draft-ietf-ospf-mib-update-01.txt   draft-ietf-ospf-mib-update-02.txt 
Network Working Group S. Giacalone Network Working Group S. Giacalone
INTERNET-DRAFT Predictive Systems INTERNET-DRAFT Predictive Systems
Expiration Date: November 2000 D. Joyal Expiration Date: December 2000 D. Joyal
Filename:draft-ietf-ospf-mib-update-01.txt Nortel Networks Filename:draft-ietf-ospf-mib-update-02.txt Nortel Networks
Rob Coltun Rob Coltun
Redback Networks Redback Networks
Fred Baker Fred Baker
Cisco Systems Cisco Systems
May 2000 June 2000
OSPF Version 2 Management Information Base OSPF Version 2 Management Information Base
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 2, line 38 skipping to change at page 2, line 38
3.5 OSPF Address Range Table ............................26 3.5 OSPF Address Range Table ............................26
3.6 OSPF Host Table .....................................28 3.6 OSPF Host Table .....................................28
3.7 OSPF Interface Table ................................30 3.7 OSPF Interface Table ................................30
3.8 OSPF Interface Metric Table .........................37 3.8 OSPF Interface Metric Table .........................37
3.9 OSPF Virtual Interface Table ........................40 3.9 OSPF Virtual Interface Table ........................40
3.10 OSPF Neighbor Table ................................44 3.10 OSPF Neighbor Table ................................44
3.11 OSPF Virtual Neighbor Table ........................48 3.11 OSPF Virtual Neighbor Table ........................48
3.12 OSPF External Link State Database ..................51 3.12 OSPF External Link State Database ..................51
3.13 OSPF Route Table Use ...............................54 3.13 OSPF Route Table Use ...............................54
3.14 OSPF Area Aggregate Table ..........................55 3.14 OSPF Area Aggregate Table ..........................55
3.15 OSPF Local LSDB Table...............................57 3.15 OSPF Local LSDB Table...............................58
3.16 OSPF Virtual Local LSDB Table.......................61 3.16 OSPF Virtual Local LSDB Table.......................61
3.17 Conformance Information ............................64 3.17 Conformance Information ............................65
4 OSPF Trap overview ....................................73 4 OSPF Trap overview ....................................73
4.1 Introduction.........................................73 4.1 Introduction.........................................73
4.2 Approach.............................................74 4.2 Approach.............................................74
4.3 Ignoring Initial Activity ...........................74 4.3 Ignoring Initial Activity ...........................74
4.4 Throttling Traps ....................................74 4.4 Throttling Traps ....................................74
4.5 One Trap Per OSPF Event .............................75 4.5 One Trap Per OSPF Event .............................75
4.6 Polling Event Counters ..............................75 4.6 Polling Event Counters ..............................75
5 OSPF Trap Definitions .................................76 5 OSPF Trap Definitions .................................76
5.1 Trap Support Objects ................................76 5.1 Trap Support Objects ................................76
5.2 Traps ...............................................78 5.2 Traps ...............................................78
5.3 Conformance Information .............................83 5.3 Conformance Information .............................83
6 Acknowledgements ......................................84 6 Acknowledgements ......................................84
7 References ............................................84 7 References ............................................84
A TOS Support ...........................................86 A TOS Support ...........................................86
B Changes from RFC 1850 .................................86 B Changes from RFC 1850 .................................86
B.1 RFC 1859 Compatibility ..............................86 B.1 RFC 1583 Compatibility ..............................86
B.2 OSPF Traffic Engineering Support ....................86 B.2 OSPF Traffic Engineering Support ....................86
B.3 OSPF NSSA Enhancement Support .......................86 B.3 OSPF NSSA Enhancement Support .......................87
B.4 OSPF MTU Mismatch Support ...........................87 B.4 OSPF MTU Mismatch Support ...........................87
B.5 Opaque LSA Support ..................................87 B.5 Opaque LSA Support ..................................87
B.6 OSPF Compliance .....................................89 B.6 OSPF Compliance .....................................89
B.7 Miscellaneous .......................................90 B.7 OSPF Authentication and Security.....................90
C Security Considerations ...............................90 B.8 Miscellaneous .......................................90
C Security Considerations ...............................91
D Authors' Addresses ....................................91 D Authors' Addresses ....................................91
E Full Copyright Statement ..............................91 E Full Copyright Statement ..............................92
1 Overview 1 Overview
1.1 The SNMPv2 Network Management Framework 1.1 The SNMPv2 Network Management Framework
This document describes aspects of the SNMPv2 Network Management This document describes aspects of the SNMPv2 Network Management
Framework, which consists of a number of components. They are: Framework, which consists of a number of components. They are:
- An overall architecture, described in RFC 2571 [1]. - An overall architecture, described in RFC 2571 [1].
