IPCDN Working Group INTERNET DRAFT Doug Jones, Ed. draft-jones-cable-gateway-device-mib-00 YAS Broadband Expires April 2003 October, 2002 Cable Gateway Device MIB Cable Gateway Device Management Information Base for CableHome Compliant WAN Gateway Devices Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a basic set of managed objects for SNMP- based management of CableHome compliant WAN Gateway Devices and home routers. This memo specifies a MIB module in a manner that is compliant to the SNMP SMIv2 [5][6][7]. The set of objects is consistent with the SNMP framework and existing SNMP standards. This memo is a product of the IPCDN working group within the Internet Engineering Task Force. Comments are solicited and should be addressed to the working group's mailing list at ipcdn@ietf.org and/or the editor. Jones Expires April 2003 [Page 1] Internet Draft Cable Gateway Device MIB October 2002 Table of Contents 1 The SNMP Management Framework ................................... 3 2 Glossary ........................................................ 4 2.1 Cable Gateway Device .......................................... 4 2.2 Portal Services ............................................... 4 2.3 WAN-Management ................................................ 4 2.4 WAN-Data ...................................................... 4 3 Overview ........................................................ 4 3.1 Structure of the MIB .......................................... 4 3.2 Management requirements ....................................... 5 3.2.1 Portal Services device-specific parameters .................. 5 3.2.2 Portal Services provisioning paramters ...................... 5 3.2.3 Portal Services notification objects ........................ 6 4 Definitions ..................................................... 6 5 Acknowledgments ................................................ 20 6 References ..................................................... 20 7 Security Considerations ........................................ 21 8 Intellectual Property .......................................... 22 9 Author's Address ............................................... 23 10 Full Copyright Statement ...................................... 23 Jones Expires April 2003 [Page 2] Internet Draft Cable Gateway Device MIB October 2002 1. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: o An overall architecture, described in RFC 2571 [1]. o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 [4]. The second version, called SMIv2, is described in STD 58, RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7]. o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [8]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12]. o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [8]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [13]. o A set of fundamental applications described in RFC 2573 [14] and the view-based access control mechanism described in RFC 2575 [15]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. Jones Expires April 2003 [Page 3] Internet Draft Cable Gateway Device MIB October 2002 2. Glossary The terms in this document are derived either from normal cable system usage, or from the documents associated with CableLabs' CableHome specification process. 2.1. Cable Gateway Device A cable gateway device passes data traffic between the cable operator's broadband data network (the Wide Area Network, WAN) and the Local Area Network (LAN) in the cable data service subscriber's residence or business. In addition to passing traffic between the WAN and LAN, the cable gateway device provides several services including a DHCP client and a DHCP server [RFC2131], a TFTP server [RFC1350], management services as enabled by SNMPv1/v2c/v3 agent compliant with the RFCs listed in Section 1, and security services including stateful packet inspection firewall functionality and software code image verification using techniques described in [RFC3280]. 2.2 Portal Services (PS) A logical element aggregating the set of CableHome-specified functionality in a CableHome compliant cable gateway device. The Portal Services set of functions is described in [16]. 2.3. WAN-Management (WAN-Man) The Portal Services interface to the cable operator's data network, also referred to in [16] as the Wide Area Network (WAN), specifically intended for the exchange of management messages between the PS and the cable operator's network management entity. 2.4 WAN-Data The Portal Services interface to the cable operator's data network specifically intended for the exchange of user data between the PS and host devices accessible via the public Internet. 