draft-ietf-forces-mib-00.txt   draft-ietf-forces-mib-01.txt 
ForCES MIB January 24, 2006
ForCES Forwarding and Control Element R. Haas
Internet Draft R. Haas Separation (forces) IBM
Document: draft-ietf-forces-mib-00.txt IBM
Expires: July 23, 2006 January 2006 Expires: October 22, 2006
ForCES MIB ForCES MIB
draft-ietf-forces-mib-01
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of 6 months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 23, 2006. This Internet-Draft will expire on October 22, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Abstract Abstract
This memo defines a Management Information Base (MIB) for use with This memo defines a Management Information Base (MIB) for use with
network management protocols in the Internet community. In network management protocols in the Internet community. In
particular, it defines a MIB for the Forwarding and Control Element particular, it defines a MIB for the Forwarding and Control Element
Separation (ForCES) Network Element (NE). The ForCES working group Separation (ForCES) Network Element (NE). The ForCES working group
is defining a protocol to allow a Control Element (CE) to control the is defining a protocol to allow a Control Element (CE) to control the
behavior of a Forwarding Element (FE). behavior of a Forwarding Element (FE).
Conventions used in this document Table of Contents
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
document are to be interpreted as described in RFC-2119 [RFC2119]. 3. Design of the ForCES MIB . . . . . . . . . . . . . . . . . . . 3
4. Association State . . . . . . . . . . . . . . . . . . . . . . 3
5. ForCES MIB Definition . . . . . . . . . . . . . . . . . . . . 4
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
8. Normative References . . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . . . 11
Table of Contents 1. Requirements notation
1. Introduction...................................................2 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
2. Design of ForCES MIB...........................................4 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
3. Association State..............................................4 document are to be interpreted as described in [RFC2119].
4. MIB Definition.................................................4
Security Considerations...........................................8
References........................................................9
Acknowledgments...................................................9
Author's Addresses................................................9
1. Introduction 2. Introduction
The ForCES MIB is a primarily read-only MIB that captures information The ForCES MIB is a primarily read-only MIB that captures information
related to the ForCES protocol. This includes state information about related to the ForCES protocol ([RFC3654] and [RFC3746]). This
the associations between CE(s) and FE(s) in the NE. includes state information about the associations between CE(s) and
FE(s) in the NE.
The ForCES MIB does not include information that is specified in The ForCES MIB does not include information that is specified in
other MIBs, such as packet counters for interfaces, etc. other MIBs, such as packet counters for interfaces, etc.
More specifically , the information in the ForCES MIB relative to More specifically , the information in the ForCES MIB relative to
associations includes: associations includes:
- identifiers of the elements in the association o identifiers of the elements in the association,
- state of the association
- configuration parameters of the association
- statistics of the association
The relevant references from the ForCES requirements and architecture
documents are repeated below:
From the ForCES requirements RFC [RFC 3654], Section 4, point 4:
A NE MUST support the appearance of a single functional device. For
example, in a router, the TTL of the packet should be decremented
only once as it traverses the NE regardless of how many FEs through
which it passes. However, external entities (e.g., FE managers and
CE managers) MAY have direct access to individual ForCES protocol
elements for providing information to transition them from the pre-
association to post-association phase.
And [RFC 3654], Section 4, point 14:
1. The ability for a management tool (e.g., SNMP) to be used to
read(but not change) the state of FE SHOULD NOT be precluded.
2. It MUST NOT be possible for management tools (e.g., SNMP, etc)
to change the state of a FE in a manner that affects overall NE
behavior without the CE being notified.
According to the ForCES architecture RFC [RFC 3746], Section 3.3:
CE managers may be physically and logically separate entities that o state of the association,
configure the CE with FE information via such mechanisms as COPS-PR
[7] or SNMP [5].
and [RFC 3746], Section 5.7: o configuration parameters of the association, and
RFC 1812 [2] also dictates that "Routers MUST be manageable by o statistics of the association.
SNMP". In general, for the post-association phase, most external
management tasks (including SNMP) should be done through
interaction with the CE in order to support the appearance of a
single functional device. Therefore, it is recommended that an SNMP
agent be implemented by CEs and that the SNMP messages received by
FEs be redirected to their CEs. AgentX framework defined in RFC
2741 ([6]) may be applied here such that CEs act in the role of
master agent to process SNMP protocol messages while FEs act in the
role of subagent to provide access to the MIB objects residing on
FEs. AgentX protocol messages between the master agent (CE) and
the subagent (FE) are encapsulated and transported via ForCES, just
like data packets from any other application layer protocols.