skipping to change at page 8, line 17 skipping to change at page 8, line 19
Integer32, IpAddress Integer32, IpAddress
FROM SNMPv2-SMI FROM SNMPv2-SMI
TEXTUAL-CONVENTION, TruthValue, RowStatus TEXTUAL-CONVENTION, TruthValue, RowStatus
FROM SNMPv2-TC FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP MODULE-COMPLIANCE, OBJECT-GROUP
FROM SNMPv2-CONF FROM SNMPv2-CONF
mib-2 mib-2
FROM RFC1213-MIB; FROM RFC1213-MIB;
ospf MODULE-IDENTITY ospf MODULE-IDENTITY
LAST-UPDATED "0005011225Z" -- Mon May 01 12:25:50 GMT 2000 LAST-UPDATED "0006101225Z" -- Sat June 10 12:25:50 GMT 2000
ORGANIZATION "IETF OSPF Working Group" ORGANIZATION "IETF OSPF Working Group"
CONTACT-INFO CONTACT-INFO
" Spencer Giacalone " Spencer Giacalone
Postal: Predictive Systems Postal: Predictive Systems
145 Hudson Street 145 Hudson Street
New York, New York 10013 New York, New York 10013
Tel: +1 (973) 301-5695 Tel: +1 (973) 301-5695
E-Mail: spencer.giacalone@predictive.com E-Mail: spencer.giacalone@predictive.com
Dan Joyal Dan Joyal
Postal: Nortel Networks Postal: Nortel Networks
600 Technology Park Drive 600 Technology Park Drive
Billerica, MA 01821 Billerica, MA 01821
Tel: +1 (978) 288-2629 Tel: +1 (978) 288-2629
E-Mail: djoyal@nortelnetworks.com" E-Mail: djoyal@nortelnetworks.com"
DESCRIPTION DESCRIPTION
"The MIB module to describe the OSPF Version 2 "The MIB module to describe the OSPF Version 2
Protocol" Protocol. Note that some objects in this MIB
REVISION "0005011225Z" -- Mon May 01 12:25:50 GMT 2000 module may pose a significant security risk.
Refer to the Security Considerations section
in the document defining this MIB module for more
information"
REVISION "0006101225Z" -- Sat June 10 12:25:50 GMT 2000
DESCRIPTION DESCRIPTION
"Updated for latest changes to OSPF Version 2" "Updated for latest changes to OSPF Version 2"
::= { mib-2 14 } ::= { mib-2 14 }
-- Note the Area ID, in OSPF, has the same format as an IP Address, -- Note the Area ID, in OSPF, has the same format as an IP Address,
-- but has the function of defining a summarization point for -- but has the function of defining a summarization point for
-- Link State Advertisements -- Link State Advertisements
AreaID ::= TEXTUAL-CONVENTION AreaID ::= TEXTUAL-CONVENTION
STATUS current STATUS current
skipping to change at page 15, line 41 skipping to change at page 15, line 47
::= { ospfGeneralGroup 16 } ::= { ospfGeneralGroup 16 }
ospfTrafficEngineeringSupport OBJECT-TYPE ospfTrafficEngineeringSupport OBJECT-TYPE
SYNTAX TruthValue SYNTAX TruthValue
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The router's support for OSPF traffic engineering." "The router's support for OSPF traffic engineering."
