[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 09 10 RFC 6527

   Network Working Group                                    Kalyan Tata
   Internet Draft                                  Check Point Software
   Document: draft-ietf-vrrp-unified-mib-07.txt        February 2, 2010
   Intended Status: Proposed Standard
   Expires: June 2010


      Definitions of Managed Objects for the VRRP over IPv4 and IPv6
                   <draft-ietf-vrrp-unified-mib-07.txt>

Abstract

   This specification defines a Management Information Base (MIB) for
   use with SNMP-based network management.  In particular, it defines
   objects for configuring, monitoring, and controlling routers that
   employ the Virtual Router Redundancy Protocol Version 3 for both IPv4
   and IPv6 as defined in RFC XXXX (RFC-editor, this is currently draft-
   ietf-vrrp-unified-spec-05.txt).  This memo obsoletes RFC 2787.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008. The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.




Tata                      Expires June 2010                  [Page 1]


Internet Draft             VRRP unified MIB                   Jan 2010


   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire in Feb, 2010.

Copyright Notice

  Copyright (c) 2010 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  (http://trustee.ietf.org/license-info) in effect on the date of
  publication of this document. Please review these documents
  carefully, as they describe your rights and restrictions with respect
  to this document. Code Components extracted from this document must
  include Simplified BSD License text as described in Section 4.e of
  the Trust Legal Provisions and are provided without warranty as
  described in the Simplified BSD License.



Table of Contents

   1. The Internet-Standard Management Framework.....................2
   2. Introduction...................................................3
   3. Terminology....................................................3
   4. Relationship to RFC 2787.......................................3
   5. Relation to Interface Group (IF-MIB)...........................3
   6. Multi-Stack Implementations....................................4
   7. VRRP MIB Structure.............................................4
   8. VRRP MIB Table Design..........................................4
   9. VRRP Multistack Scenario.......................................4
   10. Definitions...................................................7
   11. Security Considerations......................................44
   12. IANA Considerations..........................................45
   13. Normative References.........................................45
   14. Informative References.......................................46
   15. Acknowledgments..............................................46
   16. Author's Address.............................................46

1. The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].


Tata                      Expires June 2010                  [Page 2]


Internet Draft             VRRP unified MIB                   Jan 2010



   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
   [RFC2580].

2. Introduction

   This specification defines a Management Information Base (MIB) for
   use with SNMP-based network management.  In particular, it defines
   objects for configuring, monitoring, and controlling routers that
   employ the Virtual Router Redundancy Protocol Version 3 for both IPv4
   and IPv6 [VRRPv3] as defined in RFC xxxx ( RFC-editor, this is
   currently draft-ietf-vrrp-unified-spec-5.txt).

   VRRP over IPv4 and VRRP over IPv6 as defined in RFC xxxx (RFC-editor,
   this is currently draft-ietf-vrrp-unified-spec-5.txt)protocols are
   similar in operation to an extent and hence the MIB defined has
   common groups that should be implemented by devices running either of
   the VRRP over IPv4 and IPv6 protocols.  This specification also
   defines MIB groups that are specific to a particular VRRP protocol
   and should only be implemented in devices supporting the specified
   version of VRRP protocol.


3. Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   The term "unified" is used to describe objects that are relevant to
   both VRRP over IPv4 and VRRP over IPv6 protocols.

4. Relationship to RFC 2787

   RFC2787 [RFC2787] defines managed objects for VRRP over IPv4 and is
   now obsoleted by this memo.

5. Relation to Interface Group (IF-MIB)

   Since a router can be participating in VRRP on one or more physical
   interfaces, "ifIndex" is used as an index into the tables defined in
   the VRRP MIB.



Tata                      Expires June 2010                  [Page 3]


Internet Draft             VRRP unified MIB                   Jan 2010


6. Multi-Stack Implementations

   This MIB is designed to support Multi-Stack implementations that run
   VRRP over IPv4 and IPv6 protocols. IP version, VRID and ifIndex are
   used to uniquely identify rows in a multi stack implementation.

7. VRRP MIB Structure

   The VRRP MIB contains three groups:
      - vrrpOperations Group: Objects related to VRRP router's
        configuration and control.
      - vrrpStatistics Group: Objects containing information useful in
        monitoring the operation of VRRP routers.
      - vrrpNotifications Group: Consists of objects and definitions
        for use in SNMP notifications sent by VRRP routers.

   Tables in the MIB include the following:
   (1)  The vrrpOperationsTable, which contains objects that define the
        operational characteristics of a VRRP router.  Rows in this
        table correspond to instances of virtual routers.
   (2)  The vrrpRouterStatisticsTable which contains the operating
        statistics for a VRRP router.
   The vrrpAssociatedIpAddrTable, contains the addresses of the virtual
   router(s) that a given VRRP router is backing up.

8. VRRP MIB Table Design

   The tables in the VRRP MIB are structured with the assumption that a
   VRRP network management application would likely be designed to
   display information or provide configuration about a VRRP router
   over a IP version "per-virtual-router basis".  Thus, the tables
   defined in the MIB consist of conceptual rows which are indexed in a
   manner to present a view of individual virtual routers with a minimal
   number of SNMP operations.

9. VRRP Multistack Scenario

   The following section provides examples of how some of the objects in
   this MIB are instantiated.


   KEY:
   ----

   The labels in the following tables and diagrams correspond to the
   actual MIB objects as follows:

   if      = IfIndex
   AddrType= vrrpOperationsInetAddrType

Tata                      Expires June 2010                  [Page 4]


Internet Draft             VRRP unified MIB                   Jan 2010


   VrId    = vrrpOperationsVrId
   State   = vrrpOperationsState
   Prior   = vrrpOpeartionsPriority
   IpAddr  = vrrpOperationsMasterIpAddr

   The following figure shows a hypothetical network with two VRRP
   routers VR1 & VR2, configured with two virtual routers.  Addresses in
   '()' indicate the address of the default gateway for a given host, H1
   to H4 are IPv4 hosts and H5 to H8 are IPv6 hosts. A, B and C are IPv4
   addresses and X, Y and Z are IPv6 addresses. In the diagram,
   "Interface" is used in the context defined in IF-MIB.








                 +------+                      +------+
                 | VR1  |                      |  VR2 |
                 |      |                      |      |
                 +------+                      +------+
                     |                            |
                Intf = I1                    Intf = I2
       IP A          |   IP X         IP B        |    IP Y
       IP C          |                            |    IP Z
       VRID = 1      |   VRID=2       VRID=2      |    VRID = 1
                     |                            |
   ----+------+------+-+-------+--------+--------++------+--------+---
       ^      ^        ^       ^        ^        ^       ^        ^
       |      |        |       |        |        |       |        |
    (IP A)  (IP A)   (IP B)  (IP B)   (IP X)   (IP X)  (IP Y)   (IP Y)
       |      |        |       |        |        |       |        |
    +----+  +----+  +----+  +----+    +----+   +----+  +----+  +----+
    | H1 |  | H2 |  | H3 |  | H4 |    | H5 |   | H6 |  | H7 |  | H8 |
    +----+  +----+  +----+  +----+    +----+   +----+  +----+  +----+


           -----   MIB Tables For VRRP Router "VR 1":   -----

   vrrpOperationsTable
   -------------------

   |AddrType| VrId | if | State | Prior |IpAddr|        |
   +--------+------+----+-------+-------+------+--(..)--+
   |   1    |  01  | I1 |   M   |  255  |   A  |        |
   +--------+------+----+-------+-------+------+--(..)--+
   |   1    |  02  | I1 |   B   | 1-254 |   B  |        |


Tata                      Expires June 2010                  [Page 5]


Internet Draft             VRRP unified MIB                   Jan 2010


   +--------+------+----+-------+-------+------+--(..)--+
   |   2    |  01  | I1 |   B   | 1-254 |   Y  |        |
   +--------+------+----+-------+-------+------+--(..)--+
   |   2    |  02  | I1 |   M   |  255  |   X  |        |
   +--------+------+----+-------+-------+------+--------+

   vrrpAssociatedIpAddrTable
   -------------------------

   | AddrType| VrId | if | IP   | RowStat |
   +---------+------+----+------+---------+
   |    1    |  01  | I1 |  A   | active  |
   +---------+------+----+------+---------+
   |    1    |  01  | I1 |  C   | active  |
   +---------+------+----+------+---------+
   |    1    |  02  | I1 |  B   | active  |
   +---------+------+----+------+---------+
   |    2    |  01  | I1 |  Y   | active  |
   +---------+------+----+------+---------+
   |    2    |  01  | I1 |  Z   | active  |
   +---------+------+----+------+---------+
   |    2    |  02  | I1 |  X   | active  |
   +---------+------+----+------+---------+