2. Design of ForCES MIB 3. Design of the ForCES MIB
In an NE composed of one or more FEs and a single CE, the CE is In an NE composed of one or more FEs and a single CE, the CE is
clearly aware of all associations and hence can provide this clearly aware of all associations and hence can provide this
information in a single ForCES MIB. In contrast, in an NE composed of information in a single ForCES MIB. In contrast, in an NE composed
more than one CE, such association information is distributed and of more than one CE, such association information is distributed and
hence more than one ForCES MIB may be necessary, unless this hence more than one ForCES MIB may be necessary, unless this
information is aggregated into a single ForCES MIB by some means information is aggregated into a single ForCES MIB by some means
beyond the scope of this document. Nevertheless, the ForCES MIB beyond the scope of this document. Nevertheless, the ForCES MIB
design is compatible with both the single-CE and the multiple-CE design is compatible with both the single-CE and the multiple-CE
case. case.
3. Association State 4. Association State
Association state as shown in the MIB is considered from the CE's Association state as shown in the MIB is considered from the CE's
point of view: point of view:
- An association is in the DOWN state if the CE has not received any
o An association is in the DOWN state if the CE has not received any
message (heartbeat or other protocol message) from the FE within a message (heartbeat or other protocol message) from the FE within a
given time period or if an Association Teardown message has been given time period or if an Association Teardown message has been
sent by the CE. sent by the CE.
- An association is in the ESTABLISHING state as long as no message
o An association is in the ESTABLISHING state as long as no message
has been received from the FE after the CE has sent a positive has been received from the FE after the CE has sent a positive
Association Setup Response message. Association Setup Response message.
- An association is in the UP state in all other cases.
o An association is in the UP state in all other cases.
Note that it is left to the implementers to choose how long entries Note that it is left to the implementers to choose how long entries
of associations in the DOWN state remain in the MIB until they are of associations in the DOWN state remain in the MIB until they are
removed, if at all. removed, if at all.
The ForCES protocol may be used by the CE to query the FE Protocol 5. ForCES MIB Definition
LFB about some of the configuration parameters. However, such queries
may obviously be issued only when the association is in the UP state.
Hence any MIB value that corresponds to such a parameter can only be
considered valid as long as the association is in the UP state.
[Note: there is no such parameter in the MIB at this time]
[Note: Should the MIB indicate whether associations have been
rejected ? Can this be a weakness exploited by DDoS if the MIB lists
all such rejected associations ?]
4. ForCES MIB Definition
For each association identified by the pair CE ID and FE ID, the For each association identified by the pair CE ID and FE ID, the
following information is provided by the MIB: following information is provided by the MIB:
- Current state of the association: o Current state of the association:
DOWN: the CE(s) indicated by the CE ID and FE(s) indicated by the
FE ID are not associated.
ESTABLISHING: transient state until the association has been * DOWN: the CE(s) indicated by the CE ID and FE(s) indicated by
established. See Section 3 above for details. the FE ID are not associated.
UP: the CE(s) indicated by the CE ID and FE(s) indicated by the FE * ESTABLISHING: transient state until the association has been
ID are associated. established. See Section 4 above for details.
Association statistics: * UP: the CE(s) indicated by the CE ID and FE(s) indicated by the
FE ID are associated.
- Time when the association attained the UP state. o Time when the association attained the UP state.
- Time when the association appeared in the MIB. o Time when the association appeared in the MIB.
- Number of transitions to ESTABLISHING state since the association o Number of transitions to ESTABLISHING state since the association
appeared in the MIB. appeared in the MIB.
- Number of transitions to UP state since the association appeared in o Number of transitions to UP state since the association appeared
the MIB. in the MIB.
- Number of ForCES messages sent/received since the association o Number of ForCES messages sent/received since the association
attained the UP state. attained the UP state.
FORCES-MIB DEFINITIONS ::= BEGIN FORCES-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
OBJECT-TYPE, MODULE-IDENTITY, OBJECT-TYPE, MODULE-IDENTITY,
Integer32, Counter32, Unsigned32 Integer32, Counter32, Unsigned32
FROM SNMPv2-SMI FROM SNMPv2-SMI
TEXTUAL-CONVENTION, RowStatus, TimeInterval, TimeStamp TEXTUAL-CONVENTION, RowStatus, TimeInterval, TimeStamp
FROM SNMPv2-TC; FROM SNMPv2-TC;
forcesMIB MODULE-IDENTITY forcesMIB MODULE-IDENTITY
LAST-UPDATED "200601241200Z" -- Jan 24, 2006 LAST-UPDATED "200604201200Z" -- Apr 20, 2006
ORGANIZATION "Forwarding and Control Element Separation ORGANIZATION "Forwarding and Control Element Separation
(ForCES) Working Group" (ForCES) Working Group"
CONTACT-INFO CONTACT-INFO
"Robert Haas (rha@zurich.ibm.com), IBM" "Robert Haas (rha@zurich.ibm.com), IBM"
DESCRIPTION DESCRIPTION
"Initial version, published as RFC yyyy. This MIB "Initial version, published as RFC yyyy. This MIB
contains managed object definitions for the ForCES contains managed object definitions for the ForCES
Protocol." Protocol."
