Internet Engineering Task Force S. Tsuchiya, Ed. Internet-Draft J. Qin Intended status: Standards Track Cisco Systems Expires: January 11, 2013 July 10, 2012 IP TUNNEL MIB Extention for softwire draft-shishio-softwire-rfc4087update-00 Abstract This memo defines a Management Information Base (MIB) module for use with network management protocols in the Internet community. In particular,it describes managed objects used for managing tunnels of any type over IPv4 and IPv6 networks. IP TUNNEL MIB[RFC4087] provides provisioning capability for IPv4 and IPv6 tunnel by SNMP. But it is not eqnough to support modern tunnel protocol such as 6rd[RFC5969] and MAP[draft-ietf-softwire-map]. The document describes extention of IP TUNNEL MIB[RFC4087] to support 6rd[RFC5969] and MAP[draft-ietf-softwire-map]. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 11, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Tsuchiya & Qin Expires January 11, 2013 [Page 1] Internet-Draft IP TUNNEL MIB Extention July 2012 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 5.1. Relationship to the SNMPv2-MIB . . . . . . . . . . . . . . 4 5.2. Relationship to the IF-MIB . . . . . . . . . . . . . . . . 4 5.3. Relationship to the IP TUNNEL MIB . . . . . . . . . . . . 4 5.4. MIB modules required for IMPORTS . . . . . . . . . . . . . 5 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 11.1. Normative References . . . . . . . . . . . . . . . . . . . 10 11.2. Informative References . . . . . . . . . . . . . . . . . . 11 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 11 Appendix B. Open Issues . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 Tsuchiya & Qin Expires January 11, 2013 [Page 2] Internet-Draft IP TUNNEL MIB Extention July 2012 1. Introduction IP TUNNEL MIB[RFC4087] are used for managing tunnels of any type over IPv4 and IPv6 networks, including Generic Routing Encapslation (GRE)[RFC1701,RFC1702],IP-in-IP[RFC2003], Minimal Encapsulation [RFC2004], Layer 2 Tunneling Protocol (L2TP) [RFC2661], Point-to- Point Tunneling Protocol (PPTP) [RFC2637], Layer 2 Forwarding (L2F) [RFC2341], UDP (e.g., [RFC1234]), Ascend Tunnel Management Protocol (ATMP) [RFC2107], and IPv6-in-IPv4 [RFC2893] tunnels, among others. Over the past several years, there has been a number of "tunneling" protocols specified by the IETF (see [RFC1241] for an early discussion of the model and examples). This document describes a Management Information Base (MIB) module used for managing tunnels of any type over IPv4 and IPv6 networks, including Generic Routing Encapsulation (GRE) [RFC1701,RFC1702], IP-in-IP [RFC2003], Minimal Encapsulation [RFC2004], Layer 2 Tunneling Protocol (L2TP) [RFC2661], Point-to-Point Tunneling Protocol (PPTP) [RFC2637], Layer 2 Forwarding (L2F) [RFC2341], UDP (e.g., [RFC1234]), Ascend Tunnel Management Protocol (ATMP) [RFC2107], and IPv6-in-IPv4 [RFC2893] tunnels, among others. This documents describes how to support IPv6 Rapid Deployment (6rd) [RFC5969] and Mapping of Address and Port (MAP)[draft-ietf-softwire-map] in IP TUNNEL MIB. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Tsuchiya & Qin Expires January 11, 2013 [Page 3] Internet-Draft IP TUNNEL MIB Extention July 2012 4. Overview IP TUNNEL MIB [RFC4087] are using provisioning for tunnel protocol, but could not support 6rd [RFC5969] and MAP [draft-ietf-softwire-map] due to lack of parameters. But MAP [draft-ietf-softwire-map] has compativility with DS-Lite [RFC6333] and stateless NAT64 [RFC6145]. Therefore if TUNNEL MIB once supports 6rd [RFC5969] and MAP[draft-ietf-softwire-map],it could manage many type of modern tunnels such as 6rd [RFC5969], MAP-T/MAP-E, DS-Lite [RFC6333], and XLAT464 CLAT [draft-ietf-v6ops-464xlat]. 5. Structure of the MIB Module The MIB module specified herein provides one way to manage the 6rd and MAP devices thorough SNMP. 5.1. Relationship to the SNMPv2-MIB The 'system' group in the SNMPv2-MIB [RFC3418] is defined as being mandatory for all systems, and the objects apply to the entity as a whole. The 'system' group provides identification of the management entity and certain other system-wide data. The SAMPLE-MIB does not duplicate those objects. 