            -----   MIB Tables For VRRP Router "VR 2":   -----

   vrrpOperationsTable
   -------------------

   |AddrType| VrId | if | State | Prior |IpAddr|        |
   +--------+------+----+-------+-------+------+--(..)--+
   |   1    |  01  | I2 |   B   | 1-254 |   A  |        |
   +--------+------+----+-------+-------|------+--(..)--+
   |   1    |  02  | I2 |   M   | 255   |   B  |        |
   +--------+------+----+-------+-------+------+--(..)--+
   |   2    |  01  | I2 |   M   |  255  |   Y  |        |
   +--------+------+----+-------+-------+------+--(..)--+
   |   2    |  02  | I2 |   B   | 1-254 |   X  |        |
   +--------+------+----+-------+-------+------+--------+



   vrrpAssociatedIpAddrTable
   -------------------------

   |AddrType| VrId | if | IP   | RowStat |
   +--------+------+----+------+---------+
   |   1    |  01  | I2 |  A   | active  |


Tata                      Expires June 2010                  [Page 6]


Internet Draft             VRRP unified MIB                   Jan 2010


   +--------+------+----+------+---------+
   |   1    |  01  | I2 |  C   | active  |
   +--------+------+----+------+---------+
   |   1    |  02  | I2 |  B   | active  |
   +--------+------+----+------+---------+
   |   2    |  01  | I2 |  Y   | active  |
   +--------+------+----+------+---------+
   |   2    |  01  | I2 |  Z   | active  |
   +--------+------+----+------+---------+
   |   2    |  02  | I2 |  X   | active  |
   +--------+------+----+------+---------+

   NOTES:

   1)  For "State": M = Master;   B = Backup.
   In the vrrpOperationsTable, a "priority" of 255 indicates that the
   respective router owns the IP address, e.g., this IP address is
   native to the router (i.e., "the IP Address Owner").


10.Definitions

   VRRP-MIB DEFINITIONS ::= BEGIN

       IMPORTS
           MODULE-IDENTITY, OBJECT-TYPE,
           NOTIFICATION-TYPE, Counter32,
           Integer32, mib-2, Unsigned32,
           IpAddress                           FROM SNMPv2-SMI

           TEXTUAL-CONVENTION, RowStatus,
           MacAddress, TruthValue, TimeStamp,
           TimeInterval, StorageType           FROM SNMPv2-TC

           MODULE-COMPLIANCE, OBJECT-GROUP,
           NOTIFICATION-GROUP                  FROM SNMPv2-CONF
           ifIndex                             FROM IF-MIB
           InetAddressType, InetAddress        FROM INET-ADDRESS-MIB;

      vrrpMIB  MODULE-IDENTITY
           LAST-UPDATED "200903100000Z"
           ORGANIZATION "IETF VRRP Working Group"
           CONTACT-INFO
                  "Kalyan Tata
                   Nokia Inc.
                   313 Fairchild Dr.
                   Mountain View, CA 94043
                   tata_kalyan@yahoo.com"



Tata                      Expires June 2010                  [Page 7]


Internet Draft             VRRP unified MIB                   Jan 2010


           DESCRIPTION
               "This MIB describes objects used for managing Virtual
                Router Redundancy Protocol version 3 (VRRPv3) for IPv4
                and IPv6.

                This MIB supports VRRP for IPv4 and IPv6 protocols
                simultaneously running on a given interface of a
                router.

                Copyright (C) The Internet Society (2009)."


           REVISION "200903100000Z"    -- 10 Mar 2009
      --
      -- RFC Ed.: In the following text, please replace xxxx
      --          with actual RFC number and remove this note
           DESCRIPTION
            "IP version neutral revision as published in RFCxxxx.
             Key revisions include :
             o  Deprecating vrrpOperTable, vrrpRouterStatsTable and
                vrrpAssoIpAddrTable in favor of IP version neutral
                vrrpOperationsTable, vrrpRouterStatisticsTable and
                vrrpAssociatedIpAddrTable.
             o  vrrpNodeVersion scalar objects has been deprecated and
                is replaced by the vrrpOperationsInetAddrType object
                in the vrrpOperationsTable.
             o  vrrpAuthFailureTrap has been deprecated.
             o  vrrpNewMasterReason object has been added to
                vrrpTrapNewMaster notification.
             o  A new notification vrrpTrapProtoError has been added.
             o  DEFVAL clause has been added."

           REVISION "200003030000Z"    -- 03 Mar 2000
           DESCRIPTION
            "This MIB describes objects used for managing Virtual
             Router Redundancy Protocol (VRRP) routers. Initial
             version as published in RFC 2787."
           ::= { mib-2 68 }

      --
      --  Textual Conventions
      --

      VrId ::= TEXTUAL-CONVENTION
           DISPLAY-HINT "d"
           STATUS       current
           DESCRIPTION
               "A number which, along with IP version and interface
               index (IfIndex), serves to uniquely identify a virtual


Tata                      Expires June 2010                  [Page 8]


Internet Draft             VRRP unified MIB                   Jan 2010


               router on a given VRRP router. There is no relationship
               between VrId value used on a IPv4 interface and VrId
               value used on IPv6 interface. It is legal to use same
               VrId value on IPv4 and IPv6 interfaces."

           SYNTAX      Integer32 (1..255)

      --
      --  VRRP MIB Groups
      --

      vrrpOperations      OBJECT IDENTIFIER ::= { vrrpMIB 1 }
      vrrpStatistics      OBJECT IDENTIFIER ::= { vrrpMIB 2 }
      vrrpConformance     OBJECT IDENTIFIER ::= { vrrpMIB 3 }

      --
      --  Start of MIB objects
      --

      vrrpNodeVersion  OBJECT-TYPE
        SYNTAX       Integer32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
           "This value identifies the particular version of the VRRP
            supported by this node.
            This object is deprecated in the IP Version Independent
            MIB."
        ::= { vrrpOperations 1 }

      vrrpNotificationCntl  OBJECT-TYPE
           SYNTAX       INTEGER {
               enabled     (1),
               disabled    (2)
           }
           MAX-ACCESS   read-write
           STATUS       deprecated
           DESCRIPTION
              "Indicates whether the VRRP-enabled router will generate
               SNMP notifications for events defined in this MIB.
               'Enabled' results in SNMP notifications; 'disabled', no
               notifications are sent."
           DEFVAL { enabled }
           ::= { vrrpOperations 2 }

      --
      --  VRRP Operations Table
      --



Tata                      Expires June 2010                  [Page 9]


Internet Draft             VRRP unified MIB                   Jan 2010


       vrrpOperationsTable OBJECT-TYPE
           SYNTAX       SEQUENCE OF VrrpOperationsEntry
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "Unified Operations table for a VRRP router which
                consists of a sequence (i.e., one or more conceptual
                rows) of 'vrrpOperationsEntry' items which describe
                the operational characteristics of a virtual router."
           ::= { vrrpOperations 7 }

       vrrpOperationsEntry OBJECT-TYPE
           SYNTAX       VrrpOperationsEntry
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "An entry in the vrrpOperationsTable containing the
                operational characteristics of a virtual router.  On a
                VRRP router, a given virtual router is identified by a
                combination of the IP version, VRID and ifIndex.
                ifIndex represents a physical interface of the router.

                Note that rows in this table can be distinguished on a
                multi-stacked device running VRRP over IPv4 and
                IPv6 on the same physical interface.

                Rows in the table cannot be modified unless the value
                of 'vrrpOperationsState' has transitioned to
                'initialize'"

           INDEX    { vrrpOperationsInetAddrType,
                      vrrpOperationsVrId, ifIndex }
           ::= { vrrpOperationsTable 1 }


       VrrpOperationsEntry ::=

           SEQUENCE {
               vrrpOperationsInetAddrType
                   InetAddressType,
               vrrpOperationsVrId
                   VrId,
               vrrpOperationsVirtualMacAddr
                   MacAddress,
               vrrpOperationsState
                   INTEGER,
               vrrpOperationsPriority
                   Unsigned32,
               vrrpOperationsAddrCount


Tata                      Expires June 2010                 [Page 10]


Internet Draft             VRRP unified MIB                   Jan 2010


                   Integer32,
               vrrpOperationsMasterIpAddr
                   InetAddress,
               vrrpOperationsPrimaryIpAddr
                   InetAddress,
               vrrpOperationsAdvInterval
                   TimeInterval,
               vrrpOperationsPreemptMode
                   TruthValue,
               vrrpOperationsAcceptMode
                   TruthValue,
               vrrpOperationsUpTime
                   TimeStamp,
               vrrpOperationsStorageType
                   StorageType,
               vrrpOperationsRowStatus
                   RowStatus
       }

       vrrpOperationsInetAddrType OBJECT-TYPE
           SYNTAX       InetAddressType
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "The IP address type of VrrpOperationsEntry. This value
                applies to both vrrpOperationsMasterIpAddr and
                vrrpOperationsPrimaryIpAddr."
           REFERENCE "RFC 4001"
           ::= { vrrpOperationsEntry 1 }

       vrrpOperationsVrId OBJECT-TYPE
           SYNTAX       VrId
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "This object contains the Virtual Router Identifier
                (VRID)."
           REFERENCE "RFC 4001"
           ::= { vrrpOperationsEntry 2 }

       vrrpOperationsVirtualMacAddr OBJECT-TYPE
           SYNTAX       MacAddress
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The virtual MAC address of the virtual router.
               Although this object can be derived from the
               'vrrpOperationsVrId' object, it is defined so that it
               is easily obtainable by a management application and


Tata                      Expires June 2010                 [Page 11]


Internet Draft             VRRP unified MIB                   Jan 2010


               can be included in VRRP-related SNMP notifications."
           REFERENCE "STD 58 RFC 2578"
           ::= { vrrpOperationsEntry 3 }

       vrrpOperationsState OBJECT-TYPE
           SYNTAX       INTEGER {
               initialize(1),
               backup(2),
               master(3)
           }
           MAX-ACCESS   read-only
           STATUS       current

           DESCRIPTION
               "The current state of the virtual router. This object
               has three defined values:

                 - `initialize', which indicates that the
                   virtual router is waiting for a startup event.

