RFC 8150
MPLS Transport Profile Linear Protection MIB
Pages: 48
Proposed Standard
Proposed Standard
Part 2 of 2 – Pages 25 to 48
mplsLpsConfigCommand OBJECT-TYPE
SYNTAX MplsLpsCommand
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Allows the initiation of an operator command on
the protection domain.
When read, this object returns the last command written
or noCmd if no command has been written since initialization.
The return of the last command written does not imply that
this command is currently in effect. This request may have
been preempted by a higher-priority local or remote request.
This object may be modified if the associated
mplsLpsConfigRowStatus object is equal to active(1)."
REFERENCE
"Sections 3.1 and 3.2 of RFC 6378 and Sections 4.3 and 6 of
RFC 7271"
DEFVAL { noCmd }
::= { mplsLpsConfigEntry 13 }
mplsLpsConfigCreationTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime at the time the row was created."
::= { mplsLpsConfigEntry 14 }
mplsLpsConfigRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object represents the status of the MPLS-TP linear
protection domain entry. This variable is used to
create, modify, and/or delete a row in this table."
::= { mplsLpsConfigEntry 15 }
mplsLpsConfigStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row.
Conceptual rows having the value 'permanent' need not
allow write access to any columnar objects in the row."
DEFVAL { nonVolatile }
::= { mplsLpsConfigEntry 16 }
--
-- MPLS-TP Linear Protection Switching Status Table.
-- This table provides protection domain statistics.
--
mplsLpsStatusTable OBJECT-TYPE
SYNTAX SEQUENCE OF MplsLpsStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table provides status information about MPLS-TP
linear protection domains that have been configured
on the system."
::= { mplsLpsObjects 3 }
mplsLpsStatusEntry OBJECT-TYPE
SYNTAX MplsLpsStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row in the mplsLpsStatusTable."
AUGMENTS { mplsLpsConfigEntry }
::= { mplsLpsStatusTable 1 }
MplsLpsStatusEntry ::= SEQUENCE {
mplsLpsStatusState MplsLpsState,
mplsLpsStatusReqRcv MplsLpsReq,
mplsLpsStatusReqSent MplsLpsReq,
mplsLpsStatusFpathPathRcv MplsLpsFpathPath,
mplsLpsStatusFpathPathSent MplsLpsFpathPath,
mplsLpsStatusRevertiveMismatch TruthValue,
mplsLpsStatusProtecTypeMismatch TruthValue,
mplsLpsStatusCapabilitiesMismatch TruthValue,
mplsLpsStatusPathConfigMismatch TruthValue,
mplsLpsStatusFopNoResponses Counter32,
mplsLpsStatusFopTimeouts Counter32
}
mplsLpsStatusState OBJECT-TYPE
SYNTAX MplsLpsState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current state of the PSC state machine."
REFERENCE
"Section 11 of RFC 7271"
::= { mplsLpsStatusEntry 1 }
mplsLpsStatusReqRcv OBJECT-TYPE
SYNTAX MplsLpsReq
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current value of the PSC Request field received on
the most recent PSC packet."
REFERENCE
"Section 4.2 of RFC 6378"
::= { mplsLpsStatusEntry 2 }
mplsLpsStatusReqSent OBJECT-TYPE
SYNTAX MplsLpsReq
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current value of the PSC Request field sent on the
most recent PSC packet."
REFERENCE
"Section 4.2 of RFC 6378"
::= { mplsLpsStatusEntry 3 }
mplsLpsStatusFpathPathRcv OBJECT-TYPE
SYNTAX MplsLpsFpathPath
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current value of the FPath and Path fields received
on the most recent PSC packet."
REFERENCE
"Section 4.2 of RFC 6378"
::= { mplsLpsStatusEntry 4 }
mplsLpsStatusFpathPathSent OBJECT-TYPE
SYNTAX MplsLpsFpathPath
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current value of the FPath and Path fields sent
on the most recent PSC packet."
