Thomas D. Nadeau Cisco Systems, Inc. Luyuan Fang AT&T Stephen J. Brannon SwissCom Fabio M. Chiussi Lucent Technologies Joseph Dube Avici Systems, Inc. IETF Internet Draft Expires: May, 2001 Document: draft-nadeau-mpls-vpn-mib-00.txt November, 2000 MPLS/BGP Virtual Private Network Management Information Base Using SMIv2 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are Working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Contents 1.0 ABSTRACT 2 Nadeau et al. Expires May 2001 [Page 1] Internet Draft MPLS VPN MIB November 9, 2000 2.0 INTRODUCTION 2 3.0 TERMINOLOGY 3 4.0 THE SNMP MANAGEMENT FRAMEWORK 3 5.0 OBJECT DEFINITIONS 4 6.0 FEATURE CHECKLIST 4 7.0 OUTLINE 5 8.0 APPLICATION OF THE INTERFACE GROUP TO MPLS 5 9.0 SUMMARY OF MPLS-VPN-MIB 6 10.0 BRIEF DESCRIPTION OF MIB OBJECTS 6 10.1 MPLSVPNVRFCONFCONFTABLE 6 10.2 MPLSVPNINTERFACECONFTABLE 6 10.3 MPLSVPNPERFTABLE 7 11.0 EXAMPLE OF MPLS/BGP VPN SETUP 7 12.0 MPLS/BGP VPN MIB DEFINITIONS 8 13.0 ACKNOWLEDGMENTS 24 14.0 REFERENCES 24 15.0 AUTHORS' ADDRESSES 27 16.0 FULL COPYRIGHT STATEMENT 27 1.0 Abstract This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, in response to customer demands and strong input from vendors, it describes managed objects for modeling and managing Multi-Protocol Label Switching(MPLS) [MPLSArch]/Border Gateway Protocol (BGP) Virtual Private Networks(VPNs) [RFC2547bis]. 2.0 Introduction This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling a Multi-Protocol Label Switching [MPLSArch, MPLSFW]/Border Gateway Protocol Virtual Private Networks. Comments should be made directly to the MPLS mailing list at mpls@uu.net and the Network-based VPN WG at nbVpn@bbo.com. This memo does not, in its draft form, specify a standard for the Internet community. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119, reference [BCP14]. Nadeau et al. Expires May 2001 [Page 2] Internet Draft MPLS VPN MIB November 9, 2000 3.0 Terminology This document uses terminology from the document describing the MPLS architecture [MPLSArch] and from the document describing MPLS/BGP VPNs [MPLSBGPVPN]. 4.0 The SNMP Management Framework The SNMP Management Framework presently consists of five major components: - An overall architecture, described in RFC 2271 [SNMPArch]. - Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in RFC 1155 [SMIv1], RFC 1212 [SNMPv1MIBDef] and RFC 1215 [SNMPv1Traps]. The second version, called SMIv2, is described in RFC 1902 [SMIv2], RFC 1903 [SNMPv2TC] and RFC 1904 [SNMPv2Conf]. - Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in RFC 1157 [SNMPv1]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [SNMPv2c] and RFC 1906 [SNMPv2TM]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [SNMPv2TM], RFC 2272 [SNMPv3MP] and RFC 2574 [SNMPv3USM]. - Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in RFC 1157 [SNMPv1]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [SNMPv2PO]. - A set of fundamental applications described in RFC 2273 [SNMPv3App] and the view-based access control mechanism described in RFC 2575 [SNMPv3VACM]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI. This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine-readable information in SMIv2 will be Nadeau et al. Expires May 2001 [Page 3] Internet Draft MPLS VPN MIB November 9, 2000 converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine-readable information is not considered to change the semantics of the MIB. 5.0 Object Definitions Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the subset of Abstract Syntax Notation One (ASN.1) defined in the SMI. In particular, each object type is named by an OBJECT IDENTIFIER, an administratively assigned name. The object type together with an object instance serves to uniquely identify a specific instantiation of the object. For human convenience, we often use a textual string, termed the descriptor, to also refer to the object type. 6.0 Feature Checklist The MPLS/BGP Virtual Private Network MIB (MPLS-VPN-MIB) is designed to satisfy the following requirements and constraints: 1. The MIB must support the BGP/MPLS Virtual Private Networks as described in RFC 2547bis. It does not support other generalized network-based VPN solutions such as IPSec VPNs. 2. The MIB must support the operation of BGP/MPLS VPN either based on an IP backbone that contains only routers/switches, or a layer-2 backbone (e.g. Frame Relay, ATM). 