::= { ospfGeneralGroup 17 } ::= { ospfGeneralGroup 17 }
ospfAsOpaqueLsdbLimit OBJECT-TYPE
SYNTAX Integer32 (-1..'7FFFFFFF'h)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximum number of type-11 Opaque LSA
entries that can be stored in the link-state database.
If the value is -1, then there is no limit.
When the number of type-11 Opaque LSAs
in a router's link-state database reaches
ospfAsOpaqueLsdbLimit, the router enters Overflow-
State. The router never holds more than
ospfAsOpaqueLsdbLimit type-11 Opaque LSAs
in its database. OspfAsOpaqueLsdbLimit MUST be set
identically in all routers in the OSPF domain."
DEFVAL { -1 }
::= { ospfGeneralGroup 18 }
-- OSPF Area Data Structure -- OSPF Area Data Structure
-- The OSPF Area Data Structure contains information -- The OSPF Area Data Structure contains information
-- regarding the various areas. The interfaces and -- regarding the various areas. The interfaces and
-- virtual links are configured as part of these areas. -- virtual links are configured as part of these areas.
-- Area 0.0.0.0, by definition, is the Backbone Area -- Area 0.0.0.0, by definition, is the Backbone Area
ospfAreaTable OBJECT-TYPE ospfAreaTable OBJECT-TYPE
SYNTAX SEQUENCE OF OspfAreaEntry SYNTAX SEQUENCE OF OspfAreaEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 35, line 40 skipping to change at page 35, line 26
DESCRIPTION DESCRIPTION
"The number of times this OSPF interface has "The number of times this OSPF interface has
changed its state, or an error has occurred." changed its state, or an error has occurred."
::= { ospfIfEntry 15 } ::= { ospfIfEntry 15 }
ospfIfAuthKey OBJECT-TYPE ospfIfAuthKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..256)) SYNTAX OCTET STRING (SIZE (0..256))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This object refers to the OSPF clear-text "The cleartext password used as an OSPF
password (e.g. the simplePassword Authentication Key). Authentication key when simplePassword security
It does not refer to any OSPF cryptographic password is enabled. This object does not access any OSPF
or key. The OSPF cryptographic key is not accessible Cryptogaphic (e.g. MD5) Authentication Key under
via this MIB. any circumstance.
When the interface's Authentication Type is If the key length is shorter than 8 octets, the
simplePassword, and the key length is shorter than agent will left adjust and zero fill to 8 octets.
8 octets, the agent will left adjust and zero fill
to 8 octets.
Note that unauthenticated interfaces need no Unauthenticated interfaces need no authentication
authentication key, and simple password authen- key, and simple password authentication cannot use
tication cannot use a key of more than 8 oc- a key of more than 8 octets.
tets. Larger keys are useful only with authen-
tication mechanisms not specified in this docu-
ment.
When read, ospfIfAuthKey always returns an Oc- Note that the use of simplePassword authentication
tet String of length zero." is NOT recommended when there is concern regarding
attack upon the OSPF system. SimplePassword
authentication is only sufficient to protect against
accidental misconfigurations because it re-uses
cleartext passwords. [RFC-1704]
When read, ospfIfAuthKey always returns an Octet
String of length zero."
REFERENCE REFERENCE
"OSPF Version 2, Section 9 The Interface Data "OSPF Version 2, Section 9 The Interface Data
Structure" Structure"
DEFVAL { '0000000000000000'H } -- 0.0.0.0.0.0.0.0 DEFVAL { '0000000000000000'H } -- 0.0.0.0.0.0.0.0
::= { ospfIfEntry 16 } ::= { ospfIfEntry 16 }
ospfIfStatus OBJECT-TYPE ospfIfStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
skipping to change at page 37, line 17 skipping to change at page 37, line 5
SYNTAX INTEGER (0..255) SYNTAX INTEGER (0..255)
-- none (0), -- none (0),
-- simplePassword (1) -- simplePassword (1)
-- md5 (2) -- md5 (2)
-- reserved for specification by IANA (> 2) -- reserved for specification by IANA (> 2)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The authentication type specified for an in- "The authentication type specified for an in-
terface. Additional authentication types may terface. Additional authentication types may
be assigned locally." be assigned locally.
