Network Working Group S. De Cnodder Internet-Draft Alcatel-Lucent Intended status: Standards Track February 14, 2008 Expires: August 17, 2008 Access Node Control Protocol (ANCP) MIB module for Network Access Servers draft-decnodder-ancp-mib-nas-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 17, 2008. Copyright Notice Copyright (C) The IETF Trust (2008). Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing network access servers that are using the Access Node Control Protocol (ANCP). De Cnodder Expires August 17, 2008 [Page 1] Internet-Draft ANCP MIB February 2008 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 5.1. Textual Conventions . . . . . . . . . . . . . . . . . . . 4 5.2. The ANCP-NAS MIB module Subtree . . . . . . . . . . . . . 4 5.3. The Notifications Subtree . . . . . . . . . . . . . . . . 4 5.4. The Table Structures . . . . . . . . . . . . . . . . . . . 4 6. Relationship to Other MIB Modules . . . . . . . . . . . . . . 6 6.1. Relationship to the ANCP-NAS MIB module . . . . . . . . . 6 6.2. MIB modules required for IMPORTS . . . . . . . . . . . . . 6 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 33 9. IANA considerations . . . . . . . . . . . . . . . . . . . . . 36 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 37 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37 11.1. Normative References . . . . . . . . . . . . . . . . . . . 37 11.2. Informative References . . . . . . . . . . . . . . . . . . 38 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 38 Intellectual Property and Copyright Statements . . . . . . . . . . 39 De Cnodder Expires August 17, 2008 [Page 2] Internet-Draft ANCP MIB February 2008 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing network access servers as described in [ANCPFW] that are using the Access Node Control Protocol defined in [ANCPPR]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 4. Overview In [ANCPFW], the framework for the Access Node Control Protocol (ANCP) is described. It defines 2 network entities, the Access Node (AN) and the Network Access Server (NAS), between which ANCP sessions are established. The detailed protocol specification of ANCP is described in [ANCPPR]. This document specifies a MIB module for a NAS that supports ANCP. Note: the current MIB definition is specific for [ANCPPR]. If [ANCPPR] gets updated later, then the MIB definition in this document will also follow these changes. 5. Structure of the MIB Module De Cnodder Expires August 17, 2008 [Page 3] Internet-Draft ANCP MIB February 2008 5.1. Textual Conventions No new textual conventions are defined in this MIB module. Note that 2 textual conventions are imported from ANCP-TC-MIB. 5.2. The ANCP-NAS MIB module Subtree The ANCP MIB module for network access servers is put under ancpMIB. ancpMIB in defined in [MIBAN] where a MIB module with textual conventions for ANCP is defined, and also a MIB module for access nodes. We have the following definitions in [MIBAN] and in this document: ancpTcMIB ::= { ancpMIB 1} ancpAnMIB ::= { ancpMIB 2} ancpNasMIB ::= { ancpMIB 3} ancpMIB is put under mib-2, and its OID is assigned by IANA in [MIBAN]. 5.3. The Notifications Subtree Notifications are defined to inform the management station about state changes of ANCP sessions, whenever an ANCP session changes state. Two notifications are defined for this purpose. The notification ancpNasSessionUp is to inform the management station when the session comes up, and the notification ancpNasSessionDown is to inform when the ANCP session is down again after it was up before. Attributes are introduced to enable and disable the generation of these notifications for ANCP sessions. To avoid congestion towards the management station, the NAS should limit the number of notifications sent in a specific time period. If the number of ANCP is sessions is expected to be large, it is recommended to disable the generation of notifications, or to enable them on only a set of sessions. 5.4. The Table Structures The ANCP MIB module for the NAS has 3 tables. The tables are the following: o ancpNasSessionConfigTable This table specifies a number of attributes to be used for all sessions in a particular partition. No indiviual sessions are configured such that when new ANs are added to the network, no extra configuration is needed on the NAS, except if a new De Cnodder Expires August 17, 2008 [Page 4] Internet-Draft ANCP MIB February 2008 partition is added to the ANs. The row with zero partition ID specifies the attributes of the sessions that belong to ANs that do not use partitions. The AN initiates the establishement of the transport session (e.g., TCP session), and after the establishement of the transport session, the AN and/or NAS can start the establishement of the ANCP session. If the NAS can determine to which partition the session belongs after the transport session is up, the NAS can initiate the establishement of the ANCP session, otherwise, only the AN can initiate it. o ancpNasCurrentSessionTable This table is a read-only table and shows the operational state of a particular ANCP session. The row is created when the NAS has information about a particular session, and is deleted when there is no information available anymore. o ancpNasAciInfoTable This table is a read-only table and shows all the information about a particular Access Circuit Identifier (ACI) that the AN has advertised to the NAS in a PORT UP message. Each time a PORT UP message is received with a new ACI, a new row is created. When the NAS has no information anymore about an ACI, the row is deleted. Five groups are defined: o ancpNasConfigGroup, This group contains all objects of the ancpNasSessionConfigTable in which the objects for ANCP sessions are configured. o ancpNasCurrentGroup, This group contains all objects of the ancpNasCurrentSessionTable where the operational state and other information of ANCP sessions are shown. o ancpNasAciGroup This group contains objects that contain basic information about a particular ACI. o ancpNasAciOptionalGroup This group contains objects that contain very detailed information about a particular ACI, and complements ancpNasAciGroup. De Cnodder Expires August 17, 2008 [Page 5] Internet-Draft ANCP MIB February 2008 o ancpNasNotificationsGroup This group contains the notifications that indicate state changes of ANCP sessions. 6. Relationship to Other MIB Modules 6.1. Relationship to the ANCP-NAS MIB module The ANCP-NAS-MIB module has no relationship with any other MIB module, otherwise than those MIB modules that are needed for IMPORTS. 