RFC5813
Internet Engineering Task Force (IETF) R. Haas Request for Comments: 5813 IBM Category: Standards Track March 2010 ISSN: 2070-1721
Forwarding and Control Element Separation (ForCES) MIB
Abstract
This memo defines a Management Information Base (MIB) module for use with network management protocols in the Internet community. In particular, it defines managed objects for the Forwarding and Control Element Separation (ForCES) Network Element (NE).
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5813.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Contents
The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC3410.
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC2578, STD 58, RFC2579 and STD 58, RFC2580.
Introduction
The ForCES MIB module is a read-only MIB module that captures information related to the ForCES protocol (RFC3654, RFC3746, [FORCES-APP], and RFC5810).
The ForCES MIB module does not include information that is specified in other MIB modules, such as packet counters for interfaces, etc.
More specifically, the information in the ForCES MIB module relative to associations (between Control Elements and Forwarding Elements) that are in the UP state includes:
o identifiers of the elements in the association,
o configuration parameters of the association, and
o statistics of the association.
Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119.
ForCES MIB Overview
The MIB module contains the latest ForCES protocol version supported by the Control Element (CE) (forcesLatestProtocolVersionSupported). Note that the CE must also allow interaction with Forwarding Elements (FEs) supporting earlier versions.
For each association identified by the pair CE ID and FE ID, the following associated information is provided by the MIB module as an entry (forcesAssociationEntry) in the association table (forcesAssociationTable):
o Version number of the ForCES protocol running in this association
(forcesAssociationRunningProtocolVersion).
o Time when the association entered the UP state
(forcesAssociationTimeUp).
o Time when the association left the UP state
(forcesAssociationTimeDown). Note that this is only used for notification purposes as the association is removed from the MIB immediately after it leaves the UP state.
o Number of ForCES Heartbeat messages sent from the CE
(forcesAssociationHBMsgSent) and received by the CE (forcesAssociationHBMsgReceived) since the association entered the UP state.
o Number of operational ForCES messages sent from the CE
(forcesAssociationOperMsgSent) and received by the CE (forcesAssociationOperMsgReceived) since the association entered the UP state. Only messages other than Heartbeat, Association Setup, Association Setup Response, and Association Teardown are counted.
Finally, the MIB module defines the following notifications:
o Whenever an association enters the UP state, a notification
(forcesAssociationEntryUp) is issued containing the version of the ForCES protocol running. CE ID and FE ID are concatenated to form the table index, hence they appear in the OID of the ForCES- protocol running-version object. Optionally, a notification
(forcesAssociationEntryUpStats) can instead be issued with all associated information for this association, except forcesAssociationTimeDown.
o Whenever an association leaves the UP state, a notification
(forcesAssociationEntryDown) is issued containing the version of the ForCES protocol running. Optionally, a notification (forcesAssociationEntryDownStats) can instead be issued with all associated information for this association. The reason is that the association and all its associated information will be removed from the MIB immediately after this notification has been issued.
ForCES MIB Definition
FORCES-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
mib-2, Integer32
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TimeStamp
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP,
NOTIFICATION-GROUP
FROM SNMPv2-CONF
ZeroBasedCounter32
FROM RMON2-MIB;
forcesMib MODULE-IDENTITY
LAST-UPDATED "201003100000Z" -- March 10, 2010
ORGANIZATION "IETF Forwarding and Control Element
Separation (ForCES) Working Group"
CONTACT-INFO
"WG Charter:
http://www.ietf.org/html.charters/forces-charter.html
Mailing lists:
General Discussion: [email protected]
To Subscribe:
https://www.ietf.org/mailman/listinfo/forces
Chairs: Patrick Droz
Email: [email protected]
Jamal Hadi Salim
Email: [email protected]
Editor: Robert Haas
IBM
Email: [email protected]"
DESCRIPTION
"This MIB module contains managed object definitions
for the ForCES Protocol.
