| TOC |
|
By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 15, 2008.
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing the Border Gateway Protocol's Community extension.
1.
Introduction
2.
The Internet-Standard Management Framework
3.
Conventions
4.
Overview
5.
Structure of the MIB Module
5.1.
Global Scalars
5.2.
Tables
5.3.
Textual Conventions
6.
Relationship to Other MIB Modules
6.1.
Relationship to the BGP-4 MIB, Second Version
6.2.
MIB modules required for IMPORTS
7.
Definitions
8.
Security Considerations
9.
IANA Considerations
10.
Acknowledgements
11.
References
11.1.
Normative References
11.2.
Informative References
| TOC |
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing the Border Gateway Protocol's Community extension. [RFC1997] (Chandrasekeran, R., Traina, P., and T. Li, “BGP Communities Attribute,” August 1996.).
| TOC |
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410] (Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” December 2002.).
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” April 1999.), STD 58, RFC 2579 [RFC2579] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” April 1999.) and STD 58, RFC 2580 [RFC2580] (McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” April 1999.).
| TOC |
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).
| TOC |
The BGP-4 MIB, Version 2, provides for an extension mechanism by which BGP extensions can have MIBs created under the BGP-4 MIB subtree. This MIB documents the objects for managing the BGP-4 Community extension as documented in [RFC1997] (Chandrasekeran, R., Traina, P., and T. Li, “BGP Communities Attribute,” August 1996.).
| TOC |
| TOC |
| TOC |
| TOC |
| TOC |
| TOC |
The BGP-4 MIB provides the bgpExtensions point which is used in the root OID for this module.
Additionally, as BGP communities are properties of the Path Attributes set sent for reachability, the base BGP-4 MIB provides the index for this table, bgpAfPathAttrIndex.
Note well that bgpAfPathAttrIndex is meant to be distinct for each received set of Path Attributes.
| TOC |
The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” April 1999.), SNMPv2-TC [RFC2579] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” April 1999.), SNMPv2-CONF [RFC2580] (McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” April 1999.) and the BGP-4 MIB, Version 2.
| TOC |
BGP4-COMMUNITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Gauge32, Unsigned32
FROM SNMPv2-SMI
TEXTUAL-CONVENTION
FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB
bgpExtensions, bgpAfPathAttrIndex
FROM BGP4-MIB;
bgpCommunity MODULE-IDENTITY
LAST-UPDATED "200711110000Z"
ORGANIZATION "IETF IDR Working Group"
CONTACT-INFO "E-mail: idr@ietf.org"
DESCRIPTION
"This MIB module defines additional management objects
for the Border Gateway Protocol, Version 4.
Specifically, it adds objects for the management of the
BGP Community PATH_ATTRIBUTE as documented in RFC 1997."
::= { bgpExtensions 1 }
--
-- Textual Conventions
--
BgpCommunityTC ::= TEXTUAL-CONVENTION
DISPLAY-HINT "2d:"
STATUS current
DESCRIPTION
"The representation of a BGP Community."
SYNTAX OCTET STRING(SIZE(4))
--
-- BGP Community Scalars
--
bgpCommunityTotal OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of community sets managed by
this system."
::= { bgpCommunity 1 }
--
-- BGP Communities per-NLRI entry.
--
bgpCommunityAfPathAttrTable OBJECT-TYPE
SYNTAX SEQUENCE OF BgpCommunityAfPathAttrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The BGP-4 Path Attribute Community Table contains the
per network path (NLRI) data on the community membership
advertised with a route. The absence of row data for a
given index value for bgpCommunityPathAttrIndex
indicates a lack of this attribute information for the
indicated network path."
::= { bgpCommunity 2 }
bgpCommunityAfPathAttrEntry OBJECT-TYPE
SYNTAX BgpCommunityAfPathAttrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a community association
provided with a path to a network."
INDEX {
bgpAfPathAttrIndex
}
::= { bgpCommunityAfPathAttrTable 1 }
BgpCommunityAfPathAttrEntry ::= SEQUENCE {
bgpCommunityString
SnmpAdminString,
bgpCommunityIndex
Unsigned32
}
bgpCommunityString OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This is a string depicting the set of communities
associated with a given NLRI. The format of this
string is implementation-dependent and should be
designed for operator readability.
Note that SnmpAdminString is only capable of
representing a maximum of 255 characters. This may
lead to the string being truncated in the presence of a
large community set. The bgpCommunityTable will give
access to the full community set.
It is RECOMMENDED that for rows sharing the same value
in bgpCommunityTableIndex that the bgpCommunityString
also be identical."
::= { bgpCommunityAfPathAttrEntry 1 }
bgpCommunityIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value is an index for the sub-components of a
community set in the bgpCommunityElementTable. It is
assigned by the agent at the point of creation of the
bgpCommunityElementTable row entry. While its value is
guaranteed to be unique at any time, it is otherwise
opaque to the management application with respect to its
value or the contiguity of the bgpCommunityTableIndex row
intance values across rows of the bgpCommunityTable.
Additionally, this value, which represents a distinct set
of communities, is used as an index in the
bgpCommunitySetTable.
It is particularly important to note that there may be a
many-to-one relationship between this object for a given
set of indices to a particular bgpCommunityTableIndex.
This is because many NLRI may share the same community
set."