REFERENCE
"Section 4.2 of RFC 6378"
::= { mplsLpsStatusEntry 5 }
mplsLpsStatusRevertiveMismatch OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates a provisioning mismatch in the
revertive mode across the protection domain endpoints.
The value of this object becomes true when a PSC message with
an incompatible Revertive field is received or false when a
PSC message with a compatible Revertive field is received."
REFERENCE
"Section 12 of RFC 7271"
::= { mplsLpsStatusEntry 6 }
mplsLpsStatusProtecTypeMismatch OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates a provisioning mismatch in the
protection type, representing both the bridge type and the
switching type, across the protection domain endpoints.
The value of this object becomes true when a PSC message with
an incompatible Protection Type (PT) field is received or
false when a PSC message with a compatible PT field is
received."
REFERENCE
"Section 12 of RFC 7271"
::= { mplsLpsStatusEntry 7 }
mplsLpsStatusCapabilitiesMismatch OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates a provisioning mismatch in
Capabilities TLVs across the protection domain endpoints.
The value of this object becomes true when a PSC message with
an incompatible Capabilities TLV field is received or false
when a PSC message with a compatible Capabilities TLV field is
received.
The Capabilities TLV with 0xF8000000 indicates that the APS
mode is used for the MPLS-TP linear protection mechanism,
whereas the PSC mode either (1) uses the Capabilities TLV
with a value of 0x0 or (2) does not use the Capabilities TLV
because the TLV does not exist."
REFERENCE
"Section 12 of RFC 7271"
::= { mplsLpsStatusEntry 8 }
mplsLpsStatusPathConfigMismatch OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates a provisioning mismatch in the
protection path configuration for PSC communication across
the protection domain endpoints.
The value of this object becomes true when a PSC message is
received from the working path or false when a PSC message
is received from the protection path."
REFERENCE
"Section 12 of RFC 7271"
::= { mplsLpsStatusEntry 9 }
mplsLpsStatusFopNoResponses OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object holds the number of occurrences of protocol
failure due to a lack of response to a traffic
switchover request within 50 ms.
When there is a traffic switchover due to a local request,
a 50 ms timer is started to detect protocol failure due to
no response. If there is no PSC message received with the
same Path value as the Path value in the transmitted
PSC message until the 50 ms timer expires, protocol failure
due to no response occurs."
REFERENCE
"Section 12 of RFC 7271"
::= { mplsLpsStatusEntry 10 }
mplsLpsStatusFopTimeouts OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object holds the number of occurrences of protocol
failure due to no PSC message being received during
at least 3.5 times the long PSC message interval.
When no PSC message is received on the protection path during
at least 3.5 times the long PSC message interval and there
is no defect on the protection path, protocol failure due to
no PSC message occurs."
REFERENCE
"Section 12 of RFC 7271"
::= { mplsLpsStatusEntry 11 }
-- MPLS-TP Linear Protection ME Association Configuration Table.
-- This table supports the addition, configuration, and deletion
-- of MPLS-TP linear protection MEs in protection domains.
mplsLpsMeConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF MplsLpsMeConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lists ME associations that have been configured
in protection domains."
::= { mplsLpsObjects 4 }
mplsLpsMeConfigEntry OBJECT-TYPE
SYNTAX MplsLpsMeConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row in the mplsLpsMeConfigTable. There is
a sparse relationship between the conceptual rows of
this table and the mplsOamIdMeTable.
Each time that an entry is created in the mplsOamIdMeTable
for which the LER supports MPLS-TP linear protection,
a row is created automatically in the mplsLpsMeConfigTable.
An entry in this table is related to a single entry in
the mplsOamIdMeTable. When a point-to-point transport path
needs to be monitored, one ME is needed for the path,
and one entry in the mplsOamIdMeTable will be created.
But the ME entry in the mplsOamIdMeTable may or may not
participate in protection switching.
If an ME participates in protection switching, an entry in
the mplsLpsMeConfigTable MUST be created, and the objects
in the entry indicate which protection domain this ME
belongs to and whether this ME is for the working path or
the protection path.
