RFC4747
Network Working Group S. Kipp Request for Comments: 4747 G. Ramkumar Category: Standards Track McDATA Corporation
K. McCloghrie
Cisco Systems
November 2006
The Virtual Fabrics MIB
Status of This Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2006).
Abstract
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for information related to the Fibre Channel network's Virtual Fabrics function.
Contents
Introduction
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for information related to the Fibre Channel network's Virtual Fabric function.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 RFC2119.
The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 RFC3410. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 RFC2578, STD 58, RFC 2579 RFC2579 and STD 58, RFC 2580 RFC2580.
Short Overview of Fibre Channel
The Fibre Channel (FC) is logically a bidirectional point-to-point serial data channel, structured for high performance. Fibre Channel provides a general transport vehicle for higher-level protocols such as Small Computer System Interface (SCSI) command sets, the High- Performance Parallel Interface (HIPPI) data framing, IP (Internet Protocol), IEEE 802.2, and others.
Physically, Fibre Channel is an interconnection of multiple communication points, called N_Ports, interconnected either by a switching network, called a Fabric, or by a point-to-point link. A Fibre Channel "node" consists of one or more N_Ports. A Fabric may consist of multiple Interconnect Elements, some of which are switches. An N_Port connects to the Fabric via a port on a switch called an F_Port. When multiple FC nodes are connected to a single port on a switch via an "Arbitrated Loop" topology, the switch port is called an FL_Port, and the nodes' ports are called NL_Ports. The term Nx_Port is used to refer to either an N_Port or an NL_Port. The term Fx_Port is used to refer to either an F_Port or an FL_Port. A switch port, which is interconnected to another switch port via an
Inter-Switch Link (ISL), is called an E_Port. A B_Port connects a bridge device with an E_Port on a switch; a B_Port provides a subset of E_Port functionality.
Many Fibre Channel components (including the Fabric, each node, and most ports) have globally-unique names. These globally-unique names are typically formatted as World Wide Names (WWNs). More information on WWNs can be found in [FC-FS]. WWNs are expected to be persistent across agent and unit resets.
Fibre Channel frames contain 24-bit address identifiers that identify the frame's source and destination ports. Each FC port has both an address identifier and a WWN. When a Fabric is in use, the FC address identifiers are dynamic and are assigned by a switch. Each octet of a 24-bit address represents a level in an address hierarchy, with a Domain_ID being the highest level of the hierarchy.
Virtual Fabrics allow a single physical Fabric to be divided into multiple logical Fabrics. Each Virtual Fabric may be managed independently like traditional Fabrics. Virtual Fabrics are designed to achieve a better utilization of a physical infrastructure and to isolate events in one Virtual Fabric from affecting other Fabrics. When one Core Switch provides switching functions for multiple Virtual Fabrics, that Core Switch is modeled as containing multiple Virtual Switches, one for each Virtual Fabric.
Each Virtual Fabric is identified by a 12-bit Virtual Fabric ID (VF_ID). When frames from multiple Virtual Fabrics are transmitted over a physical link, the VF_ID carried in a frame's Virtual Fabric Tagging Header (VFT_Header) identifies which Virtual Fabric the frame belongs to. The use of VFT_Headers is enabled through an initial negotiation exchange between the two connected ports.
Relationship to Other MIBs
This MIB extends beyond RFC4044 to cover the functionality, in Fibre Channel switches, of providing Fibre Channel's Virtual Fabrics function.
MIB Overview
This MIB module provides the means for monitoring the operation of, and configuring some parameters of, one or more instances of Fibre Channel Virtual Fabric functionality. (Note that there are no definitions in this MIB module of "managed actions" which can be invoked via a remote network management protocol such as SNMP.)
The following MIB module has IMPORTS from RFC2578, RFC2579, RFC2580, RFC2863, RFC4044, and RFC4439. In REFERENCE clauses, it refers to [FC-SW-4].
Fibre Channel Management Instance
A Fibre Channel management instance is defined in RFC4044 as a separable managed instance of Fibre Channel functionality. Fibre Channel functionality may be grouped into Fibre Channel management instances in whatever way is most convenient for the implementation(s). For example, one such grouping accommodates a single SNMP agent having multiple AgentX RFC2741 sub-agents, with each sub-agent implementing a different Fibre Channel management instance.