3. The MIB must support BGP/MPLS VPN service as Enterprise VPN, Carrier's Carrier VPN, or Inter-provider Backbone. 4. The MIB must support the configuration of BGP/MPLS VPNs under the scope listed above in 1, 2, and 3. It can be used for service creation, or building the configuration tools to achieve MPLS VPN service creation automation. 5. The MIB must support the maintenance and troubleshooting of BGP/MPLS VPN under the scope listed in 1, 2, and 3. It can be used, in conjunction with other MIBs to build monitoring and troubleshooting network management tools. 6. The MIB must support BGP/MPLS VPNs which are configured on a particular physical interface or sub-interface if the interface can be divided (e.g. Frame Relay or ATM) of the PE router. The PE router will determine the forwarding table to be used based on the particular interface or sub-interface Nadeau et al. Expires May 2001 [Page 4] Internet Draft MPLS VPN MIB November 9, 2000 information. 7. The MIB must support Provider Edge (PE) routers, which can be configured to maintain one or more VPN Routing and Forwarding Tables (VRFs). 8. The MIB must support each interface or sub-interface on a PE router that can be configured for a single VPN only. 9. The MIB must support a configuration where each interface belongs to a particular VPN on the PE router and can be configured to import or export the information from the same VPN at different sites. It can also be configured to import or export the information from the different VPNs at the different sites. 10. The MIB must support provider backbone routers (P routers) that are not BGP/MPLS VPN aware. The reachability information of MPLS VPN is distributed through BGP (IBGP in all cases, EBGP in addition in the case of Inter-Provider VPN). The transportation of MPLS VPN is performed by LSRs in the backbone (using LDP, or RSVP, or both). 7.0 Outline T.B.D. ... 8.0 Application of the Interface Group to MPLS The Interfaces Group of MIB II defines generic managed objects for managing interfaces. This memo contains the media-specific extensions to the Interfaces Group for managing MPLS interfaces. This memo assumes the interpretation of the Interfaces Group to be in accordance with [IFMIB] which states that the interfaces table (ifTable) contains information on the managed resource's interfaces and that each sub-layer below the internetwork layer of a network interface is considered an interface. Thus, the MPLS VPN-enabled interface is represented as an entry in the ifTable. This entry is then "stacked" upon an underlying ifType=mpls(166) interface. The inter-relation of entries in the ifTable is defined by Interfaces Stack Group defined in [IFMIB]. When using MPLS VPN-enabled interfaces, the interface stack table might appear as follows: Nadeau et al. Expires May 2001 [Page 5] Internet Draft MPLS VPN MIB November 9, 2000 +-------------------------------------------+ | MPLS/BGP VPN ifType = mplsVpn(T.B.D.) | +-------------------------------------------+ | MPLS-interface ifType = mpls(166) + +-------------------------------------------+ | Underlying Layer... + +-------------------------------------------+ In the above diagram, "Underlying Layer..." refers to the ifIndex of any interface type, which has been defined for MPLS interworking and onto which the MPLS-layer is stacked upon. Examples include ATM, Frame Relay, Ethernet, etc. 9.0 Summary of MPLS-VPN-MIB The MIB objects for performing these actions consist of the following tables: T.B.D. 10.0 Brief Description of MIB Objects The following subsections describe the purpose of each of the objects contained in the MPLS-VPN-MIB. 10.1 mplsVpnVrfConfConfTable This table represents the MPLS/BGP VPNs that are configured. An operator or Network Management System (NMS) creates an entry in this table for every MPLS/BGP VPN configured to run in this MPLS domain. 10.2 mplsVPNInterfaceConfTable This table represents the MPLS/BGP VPN-enabled interfaces. Each entry in this table corresponds to an entry in the Interfaces MIB. Due to this correspondence, certain things such as traffic counters will not be found in this MIB, and instead should be exposed in the Interfaces MIB. 10.3 mplsVPNPerfTable This table contains objects to measure the performance of MPLS/BGP VPNs and is an AUGMENT to mplsVPNConfTable. High capacity counters are provided for objects that are likely to wrap around quickly on objects Nadeau et al. Expires May 2001 [Page 6] Internet Draft MPLS VPN MIB November 9, 2000 such as high-speed interfaces. 