5.2. Relationship to the IF-MIB The Interface MIB [RFC2863] requires that any MIB module which is an adjunct of the Interface MIB clarify specific areas within the Interface MIB. These areas were intentionally left vague in the Interface MIB to avoid over constraining the MIB, thereby precluding management of certain media-types. Section 4 of [RFC2863] enumerates several areas which a media- specific MIB must clarify. The implementor is referred to [RFC2863] in order to understand the general intent of these areas. 5.3. Relationship to the IP TUNNEL MIB The IP Tunnel MIB [RFC4087] contains objects common to all IP tunnels, including 6rd/MAP Additionally, tunnel encapsulation specific MIB (like what is defined in this document) extend the IP tunnel MIB to further describe encapsulation specific information. for example: 6rd case Tsuchiya & Qin Expires January 11, 2013 [Page 4] Internet-Draft IP TUNNEL MIB Extention July 2012 6rd prefix, 6rd Prefix Length, IPv4Mask Length MAP case rule IPv6 prefix, rule IPv6 prefix Length, rule IPv4 prefix , rule IPv4 prefix length, EA-bit length, PSID tunnel method, BR address, source addresss could use tunnelIfEntry. TunnelIfEntry ::= SEQUENCE { tunnelIfLocalAddress IpAddress, -- deprecated tunnelIfRemoteAddress IpAddress, -- deprecated tunnelIfEncapsMethod IANAtunnelType, tunnelIfHopLimit Integer32, tunnelIfSecurity INTEGER, tunnelIfTOS Integer32, tunnelIfFlowLabel IPv6FlowLabelOrAny, tunnelIfAddressType InetAddressType, tunnelIfLocalInetAddress InetAddress, tunnelIfRemoteInetAddress InetAddress, tunnelIfEncapsLimit Integer32 } tunnelIfEncapsMethod must be sixRd(xx), MAPT(xx) and MAPE(xx). tunnelIfRemoteInetAddress must be BR address for CE. When 6rd, it would be IPv4 address. When MAP-T and MAP-E, it would be IPv6 address. 0.0.0.0 :: would be used for BR. TunnelIfXEntry would use for another prametors . 5.4. MIB modules required for IMPORTS The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], SNMPv2-TC [RFC2579], SNMPv2-CONF [RFC2580], and IF-MIB [RFC2863] 6. Definitions tunnelIfXTable OBJECT-TYPE SYNTAX SEQUENCE OF TunnelIfXEntry MAX-ACCESS read-write STATUS current DESCRIPTION "This table contains additional objects for the tunnel interface table." ::= { tunnel xx } Tsuchiya & Qin Expires January 11, 2013 [Page 5] Internet-Draft IP TUNNEL MIB Extention July 2012 tunnelIfXEntry OBJECT-TYPE SYNTAX TunnelIfXEntry MAX-ACCESS read-write STATUS current DESCRIPTION "An entry containing additional information applicable to a particular tunnel interface." INDEX { ifIndex } ::= { tunnelIfXTable 1 } TunnelIfXEntry ::= SEQUENCE { SamPrex InetAddress, SamLength Integer32 BasePrex InetAddress, BaseLength Integer32 EAbit Integer32 PSID Integer32 } } SamPrefix OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Stateless Adress Mapping Prex IPv4 for MAP,IPv6 for 6rd" := { TunnelIfXEntry 1 } SamLength OBJECT-TYPE SYNTAX Integer32(0..127) MAX-ACCESS read-write STATUS current DESCRIPTION "Stateless Adress Mapping length IPv4(0-31) for MAP,IPv6(0-127) for 6rd" := { TunnelIfXEntry 2 } BasePrefix OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "rule IPv6 prefix for MAP, IPv4 address for 6rd" := { TunnelIfXEntry 3 } BaseLength OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current Tsuchiya & Qin Expires January 11, 2013 [Page 6] Internet-Draft IP TUNNEL MIB Extention July 2012 DESCRIPTION "rule IPv6 prefix for MAP, IPv4 address for 6rd" := { TunnelIfXEntry 4 } EAbit OBJECT-TYPE SYNTAX Integer32(0..127) MAX-ACCESS read-write STATUS current DESCRIPTION "rule IPv6 prefix length for MAP, IPv4MaskLength for 6rd" := { TunnelIfXEntry 5 } PSID OBJECT-TYPE SYNTAX Integer32(0..127) MAX-ACCESS read-write STATUS current DESCRIPTION "EA bit for MAP,0 must be for 6rd" := { TunnelIfXEntry 6 } END tunnelIfXTable OBJECT-TYPE SYNTAX SEQUENCE OF TunnelIfXEntry MAX-ACCESS read-write STATUS current