ForCES MIB              January 24, 2006

   ForCES
   Internet Draft
Forwarding and Control Element                                   R. Haas
   Document: draft-ietf-forces-mib-00.txt
Separation (forces)                                                  IBM

Expires: July 23, 2006                                  January October 22, 2006

                               ForCES MIB
                        draft-ietf-forces-mib-01

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of 6 six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on July 23, October 22, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2006).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on
   an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
   INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Abstract

   This memo defines a Management Information Base (MIB) for use with
   network management protocols in the Internet community.  In
   particular, it defines a MIB for the Forwarding and Control Element
   Separation (ForCES) Network Element (NE).  The ForCES working group
   is defining a protocol to allow a Control Element (CE) to control the
   behavior of a Forwarding Element (FE).

Conventions used in this document

Table of Contents

   1.  Requirements notation  . . . . . . . . . . . . . . . . . . . .  3
   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Design of the ForCES MIB . . . . . . . . . . . . . . . . . . .  3
   4.  Association State  . . . . . . . . . . . . . . . . . . . . . .  3
   5.  ForCES MIB Definition  . . . . . . . . . . . . . . . . . . . .  4
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  8
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  8
   8.  Normative References . . . . . . . . . . . . . . . . . . . . .  8
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10
   Intellectual Property and Copyright Statements . . . . . . . . . . 11

1.  Requirements notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [RFC2119].

Table of Contents

   1. Introduction...................................................2

2. Design of ForCES MIB...........................................4
   3. Association State..............................................4
   4. MIB Definition.................................................4
   Security Considerations...........................................8
   References........................................................9
   Acknowledgments...................................................9
   Author's Addresses................................................9

1.  Introduction

   The ForCES MIB is a primarily read-only MIB that captures information
   related to the ForCES protocol. protocol ([RFC3654] and [RFC3746]).  This
   includes state information about the associations between CE(s) and
   FE(s) in the NE.

   The ForCES MIB does not include information that is specified in
   other MIBs, such as packet counters for interfaces, etc.

   More specifically , specifically, the information in the ForCES MIB relative to
   associations includes:

   -

   o  identifiers of the elements in the association
   - association,

   o  state of the association
   - association,

   o  configuration parameters of the association
   - association, and

   o  statistics of the association

   The relevant references from the ForCES requirements and architecture
   documents are repeated below:

   From association.

3.  Design of the ForCES requirements RFC [RFC 3654], Section 4, point 4:

     A MIB

   In an NE MUST support the appearance composed of one or more FEs and a single functional device. For
     example, in a router, CE, the TTL CE is
   clearly aware of the packet should be decremented
     only once as it traverses the all associations and hence can provide this
   information in a single ForCES MIB.  In contrast, in an NE regardless composed
   of how many FEs through
     which it passes.  However, external entities (e.g., FE managers more than one CE, such association information is distributed and
     CE managers) MAY have direct access to individual ForCES protocol
     elements for providing information to transition them from the pre-
     association to post-association phase.

   And [RFC 3654], Section 4, point 14:

     1. The ability for a management tool (e.g., SNMP) to be used to
     read(but not change) the state of FE SHOULD NOT be precluded.
     2. It MUST NOT be possible for management tools (e.g., SNMP, etc)
     to change the state of a FE in a manner that affects overall NE
     behavior without the CE being notified.

   According to the ForCES architecture RFC [RFC 3746], Section 3.3:

     CE managers may be physically and logically separate entities that
     configure the CE with FE information via such mechanisms as COPS-PR
     [7] or SNMP [5].

   and [RFC 3746], Section 5.7:

     RFC 1812 [2] also dictates that "Routers MUST be manageable by
     SNMP". In general, for the post-association phase, most external
     management tasks (including SNMP) should be done through
     interaction with the CE in order to support the appearance of a
     single functional device. Therefore, it is recommended that an SNMP
     agent be implemented by CEs and that the SNMP messages received by
     FEs be redirected to their CEs. AgentX framework defined in RFC
     2741 ([6]) may be applied here such that CEs act in the role of
     master agent to process SNMP protocol messages while FEs act in the
     role of subagent to provide access to the MIB objects residing on
     FEs.  AgentX protocol messages between the master agent (CE) and
     the subagent (FE) are encapsulated and transported via ForCES, just
     like data packets from any other application layer protocols.