3. Overview This MIB provides a set of objects required for the management of CableHome compliant residential gateway devices. The specification is derived from the CableHome 1.0 specifications [16]. Please note that the CableHome 1.0 specification requires residential gateways to implement SNMPv1, SNMPv2c, and SNMPv3 and to process IPv4 customer traffic. Design choices in this MIB reflect those requirements. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [17]. 3.1. Structure of the MIB This MIB is structured into three groups: Jones Expires April 2003 [Page 4] Internet Draft Cable Gateway Device MIB October 2002 o The cabhPsDevBase group extends the CableLabs projects- CableHome group with objects needed to implement and configure the CableHome Portal Services set of functions. o The cabhPsDevProv Group provides objects allowing the manager to configure residential gateway device provisioning parameters. o The cabhPsNotification group provides SNMP notification objects for the reporting of Portal Services status and exception conditions. 3.2. Management requirements 3.2.1. Portal Services device-specific parameters The PsDevBase group consists largely of read-only parameters providing information specific to the device, primarily for identification purposes. By reading these parameters the device manager can gain unique identification information about the cable gateway device in which the Portal Services set of functions resides. In addition to device-specific identification parameters the PsDevBase group provides device-specific provisioning and operating parameters such as the current date and time and time of day synchronization status indicator. The PsDevBase group also includes manager-controlled parameters enabling the reset of the Portal Services functionality and enabling the reset of cable gateway device MIB objects to their default values without resetting all Portal Services functionality. 3.2.2 Portal Services provisioning parameters The second group of OIDs in the Cable Gateway Device MIB, the PsDevProv group, includes parameters required by Portal Services functions that are responsible for provisioning processes, particularly the Portal Services configuration file download processes. The provisioning process, described in Section 13 of [16], is timed so that it does not get stuck waiting for a failed process to complete. The timeout value for the provisioning process is configurable by the manager but has a default value of 5 minutes. When the Portal Services is configured to operate in the DHCP Provisioning mode as described in Section 5.5 and Section 7.1.1 of [16], it is required to download via TFTP a file containing zero or more configuration parameters. The name in URL format and location of this configuration file are passed to the Portal Services in a DHCP Option field. The file name and location are stored in PsDevProv objects for retrieval by the manager using the management messaging interface between the manager's console and the Portal Services element. Also stored are the length of the configuration Jones Expires April 2003 [Page 5] Internet Draft Cable Gateway Device MIB October 2002 file and the number of Type-Length-Value (TLV) fields passed in the configuration file, and the number of those TLV fields that were rejected by the configuration file processing function. These parameters allow the manager to verify that configuration parameters he or she passed to the Portal Services element were received and processed correctly. Integrity of the Portal Services configuration file is verified through the use of a SHA-1 hash value. This process is described in Section 7.3.3.3.1 in [16]. The hash value used to verify the integrity of the configuration file is stored and is accessible to the manager via an object of the PsDevProv group. The PsDevProv group also includes status parameters such as an indication about the progress of the provisioning process, the configuration file name and location (URL format), hash value for configuration file integrity checking, and the size of the configuration file. The PsDevProv group also includes statistics variables for keeping track of the number of Type-Length-Value (TLV) objects passed in the configuration file, that the PS processed and that were rejected. This group also contains objects for keeping track of whether the file was authenticated, and an object to store the timeout value for the authentication process key exchange. The location of the Time of Day server, passed from the cable data network DHCP server to the Portal Services element in a DHCP option code, is stored by the Portal Services and accessible to the manager via an object in the PsDevProv group. 