Note that this object can be used to engage
in significant attacks against an OSPF router."
REFERENCE REFERENCE
"OSPF Version 2, Appendix D Authentication" "OSPF Version 2, Appendix D Authentication"
DEFVAL { 0 } -- no authentication, by default DEFVAL { 0 } -- no authentication, by default
::= { ospfIfEntry 20 } ::= { ospfIfEntry 20 }
ospfIfLsaCount OBJECT-TYPE ospfIfLsaCount OBJECT-TYPE
SYNTAX Gauge32 SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 43, line 21 skipping to change at page 43, line 12
DESCRIPTION DESCRIPTION
"The number of state changes or error events on "The number of state changes or error events on
this Virtual Link" this Virtual Link"
::= { ospfVirtIfEntry 8 } ::= { ospfVirtIfEntry 8 }
ospfVirtIfAuthKey OBJECT-TYPE ospfVirtIfAuthKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..256)) SYNTAX OCTET STRING (SIZE(0..256))
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If Authentication Type is simplePassword, the "The cleartext password used as an OSPF
device will left adjust and zero fill to 8 oc- Authentication key when simplePassword security
tets. is enabled. This object does not access any OSPF
Cryptogaphic (e.g. MD5) Authentication Key under
any circumstance.
Note that unauthenticated interfaces need no If the key length is shorter than 8 octets, the
authentication key, and simple password authen- agent will left adjust and zero fill to 8 octets.
tication cannot use a key of more than 8 oc-
tets. Larger keys are useful only with authen-
tication mechanisms not specified in this docu-
ment.
When read, ospfVifAuthKey always returns a Unauthenticated interfaces need no authentication
string of length zero." key, and simple password authentication cannot use
a key of more than 8 octets.
Note that the use of simplePassword authentication
is NOT recommended when there is concern regarding
attack upon the OSPF system. SimplePassword
authentication is only sufficient to protect against
accidental misconfigurations because it re-uses
cleartext passwords. [RFC-1704]
When read, ospfIfAuthKey always returns an Octet
String of length zero."
REFERENCE REFERENCE
"OSPF Version 2, Section 9 The Interface Data "OSPF Version 2, Section 9 The Interface Data
Structure" Structure"
DEFVAL { '0000000000000000'H } -- 0.0.0.0.0.0.0.0 DEFVAL { '0000000000000000'H } -- 0.0.0.0.0.0.0.0
::= { ospfVirtIfEntry 9 } ::= { ospfVirtIfEntry 9 }
ospfVirtIfStatus OBJECT-TYPE ospfVirtIfStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
skipping to change at page 44, line 12 skipping to change at page 44, line 12
-- none (0), -- none (0),
-- simplePassword (1) -- simplePassword (1)
-- md5 (2) -- md5 (2)
-- reserved for specification by IANA (> 2) -- reserved for specification by IANA (> 2)
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The authentication type specified for a virtu- "The authentication type specified for a virtu-
al interface. Additional authentication types al interface. Additional authentication types
may be assigned locally." may be assigned locally."
Note that this object can be used to engage
in significant attacks against an OSPF router."