If the ME does not participate in protection switching,
an entry in the mplsLpsMeConfigTable does not need
to be created."
INDEX {mplsOamIdMegIndex, mplsOamIdMeIndex, mplsOamIdMeMpIndex}
::= { mplsLpsMeConfigTable 1 }
MplsLpsMeConfigEntry ::= SEQUENCE {
mplsLpsMeConfigDomain Unsigned32,
mplsLpsMeConfigPath INTEGER
}
mplsLpsMeConfigDomain OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object holds the mplsLpsConfigDomainIndex value for
the protection domain in which this ME is included.
If this ME is not part of any protection domain, then
this object contains the value 0.
When the value of this object is the same as the value of
mplsLpsConfigDomainIndex, the object is defined as either
the working path or the protection path of the
protection domain corresponding to mplsLpsConfigDomainIndex."
DEFVAL { 0 }
::= { mplsLpsMeConfigEntry 1 }
mplsLpsMeConfigPath OBJECT-TYPE
SYNTAX INTEGER { working(1), protection(2) }
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object represents whether the ME is configured
as the working path or the protection path."
REFERENCE
"Section 4.3 of RFC 6378"
::= { mplsLpsMeConfigEntry 2 }
--
-- MPLS Linear Protection ME Status Table.
-- This table provides protection switching ME statistics.
--
mplsLpsMeStatusTable OBJECT-TYPE
SYNTAX SEQUENCE OF MplsLpsMeStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains status information of all the MEs
that are included in MPLS-TP linear protection domains."
::= { mplsLpsObjects 5 }
mplsLpsMeStatusEntry OBJECT-TYPE
SYNTAX MplsLpsMeStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row in the mplsLpsMeStatusTable."
AUGMENTS { mplsLpsMeConfigEntry }
::= { mplsLpsMeStatusTable 1 }
MplsLpsMeStatusEntry ::= SEQUENCE {
mplsLpsMeStatusCurrent BITS,
mplsLpsMeStatusSignalDegrades Counter32,
mplsLpsMeStatusSignalFailures Counter32,
mplsLpsMeStatusSwitchovers Counter32,
mplsLpsMeStatusLastSwitchover TimeStamp,
mplsLpsMeStatusSwitchoverSeconds Counter32
}
mplsLpsMeStatusCurrent OBJECT-TYPE
SYNTAX BITS {
localSelectTraffic(0),
localSD(1),
localSF(2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the current state of the ME.
localSelectTraffic
This bit indicates that traffic is being selected from
this ME.
localSD
This bit implies that a local Signal Degrade condition is
in effect on this ME/path.
localSF
This bit implies that a local Signal Fail condition is
in effect on this ME/path."
REFERENCE
"Section 4.3 of RFC 6378 and Section 7 of RFC 7271"
::= { mplsLpsMeStatusEntry 1 }
mplsLpsMeStatusSignalDegrades OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Represents the count of Signal Degrade conditions.
For the detection and clearance of Signal Degrade,
see the description of mplsLpsConfigSdThreshold."
REFERENCE
"Section 7 of RFC 7271"
::= { mplsLpsMeStatusEntry 2 }
mplsLpsMeStatusSignalFailures OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Represents the count of Signal Fail conditions.
This condition occurs when the OAM running on this ME
detects the Signal Fail event."
REFERENCE
"Section 4.3 of RFC 6378"
::= { mplsLpsMeStatusEntry 3 }
mplsLpsMeStatusSwitchovers OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Represents the count of switchovers that happened in this ME.
When the mplsLpsMeConfigPath value is 'working', this object
will return the number of times that traffic has been
switched from this working path to the protection path.
When the mplsLpsMeConfigPath value is 'protection', this
object will return the number of times that traffic has been
switched back to the working path from this protection path."
REFERENCE
"Section 4.3 of RFC 6378"
::= { mplsLpsMeStatusEntry 4 }
mplsLpsMeStatusLastSwitchover OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object holds the value of sysUpTime at the time that
the last switchover happened.
