draft-ietf-sidr-rpki-rtr-protocol-mib-04.txt   draft-ietf-sidr-rpki-rtr-protocol-mib-05.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft Internet Initiative Japan
Intended status: Standards Track B. Wijnen Intended status: Standards Track B. Wijnen
Expires: June 2, 2013 RIPE NCC Expires: August 11, 2013 RIPE NCC
K. Patel K. Patel
Cisco Systems Cisco Systems
M. Baer M. Baer
SPARTA SPARTA
November 29, 2012 February 7, 2013
Definitions of Managed Objects for the RPKI-Router Protocol Definitions of Managed Objects for the RPKI-Router Protocol
draft-ietf-sidr-rpki-rtr-protocol-mib-04 draft-ietf-sidr-rpki-rtr-protocol-mib-05
Abstract Abstract
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, it describes objects used for monitoring community. In particular, it describes objects used for monitoring
the RPKI Router protocol. the RPKI Router protocol.
Status of this Memo Status of this Memo
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 2, 2013. This Internet-Draft will expire on August 11, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Internet-Standard Management Framework . . . . . . . . . . . . 3 2. Internet-Standard Management Framework . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 6. Security Considerations . . . . . . . . . . . . . . . . . . . 21
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
7.1. Normative References . . . . . . . . . . . . . . . . . . . 22 7.1. Normative References . . . . . . . . . . . . . . . . . . . 22
7.2. Informative References . . . . . . . . . . . . . . . . . . 22 7.2. Informative References . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 23 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
This document defines a portion of the Management Information Base This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet (MIB) for use with network management protocols in the Internet
community. In particular, it defines objects used for monitoring the community. In particular, it defines objects used for monitoring the
RPKI Router protocol [I-D.ietf-sidr-rpki-rtr]. RPKI Router protocol [RFC6810].
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in RFC 2119 [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119].
2. Internet-Standard Management Framework 2. Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
[RFC3410]. Managed objects are accessed via a virtual information [RFC3410]. Managed objects are accessed via a virtual information
store, termed the Management Information Base or MIB. MIB objects store, termed the Management Information Base or MIB. MIB objects
are generally accessed through the Simple Network Management Protocol are generally accessed through the Simple Network Management Protocol
(SNMP). Objects in the MIB are defined using the mechanisms defined (SNMP). Objects in the MIB are defined using the mechanisms defined
in the Structure of Management Information (SMI). This document in the Structure of Management Information (SMI). This document
specifies a MIB module that is compliant to the SMIv2, which is specifies a MIB module that is compliant to the SMIv2, which is
described in STD 58, [RFC2578], STD 58, [RFC2579] and STD 58, described in STD 58, [RFC2578], STD 58, [RFC2579] and STD 58,
[RFC2580]. [RFC2580].
3. Overview 3. Overview
The objects defined in this document are used to monitor the RPKI The objects defined in this document are used to monitor the RPKI
Router protocol [I-D.ietf-sidr-rpki-rtr]. The MIB module defined in Router protocol [RFC6810]. The MIB module defined in this is broken
this draft is broken into these tables: the RPKI Router Cache Server into these tables: the RPKI Router Cache Server (connection) Table,
(connection) Table, the RPKI Router Cache Server Errors Table, and the RPKI Router Cache Server Errors Table, and the RPKI Router Prefix
the RPKI Router Prefix Origin Table. Origin Table.
The RPKI Router Cache Server Table contains information about state The RPKI Router Cache Server Table contains information about state
and current activity of connections with the RPKI Router Cache and current activity of connections with the RPKI Router Cache
Servers. It also contains counters for the number of messages Servers. It also contains counters for the number of messages
received and sent plus the number of announcements, withdrawals and received and sent plus the number of announcements, withdrawals and
active records. The RPKI Router Cache Server Errors Table contains active records. The RPKI Router Cache Server Errors Table contains
counters of occurrences of errors on the connections (if any). The counters of occurrences of errors on the connections (if any). The
RPKI Router Prefix Origin Table contains IP prefixes with their RPKI Router Prefix Origin Table contains IP prefixes with their
minimum and maximum prefix lengths and the Origin AS. This data is minimum and maximum prefix lengths and the Origin AS. This data is
the collective set of information received from all RPKI Cache the collective set of information received from all RPKI Cache
skipping to change at page 4, line 16 skipping to change at page 4, line 16
Station (NMS) or operators about changes in the connection state of Station (NMS) or operators about changes in the connection state of
the connections listed in the RPKI Cache Server (Connection) Table. the connections listed in the RPKI Cache Server (Connection) Table.
