Network Working GroupInternet Engineering Task Force (IETF) T. NadeauInternet-DraftRequest for Comments: 7331 BrocadeIntended status:Category: Standards Track Z. AliExpires: December 6, 2014ISSN: 2070-1721 N. Akiya Cisco SystemsJune 4,August 2014BFDBidirectional Forwarding Detection (BFD) Management Information Basedraft-ietf-bfd-mib-22Abstract Thisdraftdocument defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling the Bidirectional Forwarding Detection (BFD) protocol.Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119].Status of This Memo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 6, 2014.http://www.rfc-editor.org/info/rfc7331. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . .32 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Brief Description of MIB Objects . . . . . . . . . . . . . . 3 4.1. General Variables . . . . . . . . . . . . . . . . . . . . 3 4.2. Session Table (bfdSessionTable) . . . . . . . . . . . . . 3 4.3. Session Performance Table (bfdSessionPerfTable) . . . . . 3 4.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) . . . . . . . . . . . . . . . . . .43 4.5. BFD Session IP Mapping Table (bfdSessIpMapTable) . . . . 4 5. BFD MIB Module Definitions . . . . . . . . . . . . . . . . . 4 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .3736 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 37 9.1. Normative References . . . . . . . . . . . . . . . . . . 37 9.2. Informative References . . . . . . . . . . . . . . . . .3837 1. Introduction This memo defines a portion of theManagement Information Base (MIB)MIB for use with network management protocols in the Internet community. In particular, it describes managed objects to configure and/or monitor Bidirectional Forwarding Detection for [RFC5880], [RFC5881],[RFC5883][RFC5883], and [RFC7130], BFD versions 0 and/or 1, on devices supporting this feature. This memo does not define a compliance requirement for a system that only implements BFD version 0. This is a reflection of a considered and deliberate decision by the BFDWG,WG because the BFD version 0 protocol is primarily of historical interest by comparison to the widespread deployment of the BFD version 1 protocol. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. As with all MIB modules, an attempt to SET or CREATE an object to a value that is not supported by the implementation will result in a failure using a return code that indicates that the value is not supported. 3. Terminology This document adopts the definitions,acronymsacronyms, and mechanisms described in [RFC5880], [RFC5881],[RFC5883][RFC5883], and [RFC7130]. Unless otherwise stated, the mechanisms described therein will not bere- describedredescribed here. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC2119]. 4. Brief Description of MIB Objects This section describes objects pertaining to BFD. The MIB objects are derived from [RFC5880], [RFC5881],[RFC5883][RFC5883], and [RFC7130], and also include textual conventions defined in[I-D.ietf-bfd-tc-mib].[RFC7330]. 4.1. General Variables The General Variables are used to identify parameters that are global to the BFD process. 4.2. Session Table (bfdSessionTable) The session table is used to identify a BFD session between a pair of nodes. 4.3. Session Performance Table (bfdSessionPerfTable) The session performance table is used for collecting BFD performance counters on aper sessionper-session basis. This table is an AUGMENT to the bfdSessionTable. 4.4. BFD Session Discriminator Mapping Table (bfdSessDiscMapTable) The BFD Session Discriminator Mapping Table provides a mapping between a local discriminator value to the associated BFD session found in the bfdSessionTable. 4.5. BFD Session IP Mapping Table (bfdSessIpMapTable)The BFD Session IP Mapping Table maps, givenGiven bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, andbfdSessDstAddr,bfdSessSrcAddrType, the BFD Session IP Mapping Table maps to an associated BFD session found in the bfdSessionTable. This table SHOULD contain those BFD sessions that are of typeIP."IP". 5. BFD MIB Module Definitions This MIB module makes references to the followingdocuments.documents: [RFC2578], [RFC2579], [RFC2580], [RFC2863], [RFC3289], [RFC3413],[RFC5082][RFC5082], [RFC5880], and[RFC5880].[RFC5881]. BFD-STD-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, mib-2, Integer32, Unsigned32, Counter32, Counter64 FROM SNMPv2-SMI --[RFC2578]RFC 2578 TruthValue, RowStatus, StorageType, TimeStamp FROM SNMPv2-TC --[RFC2579]RFC 2579 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF --[RFC2580]RFC 2580 InterfaceIndexOrZero FROM IF-MIB --[RFC2863]RFC 2863 InetAddress, InetAddressType, InetPortNumber FROM INET-ADDRESS-MIB IndexIntegerNextFree FROM DIFFSERV-MIB --[RFC3289]RFC 3289 BfdSessIndexTC, BfdIntervalTC, BfdMultiplierTC, BfdCtrlDestPortNumberTC, BfdCtrlSourcePortNumberTC FROM BFD-TC-STD-MIB IANAbfdDiagTC, IANAbfdSessTypeTC, IANAbfdSessOperModeTC, IANAbfdSessStateTC, IANAbfdSessAuthenticationTypeTC, IANAbfdSessAuthenticationKeyTC FROM IANA-BFD-TC-STD-MIB; bfdMIB MODULE-IDENTITY LAST-UPDATED"201405091200Z""201407300000Z" --9 May30 July 201412:00:00 EST00:00:00 GMT ORGANIZATION "IETF Bidirectional Forwarding Detection Working Group" CONTACT-INFO "Thomas D. Nadeau Brocade Email: tnadeau@lucidvision.com Zafar Ali Cisco Systems, Inc. Email: zali@cisco.com Nobo Akiya Cisco Systems, Inc. Email: nobo@cisco.com Comments about this document should be emailed directly to the BFDworking groupWorking Group mailing list at rtg-bfd@ietf.org" DESCRIPTION "Bidirectional Forwarding Management InformationBase."Base. Copyright (c) 2014 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info)." REVISION"201405091200Z""201407300000Z" --9 May30 July 201412:00:00 EST00:00:00 GMT DESCRIPTION "Initial version. Published as RFCxxxx." -- RFC Ed.: RFC-editor pls fill in xxxx7331." ::= { mib-2XXX222 } --RFC Ed.: assigned by IANA, see section 7.1 for details -- Top levelTop-level components of this MIB module. bfdNotifications