Network Working Group Thomas D. Nadeau Internet Draft Cisco Systems, Inc. Expires: July 2002 Cheenu Srinivasan Parama Networks, Inc. Adrian Farrel Movaz Networks, Inc. Tim Hall Edward Harrison Data Connection Ltd. January 2002 Generalized Multiprotocol Label Switching (GMPLS) Label Management Information Base draft-nadeau-ccamp-gmpls-label-mib-01.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC 2026 [RFC2026]. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects defining label Nadeau et al. Expires July 2002 [Page 1] Internet Draft GMPLS Label MIB January 2002 for Multiprotocol Label Switching (MPLS) [RFC3031] and Generalized Multiprotocol Label Switching (GMPLS) [GMPLSArch] Label Switching Routers (LSRs). Table of Contents 1. Changes and Pending Work .................................. 2 1.1. Changes Since the Last Version ......................... 2 1.2. Pending Work ........................................... 2 2. Introduction .............................................. 3 3. The SNMP Management Framework ............................. 3 4. Brief Description of MIB Objects .......................... 4 4.1. gmplsLabelTable ........................................ 4 4.1.1 Concatenated Labels .................................. 5 5. GMPLS Label MIB Definitions ............................... 5 6. Security Considerations ................................... 17 7. Acknowledgements .......................................... 18 8. References ................................................ 18 8.1. Normative References ................................... 19 8.2. Informational References ............................... 20 9. Authors' Addresses ........................................ 22 10. Full Copyright Statement ................................. 23 1. Changes and Pending Work This section must be removed before the draft progresses to RFC. 1.1. Changes Since the Last Version Aligned with the other GMPLS MIBs. References updated. 1.2. Pending Work The following work items have been identified for this version of the draft to be addressed in a future version. - Clarify which objects can be modified when row-status and admin-status are set to active. - Expand conformance statements to give one for monitoring only, and one for monitoring and control. - Provide examples. Nadeau et al. Expires July 2002 [Page 2] Internet Draft GMPLS Label MIB January 2002 - Provide objects for tables to support the get-next- index operation for all arbitrary indexes. 2. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling and managing labels within Generalized MPLS systems. For an introduction to the concepts of GMPLS, see [GMPLSArch]. Note that this portion of the MIB is optional within a managed GMPLS system. In particular, if the labels used within the system are 'simple' labels that may be encoded within a 32 bit quantity, and if the encoding of the labels is implicit from the context within which they are used, then the table defined within this MIB is not required. Refer to the other MIB definitions ([GMPLSTEMIB] and [GMPLSLSRMIB]) for further details. Comments should be made directly to the CCAMP mailing list at ccamp@ops.ietf.org. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119, reference [RFC2119]. 3. The SNMP Management Framework The SNMP Management Framework presently consists of five major components: - An overall architecture, described in RFC 2571 [RFC2571]. - Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and STD 16, RFC 1215 [RFC1215]. The second version, called SMIv2, is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. - Message protocols for transferring management Nadeau et al. Expires July 2002 [Page 3] Internet Draft GMPLS Label MIB January 2002 information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [RFC1157]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and RFC 1906 [RFC1906]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574]. - Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [RFC1157]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [RFC1905]. - A set of fundamental applications described in RFC 2573 [RFC2573] and the view-based access control mechanism described in RFC 2575 [RFC2575]. A more detailed introduction to the current SNMP Management Framework can be found in RFC 2570 [RFC2570]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB. 4. Brief Description of MIB Objects The tables support both manually configured and signaled tunnels as described in [TBD]. 