When the mplsLpsMeConfigPath value is 'working', this object
will return the value of sysUpTime when traffic was switched
from this path to the protection path.
If traffic has never switched to the protection path, the
value 0 will be returned.
When the mplsLpsMeConfigPath value is 'protection', this
object will return the value of sysUpTime the last time that
traffic was switched back to the working path from this path.
If no traffic has ever switched back to the working path from
this protection path, the value 0 will be returned."
REFERENCE
"Section 4.3 of RFC 6378"
::= { mplsLpsMeStatusEntry 5 }
mplsLpsMeStatusSwitchoverSeconds OBJECT-TYPE
SYNTAX Counter32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative Protection Switching Duration (PSD) time
in seconds.
For the working path, this is the cumulative number of
seconds that traffic was selected from the protection path.
For the protection path, this is the cumulative number
of seconds that the working path has been used to
select traffic."
REFERENCE
"Section 4.3 of RFC 6378"
::= { mplsLpsMeStatusEntry 6 }
mplsLpsNotificationEnable OBJECT-TYPE
SYNTAX BITS {
switchover(0),
revertiveMismatch(1),
protecTypeMismatch(2),
capabilitiesMismatch(3),
pathConfigMismatch(4),
fopNoResponse(5),
fopTimeout(6)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Provides the ability to enable and disable notifications
defined in this MIB module.
switchover
Indicates that mplsLpsEventSwitchover notifications should be
generated.
revertiveMismatch
Indicates that mplsLpsEventRevertiveMismatch notifications
should be generated.
protecTypeMismatch
Indicates that mplsLpsEventProtecTypeMismatch notifications
should be generated.
capabilitiesMismatch
Indicates that mplsLpsEventCapabilitiesMismatch notifications
should be generated.
pathConfigMismatch
Indicates that mplsLpsEventPathConfigMismatch notifications
should be generated.
fopNoResponse
Indicates that mplsLpsEventFopNoResponse notifications should
be generated.
fopTimeout
Indicates that mplsLpsEventFopTimeout notifications should be
generated."
REFERENCE
"Section 12 of RFC 7271"
DEFVAL { { } }
::= { mplsLpsObjects 6 }
-- MPLS Linear Protection EVENTS.
mplsLpsEventSwitchover NOTIFICATION-TYPE
OBJECTS { mplsLpsMeStatusSwitchovers, mplsLpsMeStatusCurrent }
STATUS current
DESCRIPTION
"An mplsLpsEventSwitchover notification is sent when the
value of an instance of mplsLpsMeStatusSwitchovers
increments."
::= { mplsLpsNotifications 1 }
mplsLpsEventRevertiveMismatch NOTIFICATION-TYPE
OBJECTS { mplsLpsStatusRevertiveMismatch }
STATUS current
DESCRIPTION
"An mplsLpsEventRevertiveMismatch notification is sent when
the value of mplsLpsStatusRevertiveMismatch changes."
::= { mplsLpsNotifications 2 }
mplsLpsEventProtecTypeMismatch NOTIFICATION-TYPE
OBJECTS { mplsLpsStatusProtecTypeMismatch }
STATUS current
DESCRIPTION
"An mplsLpsEventProtecTypeMismatch notification is sent
when the value of mplsLpsStatusProtecTypeMismatch changes."
::= { mplsLpsNotifications 3 }
mplsLpsEventCapabilitiesMismatch NOTIFICATION-TYPE
OBJECTS { mplsLpsStatusCapabilitiesMismatch }
STATUS current
DESCRIPTION
"An mplsLpsEventCapabilitiesMismatch notification is sent
when the value of mplsLpsStatusCapabilitiesMismatch changes."
::= { mplsLpsNotifications 4 }
mplsLpsEventPathConfigMismatch NOTIFICATION-TYPE
OBJECTS { mplsLpsStatusPathConfigMismatch }
STATUS current
DESCRIPTION
"An mplsLpsEventPathConfigMismatch notification is sent
when the value of mplsLpsStatusPathConfigMismatch changes."