::= { bgpCommunityAfPathAttrEntry 2 }
--
-- Table of a Community Set's Components
--
bgpCommunityElementTable OBJECT-TYPE
SYNTAX SEQUENCE OF BgpCommunityElementEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The bgpCommunityElementTable allows individual
sub-components of a community set to be examined in a
canonical fashion."
::= { bgpCommunity 3 }
bgpCommunityElementEntry OBJECT-TYPE
SYNTAX BgpCommunityElementEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about sub-components for a set of
communities."
INDEX {
bgpCommunityIndex,
bgpCommunityElementIndex
}
::= { bgpCommunityElementTable 1 }
BgpCommunityElementEntry ::= SEQUENCE {
bgpCommunityElementIndex
Unsigned32,
bgpCommunityElementValue
BgpCommunityTC,
bgpCommunityElementWellKnown
INTEGER
}
bgpCommunityElementIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An integer index for a row in this table."
::= { bgpCommunityElementEntry 1 }
bgpCommunityElementValue OBJECT-TYPE
SYNTAX BgpCommunityTC
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A value representing a community. There are certain
4-octet long values which could be returned in this
columnar row data that carry additional semantics."
REFERENCE
"RFC 1997 - BGP Community Attribute"
::= { bgpCommunityElementEntry 2 }
bgpCommunityElementWellKnown OBJECT-TYPE
SYNTAX INTEGER {
notWellKnown(1),
noExport(2),
noAdvertise(3),
noExportSubconfed(4),
noPeer(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"In the case that a given community is a 'well-known'
community, this object is set to the appropriate
value."
REFERENCE
"RFC 1997, 'Well-Known Communities'.
RFC 3765, NOPEER Community for Border Gateway Protocol."
::= { bgpCommunityElementEntry 3 }
--
-- Table of a Community Set's common properties.
--
bgpCommunitySetTable OBJECT-TYPE
SYNTAX SEQUENCE OF BgpCommunitySetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table tracks properties that a given set of
communities, as identified by a bgpCommunityIndex,
may share."
::= { bgpCommunity 4 }
bgpCommunitySetEntry OBJECT-TYPE
SYNTAX BgpCommunitySetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Properties shared by a given set of communities."
INDEX {
bgpCommunityIndex
}
::= { bgpCommunitySetTable 1 }
BgpCommunitySetEntry ::= SEQUENCE {
bgpCommunitySetReferences
Gauge32
}
bgpCommunitySetReferences OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Some implementation may track the number of times that
a distinct community set is referenced. One example of
this is a set of NLRI that share the same set of
communities.
The implementation of this object is completely
OPTIONAL."
::= { bgpCommunitySetEntry 1 }
--
-- Conformance Information
--
bgpCommunityConformance
OBJECT IDENTIFIER ::= { bgpCommunity 5 }
bgpCommunityMIBCompliances OBJECT IDENTIFIER ::=
{ bgpCommunityConformance 1 }
bgpCommunityMIBGroups OBJECT IDENTIFIER ::=
{ bgpCommunityConformance 2 }
bgpCommunityMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for entities which
implement the BGP4 mib."
MODULE -- this module
MANDATORY-GROUPS {
bgpCommunityRequiredGroup
}
GROUP bgpCommunityRequiredGroup
DESCRIPTION
"All members of this GROUP MUST be implemented to
support this MIB."
GROUP bgpCommunityOptionalGroup
DESCRIPTION
"Members of this GROUP MAY be implemented. Individual
objects with implementation dependencies will be
documented in the DESCRIPTION clauses for those
objects."
::= { bgpCommunityMIBCompliances 1 }
bgpCommunityRequiredGroup OBJECT-GROUP
OBJECTS {
bgpCommunityTotal,
bgpCommunityString,
bgpCommunityIndex,
bgpCommunityElementValue,
bgpCommunityElementWellKnown
}
STATUS current
DESCRIPTION
"Objects associated with BGP communities that are
required to be implemented in this MIB."
::= { bgpCommunityMIBGroups 1 }
bgpCommunityOptionalGroup OBJECT-GROUP
OBJECTS {
bgpCommunitySetReferences
}
STATUS current
DESCRIPTION
"Objects associated with BGP communities that may
optionally be implemented in this MIB."
::= { bgpCommunityMIBGroups 2 }
END
| TOC |
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410] (Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” December 2002.), section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
| TOC |
This memo includes no request to IANA.
| TOC |
The BGP-4 MIB extension mechanism owes thanks to Wayne Tackabury and the OPS Working Group MIB Doctors. An earlier form of this extension mechanism was originally attempted with Mathew Richardson and Shane Wright, formerly of NextHop Technologies.
| TOC |
| TOC |
| [RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997 (TXT, HTML, XML). |
| [RFC2578] | McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” STD 58, RFC 2578, April 1999 (TXT). |
| [RFC2579] | McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” STD 58, RFC 2579, April 1999 (TXT). |
| [RFC2580] | McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” STD 58, RFC 2580, April 1999 (TXT). |
| [RFC1997] | Chandrasekeran, R., Traina, P., and T. Li, “BGP Communities Attribute,” RFC 1997, August 1996 (TXT). |
| TOC |
| [RFC3410] | Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” RFC 3410, December 2002 (TXT). |
| TOC |
| Jeffrey Haas | |
| Phone: | |
| EMail: | jhaas@pfrc.org |
| TOC |
Copyright © The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an “AS IS” basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.