4.1. gmplsLabelTable Nadeau et al. Expires July 2002 [Page 4] Internet Draft GMPLS Label MIB January 2002 The gmplsLabelTable allows Generalized Labels to be defined and managed in a central location. Generalized Labels can be of variable length and have distinct bit-by- bit interpretations according to the use that is made of them. It is useful to configure and inspect Generalized Labels using the sub-fields of the labels - and this table makes that feature possible. At the same time, some labels may be of unknown construction and must be exposed as octet strings. Similarly, some implementations may choose not to expose the construction of some or all labels, and can show them as octet strings. It is possible that some implementations will choose to construct and fully populate this table with all valid labels at start of day. Other implementations may choose to create entries on-demand. This table is indexed using an arbitrary index value that is not related to the label value in use. This means that it is possible to create two row entries with the same label values. This may be convenient when creating table entries on-demand. 4.1.1 Concatenated Labels In some environments such as TDM, it is useful to be able to build a single GMPLS label from a concatenation of sub- labels. This facilitates, for example, concatenation of timeslots to support a data flow. This concatenation is achieved through a secondary index into the Label Table. 5. GMPLS Label MIB Definitions GMPLS-LABEL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF RowStatus, StorageType FROM SNMPv2-TC MplsLabel FROM MPLS-TC-MIB gmplsMIB, GmplsGeneralizedLabelTypes, GmplsGeneralizedLabelSubtypes, GmplsFreeformLabel Nadeau et al. Expires July 2002 [Page 5] Internet Draft GMPLS Label MIB January 2002 FROM GMPLS-TC-MIB ; gmplsLabelMIB MODULE-IDENTITY LAST-UPDATED "200201251200Z" -- 25 Jan 2002 12:00:00 GMT"" ORGANIZATION "Common Control And Management Protocols (CCAMP) Working Group" CONTACT-INFO " Thomas D. Nadeau Postal: Cisco Systems, Inc. 250 Apollo Drive Chelmsford, MA 01824 Tel: +1-978-244-3051 Email: tnadeau@cisco.com Cheenu Srinivasan Postal: Parama Networks, Inc. 1030 Broad Street Shrewsbury, NJ 07702 Tel: +1-732-544-9120 x731 Email: cheenu@paramanet.comTel: +1-732-544-9120x731 Adrian Farrel Postal: Movaz Networks, Inc. 7926 Jones Branch Drive McLean, VA 22102 Tel: +1-703-847-1986 Email: afarrel@movaz.com Edward Harrison Postal: Data Connection Ltd. 100 Church Street Enfield, Middlesex EN2 6BQ, United Kingdom Tel: +44-20-8366-1177 Email: eph@dataconnection.com Tim Hall Postal: Data Connection Ltd. 100 Church Street Enfield, Middlesex EN2 6BQ, United Kingdom Tel: +44-20-8366-1177 Email: timhall@dataconnection.com Email comments to the CCAMP WG Mailing List at ccamp@ops.ietf.org." DESCRIPTION Nadeau et al. Expires July 2002 [Page 6] Internet Draft GMPLS Label MIB January 2002 "This MIB module contains managed object definitions of labels within GMPLS systems." -- Revision history. REVISION "200111111100Z" -- 11 Nov 2001 11:00:00 GMT DESCRIPTION "Initial version." REVISION "200201251200Z" -- 25 Jan 2002 12:00:00 GMT DESCRIPTION "Revision for compilation and work in progress." ::= { gmplsMIB 3 } -- Top level components of this MIB. -- tables, scalars gmplsLabelObjects OBJECT IDENTIFIER ::= { gmplsLabelMIB 1 } gmplsLabelConformance OBJECT IDENTIFIER ::= { gmplsLabelMIB 2 } -- GMPLS Label Table. gmplsLabelTable OBJECT-TYPE SYNTAX SEQUENCE OF GmplsLabelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table of GMPLS Labels. Each entry in this table represents an individual GMPLS label value. Labels in the tables in other MIBs are referred to using index entries into this table. In effect, the table provides an integer mapping for label values that may be more complex than simple integers." ::= { gmplsLabelObjects 1 } gmplsLabelEntry OBJECT-TYPE SYNTAX GmplsLabelEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table defines a GMPLS label." INDEX { gmplsLabelIndex, gmplsSublabelIndex } ::= { gmplsLabelTable 1 } Nadeau et al. Expires July 2002 [Page 7] Internet Draft GMPLS Label MIB January 2002 GmplsLabelEntry ::= SEQUENCE { gmplsLabelIndex Unsigned32, gmplsSublabelIndex Unsigned32, gmplsLabelRowStatus RowStatus, gmplsLabelStorageType StorageType, gmplsLabelType