                 - `backup', which indicates the virtual router is
                   monitoring the availability of the master router.

                 - `master', which indicates that the virtual router
                   is forwarding packets for IP addresses that are
                   associated with this router."
           REFERENCE " RFC xxxx"
           ::= { vrrpOperationsEntry 4 }

       vrrpOperationsPriority OBJECT-TYPE
           SYNTAX       Unsigned32 (0..255)
           MAX-ACCESS   read-create
           STATUS       current
           DESCRIPTION
               "This object specifies the priority to be used for the
               virtual router master election process.  Higher values
               imply higher priority.

               A priority of '0', although not settable, is sent by
               the master router to indicate that this router has
               ceased to participate in VRRP and a backup virtual
               router should transition to become a new master.

               A priority of 255 is used for the router that owns the
               associated IP address(es) for VRRP over IPv4 and hence
               not settable.

               A 'badValue(3)' should be returned when a user tries to
               set 0 or 255 for this object. "


Tata                      Expires June 2010                 [Page 12]


Internet Draft             VRRP unified MIB                   Jan 2010


           REFERENCE " RFC xxxx section 6.1"
           DEFVAL       { 100 }
           ::= { vrrpOperationsEntry 5 }

       vrrpOperationsAddrCount OBJECT-TYPE
           SYNTAX       Integer32 (0..255)
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The number of IP addresses that are associated with
               this virtual router.  This number is equal to the
               number of rows in the vrrpAssociatedAddrTable that
               correspond to a given IP version/VRID/ifIndex."
           REFERENCE "RFC xxxx Section 6.1"
           ::= { vrrpOperationsEntry 6 }

       vrrpOperationsMasterIpAddr OBJECT-TYPE
           SYNTAX       InetAddress
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The master router's real IP address. Master router
               would set this address to vrrpOperationsPrimaryIpAddr
               while transitioning to master state. For backup
               routers, this is the IP address listed as the source in
               VRRP advertisement last received by this virtual
               router."
           REFERENCE " RFC xxxx"
           ::= { vrrpOperationsEntry 7 }

       vrrpOperationsPrimaryIpAddr OBJECT-TYPE
           SYNTAX       InetAddress
           MAX-ACCESS   read-create
           STATUS       current
           DESCRIPTION
               "In the case where there are more than one IP
               Address (associated IP addresses) for a given
               `ifIndex', this object is used to specify the IP
               address that will become the
               vrrpOperationsMasterIpAddr', should the virtual router
               transition from backup state to master."
           ::= { vrrpOperationsEntry 8 }

       vrrpOperationsAdvInterval OBJECT-TYPE
           SYNTAX       TimeInterval (1..4095)
           UNITS        "centiseconds"
           MAX-ACCESS   read-create
           STATUS       current
           DESCRIPTION


Tata                      Expires June 2010                 [Page 13]


Internet Draft             VRRP unified MIB                   Jan 2010


               "The time interval, in centiseconds, between sending
               advertisement messages. Only the master router sends
               VRRP advertisements."
           REFERENCE " RFC xxxx section 6.1"
           DEFVAL       { 100}
           ::= { vrrpOperationsEntry 9 }

       vrrpOperationsPreemptMode OBJECT-TYPE
           SYNTAX       TruthValue
           MAX-ACCESS   read-create
           STATUS       current
           DESCRIPTION
               "Controls whether a higher priority virtual router will
               preempt a lower priority master."
           REFERENCE " RFC xxxx section 6.1"
           DEFVAL       { true }
           ::= { vrrpOperationsEntry 10 }

       vrrpOperationsAcceptMode OBJECT-TYPE
           SYNTAX       TruthValue
           MAX-ACCESS   read-create
           STATUS       current
           DESCRIPTION
               "Controls whether a virtual router in Master state
               will accept packets addressed to the address owner's
               IPv6 address as its own if it is not the IPv6 address
               owner.  Default is False.
               This object is not relevant for rows representing VRRP
               over IPv4 and should be set to false."
           DEFVAL       { false }
           ::= { vrrpOperationsEntry 11 }

       vrrpOperationsUpTime OBJECT-TYPE
           SYNTAX       TimeStamp
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "This is the value of the `sysUpTime' object when this
               virtual router (i.e., the `vrrpOperationsState')
               transitioned out of `initialized'."
           REFERENCE " RFC 3768 section 6.1"
           ::= { vrrpOperationsEntry 12 }

       vrrpOperationsStorageType OBJECT-TYPE
          SYNTAX      StorageType
          MAX-ACCESS  read-create
          STATUS      current
          DESCRIPTION
              "The storage type for this conceptual row. Write access


Tata                      Expires June 2010                 [Page 14]


Internet Draft             VRRP unified MIB                   Jan 2010


              is not required. It is optional to support nonVolatile
              StorageType enumeration."
          REFERENCE " RFC4181 section 4.6.4"
          DEFVAL       { nonVolatile }
          ::= { vrrpOperationsEntry 13 }

       vrrpOperationsRowStatus OBJECT-TYPE
           SYNTAX       RowStatus
           MAX-ACCESS   read-create
           STATUS       current
           DESCRIPTION
               "The RowStatus variable should be used in accordance to
               installation and removal conventions for conceptual
               rows. When `vrrpOperationsRowStatus' is set to
               active(1), no other objects in the conceptual row can
               be modified.

               To create a row in this table, a manager sets this
               object to either createAndGo(4) or createAndWait(5).
               Until instances of all corresponding columns are
               appropriately configured, the value of the
               Corresponding instance of the `vrrpOperationsRowStatus'
               column will be read as notReady(3).
               In particular, a newly created row cannot be made
               active(1) until (minimally) the corresponding instance
               of vrrpOperationsInetAddrType, vrrpOperationsVrId and
               vrrpOperationsPrimaryIpAddr has been set and there is
               at least one active row in the
               `vrrpAssociatedIpAddrTable' defining an associated
               IP address.

               notInService(2) should be used to administratively
               bring the row down.

               A typical order of operation to add a row is:
               1. Create a row in vrrpOperationsTable with
               createAndWait(5).
               2. Create one or more corresponding rows in
               vrrpAssociatedIpAddrTable.
               3. Populate the vrrpOperationsEntry.
               4. set vrrpOperationsRowStatus to active(1).

               A typical order of operation to delete an entry is:
               1. Set vrrpOperationsRowStatus to notInService(2).
               2. Set the corresponding rows in
               vrrpAssociatedIpAddrTable to destroy(6) to delete the
               entry.
               3. set vrrpOperationsRowStatus to destroy(6) to delete
               the entry."


Tata                      Expires June 2010                 [Page 15]


Internet Draft             VRRP unified MIB                   Jan 2010


           ::= { vrrpOperationsEntry 14 }

      --
      --  VRRP Associated Address Table
      --

       vrrpAssociatedIpAddrTable OBJECT-TYPE
           SYNTAX       SEQUENCE OF VrrpAssociatedIpAddrEntry
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "The table of addresses associated with this virtual
                router."
           ::= { vrrpOperations 8 }

       vrrpAssociatedIpAddrEntry OBJECT-TYPE
           SYNTAX       VrrpAssociatedIpAddrEntry
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "An entry in the table contains an IP address that is
               associated with a virtual router.  The number of rows
               for a given IP version, VrID and ifIndex will equal the
               number of IP addresses associated (e.g., backed up) by
               the virtual router (equivalent to
               'vrrpOperationsIpAddrCount').

               Rows in the table cannot be modified unless the value
               of `vrrpOperationsState' has transitioned to
               `initialize'."

