INTERNET DRAFT Scott Kipp G D Ramkumar McDATA Corporation Keith McCloghrie Cisco Systems January 23, 2006 The Virtual Fabrics MIB draft-ietf-imss-fc-vf-mib-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or made obsolete by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for information related to the Fibre Channel network's Virtual Fabrics function. Expires July 2006 [Page 1] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 Table of Contents 1. Introduction.....................................................3 2. The Internet-Standard Management Framework.......................3 3. Short Overview of Fibre Channel..................................3 4. Relationship to Other MIBs.......................................4 5. MIB Overview.....................................................5 5.1 Fibre Channel management instance................................5 5.2 Representing Core and Virtual Switches...........................5 6. IANA Considerations..............................................5 7. The T11-FC-IRTUAL-FABRIC-MIB Module..............................6 8. Security Considerations.........................................16 9. Acknowledgements................................................17 10. Normative References............................................17 11. Informative References..........................................18 12. Author's Addresses..............................................19 13. Intellectual Property...........................................19 Expires July 2006 [Page 2] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for information related to the Fibre Channel network's Virtual Fabric function. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Short Overview of Fibre Channel The Fibre Channel (FC) is logically a bidirectional point-to- point serial data channel, structured for high performance. Fibre Channel provides a general transport vehicle for higher level protocols such as Small Computer System Interface (SCSI) command sets, the High-Performance Parallel Interface (HIPPI) data framing, IP (Internet Protocol), IEEE 802.2, and others. Physically, Fibre Channel is an interconnection of multiple communication points, called N_Ports, interconnected either by a switching network, called a Fabric, or by a point-to- point link. A Fibre Channel "node" consists of one or more N_Ports. A Fabric may consist of multiple Interconnect Elements, some of which are switches. An N_Port connects to the Fabric via a port on a switch called an F_Port. When multiple FC nodes are connected to a single port on a switch via an "Arbitrated Loop" topology, the switch port is called an FL_Port, and the nodes' ports are called NL_Ports. The term Nx_Port is used to refer to either an N_Port or an NL_Port. The term Fx_Port is used to refer to either an Expires July 2006 [Page 3] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 F_Port or an FL_Port. A switch port, which is interconnected to another switch port via an Inter-Switch Link (ISL), is called an E_Port. A B_Port connects a bridge device with an E_Port on a switch; a B_Port provides a subset of E_Port functionality. Many Fibre Channel components, including the Fabric, each node, and most ports, have globally-unique names. These globally-unique names are typically formatted as World Wide Names (WWNs). More information on WWNs can be found in [FC- FS]. WWNs are expected to be persistent across agent and unit resets. Fibre Channel frames contain 24-bit address identifiers which identify the frame's source and destination ports. Each FC port has both an address identifier and a WWN. When a Fabric is in use, the FC address identifiers are dynamic and are assigned by a switch. Each octet of a 24-bit address represents a level in an address hierarchy, with a Domain_ID being the highest level of the hierarchy. Virtual Fabrics allow a single physical Fabric to be divided into multiple logical Fabrics. Each Virtual Fabric may be managed independently like traditional Fabrics. Virtual Fabrics are designed to achieve a better utilization of a physical infrastructure and to isolate events in one Virtual Fabric from affecting other Fabrics. When one Core Switch provides switching functions for multiple Virtual Fabrics, that Core Switch is modeled as containing multiple Virtual Switches, one for each Virtual Fabric. Each Virtual Fabric is identified by a 12-bit Virtual Fabric ID (VF_ID). When frames from multiple Virtual Fabrics are transmitted over a physical link, the VF_ID carried in a frame's Virtual Fabric Tagging Header (VFT_Header) identifies which Virtual Fabric the frame belongs to. The use of VFT_Headers is enabled through an initial negotiation exchange between the two connected ports. 