PCE Working Group D. Dhody Internet-Draft U. Palle Intended status: Standards Track Q. Zhao Expires: March 8, 2012 Huawei Technology D. King Old Dog Consulting September 5, 2011 Management Information Base for the PCE Communications Protocol (PCEP) for Path-Key-Based Inter-Domain Path Computation draft-dhody-pce-pcep-pathkey-mib-02 Abstract This memo defines an experimental portion of the Management Information Base for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling of the Path Computation Element communication Protocol (PCEP)for communications between a Path Computation Client (PCC)and a Path Computation Element (PCE), or between two PCEs when path-key- based inter-domain path computation is requested. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 8, 2012. Dhody, et al. Expires March 8, 2012 [Page 1] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This Internet-Draft will expire on March 8, 2012. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. The Internet-Standard Management Framework . . . . . . . . . . 4 4. PCEP Pathkey MIB Module Architecture . . . . . . . . . . . . . 4 5. Example of the PCEP PathKey MIB module usage . . . . . . . . . 4 6. Object definitions . . . . . . . . . . . . . . . . . . . . . . 5 6.1. PCE-PCEP-PATHKEY-DRAFT-MIB . . . . . . . . . . . . . . . . 5 6.2. Objects for inclusion in module PCE-PCEP-DRAFT-MIB . . . . 18 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 9.1. Normative References . . . . . . . . . . . . . . . . . . . 20 9.2. Informative References . . . . . . . . . . . . . . . . . . 21 Dhody, et al. Expires March 8, 2012 [Page 2] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 1. Introduction The Path Computation Element (PCE) defined in [RFC4655] is an entity that is capable of computing a network path or route based on a network graph, and applying computational constraints. A Path Computation Client (PCC) may make requests to a PCE for paths to be computed. The PCE communication protocol (PCEP) is designed as a communication protocol between PCCs and PCEs for point-to-point (P2P) path computations and is defined in [RFC5440]. If confidentiality is required between domains, Path-Key-Based mechanism is described in [RFC5520]. For preserving the confidentiality of the "Confidential Path Segment (CPS)";the PCE returns a path containing a loose hop in place of the segment that must be kept confidential. [PCE-PCEP-DRAFT-MIB] defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community for P2P path computations. This memo defines an experimental portion of the Management Information Base for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling of Path Computation Element communication Protocol (PCEP)[RFC5440] for communications between a Path Computation Client (PCC)and a Path Computation Element (PCE), or between two PCEs in path-key-based inter-domain path computations. Some objects maybe moved to [PCE-PCEP-DRAFT-MIB] after consensus with the authors and working group, these are defined in section 6.2. 2. Terminology The following terminology is used in this document. CPS: Confidential Path Segment. A segment of a path that contains nodes and links that the AS policy requires to not be disclosed outside the AS. Domain: Any collection of network elements within a common sphere of address management or path computational responsibility. Examples of domains include Interior Gateway Protocol (IGP) areas and Autonomous Systems (ASs). Dhody, et al. Expires March 8, 2012 [Page 3] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 IGP: Interior Gateway Protocol. Either of the two routing protocols, Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS). PCC: Path Computation Client: any client application requesting a path computation to be performed by a Path Computation Element. PCE: Path Computation Element. An entity (component, application, or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. P2P: Point-to-Point 3. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58,RFC 2578 [RFC2578] and STD 58, RFC 2580 [RFC2580]. 