           INDEX    { vrrpOperationsInetAddrType, vrrpOperationsVrId,
                      ifIndex, vrrpAssociatedIpAddr }


           ::= { vrrpAssociatedIpAddrTable 1 }

       VrrpAssociatedIpAddrEntry ::=
           SEQUENCE {
               vrrpAssociatedIpAddr
                   InetAddress,
               vrrpAssociatedStorageType
                   StorageType,
               vrrpAssociatedIpAddrRowStatus
                   RowStatus
       }

       vrrpAssociatedIpAddr OBJECT-TYPE
           SYNTAX       InetAddress


Tata                      Expires June 2010                 [Page 16]


Internet Draft             VRRP unified MIB                   Jan 2010


           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "The assigned IP addresses that a virtual router is
               responsible for backing up."
           REFERENCE " RFC 3768  Section 5.3.9"
           ::= { vrrpAssociatedIpAddrEntry 1 }

      vrrpAssociatedStorageType OBJECT-TYPE
          SYNTAX      StorageType
          MAX-ACCESS  read-create
          STATUS      current
          DESCRIPTION
              "The storage type for this conceptual row. Write access
              is not required. It is optional to support nonVolatile
              StorageType enumeration."
          REFERENCE " RFC4181 section 4.6.4"
          DEFVAL       { nonVolatile }
          ::= { vrrpAssociatedIpAddrEntry 2 }

       vrrpAssociatedIpAddrRowStatus OBJECT-TYPE
           SYNTAX       RowStatus
           MAX-ACCESS   read-create
           STATUS       current
           DESCRIPTION
               "The row status variable, used according to
               installation and removal conventions for conceptual
               rows. To create a row in this table, a manager sets
               this object to either createAndGo(4) or
               createAndWait(5). Setting this object to active(1)
               results in the addition of an associated address for a
               virtual router. Setting this object to notInService(2)
               results in administratively bringing down the row.

               Destroying the entry or setting it to destroy(6)
               removes the associated address from the virtual router.
               The use of other values is implementation-dependent.

               Only vrrpAssociatedStorageType can be modified when the
               row is in active(1) state for Implementations
               supporting write access to vrrpAssociatedStorageType

               Implementations should not allow deletion of the last
               row corresponding to an active row in
               vrrpOperationsTable.

               Refer to description of vrrpOperationsRowStatus for a
               typical row creation and deletion scenarios."
           ::= { vrrpAssociatedIpAddrEntry 3 }


Tata                      Expires June 2010                 [Page 17]


Internet Draft             VRRP unified MIB                   Jan 2010



      --
      --  VRRP Router Statistics
      --

       vrrpRouterChecksumErrors OBJECT-TYPE

           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of VRRP packets received with an
               invalid VRRP checksum value."
           REFERENCE " RFC 3768 Section 5.3.8"
           ::= { vrrpStatistics 1 }

       vrrpRouterVersionErrors OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of VRRP packets received with an
               unknown or unsupported version number."
           REFERENCE " RFC 3768 Section 5.3.1"
           ::= { vrrpStatistics 2 }

       vrrpRouterVrIdErrors OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
          STATUS       current
           DESCRIPTION
               "The total number of VRRP packets received with an
               invalid VRID for this virtual router."
           REFERENCE " RFC 3768 Section 5.3.3"
           ::= { vrrpStatistics 3 }

      --
      --  VRRP Router Statistics Table
      --

      vrrpRouterStatisticsTable OBJECT-TYPE
           SYNTAX       SEQUENCE OF VrrpRouterStatisticsEntry
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "Table of virtual router statistics."
           ::= { vrrpStatistics 5 }

       vrrpRouterStatisticsEntry OBJECT-TYPE


Tata                      Expires June 2010                 [Page 18]


Internet Draft             VRRP unified MIB                   Jan 2010


           SYNTAX       VrrpRouterStatisticsEntry
           MAX-ACCESS   not-accessible
           STATUS       current
           DESCRIPTION
               "An entry in the table, containing statistics
               information about a given virtual router."
           AUGMENTS    { vrrpOperationsEntry }
           ::= { vrrpRouterStatisticsTable 1 }

       VrrpRouterStatisticsEntry ::=
           SEQUENCE {
               vrrpStatisticsMasterTransitions
                   Counter32,
               vrrpStatisticsRcvdAdvertisements
                   Counter32,
               vrrpStatisticsAdvIntervalErrors
                   Counter32,
               vrrpStatisticsIpTtlErrors
                   Counter32,
               vrrpStatisticsRcvdPriZeroPackets
                   Counter32,
               vrrpStatisticsSentPriZeroPackets
                   Counter32,
               vrrpStatisticsRcvdInvalidTypePkts
                   Counter32,
               vrrpStatisticsAddressListErrors
                   Counter32,
               vrrpStatisticsPacketLengthErrors
                   Counter32,
               vrrpStatisticsRcvdInvalidAuthentications
                    Counter32,
               vrrpStatisticsDiscontinuityTime
                    TimeStamp,
               vrrpStatisticsRefreshRate
                    Unsigned32
           }


       vrrpStatisticsMasterTransitions OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of times that this virtual router's
               state has transitioned to MASTER.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of


Tata                      Expires June 2010                 [Page 19]


Internet Draft             VRRP unified MIB                   Jan 2010


               vrrpStatisticsDiscontinuityTime."

           ::= { vrrpRouterStatisticsEntry 1 }

       vrrpStatisticsRcvdAdvertisements OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of VRRP advertisements received by
               this virtual router.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."

           ::= { vrrpRouterStatisticsEntry 2 }

       vrrpStatisticsAdvIntervalErrors OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of VRRP advertisement packets
               received for which the advertisement interval is
               different than the one configured for the local virtual
               router.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."

           ::= { vrrpRouterStatisticsEntry 3 }

       vrrpStatisticsIpTtlErrors OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of VRRP packets received by the
               Virtual router with IPv4 TTL (for VRRP over IPv4) or
               IPv6 Hop Limit (for VRRP over IPv6) not equal to 255.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."


Tata                      Expires June 2010                 [Page 20]


Internet Draft             VRRP unified MIB                   Jan 2010


           REFERENCE "RFC3768 Section 5.2.3"
           ::= { vrrpRouterStatisticsEntry 4 }

       vrrpStatisticsRcvdPriZeroPackets OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of VRRP packets received by the
               virtual router with a priority of '0'.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."
           REFERENCE "RFC3768 Section 5.3.4"
           ::= { vrrpRouterStatisticsEntry 5 }

       vrrpStatisticsSentPriZeroPackets OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of VRRP packets sent by the virtual
               router with a priority of '0'.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."
           REFERENCE "RFC3768 Section 5.3.4"
           ::= { vrrpRouterStatisticsEntry 6 }

       vrrpStatisticsRcvdInvalidTypePkts OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only


           STATUS       current
           DESCRIPTION
               "The number of VRRP packets received by the virtual
               router with an invalid value in the 'type' field.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."
           ::= { vrrpRouterStatisticsEntry 7 }



Tata                      Expires June 2010                 [Page 21]


Internet Draft             VRRP unified MIB                   Jan 2010


       vrrpStatisticsAddressListErrors OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of packets received for which the
               address list does not match the locally configured list
               for the virtual router.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."
           ::= { vrrpRouterStatisticsEntry 8 }

       vrrpStatisticsPacketLengthErrors OBJECT-TYPE
           SYNTAX       Counter32
           MAX-ACCESS   read-only
           STATUS       current
           DESCRIPTION
               "The total number of packets received with a packet
               length less than the length of the VRRP header.

               Discontinuities in the value of this counter can occur
               at re-initialization of the management system, and at
               other times as indicated by the value of
               vrrpStatisticsDiscontinuityTime."

           ::= { vrrpRouterStatisticsEntry 9 }

      vrrpStatisticsRcvdInvalidAuthentications OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       current
        DESCRIPTION
            "The total number of packets received with an unknown
            authentication type."
        REFERENCE "RFC3768 Section 5.3.6"
        ::= { vrrpRouterStatisticsEntry 10 }


      vrrpStatisticsDiscontinuityTime OBJECT-TYPE
          SYNTAX     TimeStamp
          MAX-ACCESS read-only
          STATUS     current
          DESCRIPTION
              "The value of sysUpTime on the most recent occasion at
               which any one or more of this entry's counters suffered
               a discontinuity.


Tata                      Expires June 2010                 [Page 22]


Internet Draft             VRRP unified MIB                   Jan 2010



               If no such discontinuities have occurred since the last
               re-initialization of the local management subsystem,
               then this object contains a zero value."

          ::= { vrrpRouterStatisticsEntry 11 }

      vrrpStatisticsRefreshRate OBJECT-TYPE
          SYNTAX     Unsigned32
          UNITS "milli-seconds"
          MAX-ACCESS read-only
          STATUS     current
          DESCRIPTION
              "The minimum reasonable polling interval for this entry.
               This object provides an indication of the minimum
               Amount of time required to update the counters in this
               entry."