6.2. MIB modules required for IMPORTS The ANCP MIB module for network access servers requires following MIB modules for IMPORTS: o SNMPv2-SMI defined in [RFC2578] o RMON2-MIB defined in [RFC4502] o INET-ADDRESS-MIB defined in [RFC4001] o SNMPv2-CONF defined in [RFC2580] o GSMP-MIB defined in [RFC3295] o SNMPv2-TC defined in [RFC2579] o ANCP-TC-MIB defined in [MIBAN] 7. Definitions ANCP-NAS-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, TimeTicks, NOTIFICATION-TYPE FROM SNMPv2-SMI -- [RFC2578] ZeroBasedCounter32 FROM RMON2-MIB -- [RFC4502] InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB -- [RFC4001] MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF -- [RFC2580] GsmpVersion, GsmpNameType, GsmpPartitionIdType FROM GSMP-MIB -- [RFC3295] RowStatus, TruthValue FROM SNMPv2-TC -- [RFC2579] De Cnodder Expires August 17, 2008 [Page 6] Internet-Draft ANCP MIB February 2008 GsmpSubVersion, AncpSessionCapabilities, ancpMIB FROM ANCP-TC-MIB; ancpNasMIB MODULE-IDENTITY LAST-UPDATED "200802010000Z" -- 1 February 2008 ORGANIZATION "IETF ANCP Working Group" CONTACT-INFO " Editors: Stefaan De Cnodder Alcatel-Lucent Postal: Copernicuslaan 50 B-2018 Antwerp Belgium EMail: stefaan.de_cnodder@alcatel-lucent.be Phone: +32 3 240 85 15 " DESCRIPTION "The MIB module for entities implementing the network access server side of the Access Node Control Protocol (ANCP). Copyright (C) The IETF Trust (2007). The initial version of this MIB module was published in RFC yyyy; for full legal notices see the RFC itself." -- RFC Ed.: replace yyyy with actual RFC number & remove this note REVISION "200802010000Z" -- 1 February 2008 DESCRIPTION "Initial version as published in RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this note ::= { ancpMIB 3 } ancpNasNotifications OBJECT IDENTIFIER ::= { ancpNasMIB 0 } ancpNasObjects OBJECT IDENTIFIER ::= { ancpNasMIB 1 } ancpNasConformance OBJECT IDENTIFIER ::= { ancpNasMIB 2 } ancpNasSessionConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpNasSessionConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents the ANCP sessions in the network access server. Each row represents all ANCP sessions in a particular partition in the ANs. A partition ID equal to zero means that no partitions are used by the ANs. Note that when a row is created with zero partition ID, still rows can exist with non-zero partition ID. This is because a NAS can setup ANCP sessions to multiple ANs, and some ANs may use partitions, while other access nodes De Cnodder Expires August 17, 2008 [Page 7] Internet-Draft ANCP MIB February 2008 do not use partitions." ::= { ancpNasObjects 1 } ancpNasSessionConfigEntry OBJECT-TYPE SYNTAX AncpNasSessionConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table configures the parameters of all ANCP sessions using the same partition in the ANs, if partitions are being used. If an AN is not using partitions, then there can also be a corresponding entry in this table." INDEX { ancpNasSessionConfigPartitionId } ::= { ancpNasSessionConfigTable 1 } AncpNasSessionConfigEntry ::= SEQUENCE { ancpNasSessionConfigPartitionId GsmpPartitionIdType, ancpNasSessionConfigRowStatus RowStatus, ancpNasSessionConfigGsmpVersion GsmpVersion, ancpNasSessionConfigGsmpSubVersion GsmpSubVersion, ancpNasSessionConfigEncapsulationType INTEGER, ancpNasSessionConfigCapabilities AncpSessionCapabilities, ancpNasSessionConfigAliveTimer Unsigned32, ancpNasSessionConfigAncpRetryTimer Unsigned32, ancpNasSessionConfigNasName GsmpNameType, ancpNasSessionConfigEncapPortNumber InetPortNumber, ancpNasSessionConfigNotifyDnEnable TruthValue, ancpNasSessionConfigNotifyUpEnable TruthValue } ancpNasSessionConfigPartitionId OBJECT-TYPE SYNTAX GsmpPartitionIdType MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Id for this partition on the ANs. If no partitions are used, then the value of this object is set to zero." ::= { ancpNasSessionConfigEntry 1 } ancpNasSessionConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "An object that allows entries in this table to be created, modified and deleted using the RowStatus De Cnodder Expires August 17, 2008 [Page 8] Internet-Draft ANCP MIB February 2008 convention. A SET operation to any other attribute in this row, when this object is set to 'active' (1), MUST be rejected with an SNMP error (e.g., inconsistentValue). In order to perform a SET operation to any other attribute in this table the manager MUST set this object to notInService (2). After setting the object back to 'active' the implementation MAY tear down all the sessions that belong to this partition and recreate them, depending on what session attributes have been modified. " ::= { ancpNasSessionConfigEntry 2 } ancpNasSessionConfigGsmpVersion OBJECT-TYPE SYNTAX GsmpVersion MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum version number of the GSMP protocol that may be used for sessions in this partition (if used). The value of this object is persistent." DEFVAL { 3 } ::= { ancpNasSessionConfigEntry 3 } ancpNasSessionConfigGsmpSubVersion OBJECT-TYPE SYNTAX GsmpSubVersion MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum subversion number of the GSMP protocol that may be used in sessions in this partition (if used). The value of this object is persistent." DEFVAL { 1 } ::= { ancpNasSessionConfigEntry 4 } ancpNasSessionConfigEncapsulationType OBJECT-TYPE SYNTAX INTEGER { tcp(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "Required encapsulation for sessions in this partition (if used). The value of this object is persistent." DEFVAL { tcp } ::= { ancpNasSessionConfigEntry 5 } ancpNasSessionConfigCapabilities OBJECT-TYPE SYNTAX AncpSessionCapabilities De Cnodder Expires August 17, 2008 [Page 9] Internet-Draft ANCP MIB February 2008 MAX-ACCESS read-create STATUS current DESCRIPTION "ANCP capabilities supported by the NAS for the sessions in this partition (if used). When all bits are set to zero then this means that no capabilities are supported. The value of this object is persistent." DEFVAL { { topologyDiscovery, l2Oam } } ::= { ancpNasSessionConfigEntry 6 } ancpNasSessionConfigAliveTimer OBJECT-TYPE SYNTAX Unsigned32(1..255) UNITS "deciseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between periodic adjacency protocol messages generated by the NAS for the sessions in this partition (if used). It is a constant for the duration of an ANCP session. The timer is specified in units of 100ms. The value of this object is persistent." DEFVAL { 100 } ::= { ancpNasSessionConfigEntry 7 } ancpNasSessionConfigAncpRetryTimer OBJECT-TYPE SYNTAX Unsigned32(0..255) UNITS "deciseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 ANCP connection setup attempts for sessions in this partition (if used), if the network access server is capable of initiating the setup of ANCP sessions. The timer is specified in units of 100ms. A value 0 means that the network access server will NOT spontaneously trigger an ANCP session. Whatever the setting of this timer, the network access server shall always listen for ANCP session setup. The