4. Definitions 4. Definitions
The Following MIB module imports definitions from [RFC2578], STD 58, The Following MIB module imports definitions from [RFC2578], STD 58,
[RFC2579] STD 58, [RFC2580], [RFC4001], [RFC2287]. That means we [RFC2579] STD 58, [RFC2580], [RFC4001], [RFC2287]. That means we
have a normative reference to those documents. have a normative reference to those documents.
The MIB module also has a normative reference to the RPKI Router The MIB module also has a normative reference to the RPKI Router
protocol [I-D.ietf-sidr-rpki-rtr]. Furthermore, for background and protocol [RFC6810]. Furthermore, for background and informative
informative information, the MIB module refers to [RFC1982], information, the MIB module refers to [RFC1982], [RFC5925],
[RFC5925], [RFC4252], [RFC5246], [RFC5925]. [RFC4252], [RFC5246], [RFC5925].
RPKI-RTR-MIB DEFINITIONS ::= BEGIN RPKI-RTR-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
Integer32, Unsigned32, mib-2, Gauge32, Counter32 Integer32, Unsigned32, mib-2, Gauge32, Counter32
FROM SNMPv2-SMI -- RFC2578 FROM SNMPv2-SMI -- RFC2578
InetAddressType, InetAddress, InetPortNumber, InetAddressType, InetAddress, InetPortNumber,
skipping to change at page 4, line 43 skipping to change at page 4, line 43
FROM SNMPv2-TC -- RFC2579 FROM SNMPv2-TC -- RFC2579
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF -- RFC2580 FROM SNMPv2-CONF -- RFC2580
LongUtf8String FROM SYSAPPL-MIB -- RFC2287 LongUtf8String FROM SYSAPPL-MIB -- RFC2287
; ;
rpkiRtrMIB MODULE-IDENTITY rpkiRtrMIB MODULE-IDENTITY
LAST-UPDATED "201110140000Z" LAST-UPDATED "201302050000Z"
ORGANIZATION "IETF Secure Inter-Domain Routing (SIDR) ORGANIZATION "IETF Secure Inter-Domain Routing (SIDR)
Working Group Working Group
" "
CONTACT-INFO "Working Group Email: sidr@ietf.org CONTACT-INFO "Working Group Email: sidr@ietf.org
Randy Bush Randy Bush
Internet Initiative Japan Internet Initiative Japan
5147 Crystal Springs 5147 Crystal Springs
Bainbridge Island, Washington, 98110 Bainbridge Island, Washington, 98110
USA USA
skipping to change at page 5, line 36 skipping to change at page 5, line 36
P.O. Box 72682 P.O. Box 72682
Davis, CA 95617 Davis, CA 95617
USA USA
Email: michael.baer@sparta.com Email: michael.baer@sparta.com
" "
DESCRIPTION "This MIB module contains management objects to DESCRIPTION "This MIB module contains management objects to
support monitoring of the Resource Public Key support monitoring of the Resource Public Key
Infrastructure (RPKI) protocol on routers. Infrastructure (RPKI) protocol on routers.
Copyright (c) 2011 IETF Trust and the persons Copyright (c) 2013 IETF Trust and the persons
identified as authors of the code. All rights identified as authors of the code. All rights
reserved. reserved.
Redistribution and use in source and binary Redistribution and use in source and binary
forms, with or without modification, is forms, with or without modification, is
permitted pursuant to, and subject to the permitted pursuant to, and subject to the
license terms contained in, the Simplified BSD license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF License set forth in Section 4.c of the IETF
Trust's Legal Provisions Relating to IETF Trust's Legal Provisions Relating to IETF
Documents (http://trustee.ietf.org/license-info). Documents (http://trustee.ietf.org/license-info).
