draft-ietf-opsawg-rfc5066bis-07.txt   rfc7124.txt 
Network Working Group E. Beili Internet Engineering Task Force (IETF) E. Beili
Internet-Draft Actelis Networks Request for Comments: 7124 Actelis Networks
Updates: 5066 (if approved) December 10, 2013 Updates: 5066 February 2014
Intended status: Standards Track Category: Standards Track
Expires: June 13, 2014 ISSN: 2070-1721
Ethernet in the First Mile Copper (EFMCu) Interfaces MIB Ethernet in the First Mile Copper (EFMCu) Interfaces MIB
draft-ietf-opsawg-rfc5066bis-07.txt
Abstract Abstract
This document updates RFC 5066. It amends that specification by This document updates RFC 5066. It amends that specification by
informing the internet community about the transition of the EFM-CU- informing the Internet community about the transition of the
MIB module from the concluded IETF Ethernet Interfaces and Hub MIB EFM-CU-MIB module from the concluded IETF Ethernet Interfaces and Hub
Working Group to the Institute of Electrical and Electronics MIB Working Group to the Institute of Electrical and Electronics
Engineers (IEEE) 802.3 working group. Engineers (IEEE) 802.3 working group.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on June 13, 2014. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7124.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Internet-Standard Management Framework . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . 3
3. Mapping between EFM-CU-MIB and IEEE8023-EFM-CU-MIB . . . . . . 3 3. Mapping between EFM-CU-MIB and IEEE8023-EFM-CU-MIB . . . . . 3
4. Updating the MIB Modules . . . . . . . . . . . . . . . . . . . 4 4. Updating the MIB Modules . . . . . . . . . . . . . . . . . . 3
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . 5
8.1. Normative References . . . . . . . . . . . . . . . . . . . 5 7.2. Informative References . . . . . . . . . . . . . . . . . 5
8.2. Informative References . . . . . . . . . . . . . . . . . . 6
1. Introduction 1. Introduction
RFC 5066 [RFC5066] defines two MIB modules: RFC 5066 [RFC5066] defines two MIB modules:
EFM-CU-MIB, with a set of objects for managing 10PASS-TS and EFM-CU-MIB, with a set of objects for managing 10PASS-TS and
2BASE-TL Ethernet in the First Mile Copper (EFMCu) interfaces; 2BASE-TL Ethernet in the First Mile Copper (EFMCu) interfaces;
IF-CAP-STACK-MIB, with a set of objects describing cross-connect IF-CAP-STACK-MIB, with a set of objects describing cross-connect
capability of a managed device with multi-layer (stacked) capability of a managed device with multi-layer (stacked)
interfaces, extending the stack management objects in the interfaces, extending the stack management objects in the
Interfaces Group MIB and the Inverted Stack Table MIB modules. Interfaces Group MIB and the Inverted Stack Table MIB modules.
With the conclusion of the [HUBMIB] working group, the responsibility With the conclusion of the [HUBMIB] working group, the responsibility
for the maintenance and further development of a MIB module for for the maintenance and further development of a MIB module for
managing 2BASE-TL and 10PASS-TS interfaces, has been transfered to managing 2BASE-TL and 10PASS-TS interfaces has been transferred to
the Institute of Electrical and Electronics Engineers (IEEE) 802.3 the Institute of Electrical and Electronics Engineers (IEEE) 802.3
[IEEE802.3] working group. In 2011, the IEEE developed IEEE8023-EFM- [IEEE802.3] working group. In 2011, the IEEE developed the
CU-MIB module, based on the original EFM-CU-MIB module [RFC5066]. IEEE8023-EFM-CU-MIB module, based on the original EFM-CU-MIB module
The current revision of IEEE8023-EFM-CU-MIB is defined in IEEE Std [RFC5066]. The current revision of IEEE8023-EFM-CU-MIB is defined in
802.3.1-2013 [IEEE802.3.1]. IEEE Std 802.3.1-2013 [IEEE802.3.1].
The IEEE8023-EFM-CU-MIB and EFM-CU-MIB MIB modules can coexist. The IEEE8023-EFM-CU-MIB and EFM-CU-MIB MIB modules can coexist.
Existing deployments of the EFM-CU-MIB need not be upgraded, but Existing deployments of the EFM-CU-MIB need not be upgraded, but
operators using the MIB should expect that new equipment will use the operators using the MIB should expect that new equipment will use the
IEEE8023-EFM-CU-MIB. IEEE8023-EFM-CU-MIB.
Please note that IF-CAP-STACK-MIB module was not transfered to IEEE Please note that the IF-CAP-STACK-MIB module was not transferred to
and remains as defined in RFC 5066. This memo provides an updated IEEE and remains as defined in RFC 5066. This memo provides an
security considerations section for that module, since the original updated security considerations section for that module, since the
RFC did not list any security consideration for IF-CAP-STACK-MIB. original RFC did not list any security considerations for
IF-CAP-STACK-MIB.