2. Design of ForCES MIB

   In an NE composed of one or more FEs and a single CE, the CE is
   clearly aware of all associations and hence can provide this
   information in a single ForCES MIB. In contrast, in an NE composed of
   more than one CE, such association information is distributed and
   hence more than one
   hence more than one ForCES MIB may be necessary, unless this
   information is aggregated into a single ForCES MIB by some means
   beyond the scope of this document.  Nevertheless, the ForCES MIB
   design is compatible with both the single-CE and the multiple-CE
   case.

3.

4.  Association State

   Association state as shown in the MIB is considered from the CE's
   point of view:
   -

   o  An association is in the DOWN state if the CE has not received any
      message (heartbeat or other protocol message) from the FE within a
      given time period or if an Association Teardown message has been
      sent by the CE.
   -

   o  An association is in the ESTABLISHING state as long as no message
      has been received from the FE after the CE has sent a positive
      Association Setup Response message.
   -

   o  An association is in the UP state in all other cases.

   Note that it is left to the implementers to choose how long entries
   of associations in the DOWN state remain in the MIB until they are
   removed, if at all.

   The

5.  ForCES protocol may be used MIB Definition

   For each association identified by the pair CE to query the ID and FE Protocol
   LFB about some of the configuration parameters. However, such queries
   may obviously be issued only when ID, the association
   following information is in provided by the UP state.
   Hence any MIB value that corresponds to such a parameter can only be
   considered valid as long as the association is in the UP state.
   [Note: there is no such parameter in the MIB at this time]

   [Note: Should the MIB indicate whether associations have been
   rejected ? Can this be a weakness exploited by DDoS if the MIB lists
   all such rejected associations ?]

4. ForCES MIB Definition

   For each association identified by the pair CE ID and FE ID, the
   following information is provided by the MIB:

   - Current state of MIB:

   o  Current state of the association:

      *  DOWN: the CE(s) indicated by the CE ID and FE(s) indicated by
         the FE ID are not associated.

      *  ESTABLISHING: transient state until the association has been
         established.  See Section 3 4 above for details.

      *  UP: the CE(s) indicated by the CE ID and FE(s) indicated by the
         FE ID are associated.

   Association statistics:

   -

   o  Time when the association attained the UP state.

   -

   o  Time when the association appeared in the MIB.

   -

   o  Number of transitions to ESTABLISHING state since the association
      appeared in the MIB.

   -

   o  Number of transitions to UP state since the association appeared
      in the MIB.

   -

   o  Number of ForCES messages sent/received since the association
      attained the UP state.

         FORCES-MIB DEFINITIONS ::= BEGIN
         IMPORTS
             OBJECT-TYPE, MODULE-IDENTITY,
               Integer32, Counter32, Unsigned32
               FROM SNMPv2-SMI

             TEXTUAL-CONVENTION, RowStatus, TimeInterval, TimeStamp
               FROM SNMPv2-TC;

         forcesMIB MODULE-IDENTITY
             LAST-UPDATED "200601241200Z" "200604201200Z"  -- Jan 24, Apr 20, 2006
             ORGANIZATION "Forwarding and Control Element Separation
                           (ForCES) Working Group"
             CONTACT-INFO
                 "Robert Haas (rha@zurich.ibm.com), IBM"
             DESCRIPTION
                 "Initial version, published as RFC yyyy. This MIB
                 contains managed object definitions for the ForCES
                 Protocol."
    -- RFC Ed.: replace yyyy with actual RFC number & remove this note
             ::= { mib-2 XXX }
    -- RFC Ed.: replace XXX with IANA-assigned number & remove this note

    --****************************************************************
         ForcesID ::= TEXTUAL-CONVENTION
             STATUS      current
             DESCRIPTION
                 "The ForCES identifier is a four octet quantity."
             SYNTAX      OCTET STRING (SIZE (4))

         ForcesAssociationState ::= TEXTUAL-CONVENTION
             STATUS      current
             DESCRIPTION
                    "The value down(1) indicates that the current state
                     of the association is down.
                     establishing(2) indicates that the association is
                     in the process of being set up.
                     up(3) indicates that the association is up."
             SYNTAX  INTEGER {
                   down(1),
                   establishing(2),
                   up(3)
              }

         forcesAssociations    OBJECT IDENTIFIER ::= { forcesMIB 1 }

         forcesAssociationTable OBJECT-TYPE
             SYNTAX SEQUENCE OF ForcesAssociationEntry
             MAX-ACCESS not-accessible
             STATUS current
             DESCRIPTION
                    "The (conceptual) table of associations."