11.0 Example of MPLS/BGP VPN Setup In this section we provide a brief example of using the MIB objects described in the following section. While this example is not meant to illustrate very nuance of the MIB, it is intended as an aid to understanding some of the key concepts. It is our intent that it is read only after the reader has gone through the MIB itself. Defining the VPN: In mplsVpnConfTable: { mplsVpnVrfConfIndex = 1, mplsVpnVrfName = "RED", mplsVpnVrfDescripton = "Intranet of Company ABC", mplsVpnVrfRouteDistinguisher = 100:1, mplsVpnVrfRouteDistinguisher = 100:2, mplsVpnVrfRouteDistinguisher = 100:1, Configuring PE to PE BGP Routing Session with BGP extended family mplsVpnVrfBgpAddrFamilyVpnv4Unicast = true (1), mplsVpnVrfBgpAFNeighborPEAddr = 10.10.10.1 {the other PE}, mplsVpnVrfBgpAFNeighborPEType = IpV4 Configuring PE to CE BGP Routing Sessions: mplsVpnVrfName = "RED", mplsVpnVrfBgpAddrFamilyVpnv4Unicast = true (1), mplsVpnVrfBgpAFNeighborCEAddr = 192.123.123.1 {adjacent CE}, mplsVpnVrfBgpAFNeighborCEType = IpV4 (or Configuring PE to CE RIP Routing Sessions) mplsVpnVrfName = "RED", mplsVpnVrfNetType = rip(2), mplsVpnVrfRipNetPrefix = 192.123.123.4 {the network prefix to the adjacent CE), (or Configuring PE to CE Static Routing Sessions) mplsVpnVrfName = "RED", mplsVpnVrfIpRouteVrfForwByType = IpV4 (1) mplsVpnVrfIpRouteVrfForwByAddr = 192.123.123.1 {forwarded by}, mplsVpnVrfIpRouteRedistributeConn = true (1) Nadeau et al. Expires May 2001 [Page 7] Internet Draft MPLS VPN MIB November 9, 2000 } Note that this example assumes that the P routers are configured with MPLS LDP and RSVP TE tunnels using existing MIBs. 12.0 MPLS/BGP VPN MIB Definitions MPLS-VPN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, experimental, Integer32, Counter32, Unsigned32, Counter64, Gauge32, TimeTicks FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF TEXTUAL-CONVENTION, TruthValue, RowStatus, StorageType, RowPointer, TimeStamp FROM SNMPv2-TC InterfaceIndex, InterfaceIndexOrZero FROM IF-MIB SnmpAdminString FROM SNMP-FRAMEWORK-MIB AddressFamilyNumbers FROM IANA-ADDRESS-FAMILY-NUMBERS-MIB InetAddress, InetAddressType FROM INET-ADDRESS-MIB; mplsVpnMIB MODULE-IDENTITY LAST-UPDATED "200009301200Z" -- 30 September 2000 12:00:00 EST ORGANIZATION "Unknown at this time." CONTACT-INFO " Thomas D. Nadeau Postal: Cisco Systems, Inc. 250 Apollo Drive Chelmsford, MA 01824 Tel: +1-978-244-3051 Email: tnadeau@cisco.com Luyuan Fang Postal: AT&T 200 Laurel Avenue Nadeau et al. Expires May 2001 [Page 8] Internet Draft MPLS VPN MIB November 9, 2000 Middletown, NJ 07733 Tel: +1-732-420-1921 Email: luyuanfang@att.com Kateel Vijayananda Postal: SwissCom 250 Apollo Drive Chelmsford, MA 01824 Tel: +1-978-244-3051 Email: Kateel.Vijayananda@swisscom.com Fabio M. Chiussi Postal: Bell Laboratories, Lucent Technologies 101 Crawfords Corner Road, Room 4D-521 Holmdel, NJ 07733 Tel: +1-732-949-2407 Email: fabio@bell-labs.com Joseph Dube Postal: Avici Systems, Inc. 101 Billerica Avenue North Billerica, MA 01862 Tel: +1-978-964-2258 Email: jdube@avici.com" DESCRIPTION "This MIB contains managed object definitions for the Multiprotocol Label Switching (MPLS)/Border Gateway Protocol (BGP) Virtual Private Networks (VPNs) as defined in : Rosen, E., Viswanathan, A., and R. Callon, Multiprotocol Label Switching Architecture, Internet Draft , August 1999." -- Revision history. REVISION "199906161200Z" -- 16 June 1999 12:00:00 EST DESCRIPTION "Initial draft version." ::= { experimental xxx } û- To be assigned -- Textual Conventions. MplsVpnId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An identifier that is assigned to each MPLS/BGP VPN and is used to uniquely identify it. This is assigned by the system operator or NMS and SHOULD be unique throughout Nadeau et al. Expires May 2001 [Page 9] Internet Draft MPLS VPN MIB November 9, 2000 the MPLS domain. If this is the case, then this identifier can then be used at any LSR within a specific MPLS