value of this object is persistent." DEFVAL { 10 } ::= { ancpNasSessionConfigEntry 8 } ancpNasSessionConfigNasName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-create De Cnodder Expires August 17, 2008 [Page 10] Internet-Draft ANCP MIB February 2008 STATUS current DESCRIPTION "The name of the network access server. The first three octets must be an Organizationally Unique Identifier (OUI) that identifies the manufacturer of the access node. This object can be (one of) the MAC address(es) of the network access server. When this object is set to zero, the network access server shall autonomously decide on using the most appropriate MAC address of the network access server. Then the actually used network access server name can be read from ancpNasCurrentSessionNasName. The value of this object is persistent." DEFVAL { '000000000000'H } ::= { ancpNasSessionConfigEntry 9 } ancpNasSessionConfigEncapPortNumber OBJECT-TYPE SYNTAX InetPortNumber (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The port number used for the transport protocol establishment to the ANCP peer. The transport protocol type is specified by ancpNasSessionConfigEncapsulationType and as it is set by default to 'tcp' then the default port number is set to 6068 (see details in http://www.iana.org/). Other port numbers may be relevant if other transport protocols are used. The value of this object is persistent." DEFVAL { 6068 } ::= { ancpNasSessionConfigEntry 10 } ancpNasSessionConfigNotifyDnEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies if ancpNasSessionDown notification should be generated when a session in this partition (if used) leaves the 'estab' state as given by ancpNasCurrentSessionState in the row of that particular session in ancpNasCurrentSessionTable. The value of this object is persistent." DEFVAL { false } ::= { ancpNasSessionConfigEntry 11 } ancpNasSessionConfigNotifyUpEnable OBJECT-TYPE De Cnodder Expires August 17, 2008 [Page 11] Internet-Draft ANCP MIB February 2008 SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies if ancpNasSessionUp notification should be generated when a session in this partition (if used) goes to 'estab' state as given by ancpAnCurrentSessionState in the ro of that particular session in ancpNasCurrentSessionTable. The value of this object is persistent." DEFVAL { false } ::= { ancpNasSessionConfigEntry 12 } ancpNasCurrentSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpNasCurrentSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table gives actual information of the ANCP sessions in the network access server. A row in this table is created when a new ANCP session is being established. A row in this table is deleted when there is no ANCP session anymore." ::= { ancpNasObjects 2 } ancpNasCurrentSessionEntry OBJECT-TYPE SYNTAX AncpNasCurrentSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table showing the data for a specific actual ANCP session." INDEX { ancpNasCurrentSessionId } ::= { ancpNasCurrentSessionTable 1 } AncpNasCurrentSessionEntry ::= SEQUENCE { ancpNasCurrentSessionId Unsigned32, ancpNasCurrentSessionState INTEGER, ancpNASCurrentSessionGsmpVersion GsmpVersion, ancpNasurrentSessionGsmpSubVersion GsmpSubVersion, ancpNasCurrentSessionAnName GsmpNameType, ancpNasCurrentSessionNasName GsmpNameType, ancpNasCurrentSessionAnIpAddressType InetAddressType, ancpNasCurrentSessionAnIpAddress InetAddress, ancpNasCurrentSessionAnInstance Unsigned32, ancpNasCurrentSessionNasIpAddressType InetAddressType, ancpNasCurrentSessionNasIpAddress InetAddress, De Cnodder Expires August 17, 2008 [Page 12] Internet-Draft ANCP MIB February 2008 ancpNasCurrentSessionNasInstance Unsigned32, ancpNasCurrentSessionCapabilities AncpSessionCapabilities, ancpNasCurrentSessionStartUptime TimeTicks, ancpNasCurrentSessionDiscontinuityTime TimeTicks, ancpNasCurrentSessionStatSentMessages ZeroBasedCounter32, ancpNasCurrentSessionStatReceivedValidMessages ZeroBasedCounter32, ancpNasCurrentSessionStatDiscardedMessages ZeroBasedCounter32 } ancpNasCurrentSessionId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index of a session referred by this row. The index is unique accross all partitions and is generated by the system." ::= { ancpNasCurrentSessionEntry 1 } ancpNasCurrentSessionState OBJECT-TYPE SYNTAX INTEGER { null(1), synsent(2), synrcvd(3), estab(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the ANCP session as defined in the GSMP specification." ::= { ancpNasCurrentSessionEntry 2 } ancpNASCurrentSessionGsmpVersion OBJECT-TYPE SYNTAX GsmpVersion MAX-ACCESS read-only STATUS current DESCRIPTION "The actual version number of the GSMP protocol that is used in this session. This object has value 0 if ancpNasCurrentSessionState is not estab(4)." ::= { ancpNasCurrentSessionEntry 3 } ancpNasurrentSessionGsmpSubVersion OBJECT-TYPE SYNTAX GsmpSubVersion MAX-ACCESS read-only STATUS current De Cnodder Expires August 17, 2008 [Page 13] Internet-Draft ANCP MIB February 2008 DESCRIPTION "The actual subversion number of the GSMP protocol that is used in this session. This object has value 0 if ancpNasCurrentSessionState is not estab(4)." ::= { ancpNasCurrentSessionEntry 4 } ancpNasCurrentSessionAnName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the AN as advertised in the adjacency message. The value of this object is set to the value of the 'Sender Name' field in the header of the ANCP messages received on this session. This object has value 0 if ancpNasCurrentSessionState is not estab(4)." ::= { ancpNasCurrentSessionEntry 5 } ancpNasCurrentSessionNasName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the NAS used in this session. It should be the same as ancpNasSessionConfigNasName, in the row of the corresponding partition (if used), if that object is not set to zero. If ancpNasSessionConfigNasName is set to zero, then this object will contain the MAC address selected by the network access server as described in the description of ancpNasSessionConfigNasName. The value of this object is used as value for the 'Sender Name' field in the header of the ANCP messages generated for this session by the NAS." ::= { ancpNasCurrentSessionEntry 6 } ancpNasCurrentSessionAnIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address in ancpNasCurrentSessionAnIpAddress." ::= { ancpNasCurrentSessionEntry 7 } ancpNasCurrentSessionAnIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only De Cnodder Expires August 17, 2008 [Page 14] Internet-Draft ANCP MIB February 2008 STATUS current DESCRIPTION "The IP address used by the access node. The type of this IP address attribute is determined by the value of ancpNasCurrentSessionAnIpAddressType." ::= { ancpNasCurrentSessionEntry 8 } ancpNasCurrentSessionAnInstance OBJECT-TYPE SYNTAX Unsigned32(0..16777215) MAX-ACCESS read-only STATUS current