Copyright (c) 2010 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with
or without modification, is permitted pursuant to, and
subject to the license terms contained in, the
Simplified BSD License set forth in Section 4.c of the
IETF Trust's Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this MIB module is part of RFC 5813; see the RFC itself for full legal notices." REVISION "201003100000Z" -- March 10, 2010 DESCRIPTION "Initial version, published as RFC 5813." ::= { mib-2 187 }
--****************************************************************
forcesMibNotifications OBJECT IDENTIFIER ::= { forcesMib 0 }
forcesMibObjects OBJECT IDENTIFIER ::= { forcesMib 1 }
forcesMibConformance OBJECT IDENTIFIER ::= { forcesMib 2 }
ForcesID ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The ForCES identifier is a 4-octet quantity."
SYNTAX OCTET STRING (SIZE (4))
ForcesProtocolVersion ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"ForCES protocol version number.
The version numbers used are defined in the
specifications of the respective protocol:
1 - ForCESv1, RFC 5810."
SYNTAX Integer32 (1..255)
-- Notifications
forcesAssociationEntryUp NOTIFICATION-TYPE
OBJECTS {
forcesAssociationRunningProtocolVersion
}
STATUS current
DESCRIPTION
"This notification is generated as soon
as an association enters the UP state.
Note that these notifications are not
throttled as the CE itself should
throttle the setup of associations."
::= { forcesMibNotifications 1 }
forcesAssociationEntryDown NOTIFICATION-TYPE
OBJECTS {
forcesAssociationRunningProtocolVersion
}
STATUS current
DESCRIPTION
"This notification is generated as soon
as an association leaves the UP state.
Note that these notifications are not
throttled as the CE itself should
throttle the setup of associations."
::= { forcesMibNotifications 2 }
forcesAssociationEntryUpStats NOTIFICATION-TYPE
OBJECTS {
forcesAssociationRunningProtocolVersion,
forcesAssociationTimeUp
}
STATUS current
DESCRIPTION
"This notification is generated as soon
as an association enters the UP state.
Note that these notifications are not
throttled as the CE itself should
throttle the setup of associations."
::= { forcesMibNotifications 3 }
forcesAssociationEntryDownStats NOTIFICATION-TYPE
OBJECTS {
forcesAssociationRunningProtocolVersion,
forcesAssociationTimeUp,
forcesAssociationTimeDown,
forcesAssociationHBMsgSent,
forcesAssociationHBMsgReceived,
forcesAssociationOperMsgSent,
forcesAssociationOperMsgReceived,
forcesAssociationCounterDiscontinuityTime
}
STATUS current
DESCRIPTION
"This notification is generated as soon
as an association leaves the UP state.
Note that these notifications are not
throttled as the CE itself should
throttle the setup of associations."
::= { forcesMibNotifications 4 }
-- Objects
forcesLatestProtocolVersionSupported OBJECT-TYPE
SYNTAX ForcesProtocolVersion
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The ForCES protocol version supported by the CE.
The current protocol version is 1.
Note that the CE must also allow interaction
with FEs supporting earlier versions."
::= { forcesMibObjects 1 }
forcesAssociations OBJECT IDENTIFIER ::= { forcesMibObjects 2 }
forcesAssociationTable OBJECT-TYPE
SYNTAX SEQUENCE OF ForcesAssociationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table of associations."
::= { forcesAssociations 1 }
forcesAssociationEntry OBJECT-TYPE
SYNTAX ForcesAssociationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A (conceptual) entry for one association."
INDEX { forcesAssociationCEID, forcesAssociationFEID }
::= { forcesAssociationTable 1 }
ForcesAssociationEntry ::= SEQUENCE {
forcesAssociationCEID ForcesID,
forcesAssociationFEID ForcesID,
forcesAssociationRunningProtocolVersion
ForcesProtocolVersion,
forcesAssociationTimeUp TimeStamp,
forcesAssociationTimeDown TimeStamp,
forcesAssociationHBMsgSent ZeroBasedCounter32,
forcesAssociationHBMsgReceived ZeroBasedCounter32,
forcesAssociationOperMsgSent ZeroBasedCounter32,
forcesAssociationOperMsgReceived ZeroBasedCounter32,
forcesAssociationCounterDiscontinuityTime TimeStamp
}
forcesAssociationCEID OBJECT-TYPE
SYNTAX ForcesID
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ForCES ID of the CE."