domain to identify this MPLS/BGP VPN. It may also be possible to preserve the uniqueness of this identifier across MPLS domain boundaries, in which case this identifier can then be used to uniquely identify MPLS/BGP VPNs on a more global basis." REFERENCE "RFC 2685 [VPN-RFC2685] Fox B., et al, æVirtual Private Networks IdentifierÆ, September 1999." SYNTAX SnmpAdminString (SIZE (0..31)) MplsVpnRouteDistinguisher ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A route distinguisher." SYNTAX OCTET STRING(SIZE (0..256)) -- Top level components of this MIB. -- Tables, Scalars mplsVpnObjects OBJECT IDENTIFIER ::= { mplsVpnMIB 1 } mplsVpnScalars OBJECT IDENTIFIER ::= { mplsVpnObjects 1 } mplsVpnConf OBJECT IDENTIFIER ::= { mplsVpnObjects 2 } mplsVpnPerf OBJECT IDENTIFIER ::= { mplsVpnObjects 3 } -- Scalar Objects mplsVpnConfiguredVrfs OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of VRFs which are configured on this node." ::= { mplsVpnScalars 1 } mplsVpnActiveVrfs OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of VRFs which are active on this node. That is, those whose operStatus = Up (1)." ::= { mplsVpnScalars 2 } mplsVpnTrapEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current Nadeau et al. Expires May 2001 [Page 10] Internet Draft MPLS VPN MIB November 9, 2000 DESCRIPTION "If this object is true, then it enables the generation of mplsVpnUp and mplsVpnDown traps, otherwise these traps are not emitted." DEFVAL { false } ::= { mplsVpnScalars 3 } -- VPN Interface Configuration Table mplsVpnInterfaceConfTable OBJECT-TYPE SYNTAX SEQUENCE OF MplsVpnInterfaceConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies per-interface MPLS capability and associated information." ::= { mplsVpnConf 1 } mplsVpnInterfaceConfEntry OBJECT-TYPE SYNTAX MplsVpnInterfaceConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table is created by an LSR for every interface capable of supporting MPLS/BGP VPN. Each entry in this table is meant to correspond to an entry in the Interfaces Table." INDEX { mplsVpnInterfaceConfIndex } ::= { mplsVpnInterfaceConfTable 1 } MplsVpnInterfaceConfEntry ::= SEQUENCE { mplsVpnInterfaceConfIndex InterfaceIndex, mplsVpnInterfaceLabelEdgeType INTEGER, mplsVpnInterfaceIsCarrierOfCarrier TruthValue, mplsVpnInterfaceIsInterProvider TruthValue, mplsVpnInterfaceConfStorageType StorageType } mplsVpnInterfaceConfIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "This is a unique index for an entry in the MplsVPNInterfaceConfTable. A non-zero index for an entry indicates the ifIndex for the corresponding interface entry in the MPLS-VPN-layer in the ifTable. Note that this table does not necessarily correspond one-to-one with all entries in the Interface MIB Nadeau et al. Expires May 2001 [Page 11] Internet Draft MPLS VPN MIB November 9, 2000 having an ifType of MPLS-layer; rather, only those which are enabled for MPLS/BGP VPN functionality." REFERENCE "RFC 2233 - The Interfaces Group MIB using SMIv2, McCloghrie, K., and F. Kastenholtz, Nov. 1997" ::= { mplsVpnInterfaceConfEntry 1 } mplsVpnInterfaceLabelEdgeType OBJECT-TYPE SYNTAX INTEGER { providerEdge (1), customerEdge (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Either the providerEdge(0) (PE) or customerEdge(1) (CE) bit MUST be set." ::= { mplsVpnInterfaceConfEntry 2 } mplsVpnInterfaceIsCarrierOfCarrier OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Denotes whether this link participates in a 'carrier-of- carrier's scenario." DEFVAL { false } ::= { mplsVpnInterfaceConfEntry 3 } mplsVpnInterfaceIsInterProvider OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "Denotes whether this link participates in a 'Inter-Provider backbone's scenario." DEFVAL { false } ::= { mplsVpnInterfaceConfEntry 4 } mplsVpnInterfaceConfStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this entry." ::= { mplsVpnInterfaceConfEntry 5 } -- VRF Configuration Table Nadeau et al. Expires May 2001 [Page 12] Internet Draft MPLS VPN MIB November 9, 2000 mplsVpnVrfConfTable OBJECT-TYPE SYNTAX SEQUENCE OF MplsVpnVrfConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies per-interface MPLS/BGP VPN VRF Table capability and associated information." ::= { mplsVpnConf 2 } mplsVpnVrfConfEntry OBJECT-TYPE SYNTAX MplsVpnVrfConfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table