"lowpanStatsOutRequests": 12,
"lowpanStatsOutDiscards": 0,
"lowpanStatsOutFragReqds": 5,
"lowpanStatsOutFragOKs": 5,
"lowpanStatsOutFragFails": 0,
"lowpanStatsOutFragCreates": 8,
"lowpanStatsOutTransmits": 15
}
}
}
Authors' Addresses
Juergen Schoenwaelder
Jacobs University
Campus Ring 1
Bremen 28759
Germany
EMail: j.schoenwaelder@jacobs-university.de
Anuj Sehgal
Jacobs University
Campus Ring 1
Bremen 28759
Germany
EMail: s.anuj@jacobs-university.de
Schoenwaelder, et al. Expires April 21, 2013 [Page 13]
Internet-Draft LOWPAN-MIB October 2012
Tina Tsou
Huawei Technologies (USA)
2330 Central Expressway
Santa Clara CA 95050
USA
EMail: tina.tsou.zouting@huawei.com
Cathy Zhou
Huawei Technologies
Bantian, Longgang District
Shenzhen 518129
P.R. China
EMail: cathyzhou@huawei.com
Schoenwaelder, et al. Expires April 21, 2013 [Page 14]