2. The Internet-Standard Management Framework 2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410]. RFC 3410 [RFC3410].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC "OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119]. 2119 [RFC2119].
3. Mapping between EFM-CU-MIB and IEEE8023-EFM-CU-MIB 3. Mapping between EFM-CU-MIB and IEEE8023-EFM-CU-MIB
The current version of IEEE8023-EFM-CU-MIB, defined in IEEE Std The current version of IEEE8023-EFM-CU-MIB, defined in IEEE Std
802.3.1-2013, has MODULE-IDENTITY of ieee8023efmCuMIB with an object 802.3.1-2013, has MODULE-IDENTITY of ieee8023efmCuMIB with an object
identifier allocated under the { org ieee standards-association- identifier allocated under the { iso(1)
numbers-series-standards lan-man-stds ieee802dot3 ieee802dot3dot1mibs iso-identified-organization(3) ieee(111)
} sub-tree. standards-association-numbered-series-standards(2) lan-man-stds(802)
ieee802dot3(3) ieee802dot3dot1mibs(1) } sub-tree.
The EFM-CU-MIB has MODULE-IDENTITY of efmCuMIB with an object The EFM-CU-MIB has MODULE-IDENTITY of efmCuMIB with an object
identifier allocated under the mib-2 sub-tree. identifier allocated under the mib-2 sub-tree.
The names of the objects in the first version of the IEEE8023-EFM-CU- The names of the objects in the first version of the
MIB are identical to those in the EFM-CU-MIB. However, since both IEEE8023-EFM-CU-MIB are identical to those in the EFM-CU-MIB.
MIB modules have different OID values, they can coexist, allowing the However, since both MIB modules have different OID values, they can
management of the newer IEEE MIB-based devices, alongside the legacy coexist, allowing the management of the newer IEEE MIB-based devices
IETF MIB-based devices. alongside the legacy IETF MIB-based devices.
4. Updating the MIB Modules 4. Updating the MIB Modules
With the transfer of the responsibility for maintenance and further With the transfer of the responsibility for maintenance and further
development of the EFM-CU-MIB module to the IEEE 802.3 working group, development of the EFM-CU-MIB module to the IEEE 802.3 working group,
the EFM-CU-MIB defined in RFC 5066 becomes the last version of that the EFM-CU-MIB defined in RFC 5066 becomes the last version of that
MIB module. MIB module.
All further development of the EFM Copper Interfaces MIB will be done All further development of the EFM Copper Interfaces MIB will be done
by the IEEE 802.3 working group in the IEEE8023-EFM-CU-MIB module. by the IEEE 802.3 working group in the IEEE8023-EFM-CU-MIB module.
Requests and comments pertaining to EFM Copper Interfaces MIB should Requests and comments pertaining to EFM Copper Interfaces MIB should
be sent to the IEEE 802.3.1 task force, currently chartered with MIB be sent to the IEEE 802.3.1 task force, currently chartered with MIB
development, via its mailing list [LIST802.3.1]. development, via its mailing list [LIST802.3.1].
The IF-CAP-STACK-MIB remains under IETF control and is currently The IF-CAP-STACK-MIB remains under IETF control and is currently
maintained by the [OPSAWG] working group. maintained by the [OPSAWG] working group.
5. Security Considerations 5. Security Considerations
There are no managed objects defined in IF-CAP-STACK-MIB module with There are no managed objects defined in the IF-CAP-STACK-MIB module
a MAX-ACCESS clause of read-write and/or read-create. with a MAX-ACCESS clause of read-write and/or read-create. So, if
this MIB module is implemented correctly, then there is no risk that
an intruder can alter or create any management objects of this MIB
module via direct SNMP SET operations.
Some of the readable objects in this MIB module (i.e., those with Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments since they can reveal some vulnerable in some network environments.
configuration aspects of the network interfaces.
In particular, ifCapStackStatus and ifInvCapStackStatus can identify In particular, ifCapStackStatus and ifInvCapStackStatus can identify
cross-connect capability of multi-layer (stacked) network interfaces, cross-connect capability of multi-layer (stacked) network interfaces,
potentially revealing the underlying hardware architecture of the potentially revealing the underlying hardware architecture of the
managed device. managed device.
It is thus important to control even GET access to these objects and It is thus important to control even GET and/or NOTIFY access to
possibly even encrypt the values of these objects when sending them these objects and possibly to even encrypt the values of these
over the network via SNMP. objects when sending them over the network via SNMP.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec), Even if the network itself is secure (for example by using IPsec),
there is no control as to who on the secure network is allowed to there is no control as to who on the secure network is allowed to
access and GET/SET (read/change/create/delete) the objects in this access and GET/SET (read/change/create/delete) the objects in this
MIB module. MIB module.