          ::= { vrrpRouterStatisticsEntry 12 }

      --
      --   Notification Definitions
      --
      vrrpNotifications   OBJECT IDENTIFIER ::= { vrrpMIB 0 }

      ---
      --- Objects used in the notifications
      ---

      vrrpNewMasterReason OBJECT-TYPE
           SYNTAX        INTEGER {
               notmaster (0),
               priority  (1),
               preempted (2),
               masterNoResponse (3)
           }
           MAX-ACCESS   accessible-for-notify
           STATUS       current
           DESCRIPTION
               "This indicates the reason for vrrpNewMaster trap.
               Used by vrrpTrapNewMaster trap."
           ::= { vrrpOperations 9 }

      vrrpTrapProtoErrReason OBJECT-TYPE
           SYNTAX        INTEGER {
               ipTtlError (0),
               versionError  (1),
               checksumError (2),
               vridError(3)


Tata                      Expires June 2010                 [Page 23]


Internet Draft             VRRP unified MIB                   Jan 2010


           }
           MAX-ACCESS   accessible-for-notify
           STATUS       current
           DESCRIPTION
               "This indicates the reason for protocol error trap.
               Used by vrrpTrapProtoError trap."
           ::= { vrrpOperations 10 }

      vrrpTrapNewMasterCntl  OBJECT-TYPE
           SYNTAX       INTEGER {
               enabled     (1),
               disabled    (2)
           }
           MAX-ACCESS   read-write
           STATUS       current
           DESCRIPTION
              "Controls whether the VRRP-enabled router should
               Generate vrrpTrapNewMaster notification.
               'Enabled' results in vrrpTrapNewMaster notifications;
               'disabled', results in no vrrpTrapNewMaster
               notifications."
           DEFVAL { enabled }
           ::= { vrrpOperations 11 }

      vrrpTrapProtoErrorCntl  OBJECT-TYPE
           SYNTAX       INTEGER {
               enabled     (1),
               disabled    (2)
           }
           MAX-ACCESS   read-write
           STATUS       current
           DESCRIPTION
              "Controls whether the VRRP-enabled router should
               generate vrrpTrapProtoError notification.
               'Enabled' results in vrrpTrapProtoError notifications;
               'disabled', results in no vrrpTrapProtoError
               notifications."
           DEFVAL { disabled }
           ::= { vrrpOperations 12 }

       vrrpTrapNewMaster NOTIFICATION-TYPE
           OBJECTS      { vrrpOperationsMasterIpAddr,
                          vrrpNewMasterReason
                        }
           STATUS       current
           DESCRIPTION
               "The newMaster trap indicates that the sending agent
               has transitioned to 'Master' state."
           ::= { vrrpNotifications 1 }


Tata                      Expires June 2010                 [Page 24]


Internet Draft             VRRP unified MIB                   Jan 2010



       vrrpTrapProtoError NOTIFICATION-TYPE
           OBJECTS      { vrrpTrapProtoErrReason
                        }
           STATUS       current
           DESCRIPTION
               "The error trap indicates that the sending agent has
               encountered the protocol error indicated by
               vrrpTrapProtoErrorReason."
           ::= { vrrpNotifications 3 }

      --
      --  deprecated objects follow.
      --

      --  vrrpOperTable(3) & vrrpAssoIpAddrTable(4) have been
      --  deprecated and should not be used.


   vrrpOperTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF VrrpOperEntry
        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "Operations table for a VRRP router which consists of a
             sequence (i.e., one or more conceptual rows) of
             'vrrpOperEntry' items.

             This table has been deprecated as a new IP version
             neutral 'vrrpOperationsTable' has been added. "

        ::= { vrrpOperations 3 }

   vrrpOperEntry OBJECT-TYPE
        SYNTAX       VrrpOperEntry
        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "An entry in the vrrpOperTable containing the operational
             characteristics of a virtual router.  On a VRRP router,
             a given virtual router is identified by a combination
             of the IF index and VRID.

             Rows in the table cannot be modified unless the value
             of `vrrpOperAdminState' is `disabled' and the
             `vrrpOperState' has transitioned to `initialize'.

             This object is deprecated in favor of the IP Version
             independent object, vrrpOperationsEntry"


Tata                      Expires June 2010                 [Page 25]


Internet Draft             VRRP unified MIB                   Jan 2010



        INDEX    { ifIndex, vrrpOperVrId }
        ::= { vrrpOperTable 1 }

   VrrpOperEntry ::=
        SEQUENCE {
            vrrpOperVrId
                VrId,
            vrrpOperVirtualMacAddr
                MacAddress,
            vrrpOperState
                INTEGER,
            vrrpOperAdminState
                INTEGER,
            vrrpOperPriority
                Integer32,
            vrrpOperIpAddrCount
                Integer32,
            vrrpOperMasterIpAddr
                IpAddress,
            vrrpOperPrimaryIpAddr
                IpAddress,
            vrrpOperAuthType
                INTEGER,
            vrrpOperAuthKey
                OCTET STRING,
            vrrpOperAdvertisementInterval
                Integer32,
            vrrpOperPreemptMode
                TruthValue,
            vrrpOperVirtualRouterUpTime
                TimeStamp,
            vrrpOperProtocol
                INTEGER,
            vrrpOperRowStatus
                RowStatus
    }

    vrrpOperVrId OBJECT-TYPE
        SYNTAX       VrId
        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "This object contains the Virtual Router Identifier
            (VRID).
            This object is deprecated in favor of the IP Version
            independent object, vrrpOperationsVrId "
        ::= { vrrpOperEntry 1 }



Tata                      Expires June 2010                 [Page 26]


Internet Draft             VRRP unified MIB                   Jan 2010


    vrrpOperVirtualMacAddr OBJECT-TYPE
        SYNTAX       MacAddress
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The virtual MAC address of the virtual router.  Although
            this object can be derived from the 'vrrpOperVrId' object,
            it is defined so that it is easily obtainable by a
            management application and can be included in VRRP-related
            SNMP traps.
            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsVirtualMacAddr."
        ::= { vrrpOperEntry 2 }

    vrrpOperState OBJECT-TYPE
        SYNTAX       INTEGER {
            initialize(1),
            backup(2),
            master(3)
        }
        MAX-ACCESS   read-only
        STATUS       deprecated

        DESCRIPTION
            "The current state of the virtual router. This object has
            three defined values:

              - `initialize', which indicates that all the
                virtual router is waiting for a startup event.

              - `backup', which indicates the virtual router is
                monitoring the availability of the master router.

              - `master', which indicates that the virtual router
                is forwarding packets for IP addresses that are
                associated with this router.

            Setting the `vrrpOperAdminState' object (below) initiates
            transitions in the value of this object.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsState."
        ::= { vrrpOperEntry 3 }

    vrrpOperAdminState OBJECT-TYPE
        SYNTAX       INTEGER {
            up(1),
            down(2)
        }


Tata                      Expires June 2010                 [Page 27]


Internet Draft             VRRP unified MIB                   Jan 2010


        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
           "This object will enable/disable the virtual router
           function.

           Setting the value to `up', will transition the state of
           the virtual router from `initialize' to `backup' or
           `master', depending on the value of `vrrpOperPriority'.

           Setting the value to `down', will transition the router
           from `master' or `backup' to `initialize'.  State
           transitions may not be immediate; they sometimes depend on
           other factors, such as the interface (IF) state.

           The `vrrpOperAdminState' object must be set to `down'
           prior to modifying the other read-create objects in the
           conceptual row.  The value of the `vrrpOperRowStatus'
           object (below) must be `active', signifying that the
           conceptual row is valid (i.e., the objects are correctly
           set), in order for this object to be set to `up'.

            This object is deprecated in favor of the IP Version
           Independent object, vrrpOperationsState."
        DEFVAL    { down }
        ::= { vrrpOperEntry 4 }

    vrrpOperPriority OBJECT-TYPE
        SYNTAX       Integer32 (0..255)
        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
            "This object specifies the priority to be used for the
            virtual router master election process.  Higher values
            imply higher priority.

            A priority of '0', although not settable, is sent by
            the master router to indicate that this router has ceased
            to participate in VRRP and a backup virtual router should
            transition to become a new master.

            A priority of 255 is used for the router that owns the
            associated IP address(es).