4. Relationship to Other MIBs This MIB extends beyond [RFC4044] to cover the functionality, in Fibre Channel switches, of providing Fibre Channel's Virtual Fabrics function. Expires July 2006 [Page 4] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 5. MIB Overview This MIB module provides the means for monitoring the operation of, and configuring some parameters of, one or more instances of Fibre Channel Virtual Fabric functionality. (Note that there are no definitions in this MIB module of "managed actions" which can be invoked via SNMP.) The following MIB module has IMPORTS from [RFC2578], [RFC2579], [RFC2580], [RFC2863], [RFC4044] and [FC-FAM-MIB]. In REFERENCE clauses, it refers to [FC-SW-4]. 5.1 Fibre Channel management instance A Fibre Channel management instance is defined in [RFC4044] as a separable managed instance of Fibre Channel functionality. Fibre Channel functionality may be grouped into Fibre Channel management instances in whatever way is most convenient for the implementation(s). For example, one such grouping accommodates a single SNMP agent having multiple AgentX [RFC2741] sub-agents, with each sub-agent implementing a different Fibre Channel management instance. The object, fcmInstanceIndex, is IMPORTed from the FC-MGMT- MIB [RFC4044] as the index value to uniquely identify each Fibre Channel management instance within the same SNMP context ([RFC3411] section 3.3.1). The t11vfVirtualSwitchTable augments the fcmSwitchTable, and the primary index variable of the fcmSwitchTable is fcmInstanceIndex. 5.2 Representing Core and Virtual Switches In the presence of Virtual Switches, fcmSwitchTable in RFC4044 contains a row for each Virtual Switch. fcmSwitchTable, t11vfCoreSwitchTable and t11vfVirtualSwitchTable are complementary. The t11vfCoreSwitchTable and t11vfVirtualSwitchTable contain information that helps the management client determine which Switches are Virtual Switches and how each relates to a Core Switch. A Virtual Switch must reside in a single Core Switch and a Core Switch is defined as a set of entities with the same Core Switch_Name. 6. IANA Considerations IANA is requested to make the OID assignment for the MIB module under the appropriate subtree. Expires July 2006 [Page 5] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 7. The T11-FC-IRTUAL-FABRIC-MIB Module T11-FC-VIRTUAL-FABRIC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, mib-2 FROM SNMPv2-SMI -- [RFC2578] MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- [RFC2580] RowStatus, StorageType FROM SNMPv2-TC -- [RFC2579] InterfaceIndex FROM IF-MIB -- [RFC2863] fcmInstanceIndex, FcNameIdOrZero, fcmPortEntry, fcmSwitchEntry FROM FC-MGMT-MIB -- [RFC4044] T11FabricIndex FROM T11-TC-MIB; -- [FC-FAM-MIB] t11FcVirtualFabricMIB MODULE-IDENTITY LAST-UPDATED "200601230000Z" ORGANIZATION "IETF IMSS (Internet and Management Support for Storage)Working Group" CONTACT-INFO " Scott Kipp McDATA Corporation Tel: +1 720 558-3452 E-mail: scott.kipp@mcdata.com Postal: 4 McDATA Parkway Broomfield, CO USA 80021 G D Ramkumar McDATA Corporation Tel: +1 408 567-5614 E-mail: g.ramkumar@mcdata.com Postal: 4555 Great American Parkway Santa Clara, CA USA 95054 Keith McCloghrie Cisco Systems, Inc. Tel: +1 408 526-5260 E-mail: kzm@cisco.com Postal: 170 West Tasman Drive San Jose, CA USA 95134 " DESCRIPTION "This module defines management information specific to Fibre Channel Virtual Fabrics. A Virtual Fabric is a Fabric composed of partitions of switches, links and N_Ports with a single Fabric management domain, Fabric Services and independence from other Virtual Fabrics. Expires July 2006 [Page 6] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 Copyright (C) The Internet Society (2006). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." -- RFC Ed.: replace yyyy with actual RFC number & remove this note REVISION "200601230000Z" DESCRIPTION "Initial version of this MIB module, published as RFCxxxx." -- RFC-Editor, replace yyyy with actual RFC number & remove this note ::= { mib-2 nnn } -- to be assigned by IANA -- RFC Editor: replace nnn with IANA-assigned number & remove this note t11vfObjects OBJECT IDENTIFIER ::= { t11FcVirtualFabricMIB 1 } t11vfConformance OBJECT IDENTIFIER ::= { t11FcVirtualFabricMIB 2 } --******************************** -- MIB object definitions -- t11vfCoreSwitchTable OBJECT-TYPE SYNTAX SEQUENCE OF T11vfCoreSwitchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of core switches supported by the current management entity." ::= { t11vfObjects 1 } t11vfCoreSwitchEntry OBJECT-TYPE SYNTAX T11vfCoreSwitchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents one core switch." INDEX { fcmInstanceIndex, t11vfCoreSwitchSwitchName } ::= { t11vfCoreSwitchTable 1} T11vfCoreSwitchEntry ::= SEQUENCE { t11vfCoreSwitchSwitchName FcNameIdOrZero, t11vfCoreSwitchMaxSupported Unsigned32, t11vfCoreSwitchStorageType StorageType } t11vfCoreSwitchSwitchName OBJECT-TYPE SYNTAX FcNameIdOrZero MAX-ACCESS not-accessible STATUS current DESCRIPTION "The Core Switch_Name (WWN) of this Core Switch. A Expires July 2006 [Page 7] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 zero-length string for this field is not allowed. " ::= { t11vfCoreSwitchEntry 1 } t11vfCoreSwitchMaxSupported OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION " In switches that do not support Virtual Fabrics, this object has the value of 1. If Virtual Fabrics are supported, this object is the maximum number of Virtual Fabrics supported by the Core Switch. For the purpose of this count, the Control VF_ID is ignored." ::= { t11vfCoreSwitchEntry 2 } t11vfCoreSwitchStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." DEFVAL { nonVolatile } ::= { t11vfCoreSwitchEntry 3 } -- Virtual Switch table t11vfVirtualSwitchTable OBJECT-TYPE SYNTAX SEQUENCE OF T11vfVirtualSwitchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Virtual Switches. When one Core Switch provides switching functions for multiple Virtual Fabrics, that Core Switch is modeled as containing multiple Virtual Switches, one for each Virtual Fabric. This table contains one row for every Virtual Switch on every Core Switch. This table augments the basic switch information in the fcmSwitchTable Table in the FC-MGMT-MIB." REFERENCE "fcmSwitchTable is defined in the FC-MGMT-MIB [RFC4044]." ::= { t11vfObjects 2 } t11vfVirtualSwitchEntry OBJECT-TYPE SYNTAX T11vfVirtualSwitchEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION Expires July 2006 [Page 8] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 "An entry of the Virtual Switch table. Each row is for a Virtual Switch." REFERENCE "fcmSwitchEntry is defined in the FC-MGMT-MIB module [RFC4044]." AUGMENTS { fcmSwitchEntry } ::= { t11vfVirtualSwitchTable 1} T11vfVirtualSwitchEntry ::= SEQUENCE { t11vfVirtualSwitchVfId T11FabricIndex, t11vfVirtualSwitchCoreSwitchName FcNameIdOrZero, t11vfVirtualSwitchRowStatus RowStatus, t11vfVirtualSwitchStorageType StorageType } t11vfVirtualSwitchVfId OBJECT-TYPE SYNTAX T11FabricIndex MAX-ACCESS read-create STATUS current DESCRIPTION "The VF_ID of the Virtual Fabric for which this virtual switch performs its switching function. The Control VF_ID is implicitly enabled and is not set. Communication with the Control VF_ID is required. " REFERENCE "FC-SW-4, REV 7.5, section 12.2" ::= { t11vfVirtualSwitchEntry 1 } t11vfVirtualSwitchCoreSwitchName OBJECT-TYPE SYNTAX FcNameIdOrZero MAX-ACCESS read-only STATUS current DESCRIPTION "The Core Switch_Name (WWN) of the Core Switch that contains this Virtual Switch." REFERENCE "FC-SW-4, REV 7.5, section 12.2." ::= { t11vfVirtualSwitchEntry 2 } t11vfVirtualSwitchRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this row." ::= { t11vfVirtualSwitchEntry 3 } t11vfVirtualSwitchStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create Expires July 2006 [Page 9] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 STATUS current DESCRIPTION "The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." DEFVAL { nonVolatile } ::= { t11vfVirtualSwitchEntry 4 } -- Port table t11vfPortTable OBJECT-TYPE SYNTAX SEQUENCE OF T11vfPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of Port attributes related to Virtual Fabrics." ::= { t11vfObjects 3 } t11vfPortEntry OBJECT-TYPE SYNTAX T11vfPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry represents a physical Port on a switch." REFERENCE "fcmPortEntry is defined in the FC-MGMT-MIB module." AUGMENTS { fcmPortEntry } ::= { t11vfPortTable 1} T11vfPortEntry ::= SEQUENCE { t11vfPortVfId T11FabricIndex, t11vfPortTaggingAdminStatus INTEGER, t11vfPortTaggingOperStatus INTEGER, t11vfPortStorageType StorageType } t11vfPortVfId OBJECT-TYPE SYNTAX T11FabricIndex MAX-ACCESS read-write STATUS current DESCRIPTION "The Port VF_ID assigned to this Port. The Port VF_ID is the default