DESCRIPTION "The instance number used by the access node during this session. The Instance number is a 24-bit number that should be guaranteed to be unique within the recent past and to change when the link or node comes back up after going down. Zero is not a valid instance number. This object has value 0 if ancpNasCurrentSessionState is not estab(4)." ::= { ancpNasCurrentSessionEntry 9 } ancpNasCurrentSessionNasIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address in ancpNasCurrentSessionNasIpAddress." ::= { ancpNasCurrentSessionEntry 10 } ancpNasCurrentSessionNasIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address used by the network access server. The type of this IP address attribute is determined by the value of ancpNasCurrentSessionNasIpAddressType." ::= { ancpNasCurrentSessionEntry 11 } ancpNasCurrentSessionNasInstance OBJECT-TYPE SYNTAX Unsigned32(0..16777215) MAX-ACCESS read-only STATUS current DESCRIPTION "The instance number used by the network access server during this session. The Instance number is a 24-bit number that should be guaranteed to be unique within De Cnodder Expires August 17, 2008 [Page 15] Internet-Draft ANCP MIB February 2008 the recent past and to change when the link or node comes back up after going down. Zero is not a valid instance number. This object has value 0 if ancpNasCurrentSessionState is not estab(4)." ::= { ancpNasCurrentSessionEntry 12 } ancpNasCurrentSessionCapabilities OBJECT-TYPE SYNTAX AncpSessionCapabilities MAX-ACCESS read-only STATUS current DESCRIPTION "The common ANCP capabilities supported by the AN and NAS in this session. The object has the value 0 if no capabilities are supported or if ancpNasCurrentSessionState is not estab(4)." ::= { ancpNasCurrentSessionEntry 13 } ancpNasCurrentSessionStartUptime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the session came to established state. This object has value 0 if ancpNasCurrentSessionState is not estab(4)." ::= { ancpNasCurrentSessionEntry 14 } ancpNasCurrentSessionDiscontinuityTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which session's counters suffered a discontinuity. If no such discontinuities have occurred since then, this object contains the same value as ancpNasCurrentSessionStartUptime." ::= { ancpNasCurrentSessionEntry 15 } ancpNasCurrentSessionStatSentMessages OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that have been sent in this session De Cnodder Expires August 17, 2008 [Page 16] Internet-Draft ANCP MIB February 2008 by the network access server. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. Discontinuities of this counter are indicated by ancpNasCurrentSessionDiscontinuityTime." ::= { ancpNasCurrentSessionEntry 16 } ancpNasCurrentSessionStatReceivedValidMessages OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that have been received and processed in this session by the network access server. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. Discontinuities of this counter are indicated by ancpNasCurrentSessionDiscontinuityTime." ::= { ancpNasCurrentSessionEntry 17 } ancpNasCurrentSessionStatDiscardedMessages OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that in this session have been received and discarded for whatever reason by the network access server. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. Discontinuities of this counter are indicated by ancpNasCurrentSessionDiscontinuityTime." ::= { ancpNasCurrentSessionEntry 18 } ancpNasAciInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpNasAciInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table gives actual information of all the Access Circuit Identifiers (ACIs) received from an AN on a particular ANCP session. De Cnodder Expires August 17, 2008 [Page 17] Internet-Draft ANCP MIB February 2008 A row in this table is created when a new ACI is received. A row in this table is deleted when there is no information anymore about a certain ACI." ::= { ancpNasObjects 3 } ancpNasAciInfoEntry OBJECT-TYPE SYNTAX AncpNasAciInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table showing the information about a certain ACI." INDEX { ancpNasCurrentSessionId, ancpNasAciInfoAci } ::= { ancpNasAciInfoTable 1 } AncpNasAciInfoEntry ::= SEQUENCE { ancpNasAciInfoAci OCTET STRING, ancpNasAciInfoAccessLoopRemoteIdValid TruthValue, ancpNasAciInfoAccessLoopRemoteId OCTET STRING, ancpNasAciInfoAccessAggrCircuitBinValid TruthValue, ancpNasAciInfoAccessAggrCircuitBin1 Unsigned32, ancpNasAciInfoAccessAggrCircuitBin2 Unsigned32, ancpNasAciInfoAccessAggrCircuitAsciivalid TruthValue, ancpNasAciInfoAccessAggrCircuitAscii OCTET STRING, ancpNasAciInfoDslType INTEGER, ancpNasAciInfoActualNetDataUpstream Unsigned32, ancpNasAciInfoActualNetDataRateDownstream Unsigned32, ancpNasAciInfoMinNetDataRateUpstreamValid TruthValue, ancpNasAciInfoMinNetDataRateUpstream Unsigned32, ancpNasAciInfoMinNetDataRateDownstreamValid TruthValue, ancpNasAciInfoMinNetDataRateDownstream Unsigned32, ancpNasAciInfoAttNetDataRateUpstreamValid TruthValue, ancpNasAciInfoAttNetDataRateUpstream Unsigned32, ancpNasAciInfoAttNetDataRateDownstreamValid TruthValue, ancpNasAciInfoAttNetDataRateDownstream Unsigned32, ancpNasAciInfoMaxNetDataRateUpstreamValid TruthValue, ancpNasAciInfoMaxNetDataRateUpstream Unsigned32, ancpNasAciInfoMaxNetDataRateDownstreamValid TruthValue, ancpNasAciInfoMaxNetDataRateDownstream Unsigned32, ancpNasAciInfoMinNetLowPowerDrUpstreamValid TruthValue, ancpNasAciInfoMinNetLowPowerDrUpstream Unsigned32, ancpNasAciInfoMinNetLowPowerDrDownstreamValid TruthValue, ancpNasAciInfoMinNetLowPowerDrDownstream Unsigned32, ancpNasAciInfoMaxDelayUpstreamValid TruthValue, ancpNasAciInfoMaxDelayUpstream Unsigned32, ancpNasAciInfoActualDelayUpstreamValid TruthValue, ancpNasAciInfoActualDelayUpstream Unsigned32, ancpNasAciInfoMaxDelayDownstreamValid TruthValue, De Cnodder Expires August 17, 2008 [Page 18] Internet-Draft ANCP MIB February 2008 ancpNasAciInfoMaxDelayDownstream Unsigned32, ancpNasAciInfoActualDelayDownstreamValid TruthValue, ancpNasAciInfoActualDelayDownstream Unsigned32, ancpNasAciInfoDslLineState INTEGER, ancpNasAciInfoAccessLoopEncapValid TruthValue, ancpNasAciInfoAccessLoopEncapDataLink INTEGER, ancpNasAciInfoAccessLoopEncapsulation1 INTEGER, ancpNasAciInfoAccessLoopEncapsulation2 INTEGER } ancpNasAciInfoAci OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..63)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The access circuit identfier (ACI)." ::= { ancpNasAciInfoEntry 1 } ancpNasAciInfoAccessLoopRemoteIdValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the access loop remote identifier was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoAccessLoopRemoteId contains the advertised access loop remote identifier." ::= { ancpNasAciInfoEntry 2 } ancpNasAciInfoAccessLoopRemoteId OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..63)) MAX-ACCESS read-only STATUS current DESCRIPTION "The access loop remote identifier. The value of this object is only meaningful when the value of ancpNasAciInfoAccessLoopRemoteIdValid is true." ::= { ancpNasAciInfoEntry 3 } ancpNasAciInfoAccessAggrCircuitBinValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the binary access aggregation circuit ID was advertised by the AN or not. If it was advertised, then objects De Cnodder Expires August 17, 2008 [Page 19] Internet-Draft ANCP MIB February 2008 ancpNasAciInfoAccessAggrCircuitBin1 and ancpNasAciInfoAccessAggrCircuitBin2 contain the advertised binary access aggregation circuit ID." ::= { ancpNasAciInfoEntry 4 } ancpNasAciInfoAccessAggrCircuitBin1 OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The first part of the binary access aggregation circuit ID. The value of this object is only meaningful when the value of ancpNasAciInfoAccessAggrCircuitBinValid is true." ::= { ancpNasAciInfoEntry 5 } ancpNasAciInfoAccessAggrCircuitBin2 OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The second part of the binary access aggregation circuit ID. The value of this object is only meaningful when the value of ancpNasAciInfoAccessAggrCircuitBinValid is true." ::= { ancpNasAciInfoEntry 6 } ancpNasAciInfoAccessAggrCircuitAsciivalid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the ascii access aggregation circuit ID was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoAccessAggrCircuitAscii contains the advertised ascii access aggregation circuit ID." ::= { ancpNasAciInfoEntry 7 } ancpNasAciInfoAccessAggrCircuitAscii OBJECT-TYPE SYNTAX OCTET STRING (SIZE (0..63)) MAX-ACCESS read-only STATUS current DESCRIPTION "The ascii access aggregation circuit ID. The value of this object is only meaningful when the value of ancpNasAciInfoAccessAggrCircuitAsciivalid is true." ::= { ancpNasAciInfoEntry 8 } ancpNasAciInfoDslType OBJECT-TYPE De Cnodder Expires August 17, 2008 [Page 20] Internet-Draft ANCP MIB February 2008 SYNTAX INTEGER { adsl1 (1), adsl2 (2), adsl2plus (3), vdsl1 (4), vdsl2 (5), sdsl (6), unknown (7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The DSL type." ::= { ancpNasAciInfoEntry 9 } ancpNasAciInfoActualNetDataUpstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The actual upstream net data rate." ::= { ancpNasAciInfoEntry 10 } ancpNasAciInfoActualNetDataRateDownstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The actual downstream net data rate." ::= { ancpNasAciInfoEntry 11 } ancpNasAciInfoMinNetDataRateUpstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the minimum upstream net data rate was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMinNetDataRateUpstream contains the advertised minimum upstream net data rate." ::= { ancpNasAciInfoEntry 12 } ancpNasAciInfoMinNetDataRateUpstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION De Cnodder Expires August 17, 2008 [Page 21] Internet-Draft ANCP MIB February 2008 "The minimum upstream net data rate. The value of this object is only meaningful when the value of ancpNasAciInfoMinNetDataRateUpstreamValid is true." ::= { ancpNasAciInfoEntry 13 } ancpNasAciInfoMinNetDataRateDownstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the minimum downstream net data rate was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMinNetDataRateDownstream contains the advertised minimum downstream net data rate." ::= { ancpNasAciInfoEntry 14 } ancpNasAciInfoMinNetDataRateDownstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The minimum downstream net data rate. The value of this object is only meaningful when the value of ancpNasAciInfoMinNetDataRateDownstreamValid is true." ::= { ancpNasAciInfoEntry 15 } ancpNasAciInfoAttNetDataRateUpstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the attainable upstream net data rate was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoAttNetDataRateUpstream contains the advertised attainable upstream net data rate." ::= { ancpNasAciInfoEntry 16 } ancpNasAciInfoAttNetDataRateUpstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The attainable upstream net data rate. The value of this object is only meaningful when the value of ancpNasAciInfoAttNetDataRateUpstreamValid is true." ::= { ancpNasAciInfoEntry 17 } De Cnodder Expires August 17, 2008 [Page 22] Internet-Draft ANCP MIB February 2008 ancpNasAciInfoAttNetDataRateDownstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the attainable downstream net data rate was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoAttNetDataRateDownstream contains the advertised attainable downstream net data rate." ::= { ancpNasAciInfoEntry 18 } ancpNasAciInfoAttNetDataRateDownstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The attainable downstream net data rate. The value of this object is only meaningful when the value of ancpNasAciInfoAttNetDataRateDownstreamValid is true." ::= { ancpNasAciInfoEntry 19 } ancpNasAciInfoMaxNetDataRateUpstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the maximum upstream net data rate was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMaxNetDataRateUpstream contains the advertised maximum upstream net data rate." ::= { ancpNasAciInfoEntry 20 } ancpNasAciInfoMaxNetDataRateUpstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum upstream net data rate. The value of this object is only meaningful when the value of ancpNasAciInfoMaxNetDataRateUpstreamValid is true." ::= { ancpNasAciInfoEntry 21 } ancpNasAciInfoMaxNetDataRateDownstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only De Cnodder Expires August 17, 2008 [Page 23] Internet-Draft ANCP MIB February 2008 STATUS current DESCRIPTION "This object indicates whether the maximum downstream net data rate was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMaxNetDataRateDownstream contains the advertised maximum downstream net data rate." ::= { ancpNasAciInfoEntry 22 } ancpNasAciInfoMaxNetDataRateDownstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum downstream net data rate. The value of this object is only meaningful when the value of ancpNasAciInfoMaxNetDataRateDownstreamValid is true." ::= { ancpNasAciInfoEntry 23 } ancpNasAciInfoMinNetLowPowerDrUpstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the minimum upstream net data rate in low power state was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMinNetLowPowerDrUpstream contains the advertised minimum upstream net data rate in low power state." ::= { ancpNasAciInfoEntry 24 } ancpNasAciInfoMinNetLowPowerDrUpstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The minimum upstream net data rate in low power state. The value of this object is only meaningful when the value of ancpNasAciInfoMinNetLowPowerDrUpstreamValid is true." ::= { ancpNasAciInfoEntry 