The Differentiated Services Configuration MIB
draft-ietf-snmpconf-diffpolicy-09
The information below is for an old version of the document that is already published as an RFC.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 3747.
|
|
---|---|---|---|
Authors | Harrie Hazewinkel , David Partain | ||
Last updated | 2015-10-14 (Latest revision 2003-11-26) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | Proposed Standard | ||
Formats | |||
Additional resources | mailto%3Asnmpconf-request%40snmp.com%20%28index%20snmpconf%20in%20body%29 | ||
Stream | WG state | (None) | |
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 3747 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Bert Wijnen | ||
Send notices to | (None) |
draft-ietf-snmpconf-diffpolicy-09
"200311240000Z" -- 24 November 2003
DESCRIPTION
"Initial version publish as RFC yyyy"
-- RFC Ed.: replace yyyy with actual RFC number & remove this note
::= { mib-2 xxx }
-- RFC Ed.: replace xxx with IANA-assigned number & remove this note
diffServConfigMIBObjects OBJECT IDENTIFIER ::= { diffServConfigMib 1 }
diffServConfigMIBConformance OBJECT IDENTIFIER ::= { diffServConfigMib 2 }
--
-- The Differentiated Services configuration objects
SNMPCONF WG Expires May 2004 [Page 19]
Internet Draft Differentiated Services Configuration MIB November 2003
--
diffServConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF DiffServConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table which defines the various per-hop-behaviors
for which the system has default 'templates'."
::= { diffServConfigMIBObjects 2 }
diffServConfigEntry OBJECT-TYPE
SYNTAX DiffServConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry defining a per-hop-behavior. Each entry in
this table combines the various parameters (entries)
into a specific per-hop-behavior. Entries in this
table might be defined by a vendor (pre-configured)
or defined by a management application."
INDEX { diffServConfigId }
::= { diffServConfigTable 1 }
DiffServConfigEntry ::= SEQUENCE {
diffServConfigId SnmpAdminString,
diffServConfigDescr SnmpAdminString,
diffServConfigOwner SnmpAdminString,
diffServConfigLastChange DateAndTime,
diffServConfigStart RowPointer,
diffServConfigStorage StorageType,
diffServConfigStatus RowStatus
}
diffServConfigId OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..116))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique id for the per-hop-behavior policy for at
least the SNMP agent. For ease of administration the
value may be unique within an administrative domain,
but this is not required.
The range of up to 116 octets is chosen to stay within
SNMPCONF WG Expires May 2004 [Page 20]
Internet Draft Differentiated Services Configuration MIB November 2003
the SMI limit of 128 sub-identifiers in an object
identifier."
::= { diffServConfigEntry 1 }
diffServConfigDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"A human-readable description to identify this defined
per-hop-behavior. Note that this is an SnmpAdminString,
which permits UTF-8 strings. An administratively assigned
identifier for a template that would be unique within
an administrative domain. It is up to the management
applications to agree how these are assigned within the
administrative domain. Once a description, such as
'EF' is assigned, that has a certain set of parameters
that achieve 'EF' from box to box, so management
application code or Script code can easily scan
the table to find the proper template and then easily
assign it."
::= { diffServConfigEntry 2 }
diffServConfigOwner OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The owner who created this entry."
::= { diffServConfigEntry 3 }
diffServConfigLastChange OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The date and time when this entry was last changed."
::= { diffServConfigEntry 4 }
diffServConfigStart OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The pointer to a functional datapath configuration template as
SNMPCONF WG Expires May 2004 [Page 21]
Internet Draft Differentiated Services Configuration MIB November 2003
set up in the DIFFSERV-MIB. This RowPointer should
point to an instance of one of:
diffServClfrEntry
diffServMeterEntry
diffServActionEntry
diffServAlgDropEntry
diffServQEntry
A value of zeroDotZero in this attribute indicates no
further Diffserv treatment is performed on traffic of
this functional datapath. This also means that the
template described by this row is not defined.
If the row pointed to does not exist, the treatment
is as if this attribute contains a value of zeroDotZero."
REFERENCE
"Differentiated Services MIB module"
DEFVAL { zeroDotZero }
::= { diffServConfigEntry 5 }
diffServConfigStorage OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The type of storage used for this row.
Since an entry in this tables serves as a starting
point for a configuration, it is recommended that
all entries comprising the configuration started by
diffServConfigStart follow the storage type of this
entry. Otherwise, after agent reboots a configuration
may differ. It may very well be that the agent is
not capable of detecting such changes and therefore,
the management application should verify the correct
configuration after a reboot. Rows with a StorageType
of 'permanent' do not need to allow write access to
any of the columnar objects in that row."
DEFVAL { nonVolatile }
::= { diffServConfigEntry 6 }
diffServConfigStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
SNMPCONF WG Expires May 2004 [Page 22]
Internet Draft Differentiated Services Configuration MIB November 2003
DESCRIPTION
"RowStatus object used for creation and deletion of
rows in this table. All writable objects in this row
may be modified at any time."