DESCRIPTION "This table contains additional objects for the tunnel interface table." ::= { tunnel xx } tunnelIfXEntry OBJECT-TYPE SYNTAX TunnelIfXEntry MAX-ACCESS read-write STATUS current DESCRIPTION "An entry containing additional information applicable to a particular tunnel interface." INDEX { ifIndex } ::= { tunnelIfXTable 1 } TunnelIfXEntry ::= SEQUENCE { SamPrex InetAddress, SamLength Integer32 BasePrex InetAddress, Tsuchiya & Qin Expires January 11, 2013 [Page 7] Internet-Draft IP TUNNEL MIB Extention July 2012 BaseLength Integer32 EAbit Integer32 PSID Integer32 } } SamPrefix OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "Stateless Adress Mapping Prex IPv4 for MAP,IPv6 for 6rd" := { TunnelIfXEntry 1 } SamLength OBJECT-TYPE SYNTAX Integer32(0..127) MAX-ACCESS read-write STATUS current DESCRIPTION "Stateless Adress Mapping length IPv4(0-31) for MAP,IPv6(0-127) for 6rd" := { TunnelIfXEntry 2 } BasePrefix OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "rule IPv6 prefix for MAP, IPv4 address for 6rd" := { TunnelIfXEntry 3 } BaseLength OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "rule IPv6 prefix for MAP, IPv4 address for 6rd" := { TunnelIfXEntry 4 } EAbit OBJECT-TYPE SYNTAX Integer32(0..127) MAX-ACCESS read-write STATUS current DESCRIPTION "rule IPv6 prefix length for MAP, IPv4MaskLength for 6rd" := { TunnelIfXEntry 5 } PSID OBJECT-TYPE SYNTAX Integer32(0..127) Tsuchiya & Qin Expires January 11, 2013 [Page 8] Internet-Draft IP TUNNEL MIB Extention July 2012 MAX-ACCESS read-write STATUS current DESCRIPTION "EA bit for MAP,0 must be for 6rd" := { TunnelIfXEntry 6 } END 7. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: There are no management objects defined in this MIB module that have a MAX-ACCESS clause of read-write and/or read-create. So, if this MIB module is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB module via direct SNMP SET operations. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator Tsuchiya & Qin Expires January 11, 2013 [Page 9] Internet-Draft IP TUNNEL MIB Extention July 2012 responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- TunnelIXEntry { tunnel XXX } IANAtunnelType ::= TEXTUAL-CONVENTION SYNTAX INTEGER { sixRd ("XX") -- 6rd encapsulation MAPT ("XX") -- MAP-T encapsulation MAPE ("XX") -- MAP-T encapsulation } 9. Contributors This template is based on contributions from the MIb Doctors, especially Juergen Schoenwaelder, Dave Perkins, C.M.Heard and Randy Presuhn. 10. Acknowledgements Thanks to Marshall Rose for developing the XML2RFC format. 11. References 11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Tsuchiya & Qin Expires January 11, 2013 [Page 10] Internet-Draft IP TUNNEL MIB Extention July 2012 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, June 1999. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3418] Presuhn, R., "Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)", STD 62, RFC 3418, December 2002. [RFC4181] Heard, C., "Guidelines for Authors and Reviewers of MIB Documents", BCP 111, RFC 4181, September 2005. 11.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. Appendix A. Change Log The following changes have been made from draft-xxx-xxx-xxx-12 . [TODO] replace this list with your own list 1. Updated the introductry boilerplate text, the security considerations section and the references to comply with the current IETF standards and guidelines. 2. Additions and clarifications in various description clauses. Appendix B. Open Issues [TODO] This list of open issues should be cleared and removed before this document hits the IESG. Tsuchiya & Qin Expires January 11, 2013 [Page 11] Internet-Draft IP TUNNEL MIB Extention July 2012 1. Contributor addresses need to be updated Authors' Addresses Shishio Tsuchiya (editor) Cisco Systems Midtown Tower, 9-7-1,Akasaka Minato-Ku, Tokyo 107-6227 Japan Phone: +81 3 6434 6543 Email: shtsuchi@cisco.com Jacni Qin Cisco Systems Shanghai China Phone: Email: jacni@jacni.com Tsuchiya & Qin Expires January 11, 2013 [Page 12]