OBJECT IDENTIFIER ::= { bfdMIB 0 } bfdObjects OBJECT IDENTIFIER ::= { bfdMIB 1 } bfdConformance OBJECT IDENTIFIER ::= { bfdMIB 2 } bfdScalarObjects OBJECT IDENTIFIER ::= { bfdObjects 1 } -- BFD General Variables -- These parameters apply globally to theSystems'system's -- BFDProcess.process. bfdAdminStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2), adminDown(3), down(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "The desired global administrative status of the BFD system in this device." ::= { bfdScalarObjects 1 } bfdOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), adminDown(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the actual operational status of the BFD system in this device. When this value is down(2), all entries in the bfdSessTable MUST have their bfdSessOperStatus as down(2) as well. When this value is adminDown(3), all entries in the bfdSessTable MUST have their bfdSessOperStatus as adminDown(3) as well." ::= { bfdScalarObjects 2 } bfdNotificationsEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "If this object is set to true(1), then it enables the emission of bfdSessUp and bfdSessDown notifications;otherwiseotherwise, these notifications are not emitted." REFERENCE "See alsoRFC3413RFC 3413, Simple Network Management Protocol (SNMP) Applications, for explanation that notifications are under the ultimate control of the MIB modules in this document." DEFVAL { false } ::= { bfdScalarObjects 3 } bfdSessIndexNext OBJECT-TYPE SYNTAX IndexIntegerNextFree (0..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "This object contains an unused value for bfdSessIndex that can be used when creating entries in the table. A zero indicates that no entries are available, but it MUST NOT be used as a valid index. " ::= { bfdScalarObjects 4 } -- BFD Session Table -- The BFD Session Table specifies BFDsession specificsession-specific -- information. bfdSessTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session Table describes the BFD sessions." REFERENCE"Katz, D. and D. Ward,"RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." ::= { bfdObjects 2 } bfdSessEntry OBJECT-TYPE SYNTAX BfdSessEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session Entry describes the BFD session." INDEX { bfdSessIndex } ::= { bfdSessTable 1 } BfdSessEntry ::= SEQUENCE { bfdSessIndex BfdSessIndexTC, bfdSessVersionNumber Unsigned32, bfdSessType IANAbfdSessTypeTC, bfdSessDiscriminator Unsigned32, bfdSessRemoteDiscr Unsigned32, bfdSessDestinationUdpPort BfdCtrlDestPortNumberTC, bfdSessSourceUdpPort BfdCtrlSourcePortNumberTC, bfdSessEchoSourceUdpPort InetPortNumber, bfdSessAdminStatus INTEGER, bfdSessOperStatus INTEGER, bfdSessState IANAbfdSessStateTC, bfdSessRemoteHeardFlag TruthValue, bfdSessDiag IANAbfdDiagTC, bfdSessOperMode IANAbfdSessOperModeTC, bfdSessDemandModeDesiredFlag TruthValue, bfdSessControlPlaneIndepFlag TruthValue, bfdSessMultipointFlag TruthValue, bfdSessInterface InterfaceIndexOrZero, bfdSessSrcAddrType InetAddressType, bfdSessSrcAddr InetAddress, bfdSessDstAddrType InetAddressType, bfdSessDstAddr InetAddress, bfdSessGTSM TruthValue, bfdSessGTSMTTL Unsigned32, bfdSessDesiredMinTxInterval BfdIntervalTC, bfdSessReqMinRxInterval BfdIntervalTC, bfdSessReqMinEchoRxInterval BfdIntervalTC, bfdSessDetectMult BfdMultiplierTC, bfdSessNegotiatedInterval BfdIntervalTC, bfdSessNegotiatedEchoInterval BfdIntervalTC, bfdSessNegotiatedDetectMult BfdMultiplierTC, bfdSessAuthPresFlag TruthValue, bfdSessAuthenticationType IANAbfdSessAuthenticationTypeTC, bfdSessAuthenticationKeyID Integer32, bfdSessAuthenticationKey IANAbfdSessAuthenticationKeyTC, bfdSessStorageType StorageType, bfdSessRowStatus RowStatus } bfdSessIndex OBJECT-TYPE SYNTAX BfdSessIndexTC MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object contains an index used to represent a unique BFD session on this device. Managers should obtain new values for row creation in this table by reading bfdSessIndexNext." ::= { bfdSessEntry 1 } bfdSessVersionNumber OBJECT-TYPE SYNTAX Unsigned32 (0..7) MAX-ACCESS read-create STATUS current DESCRIPTION "The version number of the BFD protocol that this session is running in. Write access is available for this object to provide the ability to set the desired version for this BFD session." REFERENCE"Katz, D. and D. Ward,"RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." DEFVAL { 1 } ::= { bfdSessEntry 2 } bfdSessType OBJECT-TYPE SYNTAX IANAbfdSessTypeTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the type of this BFD session." ::= { bfdSessEntry 3 } bfdSessDiscriminator OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the local discriminator for this BFD session, which is used to uniquely identify it." ::= { bfdSessEntry 4 } bfdSessRemoteDiscr OBJECT-TYPE SYNTAX Unsigned32 (0 | 1..4294967295) MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the session discriminator chosen by the remote system for this BFD session. The value may be zero(0) if the remote discriminator is not yet known or if the session is in the down or adminDown(1) state." REFERENCE "Section6.8.6, from Katz, D. and D. Ward,6.8.6 of RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." ::= { bfdSessEntry 5 } bfdSessDestinationUdpPort OBJECT-TYPE SYNTAX BfdCtrlDestPortNumberTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the destination UDP port number used for this BFD session'scontrolControl packets. The value may be zero(0) if the session is in adminDown(1) state." DEFVAL { 0 } ::= { bfdSessEntry 6 } bfdSessSourceUdpPort OBJECT-TYPE SYNTAX BfdCtrlSourcePortNumberTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the source UDP port number used for this BFD session'scontrolControl packets. The value may be zero(0) if the session is in adminDown(1) state. Upon creation of a new BFD session via this MIB, the value of zero(0) specified would permit the implementation to choose its own source port number." DEFVAL { 0 } ::= { bfdSessEntry 7 } bfdSessEchoSourceUdpPort OBJECT-TYPE