The object, fcmInstanceIndex, is IMPORTed from the FC-MGMT-MIB RFC4044 as the index value to uniquely identify each Fibre Channel management instance, for example within the same SNMP context (RFC3411 section 3.3.1). The t11vfVirtualSwitchTable augments the fcmSwitchTable, and the primary index variable of the fcmSwitchTable is fcmInstanceIndex.
Representing Core and Virtual Switches
In the presence of Virtual Switches, fcmSwitchTable in RFC4044 contains a row for each Virtual Switch. fcmSwitchTable, t11vfCoreSwitchTable, and t11vfVirtualSwitchTable are complementary. The t11vfCoreSwitchTable and t11vfVirtualSwitchTable contain information that helps the management client determine which Switches are Virtual Switches and how each relates to a Core Switch. A Virtual Switch must reside in a single Core Switch, and a Core Switch is defined as a set of entities with the same Core Switch_Name.
RFC 4044 was defined before Virtual Switches were standard and represented only physical Switches, so the RFC 4044 tables were not defined as read-create. With the advent of Virtual Switches, Virtual Switches can now be created by administrators, and read-create tables are required. The StorageType of RFC 4044 tables were not defined, and StorageTypes used in this MIB should also apply to the RFC 4044 tables that this MIB augments.
The T11-FC-VIRTUAL-FABRIC-MIB Module
T11-FC-VIRTUAL-FABRIC-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
Unsigned32, mib-2
FROM SNMPv2-SMI -- RFC2578
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF -- RFC2580
RowStatus, StorageType FROM SNMPv2-TC -- RFC2579
InterfaceIndex FROM IF-MIB -- RFC2863
fcmInstanceIndex, FcNameIdOrZero,
fcmPortEntry, fcmSwitchEntry
FROM FC-MGMT-MIB -- RFC4044
T11FabricIndex FROM T11-TC-MIB; -- RFC4439
t11FcVirtualFabricMIB MODULE-IDENTITY
LAST-UPDATED "200611100000Z"
ORGANIZATION "IETF IMSS (Internet and Management Support
for Storage) Working Group"
CONTACT-INFO
"
Scott Kipp
McDATA Corporation
Tel: +1 720 558-3452
E-mail: [email protected]
Postal: 4 McDATA Parkway
Broomfield, CO USA 80021
G D Ramkumar
SnapTell, Inc.
Tel: +1 650-326-7627
E-mail: [email protected]
Postal: 2741 Middlefield Rd, Suite 200
Palo Alto, CA USA 94306
Keith McCloghrie
Cisco Systems, Inc.
Tel: +1 408 526-5260
E-mail: [email protected]
Postal: 170 West Tasman Drive
San Jose, CA USA 95134
"
DESCRIPTION
"This module defines management information specific to
Fibre Channel Virtual Fabrics. A Virtual Fabric is a
Fabric composed of partitions of switches, links and
N_Ports with a single Fabric management domain, Fabric
Services and independence from other Virtual Fabrics.
Copyright (C) The IETF Trust (2006). This version of
this MIB module is part of RFC 4747; see the RFC itself for
full legal notices."
REVISION "200611100000Z"
DESCRIPTION
"Initial version of this MIB module, published as RFC 4747."
::= { mib-2 147 }
t11vfObjects OBJECT IDENTIFIER ::= { t11FcVirtualFabricMIB 1 } t11vfConformance OBJECT IDENTIFIER ::= { t11FcVirtualFabricMIB 2 }
--******************************** -- MIB object definitions --
t11vfCoreSwitchTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11vfCoreSwitchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of core switches supported by the current
management entity."
::= { t11vfObjects 1 }
t11vfCoreSwitchEntry OBJECT-TYPE
SYNTAX T11vfCoreSwitchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents one core switch."
INDEX { fcmInstanceIndex, t11vfCoreSwitchSwitchName }
::= { t11vfCoreSwitchTable 1}
T11vfCoreSwitchEntry ::=
SEQUENCE {
t11vfCoreSwitchSwitchName FcNameIdOrZero,
t11vfCoreSwitchMaxSupported Unsigned32,
t11vfCoreSwitchStorageType StorageType
}
t11vfCoreSwitchSwitchName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE(8 | 16)) MAX-ACCESS not-accessible STATUS current
DESCRIPTION
"The Core Switch_Name (WWN) of this Core Switch."