REFERENCE REFERENCE
"OSPF Version 2, Appendix E Authentication" "OSPF Version 2, Appendix E Authentication"
DEFVAL { 0 } -- no authentication, by default DEFVAL { 0 } -- no authentication, by default
::= { ospfVirtIfEntry 11 } ::= { ospfVirtIfEntry 11 }
ospfVirtIfLsaCount OBJECT-TYPE ospfVirtIfLsaCount OBJECT-TYPE
SYNTAX Gauge32 SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 72, line 8 skipping to change at page 72, line 11
ospfExternLsaCksumSum, ospfExternLsaCksumSum,
ospfTOSSupport, ospfTOSSupport,
ospfOriginateNewLsas, ospfOriginateNewLsas,
ospfRxNewLsas, ospfRxNewLsas,
ospfExtLsdbLimit, ospfExtLsdbLimit,
ospfMulticastExtensions, ospfMulticastExtensions,
ospfExitOverflowInterval, ospfExitOverflowInterval,
ospfDemandExtensions, ospfDemandExtensions,
ospfRFC1583Compatibility, ospfRFC1583Compatibility,
ospfOpaqueLsaSupport, ospfOpaqueLsaSupport,
ospfTrafficEngineeringSupport, ospfTrafficEngineeringSupport
ospfAsOpaqueLsdbLimit
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"These objects are required for OSPF systems." "These objects are required for OSPF systems."
::= { ospfGroups 16 } ::= { ospfGroups 16 }
ospfAreaGroup2 OBJECT-GROUP ospfAreaGroup2 OBJECT-GROUP
OBJECTS { OBJECTS {
ospfAreaId, ospfAreaId,
ospfImportAsExtern, ospfImportAsExtern,
skipping to change at page 76, line 22 skipping to change at page 76, line 23
ospfRouterId, ospfIfIpAddress, ospfAddressLessIf, ospfIfState, ospfRouterId, ospfIfIpAddress, ospfAddressLessIf, ospfIfState,
ospfVirtIfAreaId, ospfVirtIfNeighbor, ospfVirtIfState, ospfVirtIfAreaId, ospfVirtIfNeighbor, ospfVirtIfState,
ospfNbrIpAddr, ospfNbrAddressLessIndex, ospfNbrRtrId, ospfNbrIpAddr, ospfNbrAddressLessIndex, ospfNbrRtrId,
ospfNbrState, ospfVirtNbrArea, ospfVirtNbrRtrId, ospfNbrState, ospfVirtNbrArea, ospfVirtNbrRtrId,
ospfVirtNbrState, ospfLsdbType, ospfLsdbLsid, ospfLsdbRouterId, ospfVirtNbrState, ospfLsdbType, ospfLsdbLsid, ospfLsdbRouterId,
ospfLsdbAreaId, ospfExtLsdbLimit, ospf, ospfAreaId, ospfLsdbAreaId, ospfExtLsdbLimit, ospf, ospfAreaId,
ospfAreaExtNssaTranslatorStatus ospfAreaExtNssaTranslatorStatus
FROM OSPF-MIB; FROM OSPF-MIB;
ospfTrap MODULE-IDENTITY ospfTrap MODULE-IDENTITY
LAST-UPDATED "0005011225Z" -- Mon May 01 12:25:50 GMT 2000 LAST-UPDATED "0006101225Z" -- Sat June 10 12:25:50 GMT 2000
ORGANIZATION "IETF OSPF Working Group" ORGANIZATION "IETF OSPF Working Group"
CONTACT-INFO CONTACT-INFO
" Spencer Giacalone " Spencer Giacalone
Postal: Predictive Systems Postal: Predictive Systems
145 Hudson Street 145 Hudson Street
New York, New York 10013 New York, New York 10013
Tel: +1 (973) 301-5695 Tel: +1 (973) 301-5695
E-Mail: spencer.giacalone@predictive.com E-Mail: spencer.giacalone@predictive.com
Dan Joyal Dan Joyal
Postal: Nortel Networks Postal: Nortel Networks
600 Technology Park Drive 600 Technology Park Drive
Billerica, MA 01821 Billerica, MA 01821
Tel: +1 (978) 288-2629 Tel: +1 (978) 288-2629
E-Mail: djoyal@nortelnetworks.com" E-Mail: djoyal@nortelnetworks.com"
DESCRIPTION DESCRIPTION
"The MIB module to describe traps for the OSPF "The MIB module to describe traps for the OSPF
Version 2 Protocol." Version 2 Protocol."