is created by an LSR for every VRF capable of supporting MPLS/BGP VPN. The indexing provides an ordering of VRFs per-VPN interface." INDEX { mplsVpnVrfConfIndex, mplsVpnInterfaceConfIndex } ::= { mplsVpnVrfConfTable 1 } MplsVpnVrfConfEntry ::= SEQUENCE { mplsVpnVrfConfIndex Unsigned32, mplsVpnVrfName SnmpAdminString, mplsVpnVrfDescription SnmpAdminString, mplsVpnVrfRouteDistinguisher MplsVpnRouteDistinguisher, mplsVpnVrfRouteTargetImport MplsVpnRouteDistinguisher, mplsVpnVrfRouteTargetExport MplsVpnRouteDistinguisher, mplsVpnVrfRouteSiteOrigin MplsVpnRouteDistinguisher, mplsVpnVrfCreationTime TimeStamp, mplsVpnVrfUpTime TimeTicks, mplsVpnVrfNetPrefixType INTEGER, mplsVpnVrfRipNetPrefix InetAddress, mplsVpnVrfOspfNetPrefix InetAddress, mplsVpnVrfIsisNetPrefix InetAddress, mplsVpnVrfIpRouteVrfForwByType InetAddressType, mplsVpnVrfIpRouteVrfForwByAddr InetAddress, mplsVpnVrfBgpAddrFamilyVpnv4Unicast TruthValue, mplsVpnVrfBgpAFNeighborPEAct TruthValue, mplsVpnVrfIpRouteRedistributeConn TruthValue, mplsVpnVrfRowStatus RowStatus, mplsVpnVrfConfStorageType StorageType } mplsVpnVrfConfIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This is a unique index for an entry in the Nadeau et al. Expires May 2001 [Page 13] Internet Draft MPLS VPN MIB November 9, 2000 MplsVpnVrfConfTable." ::= { mplsVpnVrfConfEntry 1 } mplsVpnVrfName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The human-readable name of this VPN. This MAY be equivalent to the RFC2685 VPN-ID." REFERENCE "RFC 2685 [VPN-RFC2685] Fox B., et al, `Virtual Private Networks Identifier`, September 1999." ::= { mplsVpnVrfConfEntry 2 } mplsVpnVrfDescription OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "The human-readable description of this VRF." ::= { mplsVpnVrfConfEntry 3 } mplsVpnVrfRouteDistinguisher OBJECT-TYPE SYNTAX MplsVpnRouteDistinguisher MAX-ACCESS read-create STATUS current DESCRIPTION "The route distinguisher for this VRF." ::= { mplsVpnVrfConfEntry 4 } mplsVpnVrfRouteTargetImport OBJECT-TYPE SYNTAX MplsVpnRouteDistinguisher MAX-ACCESS read-create STATUS current DESCRIPTION "The route target import distribution policy." ::= { mplsVpnVrfConfEntry 5 } mplsVpnVrfRouteTargetExport OBJECT-TYPE SYNTAX MplsVpnRouteDistinguisher MAX-ACCESS read-create STATUS current DESCRIPTION "The route target export distribution policy." ::= { mplsVpnVrfConfEntry 6 } mplsVpnVrfRouteSiteOrigin OBJECT-TYPE SYNTAX MplsVpnRouteDistinguisher Nadeau et al. Expires May 2001 [Page 14] Internet Draft MPLS VPN MIB November 9, 2000 MAX-ACCESS read-create STATUS current DESCRIPTION "The site origin distribution policy." ::= { mplsVpnVrfConfEntry 7 } mplsVpnVrfCreationTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-create STATUS current DESCRIPTION "The time at which this VRF entry was created." ::= { mplsVpnVrfConfEntry 8 } mplsVpnVrfUpTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-create STATUS current DESCRIPTION "The amount of time that this VRF entry has been operational." ::= { mplsVpnVrfConfEntry 9 } mplsVpnVrfNetPrefixType OBJECT-TYPE SYNTAX INTEGER { other(1), rip(2), ospf(3), isis(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the type network prefix in use for the PE-CE connections. If this value is set to rip(2), then the operators should consult the value found in mplsVpnVrfRipNetPrefix. If the value is set to ospf(2), the operator should consult mplsVpnVrfOspfNetPrefix. If the value is set to isis(4), then the administrator should see mplsVpnVrfIsisNetPrefix. In all cases, when a particular value is selected, the other remaining two values should ignored as their values MAY be invalid." ::= { mplsVpnVrfConfEntry 10 } mplsVpnVrfRipNetPrefix OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the RIP network prefix for the PE-CE connections." ::= { mplsVpnVrfConfEntry 11 } mplsVpnVrfOspfNetPrefix OBJECT-TYPE Nadeau et al. Expires May 2001 [Page 15] Internet Draft MPLS VPN MIB November 9, 2000 SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the OSPF network prefix for the PE-CE connections." ::= { mplsVpnVrfConfEntry 12 } mplsVpnVrfIsisNetPrefix OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the IS-IS network prefix for the PE-CE connections." ::= { mplsVpnVrfConfEntry 13 } mplsVpnVrfIpRouteVrfForwByType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the