This version of this MIB module is part of This version of this MIB module is part of
RFCxxxx; see the RFC itself for full legal RFCxxxx; see the RFC itself for full legal
notices. notices.
" "
REVISION "201110140000Z" REVISION "201302050000Z"
DESCRIPTION "Initial version, published as RFCxxxx." DESCRIPTION "Initial version, published as RFCxxxx."
-- Note to RFC Editor: pls fill in above (2 times) RFC -- Note to RFC Editor: pls fill in above (2 times) RFC
-- number for xxxx and delete these 2 lines. -- number for xxxx and delete these 2 lines.
::= { mib-2 XXX } -- XXX to be assigned by IANA ::= { mib-2 XXX } -- XXX to be assigned by IANA
rpkiRtrNotifications OBJECT IDENTIFIER ::= { rpkiRtrMIB 0 } rpkiRtrNotifications OBJECT IDENTIFIER ::= { rpkiRtrMIB 0 }
rpkiRtrObjects OBJECT IDENTIFIER ::= { rpkiRtrMIB 1 } rpkiRtrObjects OBJECT IDENTIFIER ::= { rpkiRtrMIB 1 }
rpkiRtrConformance OBJECT IDENTIFIER ::= { rpkiRtrMIB 2 } rpkiRtrConformance OBJECT IDENTIFIER ::= { rpkiRtrMIB 2 }
-- ============================================================== -- ==============================================================
-- Textual Conventions used in this MIB module -- Textual Conventions used in this MIB module
-- ============================================================== -- ==============================================================
RpkiRtrConnectionType ::= TEXTUAL-CONVENTION RpkiRtrConnectionType ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION "The connection type or transport security suite DESCRIPTION "The connection type used between a router (as a
(transport plus security mechanism) used between client) and a cache server.
a router (as a client) and a cache server.
The following types have been defined in RFCnnnn: The following types have been defined in RFC6810:
-- RFC Editor: pls fill out RFCnnnn number that will be or has
-- been assigned to draft-ietf-sidr-rpki-rtr-nn.txt
ssh(1) - sect 7.1, see also RFC4252. ssh(1) - sect 7.1, see also RFC4252.
tls(2) - sect 7.2, see also RFC5246. tls(2) - sect 7.2, see also RFC5246.
tcpMD5(3) - sect 7.3, see also RFC2385. tcpMD5(3) - sect 7.3, see also RFC2385.
tcpAO(4) - sect 7.4, see also RFC5925. tcpAO(4) - sect 7.4, see also RFC5925.
tcp(5) - sect 7. tcp(5) - sect 7.
ipsec(6) - sect 7, see also RFC4301. ipsec(6) - sect 7, see also RFC4301.
other(7) - non of the above other(7) - none of the above
" "
REFERENCE "The RPKI/Rtr Protocol, RFCnnnn - section 7" REFERENCE "The RPKI/Router Protocol, RFC6810 - section 7"
-- RFC Editor: pls fill out RFCnnnn number that will be or has been
-- assigned to draft-ietf-sidr-rpki-rtr-nn.txt
SYNTAX INTEGER { SYNTAX INTEGER {
ssh(1), ssh(1),
tls(2), tls(2),
tcpMD5(3), tcpMD5(3),
tcpAO(4), tcpAO(4),
tcp(5), tcp(5),
ipsec(6), ipsec(6),
other(7) other(7)
} }
-- ============================================================== -- ==============================================================
-- Scalar objects -- Scalar objects
-- ============================================================== -- ==============================================================
rpkiRtrDiscontinuityTimer OBJECT-TYPE rpkiRtrDiscontinuityTimer OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "This timer represents the timestamp (value DESCRIPTION "This timer represents the timestamp (value
of sysUpTime) at which time any of the of sysUpTime) at which time any of the
Counter32 ojects in this MIB module Counter32 objects in this MIB module
encountered a discontinuity. encountered a discontinuity.