3.2.3. Portal Services Notification objects The Portal Services element is required to report about exception conditions that occur as well as to report on the status of certain parameters. CableHome specifications defines four ways to report these events: SNMP trap as defined in [RFC1157] or SNMP notification described in [RFC2571] and [RFC2572], reporting to a SYSLOG server, writing to a volatile local log, or writing to a nonvolatile local log. Local log information is accessible to the manager via the DOCSIS device MIB [RFC2669]. The CableHome event reporting process is described in Section 6.5 of [16], and defined events are listed in Appendix II Format and Content for Event, SYSLOG and SNMP Trap, in the same reference. 4. Definitions CABH-PS-DEV-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, NOTIFICATION-TYPE FROM SNMPv2-SMI Jones Expires April 2003 [Page 6] Internet Draft Cable Gateway Device MIB October 2002 TruthValue, PhysAddress, DateAndTime, TEXTUAL-CONVENTION FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP FROM SNMPv2-CONF InetAddressType, InetAddress FROM INET-ADDRESS-MIB docsDevSwCurrentVers, docsDevEvLevel, docsDevEvId, docsDevEvText, docsDevSwFilename, docsDevSwServer FROM DOCS-CABLE-DEVICE-MIB -- RFC2669 cabhCdpServerDhcpAddress, cabhCdpWanDataAddrClientId, cabhCdpLanTransThreshold, cabhCdpLanTransCurCount FROM CABH-CDP-MIB clabProjCableHome FROM CLAB-DEF-MIB; --============================================================================ -- -- History: -- -- Date Modified by Reason -- 04/05/02 Issued I01 -- 09/20/02 Issued I02 -- 10/25/02 IETF I-D revisions -- --============================================================================= cabhPsDevMib MODULE-IDENTITY LAST-UPDATED "200210250000Z" -- October 25, 2002 ORGANIZATION "CableLabs Broadband Access Department" CONTACT-INFO "Kevin Luehrs Postal: Cable Television Laboratories, Inc. 400 Centennial Parkway Louisville, Colorado 80027-1266 U.S.A. Phone: +1 303-661-9100 Fax: +1 303-661-9199 E-mail: k.luehrs@cablelabs.com" Jones Expires April 2003 [Page 7] Internet Draft Cable Gateway Device MIB October 2002 DESCRIPTION "This MIB module supplies the basic management objects for the PS Device. The PS device parameter describe general PS Device attributes and behavior characteristics. Most the PS Device MIB is need for configuration download. Acknowledgements: Roy Spitzer - Consultant to CableLabs Mike Mannette - Consultant to CableLabs Itay Sherman - Texas Instruments Chris Zacker - Broadcom Rick Vetter - Consultant to CableLabs " ::= { clabProjCableHome 1 } -- Textual conventions X509Certificate ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An X509 digital certificate encoded as an ASN.1 DER object." SYNTAX OCTET STRING (SIZE (0..4096)) cabhPsDevMibObjects OBJECT IDENTIFIER ::= { cabhPsDevMib 1 } cabhPsDevBase OBJECT IDENTIFIER ::= { cabhPsDevMibObjects 1 } cabhPsDevProv OBJECT IDENTIFIER ::= { cabhPsDevMibObjects 2 } -- -- The following group describes the base objects in the PS. -- These are device based parameters. -- cabhPsDevDateTime OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-write STATUS current DESCRIPTION "The date and time, with optional timezone information." ::= { cabhPsDevBase 1 } cabhPsDevResetNow OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to true(1) causes the stand-alone or embedded PS functions to reboot. Device code initializes as if starting from a power-on reset. MIB object values persist as specified in Appendix I of the CableHome 1.0 specification. Reading this object always returns false(2)." ::= { cabhPsDevBase 2 } cabhPsDevSerialNumber OBJECT-TYPE Jones Expires April 2003 [Page 8] Internet Draft Cable Gateway Device MIB October 2002 SYNTAX SnmpAdminString (SIZE (0..128)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer's serial number for the Cable Gateway device implementing this Portal Services element. This parameter is manufacturer provided and is stored in non- volatile memory." ::= { cabhPsDevBase 3 } cabhPsDevHardwareVersion OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..48)) MAX-ACCESS read-only STATUS current DESCRIPTION "The manufacturer's hardware version for the Cable Gateway device implementing this Portal Services elemenet. This parameter is manufacturer provided and is stored in non- volatile memory." ::= { cabhPsDevBase 4 } cabhPsDevWanManMacAddress OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The PS WAN-Man MAC