Forwarding and Control Element R. Haas Separation (forces) IBM Internet-Draft July 4, 2006 Expires: January 5, 2007 ForCES MIB draft-ietf-forces-mib-03 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 5, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This memo defines a Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a MIB for the Forwarding and Control Element Separation (ForCES) Network Element (NE). The ForCES working group is defining a protocol to allow a Control Element (CE) to control the behavior of a Forwarding Element (FE). Haas Expires January 5, 2007 [Page 1] Internet-Draft ForCES MIB July 2006 Table of Contents 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Design of the ForCES MIB . . . . . . . . . . . . . . . . . . . 3 4. Association State . . . . . . . . . . . . . . . . . . . . . . 3 5. ForCES MIB Definition . . . . . . . . . . . . . . . . . . . . 4 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. Changes from Previous Draft Revisions . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 9.1. Normative References . . . . . . . . . . . . . . . . . . . 12 9.2. Informative References . . . . . . . . . . . . . . . . . . 12 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 14 Haas Expires January 5, 2007 [Page 2] Internet-Draft ForCES MIB July 2006 1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Introduction The ForCES MIB is a primarily read-only MIB that captures information related to the ForCES protocol ([RFC3654], [RFC3746], [forces- applicability-draft] and [forces-protocol-draft]). The ForCES MIB does not include information that is specified in other MIBs, such as packet counters for interfaces, etc. More specifically, the information in the ForCES MIB relative to associations that are up includes: o identifiers of the elements in the association, o configuration parameters of the association, and o statistics of the association. 3. Design of the ForCES MIB In an NE composed of one or more FEs and a single CE, the CE is clearly aware of all associations and hence can provide this information in a single ForCES MIB. In contrast, in an NE composed of more than one CE, such association information is distributed and hence more than one ForCES MIB may be necessary, unless this information is aggregated into a single ForCES MIB by some means beyond the scope of this document. Nevertheless, the ForCES MIB design is compatible with both the single-CE and the multiple-CE case. 4. Association State Only associations that are UP are shown in the MIB. Associations enter the UP state as soon as the CE has sent to the FE an Association Setup Response message containing a successful Association Setup Result. Associations are removed from the MIB as soon as they leave the UP state, i.e., if the CE has not received any message (Heartbeat or Haas Expires January 5, 2007 [Page 3] Internet-Draft ForCES MIB July 2006 other protocol message) from the FE within a given time period or if an Association Teardown message has been sent by the CE. 5. ForCES MIB Definition The MIB contains the latest ForCES protocol version supported by the CE. Note that the CE must also allow interaction with FEs supporting earlier versions. For each association identified by the pair CE ID and FE ID, the following associated information is provided by the MIB: o Version number of the ForCES protocol running in this association. o Time when the association entered the UP state. o Time when the association left the UP state. Note that this is only used for notification purposes as the association is removed from the MIB immediately after it leaves the UP state. o Number of ForCES Heartbeat messages sent from the CE and received by the CE since the association is UP. o Number of other ForCES messages sent from the CE and received by the CE since the association is UP. Only messages other than Heartbeat, Association Setup, Association Setup Response, and Association Teardown are counted. Finally, the MIB defines the following notifications: o Whenever an association enters the UP state, a notification is issued containing the version of the ForCES protocol running. Note that as CE ID and FE ID are indexes, they appear in the OID of the ForCES-protocol running-version object. o Whenever an association leaves the UP state, a notification is issued containing all associated information for this association. The reason is that the association and all its associated information will be removed from the MIB immediately after this notification has been issued. FORCES-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32 Haas Expires January 5, 2007 [Page 4] Internet-Draft ForCES MIB July 2006 FROM SNMPv2-SMI TEXTUAL-CONVENTION, TimeStamp FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF; forcesMib MODULE-IDENTITY LAST-UPDATED "200607041200Z" -- Jul 4, 2006 ORGANIZATION "Forwarding and Control Element Separation (ForCES) Working