In principle that should only happen if the In principle that should only happen if the
SNMP agent or the instrumentation for this SNMP agent or the instrumentation for this
MIB module (re-)starts." MIB module (re-)starts."
::= { rpkiRtrObjects 1 } ::= { rpkiRtrObjects 1 }
-- ============================================================== -- ==============================================================
-- RPKI Router Cache Server Connection Table -- RPKI Router Cache Server Connection Table
-- ============================================================== -- ==============================================================
skipping to change at page 8, line 13 skipping to change at page 8, line 8
rpkiRtrCacheServerDescription LongUtf8String, rpkiRtrCacheServerDescription LongUtf8String,
rpkiRtrCacheServerMsgsReceived Counter32, rpkiRtrCacheServerMsgsReceived Counter32,
rpkiRtrCacheServerMsgsSent Counter32, rpkiRtrCacheServerMsgsSent Counter32,
rpkiRtrCacheServerV4ActiveRecords Gauge32, rpkiRtrCacheServerV4ActiveRecords Gauge32,
rpkiRtrCacheServerV4Announcements Counter32, rpkiRtrCacheServerV4Announcements Counter32,
rpkiRtrCacheServerV4Withdrawals Counter32, rpkiRtrCacheServerV4Withdrawals Counter32,
rpkiRtrCacheServerV6ActiveRecords Gauge32, rpkiRtrCacheServerV6ActiveRecords Gauge32,
rpkiRtrCacheServerV6Announcements Counter32, rpkiRtrCacheServerV6Announcements Counter32,
rpkiRtrCacheServerV6Withdrawals Counter32, rpkiRtrCacheServerV6Withdrawals Counter32,
rpkiRtrCacheServerLatestSerial Unsigned32, rpkiRtrCacheServerLatestSerial Unsigned32,
rpkiRtrCacheServerNonce Unsigned32, rpkiRtrCacheServerSessionID Unsigned32,
rpkiRtrCacheServerRefreshTimer Unsigned32, rpkiRtrCacheServerRefreshTimer Unsigned32,
rpkiRtrCacheServerTimeToRefresh Integer32, rpkiRtrCacheServerTimeToRefresh Integer32,
rpkiRtrCacheServerId Unsigned32 rpkiRtrCacheServerId Unsigned32
} }
rpkiRtrCacheServerAddressType OBJECT-TYPE rpkiRtrCacheServerAddressType OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6 (2) } SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "The network address type of the connection DESCRIPTION "The network address type of the connection
to this RPKI cache server. to this RPKI cache server.
Only IPv4 and IPv6 are supported." Note: Only IPv4, IPv6 and DNS support are required
for RFCxxxx read only compliance."
::= { rpkiRtrCacheServerTableEntry 1 } ::= { rpkiRtrCacheServerTableEntry 1 }
rpkiRtrCacheServerRemoteAddress OBJECT-TYPE rpkiRtrCacheServerRemoteAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "The remote network address for this connection DESCRIPTION "The remote network address for this connection
to this RPKI cache server. to this RPKI cache server.
The format of the address is defined by the The format of the address is defined by the
value of the corresponding instance of value of the corresponding instance of
rpkiRtrCacheServerAddressType." rpkiRtrCacheServerAddressType."
::= { rpkiRtrCacheServerTableEntry 2 } ::= { rpkiRtrCacheServerTableEntry 2 }
skipping to change at page 9, line 22 skipping to change at page 9, line 19
rpkiRtrCacheServerLocalPort OBJECT-TYPE rpkiRtrCacheServerLocalPort OBJECT-TYPE
SYNTAX InetPortNumber (1..65535) SYNTAX InetPortNumber (1..65535)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The local port number for this connection DESCRIPTION "The local port number for this connection
to this RPKI cache server." to this RPKI cache server."
::= { rpkiRtrCacheServerTableEntry 5 } ::= { rpkiRtrCacheServerTableEntry 5 }
rpkiRtrCacheServerPreference OBJECT-TYPE rpkiRtrCacheServerPreference OBJECT-TYPE
SYNTAX Unsigned32 (0..255) SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The routers' preference for this DESCRIPTION "The routers' preference for this RPKI cache server.