25 } ancpNasAciInfoMinNetLowPowerDrDownstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION De Cnodder Expires August 17, 2008 [Page 24] Internet-Draft ANCP MIB February 2008 "This object indicates whether the minimum downstream net data rate in low power state was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMinNetLowPowerDrDownstream contains the advertised minimum downstrem net data rate in low power state." ::= { ancpNasAciInfoEntry 26 } ancpNasAciInfoMinNetLowPowerDrDownstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The minimum downstream net data rate in low power state. The value of this object is only meaningful when the value of ancpNasAciInfoMinNetLowPowerDrDownstreamValid is true." ::= { ancpNasAciInfoEntry 27 } ancpNasAciInfoMaxDelayUpstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the maximum upstream interleaving delay was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMaxDelayUpstream contains the advertised maximum upstream interleaving delay." ::= { ancpNasAciInfoEntry 28 } ancpNasAciInfoMaxDelayUpstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum upstream interleaving delay. The value of this object is only meaningful when the value of ancpNasAciInfoMaxDelayUpstreamValid is true." ::= { ancpNasAciInfoEntry 29 } ancpNasAciInfoActualDelayUpstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the actual upstream interleaving delay was advertised by the AN or not. If it was advertised, then the object De Cnodder Expires August 17, 2008 [Page 25] Internet-Draft ANCP MIB February 2008 ancpNasAciInfoActualDelayUpstream contains the advertised actual upstream interleaving delay." ::= { ancpNasAciInfoEntry 30 } ancpNasAciInfoActualDelayUpstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The actual upstream interleaving delay. The value of this object is only meaningful when the value of ancpNasAciInfoActualDelayUpstreamValid is true." ::= { ancpNasAciInfoEntry 31 } ancpNasAciInfoMaxDelayDownstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the maximum downstream interleaving delay was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoMaxDelayDownstream contains the advertised maximum downstream interleaving delay." ::= { ancpNasAciInfoEntry 32 } ancpNasAciInfoMaxDelayDownstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum downstream interleaving delay. The value of this object is only meaningful when the value of ancpNasAciInfoMaxDelayDownstreamValid is true." ::= { ancpNasAciInfoEntry 33 } ancpNasAciInfoActualDelayDownstreamValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the actual downstream interleaving delay was advertised by the AN or not. If it was advertised, then the object ancpNasAciInfoActualDelayDownstream contains the advertised actual downstream interleaving delay." ::= { ancpNasAciInfoEntry 34 } De Cnodder Expires August 17, 2008 [Page 26] Internet-Draft ANCP MIB February 2008 ancpNasAciInfoActualDelayDownstream OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The actual downstream interleaving delay. The value of this object is only meaningful when the value of ancpNasAciInfoActualDelayDownstreamValid is true." ::= { ancpNasAciInfoEntry 35 } ancpNasAciInfoDslLineState OBJECT-TYPE SYNTAX INTEGER { showtime (1), idle (2), silent (3) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of the DSL line." ::= { ancpNasAciInfoEntry 36 } ancpNasAciInfoAccessLoopEncapValid OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object indicates whether the access loop encapsulation was advertised by the AN or not. If it was advertised, then the objects ancpNasAciInfoAccessLoopEncapDataLink, ancpNasAciInfoAccessLoopEncapsulation1, and ancpNasAciInfoAccessLoopEncapsulation2 contain the advertised access loop encapsulation." ::= { ancpNasAciInfoEntry 37 } ancpNasAciInfoAccessLoopEncapDataLink OBJECT-TYPE SYNTAX INTEGER { atmaal5 (0), ethernet (1) } MAX-ACCESS read-only STATUS current DESCRIPTION "The data link encapsulation. The value of this object is only meaningful when the value of ancpNasAciInfoAccessLoopEncapValid is true." ::= { ancpNasAciInfoEntry 38 } De Cnodder Expires August 17, 2008 [Page 27] Internet-Draft ANCP MIB February 2008 ancpNasAciInfoAccessLoopEncapsulation1 OBJECT-TYPE SYNTAX INTEGER { na (0), untaggedeth (1), singletaggedeth (2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The first part of the encapsulation. The value of this object is only meaningful when the value of ancpNasAciInfoAccessLoopEncapValid is true." ::= { ancpNasAciInfoEntry 39 } ancpNasAciInfoAccessLoopEncapsulation2 OBJECT-TYPE SYNTAX INTEGER { na (0), pppoallc (1), pppoanull (2), ipoaLcc (3), ipoaNull (4), ethaal5lccfcs (5), ethaal5llcnofcs (6), ethaal5nullfcs (7), ethaal5mullnofcs (8) } MAX-ACCESS read-only STATUS current DESCRIPTION "The second part of the encapsulation. The value of this object is only meaningful when the value of ancpNasAciInfoAccessLoopEncapValid is true." ::= { ancpNasAciInfoEntry 40 } -- -- Notifications -- ancpNasSessionDown NOTIFICATION-TYPE OBJECTS { ancpNasCurrentSessionAnIpAddressType, ancpNasCurrentSessionAnIpAddress, ancpNasCurrentSessionAnInstance, ancpNasCurrentSessionNasIpAddressType, ancpNasCurrentSessionNasIpAddress, ancpNasCurrentSessionNasInstance, ancpNasCurrentSessionStartUptime, ancpNasCurrentSessionStatSentMessages, De Cnodder Expires August 17, 2008 [Page 28] Internet-Draft ANCP MIB February 2008 ancpNasCurrentSessionStatReceivedValidMessages, ancpNasCurrentSessionStatDiscardedMessages } STATUS current DESCRIPTION "This notification is generated whenever an ANCP session goes down. A session can go down for several reasons: 1) The ANCP session can be deleted by a manager by deleting the row in the ancpNasSessionConfigTable to which this session belongs, and hence it will also be removed from the ancpNasCurrentSessionTable. 