address. This is the PS hardware address to be used to uniquely identify the PS to the cable data network DHCP server for the acquisition of an IP address to be used for management messaging between the cable network management entity and the Portal Services element." ::= { cabhPsDevBase 5 } cabhPsDevWanDataMacAddress OBJECT-TYPE SYNTAX PhysAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The PS WAN-Data hardware address. The CableHome Portal Services supports acquisition of zero or more globally- routable IP addresses to map to private IP addresses in the data service subscriber's LAN. The Portal Services could have multiple WAN-Data Interfaces, which share the same hardware address. In the case of two or more WAN-Data Interfaces, the client identifiers provided in DHCP Option Code 61 of the DHCP OFFER message issued by the PS will be unique so that each WAN-Data Interface may be assigned a unique WAN-Data IP address." ::= { cabhPsDevBase 6 } cabhPsDevTypeIdentifier OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current Jones Expires April 2003 [Page 9] Internet Draft Cable Gateway Device MIB October 2002 DESCRIPTION "This is a copy of the device type identifier used in the DHCP option 60 exchanged between the PS and the DHCP server." ::= { cabhPsDevBase 7 } cabhPsDevSetToFactory OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Setting this object to true(1) sets all PsDev MIB objects to the factory default values. Reading this object always returns false(2)." ::= { cabhPsDevBase 8 } cabhPsDevTodSyncStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the PS was able to successfully synchronize with the Time of Day (ToD) Server in the cable network. The PS sets this object to true(1) if the PS successfully synchronizes its time with the ToD server. The PS sets this object to false(2) if the PS does not successfully synchronize with the ToD server" DEFVAL { false } ::= { cabhPsDevBase 9 } cabhPsDevProvMode OBJECT-TYPE SYNTAX INTEGER { dhcpmode(1), snmpmode(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the provisioning mode in which the PS is operating. If the PS is operating in DHCP Provisioning Mode as described in the CableHome 1.0 specification, the PS sets this object to dhcpmode(1). If the PS is operating in SNMP Provisioning Mode, the PS sets this object to snmpmode(2)." ::={ cabhPsDevBase 10 } -- -- The following group defines Provisioning Specific parameters -- Jones Expires April 2003 [Page 10] Internet Draft Cable Gateway Device MIB October 2002 cabhPsDevProvisioningTimer OBJECT-TYPE SYNTAX INTEGER (0..16383) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "This object enables the user to set the duration of the provisioning timeout timer. The provisioning timeout timer is intended to act as a watchdog timer for the PS provisioning process. If it expires before the PS provisioning process completes, the PS is required to repeat its initialization process. Setting the timer to 0 disables the provisioning timeout timer." DEFVAL {5} ::= {cabhPsDevProv 1} cabhPsDevProvConfigFile OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..128)) MAX-ACCESS read-write STATUS current DESCRIPTION "The URL of the TFTP host for downloading provisioning and configuration parameters to this device. Returns NULL if the server address is unknown." ::= { cabhPsDevProv 2 } cabhPsDevProvConfigHash OBJECT-TYPE SYNTAX OCTET STRING (SIZE(20)) MAX-ACCESS read-write STATUS current DESCRIPTION "Hash of the contents of the config file, calculated and sent to the PS prior to sending the config file. For the SHA-1 authentication algorithm the hash length is 160 bits." ::= { cabhPsDevProv 3 } cabhPsDevProvConfigFileSize OBJECT-TYPE SYNTAX Integer32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The length of the configuration file in bytes, including the end of file marker." ::={ cabhPsDevProv 4 } cabhPsDevProvConfigFileStatus OBJECT-TYPE SYNTAX INTEGER { idle (1), busy (2) } Jones Expires April 2003 [Page 11] Internet Draft Cable Gateway Device MIB October 2002 MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the current status of the configuration file download process. It is provided to indicate to the management entity that the PS will reject PS Configuration File triggers (set request to cabhPsDevProvConfigFile) when busy." ::={ cabhPsDevProv 5 } cabhPsDevProvConfigTLVProcessed OBJECT-TYPE SYNTAX INTEGER (0..16383) MAX-ACCESS read-only STATUS current DESCRIPTION "Number of TLVs processed in config file." ::={ cabhPsDevProv 6 } cabhPsDevProvConfigTLVRejected OBJECT-TYPE SYNTAX INTEGER (0..16383) MAX-ACCESS read-only STATUS