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsPriority."
        DEFVAL       { 100 }
        ::= { vrrpOperEntry 5 }



Tata                      Expires June 2010                 [Page 28]


Internet Draft             VRRP unified MIB                   Jan 2010


    vrrpOperIpAddrCount OBJECT-TYPE
        SYNTAX       Integer32 (0..255)
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The number of IP addresses that are associated with this
            virtual router.  This number is equal to the number of
            rows in the vrrpAssoIpAddrTable that correspond to a
            given IF index/VRID pair.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsAddrCount."
        ::= { vrrpOperEntry 6 }

    vrrpOperMasterIpAddr OBJECT-TYPE
        SYNTAX       IpAddress
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The master router's real (primary) IP address.  This is
            the IP address listed as the source in VRRP advertisement
            last received by this virtual router.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsMasterIpAddr."
        ::= { vrrpOperEntry 7 }

    vrrpOperPrimaryIpAddr OBJECT-TYPE
        SYNTAX       IpAddress
        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
            "In the case where there is more than one IP address for
            a given `ifIndex', this object is used to specify the IP
            address that will become the `vrrpOperMasterIpAddr',
            should the virtual router transition from backup to
            master. If this object is set to 0.0.0.0, the IP address
            which is numerically lowest (of all the associated IP
            address for the interface) will be selected.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsPrimaryIpAddr."
        DEFVAL       { '00000000'H } -- 0.0.0.0
        ::= { vrrpOperEntry 8 }

    vrrpOperAuthType OBJECT-TYPE
        SYNTAX       INTEGER {
            noAuthentication(1),       -- VRRP protocol exchanges are
                                       -- not authenticated.


Tata                      Expires June 2010                 [Page 29]


Internet Draft             VRRP unified MIB                   Jan 2010


            simpleTextPassword(2),     -- Exchanges are authenticated
                                       -- by a clear text password.
            ipAuthenticationHeader(3)  -- Exchanges are authenticated
                                       -- using the IP authentication
                                       -- header.
        }
        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION

            "Authentication type used for VRRP protocol exchanges
            between virtual routers.  This value of this object is the
            same for a given ifIndex.

            New enumerations to this list can only be added via a new
            RFC on the standards track.

            This object is deprecated in the IP Version MIB."
        DEFVAL       { noAuthentication }
        ::= { vrrpOperEntry 9 }

    vrrpOperAuthKey OBJECT-TYPE
        SYNTAX       OCTET STRING (SIZE (0..16))
        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
            "The Authentication Key.  This object is set according to
            the value of the 'vrrpOperAuthType' object
            ('simpleTextPassword' or 'ipAuthenticationHeader').  If
            the length of the value is less than 16 octets, the agent
            will left adjust and zero fill to 16 octets. The value of
            this object is the same for a given ifIndex.

            When read, vrrpOperAuthKey always returns an Octet String
            of length zero.

            This object is deprecated in the IP Version MIB."
        ::= { vrrpOperEntry 10 }

    vrrpOperAdvertisementInterval OBJECT-TYPE
        SYNTAX       Integer32 (1..255)
        UNITS        "seconds"
        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
            "The time interval, in seconds, between sending
            advertisement messages.  Only the master router sends
            VRRP advertisements.



Tata                      Expires June 2010                 [Page 30]


Internet Draft             VRRP unified MIB                   Jan 2010


            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsAdvInterval. "
        DEFVAL       { 1 }
        ::= { vrrpOperEntry 11 }

    vrrpOperPreemptMode OBJECT-TYPE
        SYNTAX       TruthValue
        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
            "Controls whether a higher priority virtual router will
            preempt a lower priority master.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsPreemptMode. "
        DEFVAL       { true }
        ::= { vrrpOperEntry 12 }

    vrrpOperVirtualRouterUpTime OBJECT-TYPE

        SYNTAX       TimeStamp
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "This is the value of the `sysUpTime' object when this
            virtual router (i.e., the `vrrpOperState') transitioned
            out of `initialized'.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsUpTime."
        ::= { vrrpOperEntry 13 }

    vrrpOperProtocol OBJECT-TYPE
        SYNTAX   INTEGER {
            ip (1),
            bridge (2),
            decnet (3),
            other (4)
        }
        MAX-ACCESS read-create
        STATUS     deprecated
        DESCRIPTION
            "The particular protocol being controlled by this Virtual
            Router.

            New enumerations to this list can only be added via a new
            RFC on the standards track.

            This object is deprecated in the IP Version Independent


Tata                      Expires June 2010                 [Page 31]


Internet Draft             VRRP unified MIB                   Jan 2010


            MIB."
        DEFVAL { ip }
        ::= { vrrpOperEntry 14 }

    vrrpOperRowStatus OBJECT-TYPE
        SYNTAX       RowStatus
        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
            "The row status variable, used in accordance to
            installation and removal conventions for conceptual rows.
            The rowstatus of a currently active row in the
            vrrpOperTable is constrained by the operational state of
            the corresponding virtual router.
            When `vrrpOperRowStatus' is set to active(1), no other
            objects in the conceptual row, with the exception of
            `vrrpOperAdminState', can be modified. Prior to setting
            the `vrrpOperRowStatus' object from `active' to a
            different value, the `vrrpOperAdminState' object must be
            set to `down' and the `vrrpOperState' object be
            transitioned to `initialize'.

            To create a row in this table, a manager sets this object
            to either createAndGo(4) or createAndWait(5).  Until
            instances of all corresponding columns are appropriately
            configured, the value of the corresponding instance of the
            `vrrpOperRowStatus' column will be read as notReady(3).

            In particular, a newly created row cannot be made
            active(1) until (minimally) the corresponding instance of
            `vrrpOperVrId' has been set and there is at least one
            active row in the `vrrpAssoIpAddrTable' defining an
            associated IP address for the virtual router.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpOperationsRowStatus. "

        ::= { vrrpOperEntry 15 }

   --
   --  Deprecated VRRP Associated IP Address Table
   --

    vrrpAssoIpAddrTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF VrrpAssoIpAddrEntry
        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "The table of addresses associated with this virtual


Tata                      Expires June 2010                 [Page 32]


Internet Draft             VRRP unified MIB                   Jan 2010


             router.
            This object is deprecated in favor of the IP Version
            Independent object, vrrpAssociatedIpAddrTable. "
        ::= { vrrpOperations 4 }

    vrrpAssoIpAddrEntry OBJECT-TYPE
        SYNTAX       VrrpAssoIpAddrEntry
        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "An entry in the table contains an IP address that is
            associated with a virtual router.  The number of rows for
            a given ifIndex and VrId will equal the number of IP
            addresses associated (e.g., backed up) by the virtual
            router (equivalent to 'vrrpOperIpAddrCount').

            Rows in the table cannot be modified unless the value
            of `vrrpOperAdminState' is `disabled' and the
            `vrrpOperState' has transitioned to `initialize'.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpAssociatedIpAddrEntry."

        INDEX    { ifIndex, vrrpOperVrId, vrrpAssoIpAddr }
        ::= { vrrpAssoIpAddrTable 1 }

    VrrpAssoIpAddrEntry ::=
        SEQUENCE {
            vrrpAssoIpAddr
                IpAddress,
            vrrpAssoIpAddrRowStatus
                RowStatus
    }

    vrrpAssoIpAddr OBJECT-TYPE
        SYNTAX       IpAddress

        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "The assigned IP addresses that a virtual router is
            responsible for backing up.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpAssociatedIpAddr."
        ::= { vrrpAssoIpAddrEntry 1 }

    vrrpAssoIpAddrRowStatus OBJECT-TYPE
        SYNTAX       RowStatus


Tata                      Expires June 2010                 [Page 33]


Internet Draft             VRRP unified MIB                   Jan 2010


        MAX-ACCESS   read-create
        STATUS       deprecated
        DESCRIPTION
            "The row status variable, used according to installation
            and removal conventions for conceptual rows.  Setting this
            object to active(1) or createAndGo(4) results in the
            addition of an associated address for a virtual router.
            Destroying the entry or setting it to notInService(2)
            removes the associated address from the virtual router.
            The use of other values is implementation-dependent.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpAssociatedIpAddrRowStatus."
        ::= { vrrpAssoIpAddrEntry 2 }


      --
      -- Deprecated vrrpRouterStatsTable.
      --

   vrrpRouterStatsTable OBJECT-TYPE
        SYNTAX       SEQUENCE OF VrrpRouterStatsEntry
        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "Table of virtual router statistics.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpRouterStatisticsTable."
        ::= { vrrpStatistics 4 }

    vrrpRouterStatsEntry OBJECT-TYPE
        SYNTAX       VrrpRouterStatsEntry
        MAX-ACCESS   not-accessible
        STATUS       deprecated
        DESCRIPTION
            "An entry in the table, containing statistics information
            about a given virtual router.
            This object is deprecated in favor of the IP Version
            Independent object, vrrpRouterStatisticsEntry."
        AUGMENTS    { vrrpOperEntry }
        ::= { vrrpRouterStatsTable 1 }

    VrrpRouterStatsEntry ::=
        SEQUENCE {
            vrrpStatsBecomeMaster
                Counter32,
            vrrpStatsAdvertiseRcvd
                Counter32,