::= { mplsLpsNotifications 5 }
mplsLpsEventFopNoResponse NOTIFICATION-TYPE
OBJECTS { mplsLpsStatusFopNoResponses }
STATUS current
DESCRIPTION
"An mplsLpsEventFopNoResponse notification is sent when the
value of mplsLpsStatusFopNoResponses increments."
::= { mplsLpsNotifications 6 }
mplsLpsEventFopTimeout NOTIFICATION-TYPE
OBJECTS { mplsLpsStatusFopTimeouts }
STATUS current
DESCRIPTION
"An mplsLpsEventFopTimeout notification is sent when the
value of mplsLpsStatusFopTimeouts increments."
::= { mplsLpsNotifications 7 }
-- End of Notifications.
-- Module Compliance.
mplsLpsCompliances
OBJECT IDENTIFIER ::= { mplsLpsConformance 1 }
mplsLpsGroups
OBJECT IDENTIFIER ::= { mplsLpsConformance 2 }
-- Compliance requirement for fully compliant implementations.
mplsLpsModuleFullCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for agents that provide full support for
the MPLS-LPS-MIB module. Such devices can provide linear
protection and also be configured using this MIB module."
MODULE -- this module
MANDATORY-GROUPS {
mplsLpsScalarGroup,
mplsLpsTableGroup,
mplsLpsMeTableGroup
}
GROUP mplsLpsNotificationGroup
DESCRIPTION
"This group is only mandatory for those
implementations that can efficiently implement
the notifications contained in this group."
::= { mplsLpsCompliances 1 }
-- Compliance requirement for read-only implementations.
mplsLpsModuleReadOnlyCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Compliance statement for agents that only provide
read-only support for the MPLS-LPS-MIB module."
MODULE -- this module
MANDATORY-GROUPS {
mplsLpsScalarGroup,
mplsLpsTableGroup,
mplsLpsMeTableGroup
}
GROUP mplsLpsNotificationGroup
DESCRIPTION
"This group is only mandatory for those
implementations that can efficiently implement
the notifications contained in this group."
-- mplsLpsConfigTable
OBJECT mplsLpsConfigMode
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigProtectionType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigRevertive
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigSdThreshold
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigSdBadSeconds
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigSdGoodSeconds
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigWaitToRestore
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigContinualTxInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigRapidTxInterval
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigCommand
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigRowStatus
SYNTAX RowStatus { active(1) }
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsConfigStorageType
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
-- mplsLpsMeConfigTable
OBJECT mplsLpsMeConfigDomain
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT mplsLpsMeConfigPath
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { mplsLpsCompliances 2 }
-- Units of conformance.
mplsLpsScalarGroup OBJECT-GROUP
OBJECTS {
mplsLpsConfigDomainIndexNext,
mplsLpsNotificationEnable
}
STATUS current
DESCRIPTION
"Collection of objects needed for MPLS linear protection."
::= { mplsLpsGroups 1 }
mplsLpsTableGroup OBJECT-GROUP
OBJECTS {
mplsLpsConfigDomainName,
mplsLpsConfigRowStatus,
mplsLpsConfigMode,
mplsLpsConfigProtectionType,
mplsLpsConfigRevertive,
mplsLpsConfigSdThreshold,
mplsLpsConfigSdBadSeconds,
mplsLpsConfigSdGoodSeconds,
mplsLpsConfigWaitToRestore,
mplsLpsConfigHoldOff,
mplsLpsConfigContinualTxInterval,
mplsLpsConfigRapidTxInterval,
mplsLpsConfigCommand,
mplsLpsConfigCreationTime,
mplsLpsConfigStorageType,
mplsLpsStatusState,
mplsLpsStatusReqRcv,
mplsLpsStatusReqSent,
mplsLpsStatusFpathPathRcv,
mplsLpsStatusFpathPathSent,
mplsLpsStatusRevertiveMismatch,
mplsLpsStatusProtecTypeMismatch,
mplsLpsStatusCapabilitiesMismatch,
mplsLpsStatusPathConfigMismatch,
mplsLpsStatusFopNoResponses,
mplsLpsStatusFopTimeouts
}
STATUS current
DESCRIPTION
"Collection of objects needed for MPLS linear protection
configuration and statistics."