Group" CONTACT-INFO "Robert Haas (rha@zurich.ibm.com), IBM" DESCRIPTION "This MIB contains managed object definitions for the ForCES Protocol." REVISION "200607041200Z" -- Jul 4, 2006 DESCRIPTION "Initial version, published as RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this note ::= { mib-2 XXX } -- RFC Ed.: replace XXX with IANA-assigned number & remove this note --**************************************************************** forcesMibNotifications OBJECT IDENTIFIER ::= { forcesMib 0 } forcesMibObjects OBJECT IDENTIFIER ::= { forcesMib 1 } forcesMibConformance OBJECT IDENTIFIER ::= { forcesMib 2 } ForcesID ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The ForCES identifier is a four octet quantity." SYNTAX OCTET STRING (SIZE (4)) ForcesProtocolVersion ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "ForCES protocol version number." SYNTAX INTEGER (1..255) -- Notifications forcesAssociationEntryUp NOTIFICATION-TYPE OBJECTS { Haas Expires January 5, 2007 [Page 5] Internet-Draft ForCES MIB July 2006 forcesAssociationRunningProtocolVersion } STATUS current DESCRIPTION "This notification is generated when a forcesAssociationEntry object is created." ::= { forcesMibNotifications 1 } forcesAssociationEntryDown NOTIFICATION-TYPE OBJECTS { forcesAssociationRunningProtocolVersion, forcesAssociationTimeUp, forcesAssociationTimeDown, forcesAssociationHBMsgSent, forcesAssociationHBMsgReceived, forcesAssociationOtherMsgSent, forcesAssociationOtherMsgReceived } STATUS current DESCRIPTION "This notification is generated when a forcesAssociationEntry object is destroyed." ::= { forcesMibNotifications 2 } -- Objects forcesLatestProtocolVersionSupported OBJECT-TYPE SYNTAX ForcesProtocolVersion MAX-ACCESS read-only STATUS current DESCRIPTION "The ForCES protocol version supported by the CE. The current protocol version is 1. Note that the CE must also allow interaction with FEs supporting earlier versions." ::= { forcesMibObjects 1 } forcesAssociations OBJECT IDENTIFIER ::= { forcesMibObjects 2 } forcesAssociationTable OBJECT-TYPE SYNTAX SEQUENCE OF ForcesAssociationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The (conceptual) table of associations." ::= { forcesAssociations 1 } forcesAssociationEntry OBJECT-TYPE Haas Expires January 5, 2007 [Page 6] Internet-Draft ForCES MIB July 2006 SYNTAX ForcesAssociationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A (conceptual) entry for one association." INDEX { forcesAssociationCEID, forcesAssociationFEID } ::= { forcesAssociationTable 1 } ForcesAssociationEntry ::= SEQUENCE { forcesAssociationCEID ForcesID, forcesAssociationFEID ForcesID, forcesAssociationRunningProtocolVersion ForcesProtocolVersion, forcesAssociationTimeUp TimeStamp, forcesAssociationTimeDown TimeStamp, forcesAssociationHBMsgSent Counter32, forcesAssociationHBMsgReceived Counter32, forcesAssociationOtherMsgSent Counter32, forcesAssociationOtherMsgReceived Counter32 } forcesAssociationCEID OBJECT-TYPE SYNTAX ForcesID MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ForCES ID of the CE." ::= { forcesAssociationEntry 2 } forcesAssociationFEID OBJECT-TYPE SYNTAX ForcesID MAX-ACCESS not-accessible STATUS current DESCRIPTION "The ForCES ID of the FE." ::= { forcesAssociationEntry 3 } forcesAssociationRunningProtocolVersion OBJECT-TYPE SYNTAX ForcesProtocolVersion MAX-ACCESS read-only STATUS current DESCRIPTION "The current ForCES protocol version used in this association. The current protocol version is 1." ::= { forcesAssociationEntry 4 } Haas Expires January 5, 2007 [Page 7] Internet-Draft ForCES MIB July 2006 forcesAssociationTimeUp OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime at the time this association entered the UP state. If this association started prior to the last initialization of the network subsystem, then this object contains a zero value." ::= { forcesAssociationEntry 5 } forcesAssociationTimeDown OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime at the time this association left the UP state." ::= { forcesAssociationEntry 6 } forcesAssociationHBMsgSent OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "A counter of how many heartbeat messages have have been sent by the CE on this association since it is up. If this association started prior to the last initialization of the network subsystem, then this object contains the value since the initialization." ::= { forcesAssociationEntry 7} forcesAssociationHBMsgReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "A counter of how many heartbeat messages have been received by the CE on this association since it is up. If this association started prior to the last initialization of the network subsystem, then this object contains the value since the initialization." ::= { forcesAssociationEntry 8} Haas Expires January 5, 2007 [Page 8] Internet-Draft ForCES MIB July 2006 forcesAssociationOtherMsgSent OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "A counter of how many messages other than heartbeat (i.e., config and query) have been sent by the CE on this association since it is up. If this association started prior to the last initialization of the network subsystem, then this object contains the value since the initialization." ::= { forcesAssociationEntry 9} forcesAssociationOtherMsgReceived OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "A counter of how many messages other than heartbeat (i.e., config response, query response, event notification, and packet redirect) have been received by the CE on this association since it is up. If this association started prior to the last initialization of the network subsystem, then this object contains the value since the initialization." ::= { forcesAssociationEntry 10} -- Conformance forcesMibCompliances OBJECT IDENTIFIER ::= { forcesMibConformance 1 } forcesMibGroups OBJECT IDENTIFIER ::= { forcesMibConformance 2 } -- Compliance statements forcesMibCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for routers running ForCES and implementing the ForCES MIB." MODULE -- this module MANDATORY-GROUPS { forcesMibGroup, forcesNotificationGroup} Haas Expires January 5, 2007 [Page 9] Internet-Draft ForCES MIB July 2006 ::= { forcesMibCompliances 1 } -- Units of conformance forcesNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { forcesAssociationEntryUp, forcesAssociationEntryDown } STATUS current DESCRIPTION "A collection of notifications for signaling important ForCES events." ::= { forcesMibGroups 1 } forcesMibGroup OBJECT-GROUP OBJECTS { forcesAssociationRunningProtocolVersion } STATUS current DESCRIPTION "A collection of objects to support management of ForCES routers." ::= { forcesMibGroups 2 } forcesStatsGroup OBJECT-GROUP OBJECTS { forcesAssociationTimeUp, forcesAssociationTimeDown, forcesAssociationHBMsgSent, forcesAssociationHBMsgReceived, forcesAssociationOtherMsgSent, forcesAssociationOtherMsgReceived } STATUS current DESCRIPTION "A collection of optional objects to provide extra information about the associations. There is no protocol reason to keep such information, but these objects can be very useful in debugging connectivity problems." ::= { forcesMibGroups 3 } END 6. Security Considerations Some of the readable objects in this MIB module may be considered sensitive or vulnerable in some network environment. SNMP versions prior to SNMPv3 did not include adequate security. Haas Expires January 5, 2007 [Page 10] Internet-Draft ForCES MIB July 2006 Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 7. IANA Considerations IANA will need to assign a number to this MIB. 8. Changes from Previous Draft Revisions Changes from draft-ietf-forces-mib-02. They are refinements of the MIB: o Changed forcesAssociationCEID and forcesAssociationFEID from read- only to not-accessible to conform with Section 7.7 in [RFC2578]. o Removed forcesAssociationCEID and forcesAssociationFEID from the notifications. This information is conveyed in the OID anyway. o Added MIB conformance information. Changes from draft-ietf-forces-mib-01. The changes are in response to the Working Group Last Call: o Addition of two traps/notifications to signal the associations that enter or leave the UP state. o Suppression of the DOWN and ESTABLISHING states. Only associations in the UP state are kept in the table. o Split of the Message counters into Heartbeat and other messages. Haas Expires January 5, 2007 [Page 11] Internet-Draft ForCES MIB July 2006 o Addition of the current running version of ForCES protocol for each association in the UP state. o Addition of the latest version of the ForCES protocol supported by the CE. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC3654] Khosravi, H. and T. Anderson, "Requirements for Separation of IP Control and Forwarding", RFC 3654, November 2003. [RFC3746] Yang, L., Dantu, R., Anderson, T., and R. Gopal, "Forwarding and Control Element Separation (ForCES) Framework", RFC 3746, April 2004. [forces-protocol-draft] Doria, A., Haas, R., Hadi Salim, J., Khosravi, H., and W. Wang, "ForCES Protocol Specification", ID Document: draft-ietf-forces-protocol-08.txt, March 2006. 9.2. Informative References [forces-applicability-draft] Crouch, A., Khosravi, H., Handley, M., and A. Doria, "ForCES Applicability Statement", ID Document: draft-ietf-forces-applicability-04.txt, February 2006. Appendix A. Acknowledgments The author gratefully acknowledges the contributions of: Jinrong Fenggen, Xiaoyi Guo, Joel Halpern, Tom Petch, and Jamal Hadi Salim. Haas Expires January 5, 2007 [Page 12] Internet-Draft ForCES MIB July 2006 Author's Address Robert Haas IBM Saeumerstrasse 4 Rueschlikon 8803 CH Email: rha@zurich.ibm.com URI: http://www.zurich.ibm.com/~rha Haas Expires January 5, 2007 [Page 13] Internet-Draft ForCES MIB July 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Haas Expires January 5, 2007 [Page 14]