RPKI cache server.
A lower value means more preferred. If two A lower value means more preferred. If two
entries have the same preference, then the entries have the same preference, then the
order is arbitrary. order is arbitrary.
If no order is specified in the configuration In two cases the maximum value for an Unsigned32
then this value is set to 255." object should be returned for this object:
REFERENCE "The RPKI/Rtr Protocol, RFCnnnn - section 8." - If no order is specified in the RPKI Router
-- RFC-Editor: pls update RFCnnnn with the actual RFC number configuration.
-- assigned to draft-ietf-sidr-rpki-rtr-nn.txt - If a preference value is configured that is larger
than the max value for an Unsigned32 object."
REFERENCE "The RPKI/Rtr Protocol, RFC6810 - section 8."
DEFVAL { 4294967295 }
::= { rpkiRtrCacheServerTableEntry 6 } ::= { rpkiRtrCacheServerTableEntry 6 }
rpkiRtrCacheServerConnectionType OBJECT-TYPE rpkiRtrCacheServerConnectionType OBJECT-TYPE
SYNTAX RpkiRtrConnectionType SYNTAX RpkiRtrConnectionType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The connection type or transport security suite DESCRIPTION "The connection type or transport security suite
in use for this RPKI cache server." in use for this RPKI cache server."
::= { rpkiRtrCacheServerTableEntry 7 } ::= { rpkiRtrCacheServerTableEntry 7 }
skipping to change at page 12, line 10 skipping to change at page 12, line 7
rpkiRtrCacheServerLatestSerial OBJECT-TYPE rpkiRtrCacheServerLatestSerial OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The latest serial number of data received from DESCRIPTION "The latest serial number of data received from
this RPKI server on this connection. this RPKI server on this connection.
Note: this value wraps back to zero when it Note: this value wraps back to zero when it
reaches its maximum value." reaches its maximum value."
REFERENCE "RFCnnnn section 2 and RFC1982" REFERENCE "RFC6810 section 2 and RFC1982"
-- RFC-Editor: please fill out nnnn with the RFC number assigned -- RFC-Editor: please fill out nnnn with the RFC number assigned
-- to draft-ietf-sidr-rpki-rtr-nn.txt -- to draft-ietf-sidr-rpki-rtr-nn.txt
::= { rpkiRtrCacheServerTableEntry 18 } ::= { rpkiRtrCacheServerTableEntry 18 }
rpkiRtrCacheServerNonce OBJECT-TYPE rpkiRtrCacheServerSessionID OBJECT-TYPE
SYNTAX Unsigned32 (0..65535) SYNTAX Unsigned32 (0..65535)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The nonce associated with the RPKI cache server DESCRIPTION "The Session ID associated with the RPKI cache
at the other end of this connection." server at the other end of this connection."
REFERENCE "RFCnnnn section 2" REFERENCE "RFC6810 section 2"
::= { rpkiRtrCacheServerTableEntry 19 } ::= { rpkiRtrCacheServerTableEntry 19 }
rpkiRtrCacheServerRefreshTimer OBJECT-TYPE rpkiRtrCacheServerRefreshTimer OBJECT-TYPE
SYNTAX Unsigned32 (60..7200) SYNTAX Unsigned32 (60..7200)
UNITS "seconds" UNITS "seconds"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The number of seconds configured for the refresh DESCRIPTION "The number of seconds configured for the refresh
timer for this connection to this RPKI cache timer for this connection to this RPKI cache
server." server."
REFERENCE "RFC6810 section 8, section 6.1"
::= { rpkiRtrCacheServerTableEntry 20 } ::= { rpkiRtrCacheServerTableEntry 20 }
rpkiRtrCacheServerTimeToRefresh OBJECT-TYPE rpkiRtrCacheServerTimeToRefresh OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
UNITS "seconds" UNITS "seconds"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The number of seconds remaining before a new DESCRIPTION "The number of seconds remaining before a new
refresh is performed via a Serial Query to refresh is performed via a Serial Query to
this cache server over this connection. this cache server over this connection.