Tata                      Expires June 2010                 [Page 34]


Internet Draft             VRRP unified MIB                   Jan 2010


            vrrpStatsAdvertiseIntervalErrors
                Counter32,
            vrrpStatsAuthFailures
                Counter32,
            vrrpStatsIpTtlErrors
                Counter32,
            vrrpStatsPriorityZeroPktsRcvd
                Counter32,
            vrrpStatsPriorityZeroPktsSent
                Counter32,
            vrrpStatsInvalidTypePktsRcvd
                Counter32,
            vrrpStatsAddressListErrors
                Counter32,
            vrrpStatsInvalidAuthType
                Counter32,
            vrrpStatsAuthTypeMismatch
                Counter32,
            vrrpStatsPacketLengthErrors
                Counter32
        }

    vrrpStatsBecomeMaster OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The total number of times that this virtual router's
            state has transitioned to MASTER.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsMasterTransitions."
        ::= { vrrpRouterStatsEntry 1 }

    vrrpStatsAdvertiseRcvd OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The total number of VRRP advertisements received by this
            virtual router.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsRcvdAdvertisements."
        ::= { vrrpRouterStatsEntry 2 }

    vrrpStatsAdvertiseIntervalErrors OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only


Tata                      Expires June 2010                 [Page 35]


Internet Draft             VRRP unified MIB                   Jan 2010


        STATUS       deprecated
        DESCRIPTION
            "The total number of VRRP advertisement packets received
            for which the advertisement interval is different than the
            one configured for the local virtual router.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsAdvIntervalErrors."
        ::= { vrrpRouterStatsEntry 3 }

    vrrpStatsAuthFailures OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The total number of VRRP packets received that do not
            pass the authentication check.

            This object is deprecated in the IP Version MIB."
        ::= { vrrpRouterStatsEntry 4 }

    vrrpStatsIpTtlErrors OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated

        DESCRIPTION
            "The total number of VRRP packets received by the virtual
            router with IP TTL (Time-To-Live) not equal to 255.
            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsIpTtlErrors."

        ::= { vrrpRouterStatsEntry 5 }

    vrrpStatsPriorityZeroPktsRcvd OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The total number of VRRP packets received by the virtual
            router with a priority of '0'.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsRcvdPriZeroPackets."
        ::= { vrrpRouterStatsEntry 6 }

    vrrpStatsPriorityZeroPktsSent OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only


Tata                      Expires June 2010                 [Page 36]


Internet Draft             VRRP unified MIB                   Jan 2010


        STATUS       deprecated
        DESCRIPTION
            "The total number of VRRP packets sent by the virtual
            router with a priority of '0'.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsSentPriZeroPackets. "
        ::= { vrrpRouterStatsEntry 7 }

    vrrpStatsInvalidTypePktsRcvd OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The number of VRRP packets received by the virtual router
            with an invalid value in the 'type' field.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsRcvdInvalidTypePkts. "
        ::= { vrrpRouterStatsEntry 8 }

    vrrpStatsAddressListErrors OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The total number of packets received for which the
            address list does not match the locally configured list
            for the virtual router.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsAddressListErrors."
        ::= { vrrpRouterStatsEntry 9 }

      vrrpStatsInvalidAuthType OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The total number of packets received with an unknown
            authentication type.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsPacketLengthErrors."
        ::= { vrrpRouterStatsEntry 10 }

      vrrpStatsAuthTypeMismatch OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only


Tata                      Expires June 2010                 [Page 37]


Internet Draft             VRRP unified MIB                   Jan 2010


        STATUS       deprecated
        DESCRIPTION
            "The total number of packets received with 'Auth Type' not
            equal to the locally configured authentication method
            (`vrrpOperAuthType').

            This object is deprecated in favor of the IP Version
            Independent object,
            vrrpStatisticsRcvdInvalidAuthentications."
        ::= { vrrpRouterStatsEntry 11 }

      vrrpStatsPacketLengthErrors OBJECT-TYPE
        SYNTAX       Counter32
        MAX-ACCESS   read-only
        STATUS       deprecated
        DESCRIPTION
            "The total number of packets received with a packet length
            less than the length of the VRRP header.

            This object is deprecated in favor of the IP Version
            Independent object, vrrpStatisticsPacketLengthErrors. "
        ::= { vrrpRouterStatsEntry 12 }



    vrrpTrapPacketSrc OBJECT-TYPE
        SYNTAX       IpAddress
        MAX-ACCESS   accessible-for-notify
        STATUS       deprecated
        DESCRIPTION
            "The IP address of an inbound VRRP packet. Used by
             vrrpTrapAuthFailure trap.

             This object is deprecated in the IP Version MIB. "
        ::= { vrrpOperations 5 }

     vrrpTrapAuthErrorType OBJECT-TYPE
        SYNTAX        INTEGER {
            invalidAuthType (1),
            authTypeMismatch (2),
            authFailure (3)
        }
        MAX-ACCESS   accessible-for-notify
        STATUS       deprecated
        DESCRIPTION
            "Potential types of configuration conflicts.
            Used by vrrpAuthFailure trap.

            This object is deprecated in the IP Version MIB. "


Tata                      Expires June 2010                 [Page 38]


Internet Draft             VRRP unified MIB                   Jan 2010



        ::= { vrrpOperations 6 }


      ---
      --- vrrpAuthFailureTrap (2) has been deprecated.
      ---

      vrrpTrapAuthFailure NOTIFICATION-TYPE
        OBJECTS      { vrrpTrapPacketSrc,
                       vrrpTrapAuthErrorType
                     }
        STATUS       deprecated
        DESCRIPTION
            "A vrrpAuthFailure trap signifies that a packet has
            been received from a router whose authentication key
            or authentication type conflicts with this router's
            authentication key or authentication type.  Implementation
            of this trap is optional.

            This object is has been deprecated. "
        ::= { vrrpNotifications 2 }

      --
      --  Conformance Information
      --

       vrrpMIBCompliances  OBJECT IDENTIFIER ::= { vrrpConformance 1 }
       vrrpMIBGroups       OBJECT IDENTIFIER ::= { vrrpConformance 2 }

      --
      -- Compliance Statements
      --


      vrrpMIBCompliance MODULE-COMPLIANCE
        STATUS deprecated
        DESCRIPTION
           "This compliance is deprecated in favour of
              vrrpModuleFullCompliance."
        MODULE -- this module
        MANDATORY-GROUPS  {
            vrrpOperGroup,
            vrrpStatsGroup,
            vrrpTrapGroup,
            vrrpNotificationGroup
        }
        OBJECT        vrrpOperPriority
        WRITE-SYNTAX  Integer32 (1..255)


Tata                      Expires June 2010                 [Page 39]


Internet Draft             VRRP unified MIB                   Jan 2010


        DESCRIPTION  "Setable values are from 1 to 255."

        ::= { vrrpMIBCompliances 1 }

       vrrpModuleFullCompliance MODULE-COMPLIANCE
           STATUS current
           DESCRIPTION

              "The compliance statement for both VRRP for IPv4 and
              VRRP for IPv6 implementations."

           MODULE -- this module
           MANDATORY-GROUPS  {
               vrrpOperationsGroup,
               vrrpStatisticsGroup,
               vrrpTrapInfoGroup,
               vrrpNotificationsGroup
           }
           OBJECT        vrrpOperationsPriority
           WRITE-SYNTAX  Unsigned32 (1..254)
           DESCRIPTION  "Setable values are from 1 to 254."


           ::= { vrrpMIBCompliances 2 }

       vrrpModuleReadOnlyCompliance MODULE-COMPLIANCE
           STATUS current
           DESCRIPTION
              "When this MIB is implemented without support for read-
              create (i.e. in read-only mode), then such an
              implementation can claim read-only compliance. Such a
              device can then be monitored but can not be configured
              with this MIB."

           MODULE -- this module
           MANDATORY-GROUPS  {
               vrrpOperationsGroup,
               vrrpStatisticsGroup,
               vrrpTrapInfoGroup,
               vrrpNotificationsGroup
           }

           OBJECT        vrrpOperationsPriority
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpOperationsPrimaryIpAddr
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."


Tata                      Expires June 2010                 [Page 40]


Internet Draft             VRRP unified MIB                   Jan 2010



           OBJECT        vrrpOperationsAdvInterval
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpOperationsPreemptMode
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpOperationsAcceptMode
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpOperationsStorageType
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpOperationsRowStatus
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."


           OBJECT        vrrpAssociatedStorageType
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpAssociatedIpAddrRowStatus
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpTrapNewMasterCntl
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           OBJECT        vrrpTrapProtoErrorCntl
           MIN-ACCESS    read-only
           DESCRIPTION  "Write access is not required."