::= { t11vfCoreSwitchEntry 1 }
t11vfCoreSwitchMaxSupported OBJECT-TYPE
SYNTAX Unsigned32 (1..4095)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"In switches that do not support Virtual Fabrics,
this object has the value of 1. If Virtual Fabrics
are supported, this object is the maximum number of
Virtual Fabrics supported by the Core Switch. For
the purpose of this count, the Control VF_ID is
ignored."
::= { t11vfCoreSwitchEntry 2 }
t11vfCoreSwitchStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { t11vfCoreSwitchEntry 3 }
-- Virtual Switch table
t11vfVirtualSwitchTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11vfVirtualSwitchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of Virtual Switches. When one Core Switch
provides switching functions for multiple Virtual Fabrics,
that Core Switch is modeled as containing multiple
Virtual Switches, one for each Virtual Fabric. This table
contains one row for every Virtual Switch on every Core
Switch. This table augments the basic switch information in
the fcmSwitchTable Table in the FC-MGMT-MIB."
REFERENCE
"fcmSwitchTable is defined in the FC-MGMT-MIB RFC4044."
::= { t11vfObjects 2 }
t11vfVirtualSwitchEntry OBJECT-TYPE
SYNTAX T11vfVirtualSwitchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry of the Virtual Switch table. Each row is for a
Virtual Switch.
This table augments the fcmSwitchTable, i.e., every entry
in this table has a one-to-one correspondence with an
entry in the fcmSwitchTable. At the time when the
fcmSwitchTable was defined, it applied to physical
switches. With the definition and usage of virtual
switches, fcmSwitchTable now applies to virtual switches
as well as physical switches, and (in contrast to physical
switches) it is appropriate to provide the capability for
virtual switches to be created via remote management
applications, e.g., via SNMP.
So, this entry contains a RowStatus object (to allow the
creation of a virtual switch), as well as a StorageType
object. Obviously, if a row is created/deleted in this
table, the corresponding row in the fcmSwitchTable will
be created/deleted."
REFERENCE
"fcmSwitchEntry is defined in the FC-MGMT-MIB module
RFC4044."
AUGMENTS { fcmSwitchEntry }
::= { t11vfVirtualSwitchTable 1}
T11vfVirtualSwitchEntry ::=
SEQUENCE {
t11vfVirtualSwitchVfId T11FabricIndex,
t11vfVirtualSwitchCoreSwitchName FcNameIdOrZero,
t11vfVirtualSwitchRowStatus RowStatus,
t11vfVirtualSwitchStorageType StorageType
}
t11vfVirtualSwitchVfId OBJECT-TYPE
SYNTAX T11FabricIndex
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The VF_ID of the Virtual Fabric for which this virtual
switch performs its switching function. The Control
VF_ID is implicitly enabled and is not set.
Communication with the Control VF_ID is required."
REFERENCE
"FC-SW-4, REV 7.5, section 12.2"
::= { t11vfVirtualSwitchEntry 1 }
t11vfVirtualSwitchCoreSwitchName OBJECT-TYPE
SYNTAX FcNameIdOrZero (SIZE(8 | 16))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Core Switch_Name (WWN) of the Core Switch that
contains this Virtual Switch."
REFERENCE
"FC-SW-4, REV 7.5, section 12.2."
::= { t11vfVirtualSwitchEntry 2 }
t11vfVirtualSwitchRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this row."
::= { t11vfVirtualSwitchEntry 3 }
t11vfVirtualSwitchStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { t11vfVirtualSwitchEntry 4 }
-- Port table
t11vfPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11vfPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table of Port attributes related to Virtual Fabrics."
::= { t11vfObjects 3 }
t11vfPortEntry OBJECT-TYPE
SYNTAX T11vfPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry represents a physical Port on a switch.
Switches that support Virtual Fabrics would add
these four additional columns to the fcmPortEntry
row."
REFERENCE
"fcmPortEntry is defined in the FC-MGMT-MIB module."
AUGMENTS { fcmPortEntry }
::= { t11vfPortTable 1}
T11vfPortEntry ::=
SEQUENCE {
t11vfPortVfId T11FabricIndex,
t11vfPortTaggingAdminStatus INTEGER,
t11vfPortTaggingOperStatus INTEGER,
t11vfPortStorageType StorageType
}
t11vfPortVfId OBJECT-TYPE
SYNTAX T11FabricIndex
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The Port VF_ID assigned to this Port. The Port VF_ID is the
default Virtual Fabric that is assigned to untagged frames
arriving at this Port. The Control VF_ID is implicitly
enabled and is not set. Communication with the Control
VF_ID is required."