4. PCEP Pathkey MIB Module Architecture The PCEP Pathkey MIB will contain the following information: o PCEP Pathkey counters, timers and configurations o PCEP Pathkey table of CPS related information. 5. Example of the PCEP PathKey MIB module usage In this section we provide an example (pcePcepPathKeyTable 1) of using the MIB objects described in Section 6 (Object definitions) to monitor. While this example is not meant to illustrate every permutation of the MIB, it is intended as an aid to understanding some of the key concepts. It is meant to be read after going through the MIB itself. Dhody, et al. Expires March 8, 2012 [Page 4] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyTable 1 of the PCE-PCEP-PATHKEY-DRAFT-MIB module : { pcePcepPathKey (4512), pcePcepPathKeyCPSIndex (1), pcePcepPathKeyRequestSource (x.x.x.x), pcePcepPathKeyRequestId (10), pcePcepPathKeyRetrieved (1), pcePcepPathKeyRetrieveSource (y.y.y.y), pcePcepPathKeyDiscardTime (10), pcePcepPathKeyReuseTime (30) } pcePcepPathKeyHopTable 1 of the PCE-PCEP-PATHKEY-DRAFT-MIB module : { pcePcepPathKeyHopListIndex 1, pcePcepPathKeyHopIndex 1, pcePcepPathKeyHopAddrType ipv4 (1), pcePcepPathKeyHopIpAddr "192.168.100.1", pcePcepPathKeyHopIpPrefixLen 32, pcePcepPathKeyHopType strict (2) } { pcePcepPathKeyHopListIndex 1, pcePcepPathKeyHopIndex 2, pcePcepPathKeyHopAddrType ipv4 (1), pcePcepPathKeyHopIpAddr "192.168.100.2", pcePcepPathKeyHopIpPrefixLen 32, pcePcepPathKeyHopType strict (2) } 6. Object definitions 6.1. PCE-PCEP-PATHKEY-DRAFT-MIB This MIB module makes references to the following documents. [RFC2578], [RFC2580], [RFC3411], [RFC2863], [RFC3813]. Dhody, et al. Expires March 8, 2012 [Page 5] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 PCE-PCEP-PATHKEY-DRAFT-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Unsigned32, Counter32, OCTET STRING, experimental FROM SNMPv2-SMI -- [RFC2578] TimeStamp FROM SNMPv2-TC -- [RFC2579] PcePcepIdentifier, FROM PCE-TC-STD-MIB MplsLSPID, MplsPathIndex, TeHopAddressType, TeHopAddress, TeHopAddressUnnum FROM MPLS-TC-STD-MIB -- [RFC3811] MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF; -- [RFC2580] pcePcepPathkeyDraftMIB MODULE-IDENTITY LAST-UPDATED "201109051200Z" -- Sept 5, 2011 ORGANIZATION "Path Computation Element (PCE) Working Group" CONTACT-INFO " Dhruv Dhody Udayasree Palle Quintin Zhao Huawei Technology Daniel King OldDog Consulting EMail: dhruv.dhody@huawei.com EMail: udayasreepalle@huawei.com EMail: quintin.zhao@huawei.com EMail: daniel@oldog.co.uk EMail comments directly to the PCE WG Mailing List at pce@ietf.org WG-URL: http://www.ietf.org/html.charters/pce-charter.html " DESCRIPTION Dhody, et al. Expires March 8, 2012 [Page 6] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 "This MIB module defines a collection of objects for managing PCE communication protocol(PCEP) for Path-Key-Based Inter-Domain Path Computation" -- Revision history REVISION "201109051200Z" -- 05 Sept 2011 12:00:00 EST DESCRIPTION " Main Changes from -01 draft : 1. Added pcePcepPathKeyCPSIndex. 2. Added pcePcepPathKeyHopListIndex. 3. Removed pcePcepPathKeyHopNum. 4. Updated Contact Information. REVISION "201103081200Z" -- 08 Mar 2011 12:00:00 EST DESCRIPTION " Main Changes from -00 draft : 1. Added HopTable to store the CPS hops. 2. Added Path Key Creation Time. REVISION "201009171200Z" -- 17 Sep 2010 12:00:00 EST DESCRIPTION "draft-00 version" ::= { experimental 9999 } -- -- Notifications -- pcePcepPathKeyNotifications OBJECT IDENTIFIER ::= { pcePcepPathKeyDraftMIB 0 } pcePcepPathKeyMIBObjects OBJECT IDENTIFIER ::= { pcePcepPathKeyDraftMIB 1 } pcePcepPathKeyConformance OBJECT IDENTIFIER ::= { pcePcepPathKeyDraftMIB 2 } pcePcepPathKeyObjects OBJECT IDENTIFIER ::= { pcePcepPathKeyMIBObjects 1 } -- -- PCE Pathkey Objects -- Dhody, et al. Expires March 8, 2012 [Page 7] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyDiscardTimer OBJECT-TYPE SYNTAX Unsigned32 UNITS "minutes" MAX-ACCESS read-write STATUS mandatory DESCRIPTION "The value which indicates a period of time after the expiration of which a PCE discard unwanted path-keys." ::= { pcePcepPathKeyObjects 1 } pcePcepPathKeyReUseTimer OBJECT-TYPE SYNTAX Unsigned32 UNITS "minutes" MAX-ACCESS read-write STATUS mandatory DESCRIPTION "The value which indicates a period of time which should expire before an old path-key could be reused for a new CPS." ::= { pcePcepPathKeyObjects 2 } pcePcepPathKeyRetainStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS optional DESCRIPTION "The path-key retain status of this PCE to retain the path-key and CPS for debugging purposes." ::= { pcePcepPathKeyObjects 3 } pcePcepPathKeysGenerated OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The number of path-keys generated by this PCE." ::= { pcePcepPathKeyObjects 4 } Dhody, et al. Expires March 8, 2012 [Page 8] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyExpandUnknown OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The number of attempts to expand an unknown path-key." ::= { pcePcepPathKeyObjects 5 } pcePcepPathKeyExpandExpired OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The number of attempts to expand an expired path-key." ::= { pcePcepPathKeyObjects 6 } pcePcepPathKeyExpandSame OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS optional DESCRIPTION "The number of attempts to expand the same path-key." ::= { pcePcepPathKeyObjects 7 } pcePcepPathKeyExpiredNoExpansion OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS optional DESCRIPTION "The number of path-keys expired without any attempt to expand it." ::= { pcePcepPathKeyObjects 8 } pcePcepPathKeyExpansionSuccess OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS optional DESCRIPTION "The number of path-key expansion requests (PCReq) which had successful retrieval." ::= { pcePcepPathKeyObjects 9 } Dhody, et al. Expires March 8, 2012 [Page 9] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyExpansionFailures OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS optional DESCRIPTION "The number of path-key expansion requests (PCReq) which had failed retrieval." ::= { pcePcepPathKeyObjects 10 } pcePcepPathKeyConfig OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS mandatory DESCRIPTION "The path-key based inter domain computation configuration." ::= { pcePcepPathKeyObjects 11 } pcePcepPathKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF pcePcepPathKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information about the Pathkey CPS of PCE." ::= { pcePcepPathKeyObjects 12 } pcePcepPathKeyEntry OBJECT-TYPE SYNTAX pcePcepPathKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table represents a path-key and CPS. An entry is only created when a path-key generated by PCE during inter-domain computation." INDEX { pcePcepPathKey } ::= { pcePcepPathKeyTable 1 } Dhody, et al. Expires March 8, 2012 [Page 10] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyEntry ::= SEQUENCE { pcePcepPathKey Unsigned32, pcePcepPathKeyCPSIndex MplsPathIndex, pcePcepPathKeyRequestSource PcePcepIdentifier, pcePcepPathKeyRequestId Unsigned32, pcePcepPathKeyRetrieved INTEGER, pcePcepPathKeyRetrieveSource PcePcepIdentifier, pcePcepPathKeyCreationTime TimeStamp, pcePcepPathKeyDiscardTime Unsigned32, pcePcepPathKeyReuseTime Unsigned32, } pcePcepPathKey OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The path-key value to identify a CPS." ::= { pcePcepPathKeyEntry 1 } pcePcepPathKeyCPSIndex OBJECT-TYPE SYNTAX MplsPathIndex MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The HopList index of the CPS. This index is used to expand Hops in pcePcepPathKeyHopTable." ::= { pcePcepPathKeyEntry 2 } pcePcepPathKeyRequestSource OBJECT-TYPE SYNTAX PcePcepIdentifier MAX-ACCESS read-only STATUS mandatory DESCRIPTION "Source that issued the original request that led to the creation of the path-key." ::= { pcePcepPathKeyEntry 3 } pcePcepPathKeyRequestId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The request ID of the original PCReq that led to the creation of the path-key." ::= { pcePcepPathKeyEntry 4 } Dhody, et al. Expires March 8, 2012 [Page 11] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyRetrieved OBJECT-TYPE SYNTAX INTEGER { TRUE(1), FALSE(2) } MAX-ACCESS