current DESCRIPTION "Number of TLVs rejected in config file." ::={ cabhPsDevProv 7 } cabhPsDevProvSolicitedKeyTimeout OBJECT-TYPE SYNTAX Integer32 (15..600) UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This timeout applies only when the Provisioning Server initiated key management (with a Wake Up message) for SNMPv3. It is the period during which the PS will save a number (inside the sequence number field) from the sent out AP Request and wait for the matching AP Reply from the Provisioning Server." DEFVAL { 120 } ::= { cabhPsDevProv 8 } cabhPsDevProvState OBJECT-TYPE SYNTAX INTEGER { pass (1), inProgress (2), fail (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the completion state of the PS initialization process. Pass or Fail states occur after completion of the initialization flow. InProgress occurs Jones Expires April 2003 [Page 12] Internet Draft Cable Gateway Device MIB October 2002 from PS initialization start to PS initialization end." ::= { cabhPsDevProv 9 } cabhPsDevProvAuthState OBJECT-TYPE SYNTAX INTEGER { accepted (1), rejected (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates the authentication state of the configuration file." ::= { cabhPsDevProv 10 } cabhPsDevTimeServerAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address type of the Time server (RFC-868). IP version 4 is typically used." ::= { cabhPsDevProv 11 } cabhPsDevTimeServerAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the Time server (RFC-868). Returns 0.0.0.0 if the time server IP address is unknown." ::= { cabhPsDevProv 12 } -- -- notification group is for future extension. -- cabhPsNotification OBJECT IDENTIFIER ::= { cabhPsDevMib 2 0 } cabhPsConformance OBJECT IDENTIFIER ::= { cabhPsDevMib 3 } cabhPsCompliances OBJECT IDENTIFIER ::= { cabhPsConformance 1 } cabhPsGroups OBJECT IDENTIFIER ::= { cabhPsConformance 2 } -- -- Notification Group -- cabhPsDevInitTLVUnknownTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress Jones Expires April 2003 [Page 13] Internet Draft Cable Gateway Device MIB October 2002 } STATUS current DESCRIPTION "Event due to detection of unknown TLV during the TLV parsing process. The values of docsDevEvLevel, docsDevId, and docsDevEvText are from the entry which logs this event in the docsDevEventTable. The value of cabhPsDevWanManMacAddress indicates the WAN-Man MAC address of the PS. " ::= { cabhPsNotification 1 } cabhPsDevInitTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress, cabhPsDevProvConfigFile, cabhPsDevProvConfigTLVProcessed, cabhPsDevProvConfigTLVRejected } STATUS current DESCRIPTION "This inform is issued to confirm the successful completion of the CableHome provisioning process. " ::= { cabhPsNotification 2 } cabhPsDevInitRetryTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress } STATUS current DESCRIPTION "An event to report a failure during the PS initialization process. " ::= { cabhPsNotification 3 } cabhPsDevDHCPFailTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress, cabhCdpServerDhcpAddress } STATUS current DESCRIPTION Jones Expires April 2003 [Page 14] Internet Draft Cable Gateway Device MIB October 2002 "An event to report the failure of the PS to successfully complete message exchange with a DHCP server on its WAN-Man interface. The value of cabhCdpServerDhcpAddress is the IP address of the DHCP server. " ::= { cabhPsNotification 4 } cabhPsDevSwUpgradeInitTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress, docsDevSwFilename, docsDevSwServer } STATUS current DESCRIPTION "An event to report a software upgrade initiated event. The values of docsDevSwFilename, and docsDevSwServer indicate the software image name and the server IP address the image is from. This trap is only issued by a PS if the PS is not embedded with a cable modem. Software upgrade for a PS embedded with a cable modem is initiated and controlled by the cable modem software. " ::= { cabhPsNotification 5 } cabhPsDevSwUpgradeFailTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress, docsDevSwFilename, docsDevSwServer } STATUS current DESCRIPTION "An event to report the failure of a software upgrade attempt. The values of docsDevSwFilename, and docsDevSwServer indicate the software image name and the server IP address the image is from. " ::= { cabhPsNotification 6 } cabhPsDevSwUpgradeSuccessTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress, docsDevSwFilename, docsDevSwServer } Jones Expires April 2003 [Page 15] Internet Draft Cable Gateway Device MIB October 2002 STATUS current DESCRIPTION "An event to report the Software upgrade success event. The values of