REVISION "0005011225Z" -- Mon May 01 12:25:50 GMT 2000 REVISION "0006101225Z" -- Sat June 10 12:25:50 GMT 2000
DESCRIPTION DESCRIPTION
"Updated for latest version of OSPFv2" "Updated for latest version of OSPFv2"
::= { ospf 21 } ::= { ospf 21 }
-- Trap Support Objects -- Trap Support Objects
-- The following are support objects for the OSPF traps. -- The following are support objects for the OSPF traps.
ospfTrapControl OBJECT IDENTIFIER ::= { ospfTrap 1 } ospfTrapControl OBJECT IDENTIFIER ::= { ospfTrap 1 }
ospfTraps OBJECT IDENTIFIER ::= { ospfTrap 2 } ospfTraps OBJECT IDENTIFIER ::= { ospfTrap 2 }
skipping to change at page 84, line 36 skipping to change at page 84, line 38
Baker [18]. Baker [18].
The Authors acknowledge the following individuals: The Authors acknowledge the following individuals:
- John Moy, Sycamore Networks - John Moy, Sycamore Networks
- Rob Cultun, RedBack Networks - Rob Cultun, RedBack Networks
- Pat Murphy, USGS - Pat Murphy, USGS
-Randall Atkinson, Extreme Networks
7 References 7 References
[1] Harrington, D., Presuhn, R., and B. Wijnen, "An [1] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing SNMP Management Frameworks", Architecture for Describing SNMP Management Frameworks",
RFC 2571, April 1999 RFC 2571, April 1999
[2] Rose, M., and K. McCloghrie, "Structure and [2] Rose, M., and K. McCloghrie, "Structure and
Identification of Management Information for TCP/IP-based Identification of Management Information for TCP/IP-based
Internets", STD 16, RFC 1155, May 1990 Internets", STD 16, RFC 1155, May 1990
[3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions",
skipping to change at page 87, line 45 skipping to change at page 87, line 49
Added mtuMismatch enumeration to ospfConfigErrorType Added mtuMismatch enumeration to ospfConfigErrorType
object in ospfTrapControl to imply MTU mismatch trap generation. object in ospfTrapControl to imply MTU mismatch trap generation.
in ospfIfConfigError. in ospfIfConfigError.
B.5 Opaque LSA Support B.5 Opaque LSA Support
Added object ospfOpaqueLsaSupport to ospfGeneralGroup Added object ospfOpaqueLsaSupport to ospfGeneralGroup
to indicate support of OSPF Opaque LSAs. to indicate support of OSPF Opaque LSAs.
Added object ospfAsOpaqueLsdbLimit to ospfGeneralGroup
to indicate a limit of Type-11 LSAs in the LSDB before overflow .
Created ospfLocalLsdbTable, for Link-local (type-9) LSA support. Created ospfLocalLsdbTable, for Link-local (type-9) LSA support.
This table is indexed by: This table is indexed by:
-ospflocalLsdbIpAddress -ospflocalLsdbIpAddress
-ospfLocalLsdbAddressLessIf -ospfLocalLsdbAddressLessIf
-ospfLocalLsdbType -ospfLocalLsdbType
-ospfLocalLsdbLsid -ospfLocalLsdbLsid
skipping to change at page 90, line 8 skipping to change at page 90, line 8
-ospfVirtIfGroup2 -ospfVirtIfGroup2
Added completely new conformance groups as needed, including: Added completely new conformance groups as needed, including:
-ospfLocalLsdbGroup, which specifies support for link local (type- -ospfLocalLsdbGroup, which specifies support for link local (type-
9) LSAs. 9) LSAs.