           ::= { vrrpMIBCompliances 3 }

      --
      -- Conformance Groups
      --

   vrrpOperGroup  OBJECT-GROUP
        OBJECTS  {
            vrrpNodeVersion,
            vrrpNotificationCntl,
            vrrpOperVirtualMacAddr,


Tata                      Expires June 2010                 [Page 41]


Internet Draft             VRRP unified MIB                   Jan 2010


            vrrpOperState,
            vrrpOperAdminState,
            vrrpOperPriority,
            vrrpOperIpAddrCount,
            vrrpOperMasterIpAddr,
            vrrpOperPrimaryIpAddr,
            vrrpOperAuthType,
            vrrpOperAuthKey,
            vrrpOperAdvertisementInterval,
            vrrpOperPreemptMode,
            vrrpOperVirtualRouterUpTime,
            vrrpOperProtocol,
            vrrpOperRowStatus,
            vrrpAssoIpAddrRowStatus
            }
        STATUS deprecated
        DESCRIPTION
           "Conformance group for VRRP operations."
        ::= { vrrpMIBGroups 1 }

    vrrpStatsGroup  OBJECT-GROUP
        OBJECTS  {
            vrrpRouterChecksumErrors,
            vrrpRouterVersionErrors,
            vrrpRouterVrIdErrors,
            vrrpStatsBecomeMaster,
            vrrpStatsAdvertiseRcvd,
            vrrpStatsAdvertiseIntervalErrors,
            vrrpStatsAuthFailures,
            vrrpStatsIpTtlErrors,
            vrrpStatsPriorityZeroPktsRcvd,
            vrrpStatsPriorityZeroPktsSent,
            vrrpStatsInvalidTypePktsRcvd,
            vrrpStatsAddressListErrors,
            vrrpStatsInvalidAuthType,
            vrrpStatsAuthTypeMismatch,
            vrrpStatsPacketLengthErrors

            }
        STATUS deprecated
        DESCRIPTION
           "Conformance group for VRRP statistics."
        ::= { vrrpMIBGroups 2 }

    vrrpTrapGroup  OBJECT-GROUP
        OBJECTS  {
            vrrpTrapPacketSrc,
            vrrpTrapAuthErrorType
            }


Tata                      Expires June 2010                 [Page 42]


Internet Draft             VRRP unified MIB                   Jan 2010


        STATUS deprecated
        DESCRIPTION
           "Conformance group for objects contained in VRRP
           notifications."
        ::= { vrrpMIBGroups 3 }

    vrrpNotificationGroup NOTIFICATION-GROUP
        NOTIFICATIONS {
            vrrpTrapAuthFailure
            }
        STATUS deprecated
        DESCRIPTION
           "The VRRP MIB Notification Group."
        ::= { vrrpMIBGroups 4 }


    vrrpOperationsGroup   OBJECT-GROUP
           OBJECTS  {
               vrrpTrapNewMasterCntl,
               vrrpTrapProtoErrorCntl,
               vrrpOperationsVirtualMacAddr,
               vrrpOperationsState,
               vrrpOperationsPriority,
               vrrpOperationsMasterIpAddr,
               vrrpOperationsAdvInterval,
               vrrpOperationsPreemptMode,
               vrrpOperationsAcceptMode,
               vrrpOperationsUpTime,
               vrrpOperationsStorageType,
               vrrpOperationsRowStatus,
               vrrpOperationsAddrCount,
               vrrpOperationsPrimaryIpAddr,
               vrrpAssociatedStorageType,
               vrrpAssociatedIpAddrRowStatus
               }
           STATUS current
           DESCRIPTION

              "Conformance group for VRRP over IPv4 and IPv6
              operations."
           ::= { vrrpMIBGroups 5 }


    vrrpStatisticsGroup  OBJECT-GROUP
           OBJECTS  {
               vrrpRouterChecksumErrors,
               vrrpRouterVersionErrors,
               vrrpRouterVrIdErrors,
               vrrpStatisticsMasterTransitions,


Tata                      Expires June 2010                 [Page 43]


Internet Draft             VRRP unified MIB                   Jan 2010


               vrrpStatisticsRcvdAdvertisements,
               vrrpStatisticsAdvIntervalErrors,
               vrrpStatisticsRcvdPriZeroPackets,
               vrrpStatisticsSentPriZeroPackets,
               vrrpStatisticsRcvdInvalidTypePkts,
               vrrpStatisticsIpTtlErrors,
               vrrpStatisticsAddressListErrors,
               vrrpStatisticsPacketLengthErrors,
               vrrpStatisticsRcvdInvalidAuthentications,
               vrrpStatisticsDiscontinuityTime,
               vrrpStatisticsRefreshRate
               }
           STATUS current
           DESCRIPTION
              "Conformance group for VRRP over IPv4 and IPv6
              statistics."
           ::= { vrrpMIBGroups 6 }

     vrrpTrapInfoGroup  OBJECT-GROUP
           OBJECTS  {
               vrrpTrapProtoErrReason,
               vrrpNewMasterReason
               }
           STATUS current
           DESCRIPTION
              "Conformance group for objects contained in VRRP
               notifications."
           ::= { vrrpMIBGroups 8 }

    vrrpNotificationsGroup NOTIFICATION-GROUP
           NOTIFICATIONS {
               vrrpTrapNewMaster,
               vrrpTrapProtoError
               }
           STATUS current
           DESCRIPTION
              "The VRRP MIB Notification Group."
           ::= { vrrpMIBGroups 9 }

   END


11. Security Considerations

   There are a number of management objects defined in this MIB module
   with a MAX-ACCESS clause of read-write and/or read-create.  Such
   objects may be considered sensitive or vulnerable in some network
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on


Tata                      Expires June 2010                 [Page 44]


Internet Draft             VRRP unified MIB                   Jan 2010


   network operations.  These are the tables and objects and their
   sensitivity/vulnerability:

   The objects vrrpOperationsPriority, vrrpOperationsPrimaryIpAddr,
   vrrpOperationsAdvInterval, vrrpOperationsPreemptMode,
   vrrpOperationsAcceptMode, vrrpOperationsStorageType,
   vrrpOperationsRowStatus, vrrpAssociatedStorageType
   vrrpAssociatedIpAddrRowStatus, vrrpNotificationCntl possess the read-
   create attribute. Manipulation of these objects is capable of
   affecting the operation of a virtual router.

   Specific examples of this include, but are not limited to:

   o The vrrpOperationsRowStatus object which could be used to disable a
   virtual router. While there are other columns that, if changed,
   could disrupt operations, they can not be changed without first
   changing the RowStatus object.

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the
   objects in this MIB module.

   It is RECOMMENDED that implementers consider the security features
   as provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.

12. IANA Considerations

   This document has no IANA considerations.

   This section should be removed by the RFC Editor to final
   publication.

13. Normative References

   [RFC2119] Bradner S., "Key words for use in RFCs to Indicate
             Requirement Levels", RFC 2119, March 1997.
   [RFC2578] McCloghrie, K., D. Perkins, J. Schoenwaelder, J. Case, M.


Tata                      Expires June 2010                 [Page 45]


Internet Draft             VRRP Unified MIB                   Aug 2009


             Rose, S. Waldbusser, "Structure of Management Information
             Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
   [RFC2579] McCloghrie, K., D. Perkins, J. Schoenwaelder, J. Case, M.
             Rose, S. Waldbusser, "Textual Conventions for SMIv2", STD
             58, RFC 2579, April 1999.
   [RFC2580] McCloghrie, K., D. Perkins, J. Schoenwaelder, J. Case, M.
             Rose, S. Waldbusser, "Conformance Statements for SMIv2",
             STD 58, RFC 2580, April 1999.
   [VRRPv3]  S. Nadas, Ed., "Virtual Router Redundancy Protocol Version
             3 for IPv4 and IPv6 ", RFC xxxx (RFC-editor this is draft-
             ietf-vrrp-unified-spec-05.txt), July 2009.
   [RFC2787] Jewell, B., D. Chuang, "Definitions of Managed Objects for
             the Virtual Router Redundancy Protocol", RFC 2787, March
             2000.

14. Informative References

   [RFC3410] Case, J., R. Mundy, D. Partain, B. Stewart, "Introduction
             and Applicability Statements for Internet-Standard
             Management Framework", RFC 3410, December 2002.

15. Acknowledgments

   Kripakaran Karlekar and Brain Jewell helped in design and initial
   drafts of this specification. This specification is based on RFC
   2787. The authors of RFC2787 are Brian Jewell and David Chuang. The
   author would also like to thank Bert Wijnen, Dave Thaler, Mukesh
   Gupta and Steve Bates for taking time to review the document and
   provide valuable guidance.

16. Author's Address

   Srinivas Kalyan Tata
   Check Point Software
   800 Bridge Parkway
   Redwood City, CA 94065
   USA

   Phone: +1-408-505-0542
   EMail: tata_kalyan@yahoo.com










Tata                      Expires June 2010                 [Page 46]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/