read-only STATUS mandatory DESCRIPTION "It specifies whether the path-key is retrieved or not." ::= { pcePcepPathKeyEntry 5 } pcePcepPathKeyRetrieveSource OBJECT-TYPE SYNTAX PcePcepIdentifier MAX-ACCESS read-only STATUS mandatory DESCRIPTION "If the path-key is retrieved then by which PCC." ::= { pcePcepPathKeyEntry 6 } pcePcepPathKeyCreationTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The value of sysUpTime at which Path Key was generated by PCE." ::= { pcePcepPathKeyEntry 7 } pcePcepPathKeyDiscardTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The time after which the path segment associated with the path-key will be discarded." ::= { pcePcepPathKeyEntry 8 } pcePcepPathKeyReuseTime OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The time after which the path-key will be available for re-use." ::= { pcePcepPathKeyEntry 9 } Dhody, et al. Expires March 8, 2012 [Page 12] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyHopTable OBJECT-TYPE SYNTAX SEQUENCE OF pcePcepPathKeyHopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains information about the Pathkey Hop in the CPS of PCE." ::= { pcePcepPathKeyObjects 13 } pcePcepPathKeyHopEntry OBJECT-TYPE SYNTAX pcePcepPathKeyHopEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table represents a Hop in the CPS. An entry is only created when a path-key generated by PCE during inter-domain computation." INDEX { pcePcepPathKeyHopListIndex, pcePcepPathKeyHopIndex } ::= { pcePcepPathKeyHopTable 1 } pcePcepPathKeyHopEntry ::= SEQUENCE { pcePcepPathKeyHopListIndex MplsPathIndex, pcePcepPathKeyHopIndex MplsPathIndex, pcePcepPathKeyHopAddrType TeHopAddressType, pcePcepPathKeyHopIpAddr TeHopAddress, pcePcepPathKeyHopIpPrefixLen InetAddressPrefixLength, pcePcepPathKeyHopAddrUnnum TeHopAddressUnnum, pcePcepPathKeyHopLspId MplsLSPID, pcePcepPathKeyHopType INTEGER, } pcePcepPathKeyHopListIndex OBJECT-TYPE SYNTAX MplsPathIndex MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The primary index into this table identifying a particular CPS. All hops in the CPS will have the same ListIndex. This corresponds to pcePcepPathKeyCPSIndex in pcePcepPathKeyEntry." ::= { pcePcepPathKeyHopEntry 1 } Dhody, et al. Expires March 8, 2012 [Page 13] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyHopIndex OBJECT-TYPE SYNTAX MplsPathIndex MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The secondry index into this table identifying a particular Hop." ::= { pcePcepPathKeyHopEntry 2 } pcePcepPathKeyHopAddrType OBJECT-TYPE SYNTAX TeHopAddressType MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The Hop Address Type of this CPS hop. Note that lspid(5) is a valid option only for tunnels signaled via CRLDP." DEFVAL { ipv4 } ::= { pcePcepPathKeyHopEntry 2 } pcePcepPathKeyHopIpAddr OBJECT-TYPE SYNTAX TeHopAddress MAX-ACCESS read-only STATUS mandatory DESCRIPTION "The Hop Address for this CPS hop. The type of this address is determined by the value of the corresponding pcePcepPathKeyHopAddrType." DEFVAL { '00000000'h } -- IPv4 address 0.0.0.0 ::= { pcePcepPathKeyHopEntry 4 } pcePcepPathKeyHopIpPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "If pcePcepPathKeyHopAddrType is set to ipv4(1) or ipv6(2), then this value will contain an appropriate prefix length for the IP address in object pcePcepPathKeyHopIpAddr. Otherwise this value is irrelevant and should be ignored." DEFVAL { 32 } ::= { pcePcepPathKeyHopEntry 5 } Dhody, et al. Expires March 8, 2012 [Page 14] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyHopAddrUnnum OBJECT-TYPE SYNTAX TeHopAddressUnnum MAX-ACCESS read-only STATUS current DESCRIPTION "If pcePcepPathKeyHopAddrType is set to unnum(4), then this value will contain the interface identifier of the unnumbered interface for this hop. This object should be used in conjunction with pcePcepPathKeyHopIpAddr which would contain the LSR Router ID in this case." ::= { pcePcepPathKeyHopEntry 6 } pcePcepPathKeyHopLspId OBJECT-TYPE SYNTAX MplsLSPID MAX-ACCESS read-only STATUS current DESCRIPTION "If pcePcepPathKeyHopAddrType is set to lspid(5), then this value will contain