2) The session can go operational down due to some malfunction in the network, the AN, or the NAS. In this case, the ANCP session will be still in the ancpNasCurrentSessionTable, but the ancpNasCurrentSessionState moves from the estab state to another state. This notification is only generated when ancpNasSessionConfigNotifyDnEnable in the row of ancpNasSessionConfigTable to which this session belongs is set to true." ::= { ancpNasNotifications 1 } ancpNasSessionUp NOTIFICATION-TYPE OBJECTS { ancpNasCurrentSessionNasInstance } STATUS current DESCRIPTION "This notification is generated when an ANCP session enters the estab state as given by ancpNasCurrentSessionState. This notification is only generated when ancpNasSessionConfigNotifyUpEnable in the row of ancpNasSessionConfigTable to which this session belongs is set to true." ::= { ancpNasNotifications 2 } -- -- ANCP NAS Compliance -- ancpNasGroups OBJECT IDENTIFIER ::= { ancpNasConformance 1 } ancpNasCompliances OBJECT IDENTIFIER ::= { ancpNasConformance 2 } ancpNasModuleCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for agents that support De Cnodder Expires August 17, 2008 [Page 29] Internet-Draft ANCP MIB February 2008 the ANCP MIB module for network access servers." MODULE -- this module MANDATORY-GROUPS { ancpNasConfigGroup, ancpNasCurrentGroup, ancpNasNotificationsGroup } GROUP ancpNasAciGroup DESCRIPTION "This group contains some basic information for each ACI as advertised by the AN. This group is optional. If ancpNasAciOptionalGroup is supported, then ancpNasAciGroup is mandatory." GROUP ancpNasAciOptionalGroup DESCRIPTION "This group extends ancpNasAciGroup and contains more detailed information for each ACI. This group is optional, and if this group is supported, also ancpNasAciGroup must be supported. The group ancpNasAciGroup can be supported without supporting ancpNasAciOptionalGroup." ::= { ancpNasCompliances 1 } -- units of conformance ancpNasConfigGroup OBJECT-GROUP OBJECTS { ancpNasSessionConfigRowStatus, ancpNasSessionConfigGsmpVersion, ancpNasSessionConfigGsmpSubVersion, ancpNasSessionConfigEncapsulationType, ancpNasSessionConfigCapabilities, ancpNasSessionConfigAliveTimer, ancpNasSessionConfigAncpRetryTimer, ancpNasSessionConfigNasName, ancpNasSessionConfigEncapPortNumber, ancpNasSessionConfigNotifyDnEnable, ancpNasSessionConfigNotifyUpEnable } STATUS current DESCRIPTION "These objects apply to the configuration of ANCP sessions in network access servers." ::= { ancpNasGroups 1 } De Cnodder Expires August 17, 2008 [Page 30] Internet-Draft ANCP MIB February 2008 ancpNasCurrentGroup OBJECT-GROUP OBJECTS { ancpNasCurrentSessionState, ancpNASCurrentSessionGsmpVersion, ancpNasurrentSessionGsmpSubVersion, ancpNasCurrentSessionAnName, ancpNasCurrentSessionNasName, ancpNasCurrentSessionAnIpAddressType, ancpNasCurrentSessionAnIpAddress, ancpNasCurrentSessionAnInstance, ancpNasCurrentSessionNasIpAddressType, ancpNasCurrentSessionNasIpAddress, ancpNasCurrentSessionNasInstance, ancpNasCurrentSessionCapabilities, ancpNasCurrentSessionStartUptime, ancpNasCurrentSessionDiscontinuityTime, ancpNasCurrentSessionStatSentMessages, ancpNasCurrentSessionStatReceivedValidMessages, ancpNasCurrentSessionStatDiscardedMessages } STATUS current DESCRIPTION "These objects show the operational state of all ANCP sessions in the network access server." ::= { ancpNasGroups 2 } ancpNasAciGroup OBJECT-GROUP OBJECTS { ancpNasAciInfoDslType, ancpNasAciInfoActualNetDataUpstream, ancpNasAciInfoActualNetDataRateDownstream, ancpNasAciInfoDslLineState } STATUS current DESCRIPTION "These objects show the operational state of all ACIs learned the network access server from the access nodes. This group contains all objects related to information that is mandatory for the access node to advertise to the network access server if the necessary ANCP capabilities are enabled for the sessions." ::= { ancpNasGroups 3 } ancpNasAciOptionalGroup OBJECT-GROUP OBJECTS { ancpNasAciInfoAccessLoopRemoteIdValid, ancpNasAciInfoAccessLoopRemoteId, ancpNasAciInfoAccessAggrCircuitBinValid, De Cnodder Expires August 17, 2008 [Page 31] Internet-Draft ANCP MIB February 2008 ancpNasAciInfoAccessAggrCircuitBin1, ancpNasAciInfoAccessAggrCircuitBin2, ancpNasAciInfoAccessAggrCircuitAsciivalid, ancpNasAciInfoAccessAggrCircuitAscii, ancpNasAciInfoMinNetDataRateUpstreamValid, ancpNasAciInfoMinNetDataRateUpstream, ancpNasAciInfoMinNetDataRateDownstreamValid, ancpNasAciInfoMinNetDataRateDownstream, ancpNasAciInfoAttNetDataRateUpstreamValid, ancpNasAciInfoAttNetDataRateUpstream, ancpNasAciInfoAttNetDataRateDownstreamValid, ancpNasAciInfoAttNetDataRateDownstream, ancpNasAciInfoMaxNetDataRateUpstreamValid, ancpNasAciInfoMaxNetDataRateUpstream, ancpNasAciInfoMaxNetDataRateDownstreamValid, ancpNasAciInfoMaxNetDataRateDownstream, ancpNasAciInfoMinNetLowPowerDrUpstreamValid, ancpNasAciInfoMinNetLowPowerDrUpstream, ancpNasAciInfoMinNetLowPowerDrDownstreamValid, ancpNasAciInfoMinNetLowPowerDrDownstream, ancpNasAciInfoMaxDelayUpstreamValid, ancpNasAciInfoMaxDelayUpstream, ancpNasAciInfoActualDelayUpstreamValid, ancpNasAciInfoActualDelayUpstream, ancpNasAciInfoMaxDelayDownstreamValid, ancpNasAciInfoMaxDelayDownstream, ancpNasAciInfoActualDelayDownstreamValid, ancpNasAciInfoActualDelayDownstream, ancpNasAciInfoAccessLoopEncapValid, ancpNasAciInfoAccessLoopEncapDataLink, ancpNasAciInfoAccessLoopEncapsulation1, ancpNasAciInfoAccessLoopEncapsulation2 } STATUS current DESCRIPTION "These objects show the operational state of all ACIs learned the network access server from the access nodes. This group contains all objects related to information that is optional for the access node to advertise to the network access server." ::= { ancpNasGroups 4 } ancpNasNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { ancpNasSessionDown, ancpNasSessionUp } STATUS current De Cnodder Expires August 17, 2008 [Page 32] Internet-Draft ANCP MIB February 2008 DESCRIPTION "These notifications inform management stations about changes in the state of ANCP sessions." ::= { ancpNasGroups 5 } END 8. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: ancpNasSessionConfigTable is the only table with read-write and/or read-create objects, which are: o ancpNasSessionConfigRowStatus o ancpNasSessionConfigGsmpVersion o ancpNasSessionConfigGsmpSubVersion o ancpNasSessionConfigEncapsulationType o ancpNasSessionConfigCapabilities o ancpNasSessionConfigAliveTimer o ancpNasSessionConfigAncpRetryTimer o ancpNasSessionConfigNasName o ancpNasSessionConfigEncapPortNumber o ancpNasSessionConfigNotifyDnEnable o ancpNasSessionConfigNotifyUpEnable Unauthorized changes to ancpNasSessionConfigRowStatus can result in unauthorized changes of some objects in ancpNasSessionConfigTable. It could also result in tearing down many ANCP sessions, and re- establishing them with wrong parameters. Unauthorized changes to ancpNasSessionConfigGsmpVersion or ancpNasSessionConfigGsmpSubVersion could have an adverse operational effect by limiting the GSMP version to be used in the context of the sessions corresponding to this row or enabling a GSMP version number that is actually unsupported by the network access server Unauthorized changes to ancpNasSessionConfigEncapsulationType could have an adverse operational effect by configuring the sessions to use an undesired or even unsupported protocol. De Cnodder Expires August 17, 2008 [Page 33] Internet-Draft ANCP MIB February 2008 Unauthorized changes to ancpNasSessionConfigCapabilities could have an adverse operational effect by disabling certain ANCP capabilities that the operator assumed that are enabled, or enable a capability that the operator would not like to activate. Unauthorized changes to ancpNasSessionConfigAliveTimer could have an adverse operational effect by increasing the frequency