address family of the BGP forwarding address." ::= { mplsVpnVrfConfEntry 14 } mplsVpnVrfIpRouteVrfForwByAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the BGP forwarding address." ::= { mplsVpnVrfConfEntry 15 } mplsVpnVrfBgpAddrFamilyVpnv4Unicast OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Defines an IBGP parameter for VPNv4 NLRI exchange, true for Unicast, false for Multicast." ::= { mplsVpnVrfConfEntry 16 } mplsVpnVrfBgpAFNeighborPEAct OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the activation of the advertisement of the VPNv4 address family for PE-CE connection." ::= { mplsVpnVrfConfEntry 17 } mplsVpnVrfIpRouteRedistributeConn OBJECT-TYPE Nadeau et al. Expires May 2001 [Page 16] Internet Draft MPLS VPN MIB November 9, 2000 SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the redistribution of directly connected networks into the VRF BGP table." ::= { mplsVpnVrfConfEntry 18 } mplsVpnVrfRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This variable is used to create, modify, and/or delete a row in this table." ::= { mplsVpnVrfConfEntry 19 } mplsVpnVrfConfStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this entry." ::= { mplsVpnVrfConfEntry 20 } -- MplsVpnVrfBgpNbrTable mplsVpnVrfBgpNbrTable OBJECT-TYPE SYNTAX SEQUENCE OF MplsVpnVrfBgpNbrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies per-interface MPLS/BGP neighbor addresses for both PEs and CEs." ::= { mplsVpnConf 3 } mplsVpnVrfBgpNbrEntry OBJECT-TYPE SYNTAX MplsVpnVrfBgpNbrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table is created by an LSR for every VRF capable of supporting MPLS/BGP VPN. The indexing provides an ordering of VRFs per-VPN interface." INDEX { mplsVpnVrfConfIndex, mplsVpnInterfaceConfIndex, mplsVpnVrfBgpNbrIndex } ::= { mplsVpnVrfBgpNbrTable 1 } Nadeau et al. Expires May 2001 [Page 17] Internet Draft MPLS VPN MIB November 9, 2000 mplsVpnVrfBgpNbrEntry::= SEQUENCE { mplsVpnVrfBgpNbrIndex Unsigned32, mplsVpnVrfBgpNbrRole INTEGER, mplsVpnVrfBgpNbrType InetAddressType, mplsVpnVrfBgpNbrAddr InetAddress, mplsVpnVrfBgpNbrRowStatus RowStatus, mplsVpnVrfBgpNbrStorageType StorageType } mplsVpnVrfBgpNbrIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This is a unique tertiary index for an entry in the MplsVpnVrfBgpNbrEntry Table." ::= { mplsVpnVrfBgpNbrEntry 1 } mplsVpnVrfBgpNbrRole OBJECT-TYPE SYNTAX INTEGER { ce(1), pe(2), both(3) } MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the role played by this BGP neighbor with respect to this VRF." ::= { mplsVpnVrfBgpNbrEntry 2 } mplsVpnVrfBgpNbrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the address family of the PE address." ::= { mplsVpnVrfBgpNbrEntry 3 } mplsVpnVrfBgpNbrAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the BGP neighbor address." ::= { mplsVpnVrfBgpNbrEntry 4 } mplsVpnVrfBgpNbrRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION Nadeau et al. Expires May 2001 [Page 18] Internet Draft MPLS VPN MIB November 9, 2000 "This variable is used to create, modify, and/or delete a row in this table." ::= { mplsVpnVrfBgpNbrEntry 5 } mplsVpnVrfBgpNbrStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this entry." ::= { mplsVpnVrfBgpNbrEntry 6 } -- VRF Security Table mplsVpnVrfSecTable OBJECT-TYPE SYNTAX SEQUENCE OF MplsVpnVrfSecEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies per MPLS/BGP VPN VRF Table security features." ::= { mplsVpnObjects 3 } mplsVpnVrfSecEntry OBJECT-TYPE SYNTAX MplsVpnVrfSecEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table is created by an LSR for every VRF capable of supporting MPLS/BGP VPN. Each entry in this table is used to indicate security-related information for each VRF entry." AUGMENTS { mplsVpnVrfConfEntry } ::= { mplsVpnVrfSecTable 1 } MplsVpnVrfSecEntry ::= SEQUENCE { mplsVpnVrfSecViolations Counter32 } mplsVpnVrfSecViolations OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of security violations on this VPN/VRF." ::= { mplsVpnVrfSecEntry 1 } -- VRF Performance Table Nadeau et al. Expires May 2001 [Page 19] Internet Draft MPLS VPN MIB November 9, 2000 mplsVpnVrfPerfTable OBJECT-TYPE SYNTAX SEQUENCE OF MplsVpnVrfPerfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies per MPLS/BGP VPN VRF Table performance