the LSPID of a tunnel of this hop. The present tunnel being configured is tunneled through this hop (using label stacking). This object is otherwise insignificant and should contain a value of 0 to indicate this fact." ::= { pcePcepPathKeyHopEntry 7 } pcePcepPathKeyHopType OBJECT-TYPE SYNTAX INTEGER { strict(1), loose(2) } MAX-ACCESS read-only STATUS mandatory DESCRIPTION "Denotes whether this hop is routed in a strict or loose fashion. " DEFVAL { strict } ::= { pcePcepPathKeyHopEntry 8 } --- --- Notifications --- Dhody, et al. Expires March 8, 2012 [Page 15] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyExpandUnknownNtf NOTIFICATION-TYPE OBJECTS { pcePcepPathKeyExpandUnknown } STATUS mandatory DESCRIPTION "This notification is sent when an attempt to expand an unknown path-key is made. The value of the counter pcePcepPathKeyExpandUnknown is also increased at this time." ::= { pcePcepPathKeyNotifications 1 } pcePcepPathKeyExpandExpiredNtf NOTIFICATION-TYPE OBJECTS { pcePcepPathKeyExpandExpired } STATUS mandatory DESCRIPTION "This notification is sent when an attempt to expand an expired path-key is made. The value of the counter pcePcepPathKeyExpandExpired is also increased at this time." ::= { pcePcepPathKeyNotifications 2 } pcePcepPathKeyExpandSameNtf NOTIFICATION-TYPE OBJECTS { pcePcepPathKeyExpandSame } STATUS optional DESCRIPTION "This notification is sent when a duplicate attempt to expand the same path-key is made. The value of the counter pcePcepPathKeyExpandSame is also increased at this time." ::= { pcePcepPathKeyNotifications 3 } pcePcepPathKeyExpiredNoExpansionNtf NOTIFICATION-TYPE OBJECTS { pcePcepPathKeyExpiredNoExpansion } STATUS optional DESCRIPTION "This notification is sent when path-key expires without any attempt to expand it. The value of the counter pcePcepPathKeyExpiredNoExpansion is also increased at this time." ::= { pcePcepPathKeyNotifications 4 } Dhody, et al. Expires March 8, 2012 [Page 16] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 --**************************************************************** -- Module Conformance Statement --**************************************************************** pcePcepPathKeyGroups OBJECT IDENTIFIER ::= { pcePcepPathKeyConformance 1 } pcePcepPathKeyCompliances OBJECT IDENTIFIER ::= { pcePcepPathKeyConformance 2 } -- -- Full Compliance -- pcePcepPathKeyModuleFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The Module is implemented with support for read-create and read-write. In other words, both monitoring and configuration are available when using this MODULE-COMPLIANCE." MODULE -- this module MANDATORY-GROUPS { pcePcepPathKeyGeneralGroup, pcePcepPathKeyNotificationsGroup } ::= { pcePcepPathKeyCompliances 1 } -- -- Read-Only Compliance -- pcePcepPathKeyModuleReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The Module is implemented with support for read-only. In other words, only monitoring is available by implementing this MODULE-COMPLIANCE." MODULE -- this module MANDATORY-GROUPS { pcePcepPathKeyGeneralGroup, pcePcepPathKeyNotificationsGroup } ::= { pcePcepPathKeyCompliances 2 } -- units of conformance Dhody, et al. Expires March 8, 2012 [Page 17] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyGeneralGroup OBJECT-GROUP OBJECTS { pcePcepPathKeyDiscardTimer, pcePcepPathKeyReUseTimer, pcePcepPathKeysGenerated, pcePcepPathKeyExpandUnknown, pcePcepPathKeyExpandExpired, pcePcepPathKeyConfig, pcePcepPathKey, pcePcepPathKeyCPSIndex, pcePcepPathKeyRequestSource, pcePcepPathKeyRequestId, pcePcepPathKeyRetrieved, pcePcepPathKeyRetrieveSource, pcePcepPathKeyCreationTime, pcePcepPathKeyDiscardTime, pcePcepPathKeyReuseTime, pcePcepPathKeyHopListIndex, pcePcepPathKeyHopIndex, pcePcepPathKeyHopAddrType, pcePcepPathKeyHopIpAddr, pcePcepPathKeyHopIpPrefixLen, pcePcepPathKeyHopType } STATUS current DESCRIPTION "Objects that apply to all PCEP Pathkey MIB implementations." ::= { pcePcepPathKeyGroups 1 } pcePcepPathKeyNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { pcePcepPathKeyExpandUnknownNtf, pcePcepPathKeyExpandExpiredNtf } STATUS current DESCRIPTION "The notifications for a PCEP Pathkey MIB implementation." ::= { pcePcepPathKeyGroups 2 } END 6.2. Objects for inclusion in module PCE-PCEP-DRAFT-MIB Following object maybe moved to [PCE-PCEP-DRAFT-MIB] after consensus with the authors and working group. Dhody, et al. Expires March 8, 2012 [Page 18] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 pcePcepPathKeyConfig 7. IANA Considerations TBD 8. Security Considerations This MIB module can be used for configuration of certain objects, and anything that can be configured can be incorrectly configured, with potentially disastrous results. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negatie effect on network operations. These are the tables and objects and their sensitivity/vulnerability: o pcePcepPathKeyDiscardTimer: Setting this value incorrectly may cause the expiration of Pathkey before attempt to retrieve the CPS. o pcePcepPathKeyReUseTimer: Setting this value incorrectly may cause the re-use of pathkey which may not guarantee the uniqueness of path-key values. The user of the PCE-PCEP-PATHKEY-DRAFT-MIB module must therefore be aware that support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. The readable objects in the PCE-PCEP-PATHKEY-DRAFT-MIB module (i.e., those with MAX-ACCESS other than not-accessible) may be considered sensitive in some environments since, collectively, they provide information about the amount and frequency of path computation requests and responses within the network and can reveal some aspects of their configuration. In such environments it is important to control also GET and NOTIFY access to these objects and possibly even to encrypt their values when sending them over the network via SNMP. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Dhody, et al. Expires March 8, 2012 [Page 19] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 9. References 9.1. Normative References [RFC2578] McCloghrie, k., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", April 1999. [RFC2579] McCloghrie, k., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", April 1999. [RFC2580] McCloghrie, k., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", April 1999. [RFC2863] McCloghrie, k. and F. Kastenholz, "The Interfaces Group MIB", June 2000. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", December 2002. [RFC3811] Nadeau, T. and J. Cucchiara, "Definition of Textual Conventions and for Multiprotocol Label Switching (MPLS) Management", June 2004. [RFC3813] Srinivasan, C., Viswanathan, A., and T. Nadeau, "MPLS Multiprotocol Label Switching (MPLS) Label Switch Router Management Information Base", June 2004. [RFC5440] Ayyangar, A ., Farrel, A ., Oki, E., Atlas, A., Dhody, et al. Expires March 8, 2012 [Page 20] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 Dolganow, A., Ikejiri, Y., Kumaki, K., Vasseur, J., and J. Roux, "Path Computation Element (PCE) communication Protocol (PCEP)", March 2009. 9.2. Informative References [PCE-PCEP-DRAFT-MIB] Kiran Koushik, A S., Stephan, E., Zhao, Q., and D. King, "PCE communication protocol(PCEP) Management Information Base", July 2010. [RFC3410] Case, J ., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", December 2002. [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation Element (PCE)-Based Architecture", August 2006. [RFC5520] Bradford, R., Vasseur, JP., and A. Farrel, "Preserving Topology Confidentiality in Inter- Domain Path Computation Using a Path-Key-Based Mechanism", April 2009. Authors' Addresses Dhruv Dhody Huawei Technology Leela Palace Bangalore, Karnataka 560008 INDIA EMail: dhruv.dhody@huawei.com Udayasree Palle Huawei Technology Leela Palace Bangalore, Karnataka 560008 INDIA EMail: Udayasreepalle@huawei.com Dhody, et al. Expires March 8, 2012 [Page 21] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011 Quintin Zhao Huawei Technology 125 Nagog Technology Park Acton, MA 01719 US EMail: quintin.zhao@huawei.com Daniel King Old Dog Consulting UK EMail: daniel@olddog.co.uk Dhody, et al. Expires March 8, 2012 [Page 22] Internet-Draft PCE-PCEP-PATHKEY-DRAFT-MIB September 2011