::= { forcesAssociationEntry 1 }
forcesAssociationFEID OBJECT-TYPE
SYNTAX ForcesID
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ForCES ID of the FE."
::= { forcesAssociationEntry 2 }
forcesAssociationRunningProtocolVersion OBJECT-TYPE
SYNTAX ForcesProtocolVersion
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current ForCES protocol version used in
this association.
The current protocol version is 1."
::= { forcesAssociationEntry 3 }
forcesAssociationTimeUp OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime at the time this
association entered the UP state.
If this association started prior to the last
initialization of the network subsystem, then
this object contains a zero value.
This object allows to uniquely identify
associations with the same CE and FE IDs."
::= { forcesAssociationEntry 4 }
forcesAssociationTimeDown OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of sysUpTime at the time this
association left the UP state."
::= { forcesAssociationEntry 5 }
forcesAssociationHBMsgSent OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A counter of how many Heartbeat messages have
been sent by the CE on this association
since the association entered the UP state.
Discontinuities in the value of this counter
can occur at reinitialization of the management
system, and at other times as indicated by the
value of forcesAssociationCounterDiscontinuityTime."
::= { forcesAssociationEntry 6 }
forcesAssociationHBMsgReceived OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A counter of how many Heartbeat messages
have been received by the CE on this association
since the association entered the UP state.
Discontinuities in the value of this counter
can occur at reinitialization of the management
system, and at other times as indicated by the
value of forcesAssociationCounterDiscontinuityTime."
::= { forcesAssociationEntry 7 }
forcesAssociationOperMsgSent OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A counter of how many messages other than
Heartbeat (i.e., Config and Query)
have been sent by the CE on this association
since the association entered the UP state.
Discontinuities in the value of this counter
can occur at reinitialization of the management
system, and at other times as indicated by the
value of forcesAssociationCounterDiscontinuityTime."
::= { forcesAssociationEntry 8 }
forcesAssociationOperMsgReceived OBJECT-TYPE
SYNTAX ZeroBasedCounter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A counter of how many messages other than
Heartbeat (i.e., Config response, Query response,
event notification, and packet redirect)
have been received by the CE on this association
since the association entered the UP state.
Discontinuities in the value of this counter
can occur at reinitialization of the management
system, and at other times as indicated by the
value of forcesAssociationCounterDiscontinuityTime."
::= { forcesAssociationEntry 9 }
forcesAssociationCounterDiscontinuityTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime on the most recent occasion
at which any one or more of this association's
counters suffered a discontinuity. The relevant
counters are the specific instances associated with
this association of any ZeroBasedCounter32 object
contained in the forcesAssociationTable. If no
such discontinuities have occurred since the last
reinitialization of the local management subsystem,
then this object contains a zero value."
::= { forcesAssociationEntry 10 }
-- Conformance
forcesMibCompliances OBJECT IDENTIFIER
::= { forcesMibConformance 1 }
forcesMibGroups OBJECT IDENTIFIER
::= { forcesMibConformance 2 }
-- Compliance statements
forcesMibCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for routers running
ForCES and implementing the ForCES MIB."
MODULE -- this module
MANDATORY-GROUPS { forcesMibGroup, forcesNotificationGroup }
GROUP forcesNotificationStatsGroup
DESCRIPTION
"Implementation of this group is recommended."
GROUP forcesStatsGroup
DESCRIPTION
"Implementation of this group is recommended."
::= { forcesMibCompliances 1 }
-- Units of conformance
forcesNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { forcesAssociationEntryUp,
forcesAssociationEntryDown
}
STATUS current
DESCRIPTION
"A collection of notifications for signaling
important ForCES events."
::= { forcesMibGroups 1 }
forcesMibGroup OBJECT-GROUP
OBJECTS { forcesLatestProtocolVersionSupported,
forcesAssociationRunningProtocolVersion
}
STATUS current
DESCRIPTION
"A collection of objects to support management
of ForCES routers."