information." ::= { mplsVpnObjects 4 } mplsVpnVrfPerfEntry OBJECT-TYPE SYNTAX MplsVpnVrfPerfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table is created by an LSR for every VRF capable of supporting MPLS/BGP VPN." AUGMENTS { mplsVpnVrfConfEntry } ::= { mplsVpnVrfPerfTable 1 } MplsVpnVrfPerfEntry ::= SEQUENCE { mplsVpnVrfPerfRoutesAdded Counter32, mplsVpnVrfPerfRoutesDeleted Counter32 } mplsVpnVrfPerfRoutesAdded OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of routes added to this VPN/VRF." ::= { mplsVpnVrfPerfEntry 1 } mplsVpnVrfPerfRoutesDeleted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the number of routes removed from this VPN/VRF." ::= { mplsVpnVrfPerfEntry 2 } -- MPLS/BGP VPN Notifications mplsVpnNotifications OBJECT IDENTIFIER ::= { mplsVpnMIB 2 } mplsVpnNotifyPrefix OBJECT IDENTIFIER ::= { mplsVpnNotifications 0 } mplsVpnUp NOTIFICATION-TYPE OBJECTS { mplsVpnInterfaceConfIndex, mplsVpnVrfName } STATUS current Nadeau et al. Expires May 2001 [Page 20] Internet Draft MPLS VPN MIB November 9, 2000 DESCRIPTION "This notification is generated when the specified VPN is about to initialized or change the status from down to up which will provide connectivity between different sites as configured." ::= { mplsVpnNotifications 1 } mplsVpnDown NOTIFICATION-TYPE OBJECTS { mplsVpnInterfaceConfIndex, mplsVpnVrfName } STATUS current DESCRIPTION "This notification is generated when the specified VPN is about to go down which will provide no connectivity between different sites as configured." ::= { mplsVpnNotifications 2 } -- Conformance Statement mplsVpnConformance OBJECT IDENTIFIER ::= { mplsVpnMIB 3 } mplsVpnGroups OBJECT IDENTIFIER ::= { mplsVpnConformance 1 } mplsVpnCompliances OBJECT IDENTIFIER ::= { mplsVpnConformance 2 } -- Module Compliance mplsVpnModuleCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance statement for agents that support the MPLS VPN MIB." MODULE -- this module -- The mandatory groups have to be implemented -- by all LSRs supporting MPLS BGP/VPNs. However, -- they may all be supported -- as read-only objects in the case where manual -- configuration is unsupported. MANDATORY-GROUPS { mplsVpnScalars, mplsVpnVrfConfGroup, mplsVpnInterfaceGroup, mplsVpnPerfGroup, mplsVpnVrfBgpNbrGroup Nadeau et al. Expires May 2001 [Page 21] Internet Draft MPLS VPN MIB November 9, 2000 } ::= { mplsVpnCompliances 1 } -- Units of conformance. mplsVpnScalarGroup OBJECT-GROUP OBJECTS { mplsVpnConfiguredVrfs, mplsVpnActiveVrfs, mplsVpnTrapEnable } STATUS current DESCRIPTION "Collection of scalar objects required for MPLS VPN management." ::= { mplsVpnGroups 1 } mplsVpnVrfConfGroup OBJECT-GROUP OBJECTS { mplsVpnVrfConfIndex, mplsVpnVrfName, mplsVpnVrfDescription, mplsVpnVrfRouteDistinguisher, mplsVpnVrfRouteTargetImport, mplsVpnVrfRouteTargetExport, mplsVpnVrfRouteSiteOrigin, mplsVpnVrfCreationTime, mplsVpnVrfUpTime, mplsVpnVrfNetPrefixType, mplsVpnVrfRipNetPrefix, mplsVpnVrfOspfNetPrefix, mplsVpnVrfIsisNetPrefix, mplsVpnVrfIpRouteVrfForwByType, mplsVpnVrfIpRouteVrfForwByAddr, mplsVpnVrfBgpAddrFamilyVpnv4Unicast, mplsVpnVrfBgpNeighborPEAct, mplsVpnVrfIpRouteRedistributeConn, mplsVpnVrfRowStatus, mplsVpnVrfConfStorageType } STATUS current DESCRIPTION "Collection of objects needed for MPLS VPN VRF management." ::= { mplsVpnGroups 2 } mplsVpnInterfaceGroup OBJECT-GROUP OBJECTS { mplsVpnInterfaceConfIndex, Nadeau et al. Expires May 2001 [Page 22] Internet Draft MPLS VPN MIB November 9, 2000 mplsVpnInterfaceLabelEdgeType, mplsVpnInterfaceIsCarrierOfCarrier, mplsVpnInterfaceIsInterProvider, mplsVpnInterfaceConfStorageType } STATUS current DESCRIPTION "Collection of objects needed for MPLS VPN interface management." ::= { mplsVpnGroups 3 } mplsVpnPerfGroup OBJECT-GROUP OBJECTS { mplsVpnVrfPerfRoutesAdded, mplsVpnVrfPerfRoutesDeleted } STATUS current DESCRIPTION "Collection of objects needed for MPLS VPN performance information." ::= { mplsVpnGroups 4 } mplsVpnVrfBgpNbrGroup OBJECT-GROUP OBJECTS { mplsVpnVrfBgpNbrIndex, mplsVpnVrfBgpNbrRole, mplsVpnVrfBgpNbrType, mplsVpnVrfBgpNbrAddr, mplsVpnVrfBgpNbrRowStatus, mplsVpnVrfBgpNbrStorageType } STATUS current DESCRIPTION "Collection of objects needed for MPLS VPN bgp neighbor-related information." ::= { mplsVpnGroups 5 } mplsVpnSecGroup OBJECT-GROUP OBJECTS { mplsVpnVrfSecViolations } STATUS current DESCRIPTION "Collection of objects needed for MPLS VPN security-related information." ::= { mplsVpnGroups 6 } -- End of MPLS-VPN-MIB Nadeau et al. Expires May 2001 [Page 23] Internet Draft MPLS VPN MIB November 9, 2000 END 13.0 Acknowledgments This document has benefited from discussions and input from Bill Fenner, Gerald Ash, Sumit Mukhopadhyay. 