Virtual Fabric that is assigned to untagged frames arriving at this Port. The Control VF_ID is implicitly enabled and is not set. Communication with the Control VF_ID is required. " REFERENCE "FC-SW-4, REV 7.5, section 12.1" DEFVAL {1} ::= { t11vfPortEntry 1 } Expires July 2006 [Page 10] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 t11vfPortTaggingAdminStatus OBJECT-TYPE SYNTAX INTEGER { off(1), on(2), auto(3) } MAX-ACCESS read-write STATUS current DESCRIPTION "This object is used to configure the administrative status of Virtual Fabric tagging on this Port. SET operation Description -------------- ------------------------------------------- off(1) To disable Virtual Fabric tagging on this Port. on(2) To enable Virtual Fabric tagging on this Port if the attached Port doesn't prohibit it. auto(3) To enable Virtual Fabric tagging if the peer requests it. " REFERENCE " FC-SW-4, REV 7.5, section 12.4" ::= { t11vfPortEntry 2 } t11vfPortTaggingOperStatus OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to report the operational status of Virtual Fabric tagging on this Port. SET operation Description -------------- ------------------------------------------- off(1) Virtual Fabric tagging is disabled on this Port. on(2) Virtual Fabric tagging is enabled on this Port. " REFERENCE " FC-SW-4, REV 7.5, section 12.4" ::= { t11vfPortEntry 3 } Expires July 2006 [Page 11] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 t11vfPortStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." DEFVAL { nonVolatile } ::= { t11vfPortEntry 4 } -- Locally Enabled Table t11vfLocallyEnabledTable OBJECT-TYPE SYNTAX SEQUENCE OF T11vfLocallyEnabledEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for assigning and reporting operational status of Locally-enabled Virtual Fabric IDs to Ports. The set of Virtual Fabrics operational on the Port is the bit-wise 'AND' of the set of Locally-enabled VF_IDs of this Port and the Locally-enabled VF_IDs of the attached Port." ::= { t11vfObjects 4 } t11vfLocallyEnabledEntry OBJECT-TYPE SYNTAX T11vfLocallyEnabledEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry for each Locally-enabled VF_ID on each Port." REFERENCE " FC-SW-4, REV 7.5, section 12.4" INDEX { t11vfLocallyEnabledPortIfIndex, t11vfLocallyEnabledVfId } ::= { t11vfLocallyEnabledTable 1} T11vfLocallyEnabledEntry ::= SEQUENCE { t11vfLocallyEnabledPortIfIndex InterfaceIndex, t11vfLocallyEnabledVfId T11FabricIndex, t11vfLocallyEnabledOperStatus INTEGER, t11vfLocallyEnabledRowStatus RowStatus, t11vfLocallyEnabledStorageType StorageType } t11vfLocallyEnabledPortIfIndex OBJECT-TYPE SYNTAX InterfaceIndex Expires July 2006 [Page 12] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the ifIndex which identifies the Port." ::= { t11vfLocallyEnabledEntry 1 } t11vfLocallyEnabledVfId OBJECT-TYPE SYNTAX T11FabricIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "A Locally-Enabled VF_ID on this Port." ::= { t11vfLocallyEnabledEntry 2 } t11vfLocallyEnabledOperStatus OBJECT-TYPE SYNTAX INTEGER { off(1), on(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object is used to report the operational status of Virtual Fabric tagging on this Port. SET operation Description -------------- ------------------------------------------- off(1) Virtual Fabric tagging is disabled on this Port. on(2) Virtual Fabric tagging is enabled on this Port. " REFERENCE " FC-SW-4, REV 7.3, section 12.4" ::= { t11vfLocallyEnabledEntry 3 } t11vfLocallyEnabledRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row." ::= { t11vfLocallyEnabledEntry 4 } t11vfLocallyEnabledStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION Expires July 2006 [Page 13] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 "The storage type for this conceptual row. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." DEFVAL { nonVolatile } ::= { t11vfLocallyEnabledEntry 5 } --******************************** -- Conformance Section -- t11vfMIBCompliances OBJECT IDENTIFIER ::= { t11vfConformance 1 } t11vfMIBGroups OBJECT IDENTIFIER ::= { t11vfConformance 2 } t11vfMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Describes the requirements for compliance to the Fibre Channel Virtual Fabric MIB." MODULE -- this module MANDATORY-GROUPS { t11vfGeneralGroup } OBJECT t11vfCoreSwitchMaxSupported MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfCoreSwitchStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfVirtualSwitchVfId MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfVirtualSwitchRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfVirtualSwitchStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfPortVfId MIN-ACCESS read-only DESCRIPTION "Write access is not required." Expires July 2006 [Page 14] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 OBJECT t11vfPortTaggingAdminStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfPortStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfLocallyEnabledRowStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT t11vfLocallyEnabledStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { t11vfMIBCompliances 1 } -- Units of conformance t11vfGeneralGroup OBJECT-GROUP OBJECTS { t11vfCoreSwitchMaxSupported, t11vfVirtualSwitchVfId, t11vfVirtualSwitchCoreSwitchName, t11vfVirtualSwitchRowStatus, t11vfPortVfId, t11vfPortTaggingAdminStatus, t11vfLocallyEnabledOperStatus, t11vfPortTaggingOperStatus, t11vfLocallyEnabledRowStatus, t11vfCoreSwitchStorageType, t11vfVirtualSwitchStorageType, t11vfPortStorageType, t11vfLocallyEnabledStorageType } STATUS current DESCRIPTION "A collection of objects for monitoring and configuring Virtual Fabrics in a Fibre Channel switch." ::= { t11vfMIBGroups 1 } END Expires July 2006 [Page 15] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 8. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read- create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: t11vfCoreSwitchMaxSupported, t11vfVirtualSwitchVfId, t11vfCoreSwitchStorageType, t11vfVirtualSwitchStorageType and t11vfVirtualSwitchRowStatus - the ability to change the configuration of Virtual Fabrics on a particular switch. t11vfPortTaggingAdminStatus, t11vfLocallyEnabledRowStatus, t11vfPortVfId, t11vfPortStorageType and t11vfLocallyEnabledStorageType - the ability to change the configuration of Virtual Fabrics on a port of a particular switch. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: t11vfVirtualSwitchCoreSwitchName, t11vfPortTaggingOperStatus, t11vfLocallyEnabledOperStatus, - the ability to discover configuration of Virtual Fabrics on a virtual switch or a port. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Expires July 2006 [Page 16] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 9. Acknowledgements This document is a work item of the INCITS Task Group T11.5. We wish to acknowledge the contributions and comments from the INCITS Technical Committee T11 and the IMSS WG, including the following: T11 Chair: Robert Snively, Brocade T11 Vice Chair: Claudio Desanti, Cisco Systems T11.5 Chair: Roger Cummings, Symantec IMSS WG Chair: David Black 10. Normative References [RFC4044] McCloghrie, K., "Fibre Channel Management MIB", RFC 4044, May 2005 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for Expires July 2006 [Page 17] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 SMIv2", RFC 2580, April 1999. [RFC2863] McCloghrie and K., Kastenholz, F., "The Interface Group MIB", RFC 2863, June 2000. [FC-FAM-MIB] Desanti, C., Gaonkar, V., McCloghrie, K., Gai, S., "Fibre Channel Fabric Address Manager MIB", draft-desanti-fc- fabric-addr-mgr-mib-0x.txt, April 2005. [FC-FS] "Fibre Channel Framing and Signaling (FC-FS)", ANSI NCITS 373-2003, April 2003. [FC-SW-4] "Fibre Channel Switch Fabric 4 (FC-SW-4)", ANSI NCITS xxx- 200x, T11/Project 1674-D/Rev 7.3, March 2005. 11. Informative References [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC2741] Daniele, M., Wijnen, B., Ellison, M., and D. Francisco, "Agent Extensibility (AgentX) Protocol Version 1", RFC 2741, January 2000. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 58, RFC 3411, December 2002. Expires July 2006 [Page 18] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 12. Author's Addresses Scott Kipp, McDATA Corporation 4 McDATA Parkway Broomfield, CO 80021 Phone: (720) 558-3452 Email: scott.kipp@mcdata.com G D Ramkumar McDATA Corporation 4555 Great American Parkway Santa Clara, CA 95054 Phone: (408) 567-5614 Email: g.ramkumar@mcdata.com Keith McCloghrie Cisco Systems 170 West Tasman Drive San Jose, CA USA 95134 Phone : +1 408-526-5260 Email : kzm@cisco.com 13. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may Expires July 2006 [Page 19] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Full Copyright Statement Copyright (C) The Internet Society 2006. This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Expires July 2006 [Page 20] draft-ietf-imss-fc-vf-mib-01.txt Internet Draft Virtual Fabrics MIB January 2006 Expiration Notice This Internet-Draft expires in July 2006. Expires July 2006 [Page 21]