GmplsGeneralizedLabelTypes, gmplsLabelSubtype GmplsGeneralizedLabelSubtypes, gmplsMplsLabel MplsLabel, gmplsPortWavelengthLabel Unsigned32, gmplsFreeformLength Integer32, gmplsFreeformLabel GmplsFreeformLabel, gmplsSonetSdhSignalIndex Integer32, gmplsSdhVc Integer32, gmplsSdhVcBranch Integer32, gmplsSonetSdhBranch Integer32, gmplsSonetSdhGroupBranch Integer32, gmplsWavebandId Unsigned32, gmplsWavebandStartLabel Unsigned32, gmplsWavebandEndLabel Unsigned32 } gmplsLabelIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "Uniquely identifies this label. In conjunction with gmplsSublabelIndex this uniquely identifies a row." ::= { gmplsLabelEntry 1 } gmplsSublabelIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "In conjunction with gmplsLabelIndex uniquely identifies this row. This sub- index allows a single GMPLS label to be defined as a concatenation of labels. This is particularly useful in TDM. The ordering of sub-labels is strict with the sub-label with lowest gmplsSublabelIndex appearing first. Note that all sub-labels of a single GMPLS label must share the same gmplsLabelIndex value. For labels that are not composed of concatenated sub-labels, this value should be set to zero." ::= { gmplsLabelEntry 2 } Nadeau et al. Expires July 2002 [Page 8] Internet Draft GMPLS Label MIB January 2002 gmplsLabelRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This variable is used to create, modify, and/or delete a row in this table." ::= { gmplsLabelEntry 3 } gmplsLabelStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This variable indicates the storage type for this table entry. When set to 'permanent', the entire row is to be stored." ::= { gmplsLabelEntry 4 } gmplsLabelType OBJECT-TYPE SYNTAX GmplsGeneralizedLabelTypes MAX-ACCESS read-create STATUS current DESCRIPTION "Identifies the type of this label as it appears in a Generalized Label." ::= { gmplsLabelEntry 5 } gmplsLabelSubtype OBJECT-TYPE SYNTAX GmplsGeneralizedLabelSubtypes MAX-ACCESS read-create STATUS current DESCRIPTION "Subtype to help determine which of the subsequent fields should be used to form the Generalized Label." ::= { gmplsLabelEntry 6 } gmplsMplsLabel OBJECT-TYPE SYNTAX MplsLabel MAX-ACCESS read-create STATUS current DESCRIPTION "The value of a conventional MPLS label when carried as a Generalized Label. Only valid if gmplsLabelType is set to mplsLabel(1), and gmplsLabelSubtype is set to mplsLabel(1)." Nadeau et al. Expires July 2002 [Page 9] Internet Draft GMPLS Label MIB January 2002 ::= { gmplsLabelEntry 7 } gmplsPortWavelengthLabel OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The value of a Port or Wavelength Label when carried as a Generalized Label. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to portWavelengthLabel(2)." ::= { gmplsLabelEntry 8 } gmplsFreeformLength OBJECT-TYPE SYNTAX Integer32 (1..64) MAX-ACCESS read-create STATUS current DESCRIPTION "The length of a freeform Generalized Label indicated in the gmplsFreeformLabel object. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to freeformGeneralizedLabel(3)." ::= { gmplsLabelEntry 9 } gmplsFreeformLabel OBJECT-TYPE SYNTAX GmplsFreeformLabel MAX-ACCESS read-create STATUS current DESCRIPTION "The value of a freeform Generalized Label that does not conform to one of the standardized label encoding or that an implementation chooses to represent as an octet string without further decoding. The length of this object is given by the value of gmplsFreeformLength. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to freeformGeneralizedLabel(3)." ::= { gmplsLabelEntry 10 } gmplsSonetSdhSignalIndex OBJECT-TYPE SYNTAX Integer32 (0..4095) MAX-ACCESS read-create STATUS current DESCRIPTION "The Signal Index value (S) of a Sonet or SDH Generalized Label. 0 indicates that Nadeau et al. Expires July 2002 [Page 10] Internet Draft GMPLS Label MIB January 2002 this field is non-significant. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to sonetLabel(4) or sdhLabel(5)." ::= { gmplsLabelEntry 11 } gmplsSdhVc OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-create STATUS current DESCRIPTION "The VC Indicator (U) of an SDH Generalized Label. 0 indicates that this field is non- significant. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to sdhLabel(5)." ::= { gmplsLabelEntry 12 } gmplsSdhVcBranch OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-create STATUS current DESCRIPTION "The VC Branch Indicator (K) of an SDH Generalized Label. 