of adjacency protocol messages generated by the access node and leading to an overload of such messages. Decreasing the frequency of such messages may harm the synchronization between the access node and the NAS. Unauthorized changes to ancpNasSessionConfigAncpRetryTimer could have an adverse operational effect by increasing the frequency of transport connection setup attempts initiated by the network access server or even unexpectedly enabling the network access server to initiate the transport connection setup when that supposed to be disabled. Alternatively, when the operator basically planned transport connection setup attempts by the network access server unauthorized changes to the attribute may cause unexpected low frequency of such attempts or unexpectedly disable those attempts. Unauthorized changes to ancpNasSessionConfigNasName could confuse the AN. This may also override the operator's will to allow/avoid the network access server to autonomously determine its name. Unauthorized changes to ancpNasSessionConfigEncapPortNumber could specify a wrong transport protocol port number for the sessions, resulting in the session not being established. Unauthorized changes to ancpNasSessionConfigNotifyDnEnable and ancpNasSessionConfigNotifyUpEnable could result in notifications not being generated while they were expected to be generated, and could result in generating too many undesirable notifications. In the latter case, since the network access server is also supposed to rate limit the notifications to the SNMP manager, this could result in desired notifications being delayed or lost. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o ancpNasCurrentSessionTable Access to these objects would allow an intruder to obtain De Cnodder Expires August 17, 2008 [Page 34] Internet-Draft ANCP MIB February 2008 information about which vendor's equipment is in use on the network. Further, such information is considered sensitive in many environments for competitive reasons. * ancpNasCurrentSessionState * ancpNASCurrentSessionGsmpVersion * ancpNasurrentSessionGsmpSubVersion * ancpNasCurrentSessionAnName * ancpNasCurrentSessionNasName * ancpNasCurrentSessionAnIpAddressType * ancpNasCurrentSessionAnIpAddress * ancpNasCurrentSessionAnInstance * ancpNasCurrentSessionNasIpAddressType * ancpNasCurrentSessionNasIpAddress * ancpNasCurrentSessionNasInstance * ancpNasCurrentSessionCapabilities * ancpNasCurrentSessionStartUptime * ancpNasCurrentSessionDiscontinuityTime * ancpNasCurrentSessionStatSentMessages * ancpNasCurrentSessionStatReceivedValidMessages * ancpNasCurrentSessionStatDiscardedMessages o ancpNasCurrentSessionTable Access to these objects would allow an intruder to obtain information about particular access lines of the access node. Further, such information is considered sensitive in many environments for competitive reasons, and is discussed in [ANCPSEC]. * ancpNasAciInfoAci * ancpNasAciInfoAccessLoopRemoteIdValid * ancpNasAciInfoAccessLoopRemoteId * ancpNasAciInfoAccessAggrCircuitBinValid * ancpNasAciInfoAccessAggrCircuitBin1 * ancpNasAciInfoAccessAggrCircuitBin2 * ancpNasAciInfoAccessAggrCircuitAsciivalid * ancpNasAciInfoAccessAggrCircuitAscii * ancpNasAciInfoDslType * ancpNasAciInfoActualNetDataUpstream * ancpNasAciInfoActualNetDataRateDownstream * ancpNasAciInfoMinNetDataRateUpstreamValid * ancpNasAciInfoMinNetDataRateUpstream * ancpNasAciInfoMinNetDataRateDownstreamValid * ancpNasAciInfoMinNetDataRateDownstream * ancpNasAciInfoAttNetDataRateUpstreamValid De Cnodder Expires August 17, 2008 [Page 35] Internet-Draft ANCP MIB February 2008 * ancpNasAciInfoAttNetDataRateUpstream * ancpNasAciInfoAttNetDataRateDownstreamValid * ancpNasAciInfoAttNetDataRateDownstream * ancpNasAciInfoMaxNetDataRateUpstreamValid * ancpNasAciInfoMaxNetDataRateUpstream * ancpNasAciInfoMaxNetDataRateDownstreamValid * ancpNasAciInfoMaxNetDataRateDownstream * ancpNasAciInfoMinNetLowPowerDrUpstreamValid * ancpNasAciInfoMinNetLowPowerDrUpstream * ancpNasAciInfoMinNetLowPowerDrDownstreamValid * ancpNasAciInfoMinNetLowPowerDrDownstream * ancpNasAciInfoMaxDelayUpstreamValid * ancpNasAciInfoMaxDelayUpstream * ancpNasAciInfoActualDelayUpstreamValid * ancpNasAciInfoActualDelayUpstream * ancpNasAciInfoMaxDelayDownstreamValid * ancpNasAciInfoMaxDelayDownstream * ancpNasAciInfoActualDelayDownstreamValid * ancpNasAciInfoActualDelayDownstream * ancpNasAciInfoDslLineState * ancpNasAciInfoAccessLoopEncapValid * ancpNasAciInfoAccessLoopEncapDataLink * ancpNasAciInfoAccessLoopEncapsulation1 * ancpNasAciInfoAccessLoopEncapsulation2 SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 9. IANA considerations No actions from IANA are required. De Cnodder Expires August 17, 2008 [Page 36] Internet-Draft ANCP MIB February 2008 10. Acknowledgements The author would like to thank Moti Morgenstern who is co-author of the ANCP MIB module for access nodes, from which a lot of text has been reused for this document. 11. References 11.1. Normative References [ANCPFW] Ooghe, S., Voigt, N., Platnic, M., Haag, T., and S. Wadhwa, "Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks", draft-ietf-ancp-framework-02.txt, work in progress, July 2007. [ANCPPR] Wadhwa, S., Moisand, J., Subramanian, S., Haag, T., and N. Voigt, "GSMP extensions for layer2 control (L2C) Topology Discovery and Line Configuration", draft-wadhwa-gsmp-l2control- configuration-02.txt, work in progress, March 2006. [MIBAN] De Cnodder, S. and M. Morgenstern, "Access Node Control Protocol (ANCP) MIB module for Access Nodes", draft-ietf-ancp-mib-an-02.txt work in progress, February 2008. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3292] Doria, A., Hellstrand, F., Sundell, K., and T. Worster, "General Switch Management Protocol (GSMP) V3", RFC 3292, De Cnodder Expires August 17, 2008 [Page 37] Internet-Draft ANCP MIB February 2008 June 2002. [RFC3295] Sjostrand, H., Buerkle, J., and B. Srinivasan, "Definitions of Managed Objects for the General Switch Management Protocol (GSMP)", RFC 3295, June 2002. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [RFC4502] Waldbusser, S., "Remote Network Monitoring Management Information Base Version 2", RFC 4502, May 2006. 11.2. Informative References [ANCPSEC] Moustafa, H., Tschofenig, H., and S. De Cnodder, "Security Threats and Security Requirements for the Access Node Control Protocol (ANCP)", draft-ietf-ancp-security-threats-03.txt work in progress, October 2007. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. Author's Address Stefaan De Cnodder Alcatel-Lucent Copernicuslaan 50 B-2018 Antwerp Belgium Phone: +32 3 240 85 15 Email: stefaan.de_cnodder@alcatel-lucent.be De Cnodder Expires August 17, 2008 [Page 38] Internet-Draft ANCP MIB February 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). De Cnodder Expires August 17, 2008 [Page 39]