SYNTAX InetPortNumber MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the source UDP port number used for this BFD session'sechoEcho packets. The value may be zero(0) if the session is not running in theechoEcho mode, or the session is in adminDown(1) state. Upon creation of a new BFD session via this MIB, the value of zero(0) would permit the implementation to choose its own source port number." DEFVAL { 0 } ::= { bfdSessEntry 8 } bfdSessAdminStatus OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2), adminDown(3), down(4) } MAX-ACCESS read-create STATUS current DESCRIPTION "Denotes the desired operational status of the BFDSession.session. A transition to enabled(1) will start the BFD state machine for the session. The state machine will have an initial state of down(2). A transition to disabled(2) will stop the BFD state machine for the session. The state machine may first transition to adminDown(1) prior to stopping. A transition to adminDown(3) will cause the BFD state machine to transition toadminDown(1),adminDown(1) and will cause the session to remain in this state. A transition to down(4) will cause the BFD state machine to transition todown(2),down(2) and will cause the session to remain in this state. Care should be used in providing write access to this object without adequate authentication." ::= { bfdSessEntry 9 } bfdSessOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2), adminDown(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "Denotes the actual operational status of the BFDSession.session. If the value of bfdOperStatus is down(2), this value MUST eventually be down(2) as well. If the value of bfdOperStatus is adminDown(3), this value MUST eventually be adminDown(3) as well." ::= { bfdSessEntry 10 } bfdSessState OBJECT-TYPE SYNTAX IANAbfdSessStateTC MAX-ACCESS read-only STATUS current DESCRIPTION "Configured BFD session state." ::= { bfdSessEntry 11 } bfdSessRemoteHeardFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the status of BFD packet reception from the remote system. Specifically, it is set to true(1) if the local system is actively receiving BFD packets from the remotesystem,system and is set to false(2) if the local system has not received BFD packets recently (within the detection time) or if the local system is attempting to tear down the BFD session." REFERENCE"Katz, D. and D. Ward,"RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." ::= { bfdSessEntry 12 } bfdSessDiag OBJECT-TYPE SYNTAX IANAbfdDiagTC MAX-ACCESS read-only STATUS current DESCRIPTION "A diagnostic code specifying the local system's reason for the last transition of the session from up(4) to some other state." ::= { bfdSessEntry 13 } bfdSessOperMode OBJECT-TYPE SYNTAX IANAbfdSessOperModeTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the operational mode of this BFD session." ::= { bfdSessEntry 14 } bfdSessDemandModeDesiredFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicatesthatthe local system's desire to use Demand mode. Specifically, it is set to true(1) if the local system wishes to use Demand mode or false(2) ifnot"not." DEFVAL { false } ::= { bfdSessEntry 15 } bfdSessControlPlaneIndepFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicatesthatthe local system's ability to continue to function through a disruption of the control plane. Specifically, it is set to true(1) if the local system BFD implementation is independent of the control plane. Otherwise, the value is set tofalse(2)"false(2)." DEFVAL { false } ::= { bfdSessEntry 16 } bfdSessMultipointFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicates the Multipoint (M) bit for this session. It is set to true(1) if the Multipoint (M) bit is set to 1. Otherwise, the value is set tofalse(2)"false(2)." DEFVAL { false } ::= { bfdSessEntry 17 } bfdSessInterface OBJECT-TYPE SYNTAX InterfaceIndexOrZero MAX-ACCESS read-create STATUS current DESCRIPTION "This object contains an interface index used to indicate the interfacewhichthat this BFD session is running on. This value can be zero if there is no interface associated with this BFD session." ::= { bfdSessEntry 18 } bfdSessSrcAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address type of the source IP address of this BFD session. The value of unknown(0) is allowed only when the session is singleHop(1) and the source IP address of this BFD session is derived from the outgoing interface, or when the BFD session is not associated with a specific interface. If any other unsupported values are attempted in a set operation, the agent MUST return an inconsistentValue error." ::= { bfdSessEntry 19 } bfdSessSrcAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the source IP address of this BFD session. The format of this object is controlled by the bfdSessSrcAddrType object." ::= { bfdSessEntry 20 } bfdSessDstAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the IP address type of the neighboring IP addresswhichthat is being monitored with this BFD session. The value of unknown(0) is allowed only when the session is singleHop(1) and the outgoing interface is of typepoint-to-point,point to point, or when the BFD session is not associated with a specific interface. If any other unsupported values are attempted in a set operation, the agent MUST return an inconsistentValue error." ::= { bfdSessEntry 21 } bfdSessDstAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the neighboring IP addresswhichthat is being monitored with this BFD session. The format of this object is controlled by the bfdSessDstAddrType object." ::= { bfdSessEntry 22 } bfdSessGTSM OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "Setting the value of this object to false(2) will disable GTSM protection of the BFD session. GTSM MUST be enabled on a singleHop(1) session if no authentication is in use." REFERENCE"RFC5082,"RFC 5082, The Generalized TTL Security Mechanism (GTSM).RFC5881,Section5"5 of RFC 5881, Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)." DEFVAL { true } ::= { bfdSessEntry 23 } bfdSessGTSMTTL OBJECT-TYPE SYNTAX Unsigned32 (0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "This object is valid only when bfdSessGTSM protection is enabled on the system. This object indicates the minimum allowedTTLTime to Live (TTL) for received BFDcontrolControl packets. For a singleHop(1) session, if GTSM protection is enabled, this object SHOULD be set to the maximum TTL value allowed for a single hop. By default, GTSM is enabled and the TTL value is 255. For a multihop session, updating of the maximum TTL value allowed is likely required." REFERENCE"RFC5082,"RFC 5082, The Generalized TTL Security Mechanism (GTSM).RFC5881,Section5"5 of RFC 5881, Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)." DEFVAL { 255 } ::= { bfdSessEntry 24 } bfdSessDesiredMinTxInterval OBJECT-TYPE SYNTAX BfdIntervalTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the minimum interval, in microseconds, that the local system would like to use when transmitting BFD Control packets. The value of zero(0) is reserved in thiscase,case and should not be used." REFERENCE "Section 4.1from Katz, D. and D. Ward,of RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." ::= { bfdSessEntry 25 } bfdSessReqMinRxInterval OBJECT-TYPE SYNTAX BfdIntervalTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the minimum interval, in microseconds, between received BFD Control packets the local system is capable of supporting. The value of zero(0) can be specified when the transmitting system does not want the remote system to send any periodic BFDcontrol packets." REFERENCE "Section 4.1 from Katz, D. and D. Ward,Control packets." REFERENCE "Section 4.1 of RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." ::= { bfdSessEntry 26 } bfdSessReqMinEchoRxInterval OBJECT-TYPE SYNTAX BfdIntervalTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the minimum interval, in microseconds, between received BFD Echo packets that this system is capable of supporting.ValueThe value must be zero(0) if this is a multihop BFD session." ::= { bfdSessEntry 27 } bfdSessDetectMult OBJECT-TYPE SYNTAX BfdMultiplierTC MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies the Detect time multiplier." ::= { bfdSessEntry 28 } bfdSessNegotiatedInterval OBJECT-TYPE SYNTAX BfdIntervalTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the negotiated interval, in microseconds, that the local system is transmitting BFD Control packets." ::= { bfdSessEntry 29 } bfdSessNegotiatedEchoInterval OBJECT-TYPE SYNTAX BfdIntervalTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the negotiated interval, in microseconds, that the local system is transmitting BFDechoEcho packets.ValueThe value is expected to be zero if the sessionsisare not running inechoEcho mode." ::= { bfdSessEntry 30 } bfdSessNegotiatedDetectMult OBJECT-TYPE SYNTAX BfdMultiplierTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the Detect time multiplier." ::= { bfdSessEntry 31 } bfdSessAuthPresFlag OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object indicatesthatthe local system's desire to useAuthentication.authentication. Specifically, it is set to true(1) if the local system wishes the session to be authenticated or false(2) if not." REFERENCE "Sections 4.2 - 4.4from Katz, D. and D. Ward,of RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." DEFVAL { false } ::= { bfdSessEntry 32 } bfdSessAuthenticationType OBJECT-TYPE SYNTAX IANAbfdSessAuthenticationTypeTC MAX-ACCESS read-create STATUS current DESCRIPTION "TheAuthentication Typeauthentication type used for this BFD session. This field is valid only when the Authentication Present bit is set.Max-accessMAX-ACCESS to this object as well as otherauthentication relatedauthentication-related objects are set to read-create in order to support management of a single key ID at atime,time; key rotation is not handled. Key update in practice must be done by atomic update using a set containing all affected objects in the same varBindList or otherwise risk the session dropping." REFERENCE "Sections 4.2 - 4.4from Katz, D. and D. Ward,of RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." DEFVAL { noAuthentication } ::= { bfdSessEntry 33 } bfdSessAuthenticationKeyID OBJECT-TYPE SYNTAX Integer32 (-1 | 0..255) MAX-ACCESS read-create STATUS current DESCRIPTION "The authentication key ID in use for this session. This object permits multiple keys to be active simultaneously. The value -1 indicates that noAuthentication Keyauthentication key ID will be present in the optional BFD Authentication Section." REFERENCE "Sections 4.2 - 4.4from Katz, D. and D. Ward,of RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." DEFVAL { -1 } ::= { bfdSessEntry 34 } bfdSessAuthenticationKey OBJECT-TYPE SYNTAX IANAbfdSessAuthenticationKeyTC MAX-ACCESS read-create STATUS current DESCRIPTION "The authentication key. When the bfdSessAuthenticationType is simplePassword(1), the value of this object is the password present in the BFD packets. When the bfdSessAuthenticationType is one of the keyed authentication types, this value is used in the computation of the key present in the BFD authentication packet." REFERENCE "Sections 4.2 - 4.4from Katz, D. and D. Ward,of RFC 5880, Bidirectional Forwarding Detection(BFD), RFC 5880, June 2012."