             ::= { forcesAssociations 1 }

         forcesAssociationEntry OBJECT-TYPE
             SYNTAX ForcesAssociationEntry
             MAX-ACCESS not-accessible
             STATUS current
             DESCRIPTION
                    "A (conceptual) entry for one association."
             INDEX { forcesAssociationCEID, forcesAssociationFEID }
             ::= { forcesAssociationTable 1 }

         ForcesAssociationEntry ::= SEQUENCE {
                 forcesAssociationCEID           ForcesID,
                 forcesAssociationFEID           ForcesID,
                 forcesAssociationState          ForcesAssociationState,
                 forcesAssociationUptime         TimeStamp,
                 forcesAssociationCreated        TimeStamp,
                 forcesAssociationTransitionsEstablishing Counter32,
                 forcesAssociationTransitionsUp  Counter32,
                 forcesAssociationMsgSent        Counter32,
                 forcesAssociationMsgReceived    Counter32
             }

         forcesAssociationCEID OBJECT-TYPE
             SYNTAX ForcesID
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "The ForCES ID of the CE."
             ::= { forcesAssociationEntry 1 }

         forcesAssociationFEID OBJECT-TYPE
             SYNTAX ForcesID
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "The ForCES ID of the FE."
             ::= { forcesAssociationEntry 2 }

         forcesAssociationState OBJECT-TYPE
              SYNTAX  ForcesAssociationState
              MAX-ACCESS  read-only
              STATUS  current
              DESCRIPTION
                    "The current operational state of the association
                     described by this row of the table."
              ::= { forcesAssociationEntry 3 }

         forcesAssociationUptime OBJECT-TYPE
             SYNTAX TimeStamp
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "The time when this association came up."
             ::= { forcesAssociationEntry 4 }

         forcesAssociationCreated OBJECT-TYPE
             SYNTAX TimeStamp
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "The time when this entry in the table was
                     created for this association."
             ::= { forcesAssociationEntry 5 }

         forcesAssociationTransitionsEstablishing OBJECT-TYPE
             SYNTAX Counter32
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "A counter of how many times this association
                     state changed from down to establishing."
             ::= { forcesAssociationEntry 6}

         forcesAssociationTransitionsUp OBJECT-TYPE
             SYNTAX Counter32
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "A counter of how many times this association
                     state changed from establishing to up."
             ::= { forcesAssociationEntry 7}

         forcesAssociationMsgSent OBJECT-TYPE
             SYNTAX Counter32
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "A counter of how many messages have been sent
                     on this association since it is up."
             ::= { forcesAssociationEntry 8}
         forcesAssociationMsgReceived OBJECT-TYPE
             SYNTAX Counter32
             MAX-ACCESS read-only
             STATUS current
             DESCRIPTION
                    "A counter of how many messages have been received
                     on this association since it is up."
             ::= { forcesAssociationEntry 9}

         END

6.  Security Considerations

   Some of the readable objects in this MIB module may be considered
   sensitive or vulnerable in some network environment.

   SNMP versions prior to SNMPv3 did not include adequate security.
   Even if the network itself is secure (for example by using IPSec),
   even then, there is no control as to who on the secure network is
   allowed to access and GET/SET (read/change/create/delete) the objects
   in this MIB module.

   It is RECOMMENDED that implementers consider the security features as
   provided by the SNMPv3 framework (see [RFC3410], section 8),
   including full support for the SNMPv3 cryptographic mechanisms (for
   authentication and privacy).

   Further, deployment of SNMP versions prior to SNMPv3 is NOT
   RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
   enable cryptographic security.  It is then a customer/operator
   responsibility to ensure that the SNMP entity giving access to an
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.

7.  IANA Considerations

   IANA will need to assign a number to this MIB.

8.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
   Requirements
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
              "Introduction and Applicability Statements for Internet-
              Standard Management Framework", RFC 3410, December 2002.

   [RFC3654]  Khosravi, H,, H. and T. Anderson, T., "Requirements for Separation
              of IP Control and Forwarding", RFC 3654, November 2003.

   [RFC3746]  Yang, L., Dantu, R., Anderson, T., and R. Gopal, R.,
              "Forwarding and Control Element Separation (ForCES)
              Framework", RFC 3746, April 2004.

   [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
   "Introduction and Applicability Statements for Internet- Standard
   Management Framework", RFC 3410, December 2002.

Acknowledgments

   The author wants to acknowledge the comments of the members of the
   ForCES working group.

Author's Addresses Address

   Robert Haas
   IBM Research
   Zurich Research Lab
   Saeumerstrasse 4
   8803
   Rueschlikon
   Switzerland  8803
   CH

   Email: rha@zurich.ibm.com
   URI:   http://www.zurich.ibm.com/~rha

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.