::= { forcesMibGroups 2 }
forcesNotificationStatsGroup NOTIFICATION-GROUP
NOTIFICATIONS { forcesAssociationEntryUpStats,
forcesAssociationEntryDownStats
}
STATUS current
DESCRIPTION
"A collection of optional notifications for
signaling important ForCES events including
statistics."
::= { forcesMibGroups 3 }
forcesStatsGroup OBJECT-GROUP
OBJECTS { forcesAssociationTimeUp,
forcesAssociationTimeDown,
forcesAssociationHBMsgSent,
forcesAssociationHBMsgReceived,
forcesAssociationOperMsgSent,
forcesAssociationOperMsgReceived,
forcesAssociationCounterDiscontinuityTime
}
STATUS current
DESCRIPTION
"A collection of optional objects to provide
extra information about the associations.
There is no protocol reason to keep such
information, but these objects can be very
useful in debugging connectivity problems."
::= { forcesMibGroups 4}
END
Associations Kept in the MIB
Associations enter the UP state as soon as the CE has sent to the FE an Association Setup Response message containing a successful Association Setup Result. Only associations that are UP are reflected in this MIB module.
Associations are removed from the MIB module as soon as they leave the UP state, i.e., if the CE has not received any message (Heartbeat or other protocol message) from the FE within a given time period or if an Association Teardown message has been sent by the CE.
Statistics counters are initialized to zero when the association is created. If the same association goes down and comes back up, the counters will reset and the discontinuity can be discovered by checking the discontinuity timestamp. In addition, the time-up timestamp in the association allows to distinguish new associations from past ones with the same index. Note that the optional down notification contains the statistics with the final values of the statistics counters.
Support for Multiple CEs and FEs
An NE consists of one or more FEs and one or more CEs. Where there is a single CE, that CE will have knowledge of all the associations in the NE and so can provide the information necessary to support the managed objects defined in this MIB module. Where there is more than one CE, information about the associations may be distributed among the CEs. Whether each CE implements the managed objects for the associations of which it is aware or whether the CEs cooperate to present the appearance of a single set of managed objects for all the associations in the NE is outside the scope of this document.
Security Considerations
There are no management objects defined in this MIB module that have a MAX-ACCESS clause of read-write and/or read-create. So, if this MIB module is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB module via direct SNMP SET operations.
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:
o Objects in the forcesMibGroup are protocol versions. They are
neither sensitive nor vulnerable.
o Objects in the forcesStatsGroup are statistics. They are neither
sensitive nor vulnerable.
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see RFC3410, section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
IANA Considerations
The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
forcesMIB { mib-2 187 }
10. References
10.1. Normative References
RFC2119 Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
RFC2578 McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
RFC2579 McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999.
RFC2580 McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
RFC5810 Doria, A., Ed., Hadi Salim, J., Ed., Haas, R., Ed.,
Khosravi, H., Ed., Wang, W., Ed., Dong, L., Gopal, R., and
J. Halpern, "Forwarding and Control Element Separation
(ForCES) Protocol Specification", RFC 5810, March 2010.
10.2. Informative References
[FORCES-APP]
Crouch, A., Khosravi, H., Doria, A., Wang, X., and K.
Ogawa, "ForCES Applicability Statement", Work in Progress,
February 2010.
RFC3410 Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for
Internet-Standard Management Framework", RFC 3410,
December 2002.
RFC3654 Khosravi, H. and T. Anderson, "Requirements for Separation
of IP Control and Forwarding", RFC 3654, November 2003.
RFC3746 Yang, L., Dantu, R., Anderson, T., and R. Gopal,
"Forwarding and Control Element Separation (ForCES)
Framework", RFC 3746, April 2004.
Appendix A. Acknowledgments
The author gratefully acknowledges the contributions of Spencer Dawkins, Jinrong Fenggen, John Flick, Xiaoyi Guo, Joel Halpern, Tom Petch, Jamal Hadi Salim, and Bert Wijnen.
Author's Address
Robert Haas IBM Saeumerstrasse 4 Rueschlikon 8803 CH
EMail: [email protected] URI: http://www.zurich.ibm.com/~rha