0 indicates that this field is non-significant. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to sdhLabel(5)." ::= { gmplsLabelEntry 13 } gmplsSonetSdhBranch OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-create STATUS current DESCRIPTION "The Branch Indicator (L) of a Sonet or SDH Generalized Label. 0 indicates that this field is non-significant. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to sonetLabel(4) or SdhLabel(5)." ::= { gmplsLabelEntry 14 } gmplsSonetSdhGroupBranch OBJECT-TYPE SYNTAX Integer32 (0..15) MAX-ACCESS read-create STATUS current DESCRIPTION "The Group Branch Indicator (M) of a Sonet Nadeau et al. Expires July 2002 [Page 11] Internet Draft GMPLS Label MIB January 2002 or SDH Generalized Label. 0 indicates that this field is non-significant. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to sonetLabel(4) or sdhLabel(5)." ::= { gmplsLabelEntry 15 } gmplsWavebandId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The waveband identifier component of a waveband label. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to wavebandLabel(6)." ::= { gmplsLabelEntry 16 } gmplsWavebandStartLabel OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The starting label component of a waveband label. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to wavebandLabel(6)." ::= { gmplsLabelEntry 17 } gmplsWavebandEndLabel OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-create STATUS current DESCRIPTION "The end label component of a waveband label. Only valid if gmplsLabelType is set to generalizedLabel(2), and gmplsLabelSubtype is set to wavebandLabel(6)." ::= { gmplsLabelEntry 18 } -- End of GMPLS Label Table -- Module compliance. gmplsLabelGroups OBJECT IDENTIFIER ::= { gmplsLabelConformance 1 } Nadeau et al. Expires July 2002 [Page 12] Internet Draft GMPLS Label MIB January 2002 gmplsLabelCompliances OBJECT IDENTIFIER ::= { gmplsLabelConformance 2 } gmplsLabelModuleCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance statement for agents that support the GMPLS Label MIB." MODULE -- this module -- The mandatory groups have to be implemented by -- LSRs claiming support for this MIB. This MIB itself, -- however, is mandatory only on LSRs supporting GMPLS MANDATORY-GROUPS { gmplsLabelTableGroup } -- Units of conformance. GROUP gmplsLabelTableGroup DESCRIPTION "This group is mandatory for devices which support the gmplsLabelTable." GROUP gmplsMPLSLabelGroup DESCRIPTION "This group extends gmplsLabelTableGroup for implementations that support conventional MPLS labels." GROUP gmplsPortWavelengthLabelGroup DESCRIPTION "This group extends gmplsLabelTableGroup for implementations that support port and wavelength labels." GROUP gmplsFreeformLabelGroup DESCRIPTION "This group extends gmplsLabelTableGroup for implementations that support freeform labels." GROUP gmplsSonetSdhLabelGroup DESCRIPTION "This group extends gmplsLabelTableGroup for implementations that support SonetSdh labels." Nadeau et al. Expires July 2002 [Page 13] Internet Draft GMPLS Label MIB January 2002 GROUP gmplsWavebandLabelGroup DESCRIPTION "This group extends gmplsLabelTableGroup for implementations that support Waveband labels." -- gmplsLabelTable OBJECT gmplsLabelRowStatus SYNTAX INTEGER { active(1), notInService(2), createAndGo(4), destroy(6) } MIN-ACCESS read-only DESCRIPTION "The notReady(3) and createAndWait(5) states need not be supported. Write access is not required." OBJECT gmplsLabelStorageType SYNTAX INTEGER { other(1) } MIN-ACCESS read-only DESCRIPTION "Only other (1) needs to be supported." OBJECT gmplsLabelType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsLabelSubtype MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsMplsLabel MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsPortWavelengthLabel MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsFreeformLength MIN-ACCESS read-only Nadeau et al. Expires July 2002 [Page 14] Internet Draft GMPLS Label MIB January 2002 DESCRIPTION "Write access is not required." OBJECT gmplsFreeformLabel MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsSonetSdhSignalIndex MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsSdhVc MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsSdhVcBranch MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsSonetSdhBranch MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsSonetSdhGroupBranch MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsWavebandId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsWavebandStartLabel MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT gmplsWavebandEndLabel MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { gmplsLabelCompliances 1 } Nadeau et al. Expires July 2002 [Page 15] Internet Draft GMPLS Label MIB January 2002 -- Units of conformance. gmplsLabelTableGroup OBJECT-GROUP OBJECTS { gmplsLabelRowStatus, gmplsLabelStorageType, gmplsLabelType, gmplsLabelSubtype } STATUS current DESCRIPTION "Necessary, but not sufficient, set of objects to implement label table support. In addition, depending on the type of labels supported (for example, wavelength labels), the following other groups defined below are mandatory: gmplsMPLSLabelGroup and/or gmplsPortWavelengthLabelGroup and/or gmplsFreeformLabelGroup and/or gmplsSonetSdhLabelGroup." ::= { gmplsLabelGroups 1 } gmplsMPLSLabelGroup OBJECT-GROUP OBJECTS { gmplsMplsLabel } STATUS current DESCRIPTION "Object needed to implement MPLS labels." ::= { gmplsLabelGroups 2 } gmplsPortWavelengthLabelGroup OBJECT-GROUP OBJECTS { gmplsPortWavelengthLabel } STATUS current DESCRIPTION "Object needed to implement Port and Wavelength labels." ::= { gmplsLabelGroups 3 } gmplsFreeformLabelGroup OBJECT-GROUP OBJECTS { gmplsFreeformLength, gmplsFreeformLabel } STATUS current DESCRIPTION "Object needed to implement Freeform labels." Nadeau et al. Expires July 2002 [Page 16] Internet Draft GMPLS Label MIB January 2002 ::= { gmplsLabelGroups 4 } gmplsSonetSdhLabelGroup OBJECT-GROUP OBJECTS { gmplsSonetSdhSignalIndex, gmplsSdhVc, gmplsSdhVcBranch, gmplsSonetSdhBranch, gmplsSonetSdhGroupBranch } STATUS current DESCRIPTION "Object needed to implement SONET and SDH labels." ::= { gmplsLabelGroups 5 } gmplsWavebandLabelGroup OBJECT-GROUP OBJECTS { gmplsWavebandId, gmplsWavebandStartLabel, gmplsWavebandEndLabel } STATUS current DESCRIPTION "Object needed to implement Waveband labels." ::= { gmplsLabelGroups 6 } END 6. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. There are a number of managed objects in this MIB that may contain information that may be sensitive from a business perspective, in that they represent a customer's interface to the GMPLS network. Allowing uncontrolled access to these objects could result in malicious and unwanted disruptions of network traffic or incorrect configurations for these customers. There are no objects that are particularly sensitive in their own right, such as passwords or monetary amounts. Nadeau et al. Expires July 2002 [Page 17] Internet Draft GMPLS Label MIB January 2002 It is thus important to control even GET access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. At this writing, no security holes have been identified beyond those that SNMP Security [RFC2571] is itself intended to address. These relate to primarily controlled access to sensitive information and the ability to configure a device - or which might result from operator error, which is beyond the scope of any security architecture. SNMPv1 or SNMPv2 are by themselves not a secure environment. Even if the network itself is secure (for example by using IPSec [IPSEC]), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model [RFC2574] and the View-based Access Control [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. There are a number of managed objects in this MIB that may contain information that may be sensitive from a business perspective, in that they represent a customer's interface to the GMPLS network. Allowing uncontrolled access to these objects could result in malicious and unwanted disruptions of network traffic or incorrect configurations for these customers. There are no objects that are particularly sensitive in their own right, such as passwords or monetary amounts. 7. Acknowledgements The authors would like to express their thanks to Dan Joyle for his careful review and comments on GMPLS labels. 8. References Nadeau et al. Expires July 2002 [Page 18] Internet Draft GMPLS Label MIB January 2002 8.1. Normative References [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, May 1990. [RFC1212] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, March 1991. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2863] McCloghrie, K. and F. Kastenholtz, "The Interfaces Group MIB", RFC 2863, June 2000. [GMPLSArch] Ashwood-Smith, P., Awduche, D., Banerjee, A., Basak, D, Berger, L., Bernstein, G., Drake, J., Fan, Y., Fedyk, D., Grammel, D., Kompella, K., Kullberg, A., Lang, J., Liaw, F., Papadimitriou, D., Pendarakis, D., Rajagopalan, B., Rekhter, Y., Saha, D., Sandick, H., Sharma, V., Swallow, G., Tang, Z., Yu, J., Zinin, A., Nadeau, T., Mannie, E., Generalized Multiprotocol Label Switching (GMPLS) Architecture, Internet Draft , March 2001, work in progress. [GMPLSSig] Ashwood-Smith, P., Awduche, D., Banerjee, A., Basak, D, Berger, L., Bernstein, G., Drake, J., Fan, Y., Fedyk, D., Grammel, D., Kompella, K., Kullberg, A., Lang, Rajagopalan, B., Rekhter, Y., Saha, D., Sharma, V., Swallow, G., Bo Tang, Z., Generalized MPLS - Signaling Functional Description, , May 2001, work in progress. [GMPLSCRLDP] Ashwood-Smith, P., Awduche, D., Banerjee, A., Basak, D, Berger, L., Bernstein, G., Drake, J., Fan, Y., Fedyk, D., Grammel, D., Nadeau et al. Expires July 2002 [Page 19] Internet Draft GMPLS Label MIB January 2002 Kompella, K., Kullberg, A., Lang, Rajagopalan, B., Rekhter, Y., Saha, D., Sharma, V., Swallow, G., Bo Tang, Z., Generalized MPLS Signaling - CR-LDP Extensions, Internet Draft , May 2001, work in progress. [GMPLSRSVPTE] Ashwood-Smith, P., Awduche, D., Banerjee, A., Basak, D, Berger, L., Bernstein, G., Drake, J., Fan, Y., Fedyk, D., Grammel, D., Kompella, K., Kullberg, A., Lang, Rajagopalan, B., Rekhter, Y., Saha, D., Sharma, V., Swallow, G., Bo Tang, Z., Generalized MPLS Signaling - RSVP-TE Extensions, Internet Draft , May 2001, work in progress. [GMPLSSonetSDH] Mannie, E., Ansorge, S., Ashwood-Smith, P., Banerjee, A., Berger, L., Bernstein, G., Chiu, A., Drake, J., Fan, Y., Fontana, M., Grammel, G., Heiles, J., Katukam, S., Kompella, K., Lang, J. P., Liaw, F., Lin, Z., Mack-Crane, B., Papadimitriou, D., Pendarakis, D., Raftelis, M., Rajagopalan, B., Rekhter, Y., Saha, D., Sharma, V., Swallow, G., Bo Tang, Z., Varma, E., Vissers, M., Xu, Y., GMPLS Extensions for SONET and SDH Control, Internet Draft , May 2001, work in progress. [TCMIB] Nadeau, T., Cucchiara, J., Srinivasan, C, Viswanathan, A. and H. Sjostrand, "Definition of Textual Conventions and OBJECT-IDENTITIES for Multiprotocol Label Switching (MPLS) Management", Internet Draft , January 2002, work in progress. 8.2. Informational References [RFC1155] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, May 1990. [RFC1215] M. Rose, "A Convention for Defining Traps Nadeau et al. Expires July 2002 [Page 20] Internet Draft GMPLS Label MIB January 2002 for use with the SNMP", RFC 1215, March 1991. [RFC1901] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community- based SNMPv2", RFC 1901, January 1996. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC1906] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [RFC2514] Noto, et. al., "Definitions of Textual Conventions and OBJECT-IDENTITIES for ATM Management", RFC 2514, Feb. 1999 [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [RFC2571] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. Nadeau et al. Expires July 2002 [Page 21] Internet Draft GMPLS Label MIB January 2002 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, August 1999. [RFC3032] Rosen, E., Rekhter, Y., Tappan, D., Farinacci, D., Federokow, G., Li, T., and A. Conta, "MPLS Label Stack Encoding", RFC 3032, January 2001. [Assigned] Reynolds, J., and J. Postel, "Assigned Numbers", RFC 1700, October 1994. See also: http://www.isi.edu/in- notes/iana/assignments/smi-numbers. 9. Authors' Addresses Thomas D. Nadeau Cisco Systems, Inc. 300 Apollo Drive Chelmsford, MA 01824 Phone: +1-978-244-3051 Email: tnadeau@cisco.com Cheenu Srinivasan Parama Networks, Inc. 1030 Broad Street Shrewsbury, NJ 07702 Phone: +1-732-544-9120 x731 Email: cheenu@paramanet.com Adrian Farrel Movaz Networks, Inc. 7926 Jones Branch Drive, Suite 615 McLean VA, 22102USA Phone: +1-703-847-9847 Email: afarrel@movaz.com Tim Hall Nadeau et al. Expires July 2002 [Page 22] Internet Draft GMPLS Label MIB January 2002 Data Connection Ltd. 100 Church Street Enfield, Middlesex EN2 6BQ, UK Phone: +44 20 8366 1177 Email: timhall@dataconnection.com Edward Harrison Data Connection Ltd. 100 Church Street Enfield, Middlesex EN2 6BQ, UK Phone: +44 20 8366 1177 Email: eph@dataconnection.com 10. Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Nadeau et al. Expires July 2002 [Page 23]