-- RFC Ed.: replace yyyy with actual RFC number & remove this note -- RFC Ed.: replace yyyy with actual RFC number & remove this note
::= { mib-2 XXX } ::= { mib-2 XXX }
skipping to change at page 6, line 17 skipping to change at page 5, line 36
--**************************************************************** --****************************************************************
ForcesID ::= TEXTUAL-CONVENTION ForcesID ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The ForCES identifier is a four octet quantity." "The ForCES identifier is a four octet quantity."
SYNTAX OCTET STRING (SIZE (4)) SYNTAX OCTET STRING (SIZE (4))
ForcesAssociationState ::= TEXTUAL-CONVENTION ForcesAssociationState ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The value down(1) indicates that the current state of "The value down(1) indicates that the current state
the association is down. establishing(2) indicates of the association is down.
that the association is in the process of being set establishing(2) indicates that the association is
up. up(3) indicates that the association is up." in the process of being set up.
up(3) indicates that the association is up."
SYNTAX INTEGER { SYNTAX INTEGER {
down(1), down(1),
establishing(2), establishing(2),
up(3) up(3)
} }
forcesAssociations OBJECT IDENTIFIER ::= { forcesMIB 1 } forcesAssociations OBJECT IDENTIFIER ::= { forcesMIB 1 }
forcesAssociationTable OBJECT-TYPE forcesAssociationTable OBJECT-TYPE
SYNTAX SEQUENCE OF ForcesAssociationEntry SYNTAX SEQUENCE OF ForcesAssociationEntry
skipping to change at page 8, line 29 skipping to change at page 7, line 48
DESCRIPTION DESCRIPTION
"A counter of how many times this association "A counter of how many times this association
state changed from establishing to up." state changed from establishing to up."
::= { forcesAssociationEntry 7} ::= { forcesAssociationEntry 7}
forcesAssociationMsgSent OBJECT-TYPE forcesAssociationMsgSent OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A counter of how many messages have been sent on "A counter of how many messages have been sent
this association since it is up." on this association since it is up."
::= { forcesAssociationEntry 8} ::= { forcesAssociationEntry 8}
forcesAssociationMsgReceived OBJECT-TYPE forcesAssociationMsgReceived OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A counter of how many messages have been received on "A counter of how many messages have been received
this association since it is up." on this association since it is up."
::= { forcesAssociationEntry 9} ::= { forcesAssociationEntry 9}
END END
Security Considerations 6. Security Considerations
Some of the readable objects in this MIB module may be considered Some of the readable objects in this MIB module may be considered
sensitive or vulnerable in some network environment. sensitive or vulnerable in some network environment.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec), Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module. in this MIB module.
skipping to change at page 9, line 20 skipping to change at page 8, line 39
authentication and privacy). authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
References 7. IANA Considerations
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate IANA will need to assign a number to this MIB.
Requirements Levels", BCP 14, RFC 2119, March 1997.
[RFC3654] Khosravi, H,, and Anderson, T., "Requirements for 8. Normative References
Separation of IP Control and Forwarding", RFC 3654, November 2003.
[RFC3746] Yang, L., Dantu, R., Anderson, T., Gopal, R., "Forwarding [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
and Control Element Separation (ForCES) Framework", RFC 3746, April Requirement Levels", BCP 14, RFC 2119, March 1997.
2004.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- Standard "Introduction and Applicability Statements for Internet-
Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
Acknowledgments [RFC3654] Khosravi, H. and T. Anderson, "Requirements for Separation
of IP Control and Forwarding", RFC 3654, November 2003.
The author wants to acknowledge the comments of the members of the [RFC3746] Yang, L., Dantu, R., Anderson, T., and R. Gopal,
ForCES working group. "Forwarding and Control Element Separation (ForCES)
Framework", RFC 3746, April 2004.
Author's Addresses Author's Address
Robert Haas Robert Haas
IBM Research IBM
Zurich Research Lab
Saeumerstrasse 4 Saeumerstrasse 4
8803 Rueschlikon Rueschlikon 8803
Switzerland CH
Email: rha@zurich.ibm.com Email: rha@zurich.ibm.com
URI: http://www.zurich.ibm.com/~rha
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 50 change blocks. 
143 lines changed or deleted 82 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/