REFERENCE
"FC-SW-4, REV 7.5, section 12.1"
DEFVAL {1}
::= { t11vfPortEntry 1 }
t11vfPortTaggingAdminStatus OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2),
auto(3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is used to configure the administrative status
of Virtual Fabric tagging on this Port.
SET operation Description
-------------- -------------------------------------------
off(1) To disable Virtual Fabric tagging on this
Port.
on(2) To enable Virtual Fabric tagging on this
Port if the attached Port doesn't
prohibit it.
auto(3) To enable Virtual Fabric tagging if the
peer requests it."
REFERENCE
"FC-SW-4, REV 7.5, section 12.4"
::= { t11vfPortEntry 2 }
t11vfPortTaggingOperStatus OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is used to report the operational status of
Virtual Fabric tagging on this Port.
SET operation Description
-------------- -------------------------------------------
off(1) Virtual Fabric tagging is disabled on this
Port.
on(2) Virtual Fabric tagging is enabled on this
Port."
REFERENCE
"FC-SW-4, REV 7.5, section 12.4"
::= { t11vfPortEntry 3 }
t11vfPortStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The storage type for this conceptual row, and for the
corresponding row in the augmented fcmPortTable.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { t11vfPortEntry 4 }
-- Locally Enabled Table
t11vfLocallyEnabledTable OBJECT-TYPE
SYNTAX SEQUENCE OF T11vfLocallyEnabledEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for assigning and reporting operational status of
locally-enabled Virtual Fabric IDs to Ports. The set of
Virtual Fabrics operational on the Port is the bit-wise
'AND' of the set of locally-enabled VF_IDs of this Port
and the locally-enabled VF_IDs of the attached Port."
::= { t11vfObjects 4 }
t11vfLocallyEnabledEntry OBJECT-TYPE
SYNTAX T11vfLocallyEnabledEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry for each locally-enabled VF_ID on
each Port."
REFERENCE
"FC-SW-4, REV 7.5, section 12.4"
INDEX { t11vfLocallyEnabledPortIfIndex, t11vfLocallyEnabledVfId }
::= { t11vfLocallyEnabledTable 1}
T11vfLocallyEnabledEntry ::=
SEQUENCE {
t11vfLocallyEnabledPortIfIndex InterfaceIndex,
t11vfLocallyEnabledVfId T11FabricIndex,
t11vfLocallyEnabledOperStatus INTEGER,
t11vfLocallyEnabledRowStatus RowStatus,
t11vfLocallyEnabledStorageType StorageType
}
t11vfLocallyEnabledPortIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the ifIndex that identifies the Port."
::= { t11vfLocallyEnabledEntry 1 }
t11vfLocallyEnabledVfId OBJECT-TYPE
SYNTAX T11FabricIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A locally-enabled VF_ID on this Port."
::= { t11vfLocallyEnabledEntry 2 }
t11vfLocallyEnabledOperStatus OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is used to report the operational status of
Virtual Fabric tagging on this Port.
SET operation Description
-------------- -------------------------------------------
off(1) Virtual Fabric tagging is disabled on this
Port.
on(2) Virtual Fabric tagging is enabled on this
Port."
REFERENCE
"FC-SW-4, REV 7.3, section 12.4"
::= { t11vfLocallyEnabledEntry 3 }
t11vfLocallyEnabledRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row.
When a row in this table is in 'active(1)' state,
no object in that row can be modified except
t11vfLocallyEnabledRowStatus and
t11vfLocallyEnabledStorageType."
::= { t11vfLocallyEnabledEntry 4 }
t11vfLocallyEnabledStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not
allow write-access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { t11vfLocallyEnabledEntry 5 }
--********************************
-- Conformance Section --
t11vfMIBCompliances OBJECT IDENTIFIER ::= { t11vfConformance 1 } t11vfMIBGroups OBJECT IDENTIFIER ::= { t11vfConformance 2 }
t11vfMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Describes the requirements for compliance to the
Fibre Channel Virtual Fabric MIB."