::= { mplsLpsGroups 2 }
mplsLpsMeTableGroup OBJECT-GROUP
OBJECTS {
mplsLpsMeConfigDomain,
mplsLpsMeConfigPath,
mplsLpsMeStatusCurrent,
mplsLpsMeStatusSignalDegrades,
mplsLpsMeStatusSignalFailures,
mplsLpsMeStatusSwitchovers,
mplsLpsMeStatusLastSwitchover,
mplsLpsMeStatusSwitchoverSeconds
}
STATUS current
DESCRIPTION
"Collection of objects needed for MPLS linear protection
ME configuration and statistics."
::= { mplsLpsGroups 3 }
mplsLpsNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
mplsLpsEventSwitchover,
mplsLpsEventRevertiveMismatch,
mplsLpsEventProtecTypeMismatch,
mplsLpsEventCapabilitiesMismatch,
mplsLpsEventPathConfigMismatch,
mplsLpsEventFopNoResponse,
mplsLpsEventFopTimeout
}
STATUS current
DESCRIPTION
"Collection of objects needed to implement notifications."
::= { mplsLpsGroups 4 }
-- MPLS-LPS-MIB module ends
END
9. Security Considerations
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection opens devices to attack. These are the tables and objects and their sensitivity/vulnerability: o The mplsLpsConfigTable is used to configure MPLS-TP linear protection domains. Improper manipulation of the objects in this table may result in different behaviors than what network operators originally intended, such as delaying traffic switching or causing a race condition with server-layer protection after network failure (mplsLpsConfigHoldOff), delaying or speeding up reversion after recovering from network failure (mplsLpsConfigWaitToRestore), unexpected traffic switching (mplsLpsConfigCommand), or the discontinuance of the operation of a protection switching control process (mplsLpsConfigMode, mplsLpsConfigProtectionType). o The mplsLpsMeConfigTable is used to assign each ME to either the working path or the protection path. Improper manipulation of this object may result in the discontinuance of the operation of a protection switching control process. o The notification is controlled by the mplsLpsNotificationEnable object. In the case of the discontinuance of a protection switching control process, network operators may not be notified if the mplsLpsNotificationEnable object is compromised. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o The mplsLpsStatusTable and the mplsLpsMeStatusTable collectively show the history and current status of the MPLS-TP linear protection domains. They can be used to estimate the performance and qualities of networks configured to use MPLS-TP linear protection. If an administrator does not want to reveal this information, then these tables should be considered sensitive/vulnerable.
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Implementations SHOULD provide the security features described by the SNMPv3 framework (see [RFC3410]), and implementations claiming compliance to the SNMPv3 standard MUST include full support for authentication and privacy via the User-based Security Model (USM) [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations MAY also provide support for the Transport Security Model (TSM) [RFC5591] in combination with a secure transport such as SSH [RFC5592] or TLS/DTLS [RFC6353]. Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.10. IANA Considerations
IANA has assigned an OID of decimal 22 for the MPLS Linear Protection MIB module (MPLS-LPS-MIB) specified in this document in the "MIB Transmission Group - MPLS STD MIB" subregistry of the "Internet-standard MIB - Transmission Group" registry.