(BFD)." ::= { bfdSessEntry 35 } bfdSessStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "This variable indicates the storage type for this object. Conceptual rows having the value 'permanent' need not allow write-access to any columnar objects in the row." ::= { bfdSessEntry 36 } bfdSessRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "This variable is used to create, modify, and/or delete a row in this table. When a row in this table has a row in the active(1) state, no objects in this row can be modified except the bfdSessRowStatus and bfdSessStorageType." ::= { bfdSessEntry 37 } -- BFD Session Performance Table bfdSessPerfTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessPerfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table specifies BFDSessionsession performance counters." ::= { bfdObjects 3 } bfdSessPerfEntry OBJECT-TYPE SYNTAX BfdSessPerfEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table is created by a BFD-enabled node for every BFDSession.session. bfdSessPerfDiscTime is used to indicate potential discontinuity for all counter objects in this table." AUGMENTS { bfdSessEntry } ::= { bfdSessPerfTable 1 } BfdSessPerfEntry ::= SEQUENCE { bfdSessPerfCtrlPktIn Counter32, bfdSessPerfCtrlPktOut Counter32, bfdSessPerfCtrlPktDrop Counter32, bfdSessPerfCtrlPktDropLastTime TimeStamp, bfdSessPerfEchoPktIn Counter32, bfdSessPerfEchoPktOut Counter32, bfdSessPerfEchoPktDrop Counter32, bfdSessPerfEchoPktDropLastTime TimeStamp, bfdSessUpTime TimeStamp, bfdSessPerfLastSessDownTime TimeStamp, bfdSessPerfLastCommLostDiag IANAbfdDiagTC, bfdSessPerfSessUpCount Counter32, bfdSessPerfDiscTime TimeStamp, -- High Capacity Counters bfdSessPerfCtrlPktInHC Counter64, bfdSessPerfCtrlPktOutHC Counter64, bfdSessPerfCtrlPktDropHC Counter64, bfdSessPerfEchoPktInHC Counter64, bfdSessPerfEchoPktOutHC Counter64, bfdSessPerfEchoPktDropHC Counter64 } bfdSessPerfCtrlPktIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of BFD control messages received for this BFD session. It MUST be equal to the least significant 32 bits of bfdSessPerfCtrlPktInHC if supported, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 1 } bfdSessPerfCtrlPktOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of BFD control messages sent for this BFD session. It MUST be equal to the least significant 32 bits of bfdSessPerfCtrlPktOutHC if supported, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 2 } bfdSessPerfCtrlPktDrop OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of BFD control messages received for this session yet dropped for being invalid. It MUST be equal to the least significant 32 bits of bfdSessPerfCtrlPktDropHC if supported, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 3 } bfdSessPerfCtrlPktDropLastTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which received the BFD control message for this session was dropped. If no such up event exists, this object contains a zero value." ::= { bfdSessPerfEntry 4 } bfdSessPerfEchoPktIn OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of BFDechoEcho messages received for this BFD session. It MUST be equal to the least significant 32 bits of bfdSessPerfEchoPktInHC if supported, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 5 } bfdSessPerfEchoPktOut OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of BFDechoEcho messages sent for this BFD session. It MUST be equal to the least significant 32 bits of bfdSessPerfEchoPktOutHC if supported, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 6 } bfdSessPerfEchoPktDrop OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of BFDechoEcho messages received for this session yet dropped for being invalid. It MUST be equal to the least significant 32 bits of bfdSessPerfEchoPktDropHC if supported, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 7 } bfdSessPerfEchoPktDropLastTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which received the BFDechoEcho message for this session was dropped. If no such up event has been issued, this object contains a zero value." ::= { bfdSessPerfEntry 8 } bfdSessUpTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which the session came up. If no such event has been issued, this object contains a zero value." ::= { bfdSessPerfEntry 9 } bfdSessPerfLastSessDownTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which the last time communication was lost with the neighbor. If no down event has beenissuedissued, this object contains a zero value." ::= { bfdSessPerfEntry 10 } bfdSessPerfLastCommLostDiag OBJECT-TYPE SYNTAX IANAbfdDiagTC MAX-ACCESS read-only STATUS current DESCRIPTION "The BFD diag code for the last time communication was lost with the neighbor. If such an event has not beenissuedissued, this object contains a zero value." ::= { bfdSessPerfEntry 11 } bfdSessPerfSessUpCount OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times this session has gone into the Up state since the system last rebooted." ::= { bfdSessPerfEntry 12 } bfdSessPerfDiscTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which any one or more of the session counters suffered a discontinuity. The relevant counters are the specific instances associated with this BFD session of any Counter32 object contained in the BfdSessPerfTable. If no such discontinuities have occurred since the lastre-initializationreinitialization of the local management subsystem, then this object contains a zero value." ::= { bfdSessPerfEntry 13 } bfdSessPerfCtrlPktInHC OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This value represents the total number of BFD control messages received for this BFD session. The least significant 32 bits MUST be equal to bfdSessPerfCtrlPktIn, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 14 } bfdSessPerfCtrlPktOutHC OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This value represents the total number of BFD control messages transmitted for this BFD session. The least significant 32 bits MUST be equal to bfdSessPerfCtrlPktOut, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 15 } bfdSessPerfCtrlPktDropHC OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This value represents the total number of BFD control messages received for this BFD session yet dropped for being invalid. The least significant 32 bits MUST be equal to bfdSessPerfCtrlPktDrop, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 16 } bfdSessPerfEchoPktInHC OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This value represents the total number of BFDechoEcho messages received for this BFD session. The least significant 32 bits MUST be equal to bfdSessPerfEchoPktIn, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 17 } bfdSessPerfEchoPktOutHC OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This value represents the total number of BFDechoEcho messages transmitted for this BFD session. The least significant 32 bits MUST be equal to bfdSessPerfEchoPktOut, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 18 } bfdSessPerfEchoPktDropHC OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS read-only STATUS current DESCRIPTION "This value represents the total number of BFDechoEcho messages received for this BFD session yet dropped for being invalid. The least significant 32 bits MUST be equal to bfdSessPerfEchoPktDrop, and MUST do so with the rules spelled out in RFC 2863." ::= { bfdSessPerfEntry 19 } -- BFD Session Discriminator Mapping Table bfdSessDiscMapTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessDiscMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session Discriminator Mapping Table maps a local discriminator value to the associated BFD session's bfdSessIndex found in the bfdSessionTable." ::= { bfdObjects 4 } bfdSessDiscMapEntry OBJECT-TYPE SYNTAX BfdSessDiscMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session Discriminator Mapping Entry specifies a mapping between a local discriminator and a BFD session." INDEX { bfdSessDiscriminator } ::= { bfdSessDiscMapTable 1 } BfdSessDiscMapEntry ::= SEQUENCE { bfdSessDiscMapIndex BfdSessIndexTC } bfdSessDiscMapIndex OBJECT-TYPE SYNTAX BfdSessIndexTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies a mapping between a local discriminator and a BFDSessionsession in the BfdSessTable." ::= { bfdSessDiscMapEntry 1 } -- BFD Session IP Mapping Table bfdSessIpMapTable OBJECT-TYPE SYNTAX SEQUENCE OF BfdSessIpMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session IP Mapping Table maps given bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr,bfdSessDstAddrTypebfdSessDstAddrType, and bfdSessDstAddr to an associated BFD session found in the bfdSessionTable." ::= { bfdObjects 5 } bfdSessIpMapEntry OBJECT-TYPE SYNTAX BfdSessIpMapEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BFD Session IP Map Entry contains a mapping from the IP information for asession,session to the session in the bfdSessionTable." INDEX { bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, bfdSessDstAddr } ::= { bfdSessIpMapTable 1 } BfdSessIpMapEntry ::= SEQUENCE { bfdSessIpMapIndex BfdSessIndexTC } bfdSessIpMapIndex OBJECT-TYPE SYNTAX BfdSessIndexTC MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the BfdSessIndexTC referred to by the indexes of this row. In essence, a mapping is provided between these indexes and the BfdSessTable." ::= { bfdSessIpMapEntry 1 } -- Notification Configuration bfdSessUp NOTIFICATION-TYPE OBJECTS { bfdSessDiag, -- low range value bfdSessDiag -- high range value } STATUS current DESCRIPTION "This notification is generated when the bfdSessState object for one or more contiguous entries in bfdSessTable are about to enter the up(4) state from some other state. The included values of bfdSessDiag MUST both be set equal to this new state(i.e:(i.e., up(4)). The two instances of bfdSessDiag in this notification indicate the range of indexes that are affected. Note that all the indexes of the two ends of the range can be derived from the instance identifiers of these two objects. For the cases where a contiguous range of sessions have transitioned into the up(4) state at roughly the same time, the device SHOULD issue a single notification for each range of contiguous indexes in an effort to minimize the emission of a large number of notifications. If a notification has to be issued for just a single bfdSessEntry, then the instance identifier (and values) of the two bfdSessDiag objects MUST betheidentical." ::= { bfdNotifications 1 } bfdSessDown NOTIFICATION-TYPE OBJECTS { bfdSessDiag, -- low range value bfdSessDiag -- high range value } STATUS current DESCRIPTION "This notification is generated when the bfdSessState object for one or more contiguous entries in bfdSessTable are about to enter the down(2) or adminDown(1) states from some other state. The included values of bfdSessDiag MUST both be set equal to this new state(i.e:(i.e., down(2) or adminDown(1)). The two instances of bfdSessDiag in this notification indicate the range of indexes that are affected. Note that all the indexes of the two ends of the range can be derived from the instance identifiers of these two objects. For cases where a contiguous range of sessions have transitioned into the down(2) or adminDown(1) states at roughly the same time, the device SHOULD issue a single notification for each range of contiguous indexes in an effort to minimize the emission of a large number of notifications. If a notification has to be issued for just a single bfdSessEntry, then the instance identifier (and values) of the two bfdSessDiag objects MUST betheidentical." ::= { bfdNotifications 2 } -- Module compliance. bfdGroups OBJECT IDENTIFIER ::= { bfdConformance 1 } bfdCompliances OBJECT IDENTIFIER ::= { bfdConformance 2 } -- Compliance requirement for fully compliant implementations. bfdModuleFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance statement for agents that provide full support for the BFD-MIB module. Such devices can then be monitored and also be configured using this MIB module." MODULE -- This module. MANDATORY-GROUPS { bfdSessionGroup, bfdSessionReadOnlyGroup, bfdSessionPerfGroup, bfdNotificationGroup } GROUP bfdSessionPerfHCGroup DESCRIPTION "This group is mandatory for all systems that are able to support the Counter64 date type." OBJECT bfdSessSrcAddrType SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2), ipv6z(4) } DESCRIPTION "Only unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) support are required. ipv4z(3) is notrequiredrequired, and dns(16) is not allowed." OBJECT bfdSessSrcAddr SYNTAX InetAddress (SIZE (0|4|16|20)) DESCRIPTION "An implementation is only required to support unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) sizes." OBJECT