DEFVAL { notInService }
::= { diffServConfigEntry 7 }
--
-- MIB Compliance statements.
--
diffServConfigMIBCompliances
OBJECT IDENTIFIER ::= { diffServConfigMIBConformance 1 }
diffServConfigMIBGroups
OBJECT IDENTIFIER ::= { diffServConfigMIBConformance 2 }
diffServConfigMIBFullCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The full compliance for this MIB module.
For this compliance level the 'diffServMIBFullCompliance'
must be met, since this MIB module depends on it in order
to provide the configuration entries.
"
MODULE -- This module
MANDATORY-GROUPS { diffServConfigMIBConfigGroup }
OBJECT diffServConfigStatus
SYNTAX RowStatus { active(1) }
WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) }
DESCRIPTION
"Support for createAndWait and notInService is not required."
::= { diffServConfigMIBCompliances 1 }
diffServConfigMIBConfigGroup OBJECT-GROUP
OBJECTS { diffServConfigDescr,
diffServConfigOwner,
diffServConfigLastChange,
diffServConfigStart,
diffServConfigStorage,
diffServConfigStatus
}
STATUS current
SNMPCONF WG Expires May 2004 [Page 23]
Internet Draft Differentiated Services Configuration MIB November 2003
DESCRIPTION
"The per-hop-behavior Group defines the MIB objects that
describe the configuration template for the per-hop-behavior."
::= { diffServConfigMIBGroups 1 }
END
SNMPCONF WG Expires May 2004 [Page 24]
Internet Draft Differentiated Services Configuration MIB November 2003
8. Security Considerations
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These managed objects are:
- The diffServConfigDescr, diffServConfigOwner and
diffServConfigStatus are not security sensitive since these
three object do not affect any direct operational behavior
of a diffserv capable device.
- Unauthorized change of the diffServConfigStart could lead
to a different configuration and the 'changed' configuration
could lead to different traffic treatment for the diffserv
capable device than desired.
- Unauthorized change of the diffServConfigStorage could lead
to unknown behavior of the diffserv capable device after
a reboot of the SNMP agent. This may be caused by 'not
having saved changes of the configuration' or unavailable
configurations.
In addition, the managed objects of the DIFFSERV-MIB are also
security sensitive, since unauthorized changes may cause
configuration changes. For more detail, refer to [RFC3289].
Allowing read access to objects in this MIB module is generally not
considered sensitive, as read access only provides information that a
template exists. This is due to the fact that the managed objects
that actually instantiate the template are in the DIFFSERV-MIB
[RFC3289]. However, in environments where the template description
(diffServConfigDescr) or owner (diffServConfigOwner) is considered
sensitive information, appropriate access control should be exercised
for these objects.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec),
there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this
MIB module.
It is RECOMMENDED that implementers consider the security features as
SNMPCONF WG Expires May 2004 [Page 25]
Internet Draft Differentiated Services Configuration MIB November 2003
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, deployment of SNMPv3 with cryptographic
security enabled is RECOMMENDED. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to GET or SET (change/create/delete) them.
9. Acknowledgments
The editors gratefully acknowledge the significant contributions to
this work made by several members of both the SNMPCONF and DiffServ
working groups.
10. Editors' Addresses
Harrie Hazewinkel
I.Net
v. Darwin, 85
20019 - Settimo Milanese (MI), Italy
EMail: harrie@inet.it
David Partain
Ericsson AB
P.O. Box 1248
SE-581 12 Linkoping
Sweden
EMail: David.Partain@ericsson.com
11. Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
SNMPCONF WG Expires May 2004 [Page 26]
Internet Draft Differentiated Services Configuration MIB November 2003
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
12. Intellectual Property
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
SNMPCONF WG Expires May 2004 [Page 27]
Internet Draft Differentiated Services Configuration MIB November 2003
13. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field
(DS Field) in the IPv4 and IPv6 Headers", RFC 2474,
December 1998.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E.,
Wang, Z., and W. Weiss, "An Architecture for
Differentiated Services", RFC 2475, December 1998.
[RFC3512] MacFaden M., Partain D., Saperia J., and W. Tackabury,
"Configuring Networks and Devices with Simple Network
Management Protocol (SNMP)," RFC 3512, April 2003.
[PMMIBDR] Waldbusser, S., J. Saperia, and T. Hongal,
"Policy-based Management MIB",
draft-ietf-snmpconf-pm-13.txt, Work in Progress,
March 2003.
SNMPCONF WG Expires May 2004 [Page 28]
Internet Draft Differentiated Services Configuration MIB November 2003
14. Normative References
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999.
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999.
[RFC3289] Baker, F., K. Chan, and A. Smith, "Management
Information Base for the Differentiated Services
Architecture", RFC 3289, May 2002.
[RFC3411] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture
for Describing Simple Network Management Protocol (SNMP)
Management Frameworks", STD 62, RFC 3411, December 2002.
SNMPCONF WG Expires May 2004 [Page 29]