docsDevSwFilename, and docsDevSwServer indicate the software image name and the IP address of the TFTP server on which the software image is stored. " ::= { cabhPsNotification 7 } cabhPsDevSwUpgradeCVCFailTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress } STATUS current DESCRIPTION "An event to report the failure of the software image verification during a secure software upgrade attempt. " ::= { cabhPsNotification 8 } cabhPsDevTODFailTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevTimeServerAddr, cabhPsDevWanManMacAddress } STATUS current DESCRIPTION "An event to report the failure of a time of day server. The value of cabhPsDevTimeServerAddr indicates the time server's IP address. " ::= { cabhPsNotification 9 } cabhPsDevCdpWanDataIpTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhCdpWanDataAddrClientId, cabhPsDevWanManMacAddress } STATUS current DESCRIPTION "An event to report the failure of PS to obtain all needed WAN-Data IP addresses. The PS is configured by the manager for the number of WAN-Data IP address leases it is required Jones Expires April 2003 [Page 16] Internet Draft Cable Gateway Device MIB October 2002 to acquire. If the PS is unable to acquire the configured number of leases it reports the error using this trap. The object cabhCdpWanDataAddrClientId indicates the ClientId for which the failure occurred. " ::= { cabhPsNotification 10 } cabhPsDevCdpThresholdTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress, cabhCdpLanTransThreshold } STATUS current DESCRIPTION "An event to report that the LAN-Trans threshold has been exceeded. The LAN-Trans threshold is a parameter defined in the Cable Gateway Configuration MIB that enables the manager to manage the Cable Gateway address configuration. " ::= { cabhPsNotification 11 } cabhPsDevCspTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress } STATUS current DESCRIPTION "To report an event with the CableHome Security Portal. This includes reporting on firewall hacker attacks, changes in firewall parameters, and problems with transferring the firewall policy file via TFTP. " ::= { cabhPsNotification 12 } cabhPsDevCapTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress } STATUS current DESCRIPTION "To report an event with the CableHome Address Portal (CAP). CAP events include reporting on problems with creating network address mappings. " ::= { cabhPsNotification 13 } Jones Expires April 2003 [Page 17] Internet Draft Cable Gateway Device MIB October 2002 cabhPsDevCtpTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress } STATUS current DESCRIPTION "To report an event with the CableHome Test Portal (CTP). CTP events include status of remote diagnostic tests executed by the PS at the direction of the manager. " ::= { cabhPsNotification 14 } cabhPsDevProvEnrollTrap NOTIFICATION-TYPE OBJECTS { cabhPsDevHardwareVersion, docsDevSwCurrentVers, cabhPsDevTypeIdentifier, cabhPsDevWanManMacAddress, cabhPsDevProvCorrelationId } STATUS current DESCRIPTION "This inform is issued to enroll the PS with the SNMPv3 management entity in the cable operator's network. " REFERENCE "Inform as defined in RFC 1902" ::= { cabhPsNotification 15 } cabhPsDevCdpLanIpPoolTrap NOTIFICATION-TYPE OBJECTS { docsDevEvLevel, docsDevEvId, docsDevEvText, cabhPsDevWanManMacAddress, cabhCdpLanTransCurCount } STATUS current DESCRIPTION "An event to report that the pool of IP addresses for LAN clients, as defined by cabh CdpLanPoolStart and cabhCdpLanPoolEnd, is exhausted. " ::= { cabhPsNotification 16} -- compliance statements cabhPsBasicCompliance MODULE-COMPLIANCE STATUS current Jones Expires April 2003 [Page 18] Internet Draft Cable Gateway Device MIB October 2002 DESCRIPTION "The compliance statement for devices that implement the CableHome Portal Services functionality. " MODULE --cabhPsMib -- unconditionally mandatory groups MANDATORY-GROUPS { cabhPsGroup } ::= { cabhPsCompliances 1} cabhPsGroup OBJECT-GROUP OBJECTS { cabhPsDevDateTime, cabhPsDevResetNow, cabhPsDevSerialNumber, cabhPsDevHardwareVersion, cabhPsDevWanManMacAddress, cabhPsDevWanDataMacAddress, cabhPsDevTypeIdentifier, cabhPsDevSetToFactory, cabhPsDevTodSyncStatus, cabhPsDevProvMode, cabhPsDevProvisioningTimer, cabhPsDevProvConfigFile, cabhPsDevProvConfigHash, cabhPsDevProvConfigFileSize, cabhPsDevProvConfigFileStatus, cabhPsDevProvConfigTLVProcessed, cabhPsDevProvConfigTLVRejected, cabhPsDevProvSolicitedKeyTimeout, cabhPsDevProvState, cabhPsDevProvAuthState, cabhPsDevTimeServerAddrType, cabhPsDevTimeServerAddr } STATUS current DESCRIPTION "Group of objects for the Cable Gateway Device MIB." ::= { cabhPsGroups 1 } cabhPsNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { cabhPsDevInitTLVUnknownTrap, cabhPsDevInitTrap, Jones Expires April 2003 [Page 19] Internet Draft Cable Gateway Device MIB October 2002 cabhPsDevInitRetryTrap, cabhPsDevDHCPFailTrap, cabhPsDevSwUpgradeInitTrap, cabhPsDevSwUpgradeFailTrap, cabhPsDevSwUpgradeSuccessTrap, cabhPsDevSwUpgradeCVCFailTrap, cabhPsDevTODFailTrap, cabhPsDevCdpWanDataIpTrap, cabhPsDevCdpThresholdTrap, cabhPsDevCspTrap, cabhPsDevCapTrap, cabhPsDevCtpTrap, cabhPsDevProvEnrollTrap, cabhPsDevCdpLanIpPoolTrap } STATUS current DESCRIPTION "These notifications indicate change in status of the Portal Services set of functions in a device complying with CableLabs CableHome(tm) specifications." ::= { cabhPsGroups 2 } END 5. Acknowledgements This document was produced by the IPCDN Working Group. It is based on a document written by Kevin Luehrs from CableLabs, consultant to CableLabs Roy Spitzer, consultant to CableLabs Mike Mannette, consultant to CableLabs Rick Vetter, Chris Zacker from Broadcom, and Itay Sherman from Texas Instruments. Additional thanks go to Jean-Francois Mule from CableLabs for his guidance. 6. References [1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [2] Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [4] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [5] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Structure of Management Information for Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Jones Expires April 2003 [Page 20] Internet Draft Cable Gateway Device MIB October 2002 [6] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [7] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [14] Levi, D., Meyer, P. and B. Stewart, "SNMP Applications", RFC 2573, April 1999. [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [16] "CableHome 1.0 Specification CH-SP-I02-020920", CableLabs, September 2002, http://www.cablelabs.com/projects/cablehome/specifications. [17] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [18] "Data-Over-Cable Service Interface Specifications: Baseline Privacy Plus Interface Specification SP-BPI+-I09-020830", CableLabs, August 2002, http://www.cablemodem.com/downloads/specs/SP-BPI+-I09-020830.pdf. 7. Security Considerations This MIB relates to a system which will provide metropolitan public Jones Expires April 2003 [Page 21] Internet Draft Cable Gateway Device MIB October 2002 Internet access for a cable data service subscriber, via a DOCSIS cable modem. As such, improper manipulation of the objects represented by this MIB may result in denial of service to a large number of end-users. In addition, manipulation of the cabhPsDevConfigFile and cabhPsDevConfigHash may allow an end-user to increase their service levels, change the permitted IP address leases, or affect end-users in either a positive or negative way. There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. o The Cable Gateway Device may have its Portal Services software changed by the actions of the management system. An improper software load may result in substantial vulnerabilities and the loss of the ability of the management system to control the cable modem. o The device may be reset by setting cabhPsDevResetNow = true(1). This causes the device to reload its configuration files as well as eliminating all previous non-persistent network management settings. As such, this may provide a vector for attacking the system. This MIB does not affect confidentiality of services on a Cable Gateway device. Since a CableLabs CableHome-compliant Cable Gateway Device accesses the Internet through a DOCSIS compliant cable modem, the privacy mechanism defined for a DOCSIS cable modem in [18] is a mechanism by which a Cable Gateway device could be ensured confidentiality of service. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model [12] and the View-based Access Control Model [15] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. Intellectual Property The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to Jones Expires April 2003 [Page 22] Internet Draft Cable Gateway Device MIB October 2002 pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 9. Author's Address Doug Jones YAS Broadband Ventures, LLC 300 Brickstone Square Andover, MA 01810 U.S.A Phone: +1 303 661 3823 EMail: doug@yas.com 10. Full Copyright Statement Copyright (C) The Internet Society (1999). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF Jones Expires April 2003 [Page 23] Internet Draft Cable Gateway Device MIB October 2002 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Jones Expires April 2003 [Page 24]