bfdSessDstAddrType SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2), ipv6z(4) } DESCRIPTION "Only unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) support are required. ipv4z(3) is notrequiredrequired, and dns(16) is not allowed." OBJECT bfdSessDstAddr SYNTAX InetAddress (SIZE (0|4|16|20)) DESCRIPTION "An implementation is only required to support unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) sizes." OBJECT bfdSessRowStatus SYNTAX RowStatus { active(1), notInService(2) } WRITE-SYNTAX RowStatus { active(1), notInService(2), createAndGo(4), destroy(6) } DESCRIPTION "Support for createAndWait and notReady is not required." ::= { bfdCompliances 1 } bfdModuleReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance requirement for implementations that only provide read-only support for BFD-MIB. Such devices can then be monitored but cannot be configured using this MIB module." MODULE -- This module. MANDATORY-GROUPS { bfdSessionGroup, bfdSessionReadOnlyGroup, bfdSessionPerfGroup, bfdNotificationGroup } GROUP bfdSessionPerfHCGroup DESCRIPTION "This group is mandatory for all systems that are able to support the Counter64 date type." OBJECT bfdSessVersionNumber MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessDiscriminator MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessDestinationUdpPort MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessSourceUdpPort MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessEchoSourceUdpPort MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessAdminStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessOperMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessDemandModeDesiredFlag MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessControlPlaneIndepFlag MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessMultipointFlag MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessInterface MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessSrcAddrType SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2), ipv6z(4) } MIN-ACCESS read-only DESCRIPTION "Only unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) support are required. ipv4z(3) is notrequiredrequired, and dns(16) is not allowed." OBJECT bfdSessSrcAddr SYNTAX InetAddress (SIZE (0|4|16|20)) MIN-ACCESS read-only DESCRIPTION "An implementation is only required to support unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) sizes." OBJECT bfdSessDstAddrType SYNTAX InetAddressType { unknown(0), ipv4(1), ipv6(2), ipv6z(4) } MIN-ACCESS read-only DESCRIPTION "Only unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) support are required. ipv4z(3) is notrequiredrequired, and dns(16) is not allowed." OBJECT bfdSessDstAddr SYNTAX InetAddress (SIZE (0|4|16|20)) MIN-ACCESS read-only DESCRIPTION "An implementation is only required to support unknown(0), ipv4(1),ipv6(2)ipv6(2), and ipv6z(4) sizes." OBJECT bfdSessGTSM MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessGTSMTTL MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessDesiredMinTxInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessReqMinRxInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessReqMinEchoRxInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessDetectMult MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessAuthPresFlag MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessAuthenticationType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessAuthenticationKeyID MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessAuthenticationKey MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessStorageType MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT bfdSessRowStatus SYNTAX RowStatus { active(1) } MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { bfdCompliances 2 } -- Units of conformance. bfdSessionGroup OBJECT-GROUP OBJECTS { bfdAdminStatus, bfdOperStatus, bfdNotificationsEnable, bfdSessVersionNumber, bfdSessType, bfdSessIndexNext, bfdSessDiscriminator, bfdSessDestinationUdpPort, bfdSessSourceUdpPort, bfdSessEchoSourceUdpPort, bfdSessAdminStatus, bfdSessOperStatus, bfdSessOperMode, bfdSessDemandModeDesiredFlag, bfdSessControlPlaneIndepFlag, bfdSessMultipointFlag, bfdSessInterface, bfdSessSrcAddrType, bfdSessSrcAddr, bfdSessDstAddrType, bfdSessDstAddr, bfdSessGTSM, bfdSessGTSMTTL, bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, bfdSessReqMinEchoRxInterval, bfdSessDetectMult, bfdSessAuthPresFlag, bfdSessAuthenticationType, bfdSessAuthenticationKeyID, bfdSessAuthenticationKey, bfdSessStorageType, bfdSessRowStatus } STATUS current DESCRIPTION "Collection of objects needed for BFD sessions." ::= { bfdGroups 1 } bfdSessionReadOnlyGroup OBJECT-GROUP OBJECTS { bfdSessRemoteDiscr, bfdSessState, bfdSessRemoteHeardFlag, bfdSessDiag, bfdSessNegotiatedInterval, bfdSessNegotiatedEchoInterval, bfdSessNegotiatedDetectMult, bfdSessDiscMapIndex, bfdSessIpMapIndex } STATUS current DESCRIPTION "Collection of read-only objects needed for BFD sessions." ::= { bfdGroups 2 } bfdSessionPerfGroup OBJECT-GROUP OBJECTS { bfdSessPerfCtrlPktIn, bfdSessPerfCtrlPktOut, bfdSessPerfCtrlPktDrop, bfdSessPerfCtrlPktDropLastTime, bfdSessPerfEchoPktIn, bfdSessPerfEchoPktOut, bfdSessPerfEchoPktDrop, bfdSessPerfEchoPktDropLastTime, bfdSessUpTime, bfdSessPerfLastSessDownTime, bfdSessPerfLastCommLostDiag, bfdSessPerfSessUpCount, bfdSessPerfDiscTime } STATUS current DESCRIPTION "Collection of objects needed to monitor the performance of BFD sessions." ::= { bfdGroups 3 } bfdSessionPerfHCGroup OBJECT-GROUP OBJECTS { bfdSessPerfCtrlPktInHC, bfdSessPerfCtrlPktOutHC, bfdSessPerfCtrlPktDropHC, bfdSessPerfEchoPktInHC, bfdSessPerfEchoPktOutHC, bfdSessPerfEchoPktDropHC } STATUS current DESCRIPTION "Collection of objects needed to monitor the performance of BFD sessions for which the values ofbfdSessPerfPktIn,bfdSessPerfPktIn and bfdSessPerfPktOut wrap around too quickly." ::= { bfdGroups 4 } bfdNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { bfdSessUp, bfdSessDown } STATUS current DESCRIPTION "Set of notifications implemented in this module." ::= { bfdGroups 5 } END 6. Security Considerations As BFD may be tied into the stability of the network infrastructure (such as routing protocols), the effects of an attack on a BFD session may be very serious. This ultimately has denial-of-service effects, as links may be declared to be down (or falsely declared to be up.) As such, improper manipulation of the objects represented by this MIB may result in denial of service to a large number ofend-end users. There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: o bfdAdminStatus--- Improper change of bfdAdminStatus, to disabled(2),adminDown(3)adminDown(3), or down(4), can cause significant disruption of the connectivity to those portions of the Internet reached via all the applicable remote BFD peers. o bfdSessAdminStatus--- Improper change of bfdSessAdminStatus, to disabled(2),adminDown(3)adminDown(3), or down(4), can cause significant disruption of the connectivity to those portions of the Internet reached via all the applicable remote BFD peers. o bfdSessDesiredMinTxInterval, bfdSessReqMinRxInterval, bfdSessReqMinEchoRxInterval, bfdSessDetectMult--- Improper change of this object can cause connections to be disrupted for extremely long time periods when otherwise they would be restored in a relatively short period of time. o Some management objects define the BFD session whilst other management objects define the parameter of the BFD session. It is particularly important to control the support for SET access to those management objects that define the BFD session, as changes to them can be disruptive. Implementation SHOULD NOT allow changes to following management objects when bfdSessState is up(4): * bfdSessVersionNumber * bfdSessType * bfdSessDestinationUdpPort * bfdSessMultipointFlag * bfdSessInterface * bfdSessSrcAddrType * bfdSessSrcAddr * bfdSessDstAddrType * bfdSessDstAddr There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. o The bfdSessTable may be used to directly configure BFD sessions. The bfdSessMapTable can be used indirectly in the same way. Unauthorized access to objects in this table could result in disruption of traffic on the network. This is especially true if an unauthorized user configures enough tables to invoke adenial of servicedenial-of-service attack on the device where they are configured, or on a remote device where the sessions terminate. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o The bfdSessPerfTablebothallows access to the performance characteristics of BFD sessions. Network administrators not wishing to show this information should consider this table sensitive. The bfdSessAuthenticationType, bfdSessAuthenticationKeyID, and bfdSessAuthenticationKey objects hold security methods and associated security keys of BFD sessions. These objects are highly sensitive. In order to prevent this sensitive information from being improperly accessed, implementers SHOULD disallow access to these objects. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by usingIPSec),IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see[RFC3410], section 8),[RFC3410]), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIBmodule,module is properly configured to give access to the objects only to those principals"users"(users) that have legitimate rights to indeed GET or SET"change/create/delete"(change/create/delete) them. 7. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIERvaluesvalue recorded in theSMI Numbers"SMI Network Management MGMT Codes" registry: Descriptor OBJECT IDENTIFIER value ---------- -----------------------bfdMibbfdMIB { mib-2XXX222 }[RFC-Editor's Note (to be removed prior to publication): the IANA is requested to assign a value for "XXX" under the 'mib-2' subtree and to record the assignment in the SMI Numbers registry. When the assignment has been made, the RFC Editor is asked to replace "XXX" (here and in the MIB module) with the assigned value and to remove this note.]8. AcknowledgmentsAuthorsThe authors would like to thank Adrian Farrel and Jeffrey Haas for performing thorough reviews and providing a number of suggestions.AuthorsThe authors would also like to thank David Ward, Reshad Rahman, David Toscano, Sylvain Masse, Mark Tooker, Kiran Koushik Agrahara Sreenivasa, DavidBlackBlack, and Bert Wijnen for their comments and suggestions. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C. Pignataro, "The Generalized TTL Security Mechanism (GTSM)", RFC 5082, October 2007. [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD)", RFC 5880, June 2010. [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June 2010. [RFC5883] Katz, D. and D. Ward, "Bidirectional Forwarding Detection (BFD) for Multihop Paths", RFC 5883, June 2010. [RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and J. Haas, "Bidirectional Forwarding Detection (BFD) on Link Aggregation Group (LAG) Interfaces", RFC 7130, February 2014.[I-D.ietf-bfd-tc-mib][RFC7330] Nadeau, T., Ali, Z., and N. Akiya, "Definitions of Textual Conventions (TCs) for Bidirectional Forwarding Detection (BFD) Management",draft-ietf-bfd-tc-mib-08 (work in progress), MayRFC 7330, August 2014. 9.2. Informative References [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3289] Baker, F., Chan, K., and A. Smith, "Management Information Base for the Differentiated Services Architecture", RFC 3289, May 2002. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002.[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000.[RFC3413] Levi, D., Meyer, P., and B. Stewart, "Simple Network Management Protocol (SNMP) Applications", STD 62, RFC 3413, December2002. [RFC3289] Baker, F., Chan, K., and A. Smith, "Management Information Base for the Differentiated Services Architecture", RFC 3289, May2002. Authors' Addresses Thomas D. Nadeau Brocade EMail: tnadeau@lucidvision.com Zafar Ali Cisco Systems EMail: zali@cisco.com Nobo Akiya Cisco Systems EMail: nobo@cisco.com