11. References
11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/RFC2578, April 1999, <http://www.rfc-editor.org/info/rfc2578>. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, <http://www.rfc-editor.org/info/rfc2579>. [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Conformance Statements for SMIv2", STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, <http://www.rfc-editor.org/info/rfc2580>. [RFC3289] Baker, F., Chan, K., and A. Smith, "Management Information Base for the Differentiated Services Architecture", RFC 3289, DOI 10.17487/RFC3289, May 2002, <http://www.rfc-editor.org/info/rfc3289>. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, DOI 10.17487/RFC3411, December 2002, <http://www.rfc-editor.org/info/rfc3411>. [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, DOI 10.17487/RFC3414, December 2002, <http://www.rfc-editor.org/info/rfc3414>. [RFC3811] Nadeau, T., Ed., and J. Cucchiara, Ed., "Definitions of Textual Conventions (TCs) for Multiprotocol Label Switching (MPLS) Management", RFC 3811, DOI 10.17487/RFC3811, June 2004, <http://www.rfc-editor.org/info/rfc3811>.
[RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model", RFC 3826, DOI 10.17487/RFC3826, June 2004, <http://www.rfc-editor.org/info/rfc3826>. [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, <http://www.rfc-editor.org/info/rfc5591>. [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 2009, <http://www.rfc-editor.org/info/rfc5592>. [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, <http://www.rfc-editor.org/info/rfc6353>. [RFC6378] Weingarten, Y., Ed., Bryant, S., Osborne, E., Sprecher, N., and A. Fulignoli, Ed., "MPLS Transport Profile (MPLS-TP) Linear Protection", RFC 6378, DOI 10.17487/RFC6378, October 2011, <http://www.rfc-editor.org/info/rfc6378>. [RFC7271] Ryoo, J., Ed., Gray, E., Ed., van Helvoort, H., D'Alessandro, A., Cheung, T., and E. Osborne, "MPLS Transport Profile (MPLS-TP) Linear Protection to Match the Operational Expectations of Synchronous Digital Hierarchy, Optical Transport Network, and Ethernet Transport Network Operators", RFC 7271, DOI 10.17487/RFC7271, June 2014, <http://www.rfc-editor.org/info/rfc7271>. [RFC7697] Pan, P., Aldrin, S., Venkatesan, M., Sampath, K., Nadeau, T., and S. Boutros, "MPLS Transport Profile (MPLS-TP) Operations, Administration, and Maintenance (OAM) Identifiers Management Information Base (MIB)", RFC 7697, DOI 10.17487/RFC7697, January 2016, <http://www.rfc-editor.org/info/rfc7697>.
11.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, DOI 10.17487/RFC3410, December 2002, <http://www.rfc-editor.org/info/rfc3410>. [RFC3812] Srinivasan, C., Viswanathan, A., and T. Nadeau, "Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB)", RFC 3812, DOI 10.17487/RFC3812, June 2004, <http://www.rfc-editor.org/info/rfc3812>. [G8121] International Telecommunication Union, "Characteristics of MPLS-TP equipment functional blocks", ITU-T Recommendation G.8121/Y.1381, April 2016, <https://www.itu.int/rec/T-REC-G.8121/en>. [G8151] International Telecommunication Union, "Management aspects of the MPLS-TP network element", ITU-T Recommendation G.8151/Y.1374, January 2015, <https://www.itu.int/rec/T-REC-G.8151/en>.Acknowledgments
The authors wish to thank Joan Cucchiara for her review as MIB Doctor. Joan's detailed comments were of great help for improving the quality of this document. The authors would also like to thank Loa Andersson and Adrian Farrel for their valuable comments and suggestions on this document.Contributors
Vishwas Manral Nano Sec 599 Fairchild Drive Mountain View, CA United States of America Email: vishwas@nanosec.io
Authors' Addresses
Kingston Selvaraj IP Infusion RMZ Centennial Mahadevapura Post Bangalore 560048 India Email: kingstonsmiler@gmail.com Venkatesan Mahalingam Dell Technologies 5450 Great America Parkway Santa Clara, CA 95054 United States of America Email: venkat.mahalingams@gmail.com Daniel King Old Dog Consulting United Kingdom Email: daniel@olddog.co.uk Sam Aldrin Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 United States of America Email: aldrin.ietf@gmail.com Jeong-dong Ryoo ETRI 218 Gajeong-ro Yuseong-gu, Daejeon 34129 South Korea Email: ryoo@etri.re.kr