14.0 References [RFC2547bis] Rosen, E., Rekhter, Y., Bogovic, T., Brannon, S., Carugi, M., Chase, C., Chung, T., De Clercq, J., Dean, E., Hitchin, P., Leelanivas, M., Marshall, D., Martini, L., Srinivasan, V., Vedrenne, A., "BGP/MPLS VPNs", Internet Draft , July 2000. [MPLSArch] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", Internet Draft , August 1999. [Assigned] Reynolds, J., and J. Postel, "Assigned Numbers", RFC 1700, October 1994. See also: http://www.isi.edu/in-notes/iana/assignments/smi- numbers [IANAFamily] Internet Assigned Numbers Authority (IANA), ADDRESS FAMILY NUMBERS,(http://www.isi.edu/in- notes/iana/assignements/address-family-numbers), for MIB see: ftp://ftp.isi.edu/mib/ianaaddressfamilynumbers.mib [SNMPArch] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2271, January 1998. [SMIv1] Rose, M., and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", RFC 1155, May 1990. [SNMPv1MIBDef]Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, March 1991. [SNMPv1Traps] M. Rose, "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [RFC2572] Case, J., Harrington D., Presuhn R., and B. Wijnen, Nadeau et al. Expires May 2001 [Page 24] Internet Draft MPLS VPN MIB November 9, 2000 "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [RFC2574] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [RFC2573] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [RFC2575] Wijnen, B., Presuhn, R., and K. McCloghrie, "View- based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [RFC2570] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999. [SMIv2] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1902, January 1996. [SNMPv2TC] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc., January 1996. [SNMPv2Conf] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1904, January 1996. [SNMPv1] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network Management Protocol", RFC 1157, May 1990. [SNMPv2c] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. Nadeau et al. Expires May 2001 [Page 25] Internet Draft MPLS VPN MIB November 9, 2000 [SNMPv2TM] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [SNMPv3MP] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2272, January 1998. [SNMPv3USM] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [SNMPv2PO] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [SNMPv3App] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2273, January 1998. [SNMPv3VACM] Wijnen, B., Presuhn, R., and K. McCloghrie, "View- based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999. [IPSEC] Kent, S., and Atkinson, R., "Security Architecture for the Internet Protocol", RFC 2401, November 1998. [IFMIB] McCloghrie, K., and F. Kastenholtz, "The Interfaces Group MIB using SMIv2", RFC 2233, Nov. 1997 [BCP14] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [VPN-RFC2685] Fox B., et al, "Virtual Private Networks Identifier", RFC 2685, September 1999. 15.0 Authors' Addresses Thomas D. Nadeau Cisco Systems, Inc. 250 Apollo Drive Chelmsford, MA 01824 Phone: +1-978-244-3051 Nadeau et al. Expires May 2001 [Page 26] Internet Draft MPLS VPN MIB November 9, 2000 Email: tnadeau@cisco.com Luyuan Fang AT&T 200 Laurel Ave Middletown, NJ 07748 Phone: +1-732-420-1921 E-mail: luyuanfang@att.com Stephen J. Brannon Swisscom AG Postfach 1570 CH-8301 Glattzentrum (Zuerich), Switzerland Phone: Email: Stephen.Brannon@swisscom.com Fabio M. Chiussi Bell Laboratories, Lucent Technologies 101 Crawfords Corner Road, Room 4D-521 Holmdel, NJ 07733 Phone: +1-732-949-2407 Email: fabio@bell-labs.com Joseph Dube Avici Systems, Inc. 101 Billerica Avenue North Billerica, MA 01862 Phone: +1-978-964-2258 Email: jdube@avici.com 16.0 Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. Nadeau et al. Expires May 2001 [Page 27] Internet Draft MPLS VPN MIB November 9, 2000 The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Nadeau et al. Expires May 2001 [Page 28]