MODULE -- this module
MANDATORY-GROUPS { t11vfGeneralGroup }
OBJECT t11vfCoreSwitchMaxSupported
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfCoreSwitchStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfVirtualSwitchVfId
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfVirtualSwitchRowStatus
SYNTAX RowStatus { active(1) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfVirtualSwitchStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfPortVfId
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfPortTaggingAdminStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfPortStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfLocallyEnabledRowStatus
SYNTAX RowStatus { active(1) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT t11vfLocallyEnabledStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { t11vfMIBCompliances 1 }
-- Units of conformance
t11vfGeneralGroup OBJECT-GROUP
OBJECTS { t11vfCoreSwitchMaxSupported,
t11vfVirtualSwitchVfId,
t11vfVirtualSwitchCoreSwitchName,
t11vfVirtualSwitchRowStatus,
t11vfPortVfId,
t11vfPortTaggingAdminStatus,
t11vfLocallyEnabledOperStatus,
t11vfPortTaggingOperStatus,
t11vfLocallyEnabledRowStatus,
t11vfCoreSwitchStorageType,
t11vfVirtualSwitchStorageType,
t11vfPortStorageType,
t11vfLocallyEnabledStorageType
}
STATUS current
DESCRIPTION
"A collection of objects for monitoring and
configuring Virtual Fabrics in a Fibre Channel switch."
::= { t11vfMIBGroups 1 }
END
Security Considerations
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability:
t11vfCoreSwitchMaxSupported, t11vfVirtualSwitchVfId, t11vfCoreSwitchStorageType, t11vfVirtualSwitchStorageType and t11vfVirtualSwitchRowStatus
- the ability to change the configuration of Virtual Fabrics on
a particular switch.
t11vfPortTaggingAdminStatus, t11vfLocallyEnabledRowStatus, t11vfPortVfId, t11vfPortStorageType and t11vfLocallyEnabledStorageType
- the ability to change the configuration of Virtual Fabrics on
a port of a particular switch.
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:
t11vfVirtualSwitchCoreSwitchName, t11vfPortTaggingOperStatus, t11vfLocallyEnabledOperStatus,
- the ability to discover configuration of Virtual Fabrics on a
virtual switch or a port.
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see RFC3410, section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
IANA Considerations
IANA has assigned 147 for the MIB module under the appropriate subtree.
Acknowledgements
This document was developed by the INCITS Task Group T11.5. We wish to acknowledge the contributions and comments from the INCITS Technical Committee T11 and the IMSS WG, including the following:
T11 Chair: Robert Snively, Brocade
T11 Vice Chair: Claudio Desanti, Cisco Systems
T11.5 Chair: Roger Cummings, Symantec
IMSS WG Chair: David Black, EMC Corporation
Bert Wijnen, Lucent
10. Normative References
RFC2119 Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
RFC2578 McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", RFC 2578, April 1999.
RFC2579 McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999.
RFC2580 McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Conformance Statements for
SMIv2", RFC 2580, April 1999.
RFC2863 McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, June 2000.
RFC4044 McCloghrie, K., "Fibre Channel Management MIB", RFC 4044,
May 2005.
RFC4439 DeSanti, C., Gaonkar, V., McCloghrie, K., and S. Gai,
"Fibre Channel Fabric Address Manager MIB", RFC 4439, March 2006.
[FC-FS] "Fibre Channel Framing and Signaling - 2 (FC-FS-2)", ANSI
INCITS 1619-D,
http://www.t11.org/t11/stat.nsf/upnum/1619-d, 2006.
[FC-SW-4] "Fibre Channel Switch Fabric 4 (FC-SW-4)", ANSI INCITS
418-2006, http://www.t11.org/t11/stat.nsf/upnum/1674-d, 2006.
11. Informative References
RFC3410 Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
RFC2741 Daniele, M., Wijnen, B., Ellison, M., and D. Francisco,
"Agent Extensibility (AgentX) Protocol Version 1", RFC
2741, January 2000.
RFC3411 Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
December 2002.
Authors' Addresses
Scott Kipp McDATA Corporation 4 McDATA Parkway Broomfield, CO 80021
Phone: +1 720-558-3452 EMail: [email protected]
G D Ramkumar SnapTell, Inc. 2741 Middlefield Rd, Suite 200 Palo Alto, CA 94306
Phone: +1 650-326-7627 EMail: [email protected]
Keith McCloghrie Cisco Systems 170 West Tasman Drive San Jose, CA USA 95134
Phone: +1 408-526-5260 EMail: [email protected]
Full Copyright Statement
Copyright (C) The IETF Trust (2006).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST, AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at [email protected].
Acknowledgement
Funding for the RFC Editor function is currently provided by the Internet Society.
