Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 4131

Management Information Base for Data Over Cable Service Interface Specification (DOCSIS) Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus

Pages: 85
Proposed Standard
Updated by:  9141
Part 1 of 4 – Pages 1 to 5
None   None   Next

Top   ToC   RFC4131 - Page 1
Network Working Group                                           S. Green
Request for Comments: 4131                                    Consultant
Category: Standards Track                                       K. Ozawa
                                                                 Toshiba
                                                         E. Cardona, Ed.
                                                               CableLabs
                                                           A. Katsnelson
                                                          September 2005

                    Management Information Base for
 Data Over Cable Service Interface Specification (DOCSIS) Cable Modems
     and Cable Modem Termination Systems for Baseline Privacy Plus

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines a set of managed objects for Simple Network Management Protocol (SNMP) based management of the Baseline Privacy Plus features of DOCSIS 1.1 and DOCSIS 2.0 (Data-over-Cable Service Interface Specification) compliant Cable Modems and Cable Modem Termination Systems.

Table of Contents

1. The Internet-Standard Management Framework..................... 2 2. Overview....................................................... 2 2.1. Structure of the MIB...................................... 3 2.2. Relationship of BPI+ and BPI MIB Modules.................. 4 2.3. BPI+ MIB Module Relationship with The Interfaces Group MIB 5 3. Definitions.................................................... 5 4. Acknowledgements............................................... 77 5. Normative References........................................... 77 6. Informative References......................................... 78 7. Security Considerations........................................ 79 8. IANA Considerations............................................ 83
Top   ToC   RFC4131 - Page 2

1. The Internet-Standard Management Framework

For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].

2. Overview

This MIB module (BPI+ MIB) provides a set of objects required for the management of the Baseline Privacy Interface Plus features of DOCSIS 1.1 and DOCSIS 2.0 Cable Modem (CM) and Cable Modem Termination System (CMTS). The specification is derived from the operational model described in the DOCSIS Baseline Privacy Interface Plus Specification [DOCSIS]. DOCSIS Baseline Privacy Plus is composed of four distinct functional and manageable areas: o Key exchange and data encryption o Cable modem authentication o Multicast encryption o Authentication of downloaded software images This MIB module is an extension of the DOCSIS 1.0 Baseline Privacy MIB module [RFC3083] (BPI MIB), which is derived from the Operational model described in the DOCSIS Baseline Privacy Interface Specification [DOCSIS-1.0]. The original Baseline Privacy MIB structure has mostly been preserved in the Baseline Privacy Plus MIB. Please note that the referenced DOCSIS specifications only require that Cable Modems process IPv4 customer traffic. Design choices in this MIB module reflect those requirements. Future versions of the DOCSIS specifications are expected to require support for IPv6 as well.
Top   ToC   RFC4131 - Page 3
   Conventions Used in This Document

      The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
      in this document are to be interpreted as described in BCP 14, RFC
      2119 [RFC2119].

2.1. Structure of the MIB

This MIB module is structured into several tables and objects.

2.1.1. Cable Modem

o The docsBpi2CmBaseTable contains authorization key exchange information for one CM MAC interface. o The docsBpi2CmTEKTable contains traffic key exchange and data encryption information for a particular security association ID of the cable modem. o Multicast Encryption information is maintained under Docsbpi2CmMulticastObjects. There is currently one multicast table object that manages IP multicast encryption, docsBpi2CmIpMulticastMapTable. o Digital certificates used for cable modem authentication are accessible via docsBpi2CmDeviceCertTable. o Cryptographic suite capabilities for a CM MAC are maintained in the docsBpi2CmCryptoSuiteTable.

2.1.2. Cable Modem Termination System

o The docsBpi2CmtsBaseTable contains default settings and summary counters for the cable modem termination system. o The DocsBpi2CmtsAuthTable contains Authorization Key Exchange information for each CM MAC interface, as well as data from CM certificates used in cable modem authentication. o The docsBpi2CmtsTEKTable contains traffic key exchange and data encryption information for a particular security association ID. o Multicast Encryption information is maintained under Docsbpi2CmtsMulticastObjects. There are currently two multicast table objects. The Table docsBpi2CmtsIpMulticastMapTable is
Top   ToC   RFC4131 - Page 4
      specifically designed for IP multicast encryption, whereas
      docsBpi2CmtsMulticastAuthTable is meant to manage all multicast
      security associations.

         In particular, the table docsBpi2CmtsIpMulticastMapTable
         defines the object docsBpi2CmtsIpMulticastMask, which could be
         a non-contiguous netmask; this is why the object syntax is
         based on the INET-ADDRESS-MIB MIB Module [RFC4001] Textual
         Convention InetAddress instead of InetAddressPrefixLength.

         This is to facilitate the assignment of same DOCSIS Security
         Association ID (SAID) to one or more IPv6 multicast group IDs
         matching one or more IPv6 multicast scope types within an entry
         in this table.  For example, multicast scopes labeled
         "unassigned" [RFC3513] may be allocated by administrators to a
         particular SAID, regardless of their multicast scope; such
         mapping transient multicast group 'Y' to SAID 'z' for ANY
         multicast scope.  The non-contiguous netmask will be FF10:Y.
         See [RFC3513] for details on IPv6 multicast addressing.

   o  DocsBpi2CmtsCertObjects contains 2 manageable tables: one for
      provisioned cable modem certificates and one for certification
      authority certificates.

2.1.3. Common

o The docsBpi2CodeDownloadControl objects manage the authenticated software download process for a given device.

2.2. Relationship of BPI+ and BPI MIB Modules

This section describes the relationship between the BPI+ MIB module defined in this document and the BPI MIB module defined in RFC 3083 [RFC3083]. The BPI+ protocol interface is an enhancement to the BPI protocol, and it is a distinct protocol from BPI. The associated BPI+ managed objects should be considered separate from the BPI MIB objects defined in RFC 3083. DOCSIS 1.1 and 2.0 systems implement both the BPI+ and BPI protocols to be backward compatible with 1.0 systems. For more information regarding the interoperability between BPI and BPI+ compliant systems, refer to appendix C of the DOCSIS BPI+ specification [DOCSIS]. For MIB modules requirements, refer to section 4.6.1, Figure 9, of the DOCSIS 1.1 OSSI specification [DOCSIS-1.1] and to section 7.6.1, Tables 7-9, of the DOCSIS 2.0 OSSI specification [DOCSIS-2.0].
Top   ToC   RFC4131 - Page 5

2.3. BPI+ MIB Module Relationship with the Interfaces Group MIB

The BPI+ MIB module is the management framework of Baseline Privacy Plus Interface Specification [DOCSIS], which provides the MAC layer (Media Access Control) security services of DOCSIS through the Baseline Privacy Key Management (BPKM) protocol. The BPI+ MIB module objects are organized as extensions of the Radio Frequency (RF) Interface Management [RFC2670]. The MIB table structures of this MIB Module are extensions of the DOCSIS CATV (Community Antenna Television) MAC layer interface (DocsCableMaclayer by [IANA]). In particular, the provisions of the Interface Group MIB [RFC2863] for counter discontinuities and system re-initialization apply to CM and CMTS to validate the difference between two consecutive counter polls. All BPI+ MIB module counters are 32 bits and are based on the minimum time to wrap up considerations of [RFC2863] and their possible frequency occurrence as BPI+ FSM (Finite State Machine) event counters. See [DOCSIS] for BPI+ FSM parameter guidelines.


(page 5 continued on part 2)

Next Section