-ospfVirtLocalLsdbGroup, which specifies support for link local -ospfVirtLocalLsdbGroup, which specifies support for link local
(type-9) LSAs on virtual links. (type-9) LSAs on virtual links.
B.7 Miscellaneous B.7 OSPF Authentication and Security
As there has been significant concern in the community regarding
cascading security vulnerabilities, the following changes have been
incorporated:
-Modified the DESCRIPTION clause of ospfIfAuthKey due to
security concerns, and to increase clarity
-Modified the DESCRIPTION clause of ospfVirtIfAuthKey due to
security concerns, and to increase clarity
-Modified the DESCRIPTION clause of ospfIfAuthType due to
security concerns, and to increase clarity
-Modified the DESCRIPTION clause of ospfVirtIfType due to
security concerns, and to increase clarity
-Modified the OSPF MIB MODULE DESCRIPTION due to security
concerns and to include a reference to the security
considerations section in this document that will transcend
compilation
-Modified the security considerations section to provide
detail
B.8 Miscellaneous
Various sections, have been moved and or modified for clarity. Various sections, have been moved and or modified for clarity.
Most of these changes are semantic in nature, and include, Most of these changes are semantic in nature, and include,
but are not limited to: but are not limited to:
-The OSPF Overview section's format was revised. Unneeded -The OSPF Overview section's format was revised. Unneeded
information was removed. Removed information includes OSPF TOS information was removed. Removed information includes OSPF TOS
default values. default values.
-The Trap Overview section's format and working were revised. -The Trap Overview section's format and working were revised.
skipping to change at page 90, line 30 skipping to change at page 91, line 4
-Modified the DESCRIPTION clause of "Status" "TEXTUAL-CONVENTION" -Modified the DESCRIPTION clause of "Status" "TEXTUAL-CONVENTION"
for clarity for clarity
-The updates section was moved from the Overview to an appendix -The updates section was moved from the Overview to an appendix
-Updated "REFERENCE" clauses in all objects, as needed -Updated "REFERENCE" clauses in all objects, as needed
-Modified the SEQUENCE of the OspfIfTable to reflect the true -Modified the SEQUENCE of the OspfIfTable to reflect the true
order of the objects in the Table order of the objects in the Table
-Modified the DESCRIPTION clause of ospfIfAuthKey due to security
concerns, and to increase clarity
Changed the "MAX-ACCESS" clause of Changed the "MAX-ACCESS" clause of
"ospfHostStatus" in "ospfHostTable" to "read-create" "ospfHostStatus" in "ospfHostTable" to "read-create"
C Security Considerations C Security Considerations
There are a number of management objects defined in this MIB that There are a number of management objects defined in this MIB that
have a MAX-ACCESS clause of read-write and/or read-create. Such have a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. network operations.
It is recommended that attention be specifically given to
implementing the MAX-ACCESS clause in a number of objects, including
ospfIfAuthKey, ospfIfAuthType, ospfVirtIfAuthKey, and
ospfVirtIfAuthType in scenarios that DO NOT use SNMPv3 strong
security (i.e. authentication and encryption). Extreme caution must
be used to minimize the risk of cascading security vulnerabilities
when SNMPv3 strong security is not used. When SNMPv3 strong security
is not used, these objects should have access of read-only, not read-
create.
SNMPv1 by itself is not a secure environment. Even if the network SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPSec), even then, there is no itself is secure (for example by using IPSec), even then, there is no
control as to who on the secure network is allowed to access and control as to who on the secure network is allowed to access and
GET/SET (read/change/create/delete) the objects in this MIB. GET/SET (read/change/create/delete) the objects in this MIB.
It is recommended that the implementers consider the security It is recommended that the implementers consider the security
features as provided by the SNMPv3 framework. Specifically, the use features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model RFC 2574 [RFC2574] and the View- of the User-based Security Model RFC 2574 [RFC2574] and the View-
based Access Control Model RFC 2575 [RFC2575] is recommended. based Access Control Model RFC 2575 [RFC2575] is recommended.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/