Implementations MUST provide the security features described by the Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), including full support for SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM) authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM) MAY also provide support for the Transport Security Model (TSM)
[RFC5591] in combination with a secure transport such as SSH [RFC5591] in combination with a secure transport such as SSH
[RFC5592] or TLS/DTLS [RFC6353]. [RFC5592] or TLS/DTLS [RFC6353].
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
6. IANA Considerations 6. Acknowledgments
No action is required from IANA.
7. Acknowledgments
This document was produced by the OPSAWG working group, whose efforts This document was produced by the OPSAWG working group, whose efforts
were advanced by the contributions of the following people (in were advanced by the contributions of the following people (in
alphabetical order): alphabetical order):
Dan Romascanu Dan Romascanu
David Harrington David Harrington
Michael MacFaden Michael MacFaden
Tom Petch Tom Petch
This document updates RFC 5066, authored by Edward Beili of Actelis This document updates RFC 5066, authored by Edward Beili of Actelis
Networks, and produced by the, now concluded, HUBMIB working group. Networks, and produced by the now-concluded HUBMIB working group.
8. References 7. References
8.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
Model (USM) for version 3 of the Simple Network (USM) for version 3 of the Simple Network Management
Management Protocol (SNMPv3)", STD 62, RFC 3414, Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.
December 2002.
[RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The
Advanced Encryption Standard (AES) Cipher Algorithm in Advanced Encryption Standard (AES) Cipher Algorithm in the
the SNMP User-based Security Model", RFC 3826, SNMP User-based Security Model", RFC 3826, June 2004.
June 2004.
[RFC5066] Beili, E., "Ethernet in the First Mile Copper (EFMCu) [RFC5066] Beili, E., "Ethernet in the First Mile Copper (EFMCu)
Interfaces MIB", RFC 5066, November 2007. Interfaces MIB", RFC 5066, November 2007.
8.2. Informative References 7.2. Informative References
[HUBMIB] IETF, "Ethernet Interfaces and Hub MIB (hubmib) [HUBMIB] IETF, "Ethernet Interfaces and Hub MIB (hubmib) Charter",
Charter", <http://datatracker.ietf.org/wg/hubmib/charter/>.
<http://datatracker.ietf.org/wg/hubmib/charter/>.
[IEEE802.3] IEEE, "802.3 Ethernet Working Group", [IEEE802.3.1]
<http://www.ieee802.org/3>. IEEE, "IEEE Standard for Management Information Base (MIB)
Definitions for Ethernet", IEEE Std 802.3.1-2013, June
2013, <http://standards.ieee.org/getieee802/download/
802.3.1-2013.pdf>.
[IEEE802.3.1] IEEE, "IEEE Standard for Management Information Base [IEEE802.3]
(MIB) Definitions for Ethernet", IEEE Std 802.3.1- IEEE, "802.3 Ethernet Working Group",
2013, June 2013. <http://www.ieee802.org/3>.
[LIST802.3.1] IEEE, "802.3 MIB Email Reflector", [LIST802.3.1]
<http://www.ieee802.org/3/be/reflector.html>. IEEE, "802.3 MIB Email Reflector",
<http://www.ieee802.org/3/be/reflector.html>.
[OPSAWG] IETF, "Operations and Management Area Working Group [OPSAWG] IETF, "Operations and Management Area Working Group
(opsawg) Charter", (opsawg) Charter",
<http://datatracker.ietf.org/wg/opsawg/charter/>. <http://datatracker.ietf.org/wg/opsawg/charter/>.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for "Introduction and Applicability Statements for Internet-
Internet-Standard Management Framework", RFC 3410, Standard Management Framework", RFC 3410, December 2002.
December 2002.
[RFC5591] Harrington, D. and W. Hardaker, "Transport Security [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model
Model for the Simple Network Management Protocol for the Simple Network Management Protocol (SNMP)", RFC
(SNMP)", RFC 5591, June 2009. 5591, June 2009.
[RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure
Shell Transport Model for the Simple Network Shell Transport Model for the Simple Network Management
Management Protocol (SNMP)", RFC 5592, June 2009. Protocol (SNMP)", RFC 5592, June 2009.
[RFC6353] Hardaker, W., "Transport Layer Security (TLS) [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport
Transport Model for the Simple Network Management Model for the Simple Network Management Protocol (SNMP)",
Protocol (SNMP)", RFC 6353, July 2011. RFC 6353, July 2011.
Author's Address Author's Address
Edward Beili Edward Beili
Actelis Networks Actelis Networks
Bazel 25 Bazel 25
Petach-Tikva Petach-Tikva 49103
Israel Israel
Phone: +972-73-237-6852 Phone: +972-73-237-6852
EMail: edward.beili@actelis.com EMail: edward.beili@actelis.com
 End of changes. 38 change blocks. 
108 lines changed or deleted 104 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/