A negative value means that the refresh time A negative value means that the refresh time has
has passed this many seconds and the refresh passed this many seconds and the refresh has not yet
has not yet been completed. been completed. It will stop decrementing at the
maximum negative value.
Upon a completed refresh (i.e. a successful Upon a completed refresh (i.e. a successful
and complete response to a Serial Query) the and complete response to a Serial Query) the
value of this attribute will be re-initialized value of this attribute will be re-initialized
with the value of the corresponding with the value of the corresponding
rpkiRtrCacheServerRefreshTimer attribute." rpkiRtrCacheServerRefreshTimer attribute."
REFERENCE "RFC6810 section 8"
::= { rpkiRtrCacheServerTableEntry 21 } ::= { rpkiRtrCacheServerTableEntry 21 }
rpkiRtrCacheServerId OBJECT-TYPE rpkiRtrCacheServerId OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The unique ID for this connection. DESCRIPTION "The unique ID for this connection.
An implementation must make sure this ID is unique An implementation must make sure this ID is unique
within this table. It is this ID that can be used within this table. It is this ID that can be used
skipping to change at page 13, line 30 skipping to change at page 13, line 28
-- ============================================================== -- ==============================================================
-- Errors Table -- Errors Table
-- ============================================================== -- ==============================================================
rpkiRtrCacheServerErrorsTable OBJECT-TYPE rpkiRtrCacheServerErrorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF RpkiRtrCacheServerErrorsTableEntry SYNTAX SEQUENCE OF RpkiRtrCacheServerErrorsTableEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "This table provides statistics on errors per DESCRIPTION "This table provides statistics on errors per
RPKI peer connection. These can be used for RPKI peer connection. These can be used for
debuging." debugging."
::= { rpkiRtrObjects 3 } ::= { rpkiRtrObjects 3 }
rpkiRtrCacheServerErrorsTableEntry OBJECT-TYPE rpkiRtrCacheServerErrorsTableEntry OBJECT-TYPE
SYNTAX RpkiRtrCacheServerErrorsTableEntry SYNTAX RpkiRtrCacheServerErrorsTableEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "An entry in the rpkiCacheServerErrorTable. It holds DESCRIPTION "An entry in the rpkiCacheServerErrorTable. It holds
management objects associated with errors that management objects associated with errors codes that
were detected for the specified connection to were received on the specified connection to a
a specific cache server." specific cache server."
REFERENCE "RFC6810 section 10"
AUGMENTS { rpkiRtrCacheServerTableEntry } AUGMENTS { rpkiRtrCacheServerTableEntry }
::= { rpkiRtrCacheServerErrorsTable 1 } ::= { rpkiRtrCacheServerErrorsTable 1 }
RpkiRtrCacheServerErrorsTableEntry ::= SEQUENCE { RpkiRtrCacheServerErrorsTableEntry ::= SEQUENCE {
rpkiRtrCacheServerErrorsCorruptData Counter32, rpkiRtrCacheServerErrorsCorruptData Counter32,
rpkiRtrCacheServerErrorsInternalError Counter32, rpkiRtrCacheServerErrorsInternalError Counter32,
rpkiRtrCacheServerErrorsNoData Counter32, rpkiRtrCacheServerErrorsNoData Counter32,
rpkiRtrCacheServerErrorsInvalidRequest Counter32, rpkiRtrCacheServerErrorsInvalidRequest Counter32,
rpkiRtrCacheServerErrorsUnsupportedVersion Counter32, rpkiRtrCacheServerErrorsUnsupportedVersion Counter32,
rpkiRtrCacheServerErrorsUnsupportedPdu Counter32, rpkiRtrCacheServerErrorsUnsupportedPdu Counter32,
skipping to change at page 16, line 4 skipping to change at page 15, line 51
rpkiRtrCacheServerErrorsDuplicateAnnounce OBJECT-TYPE rpkiRtrCacheServerErrorsDuplicateAnnounce OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The number of 'Duplicate Announcement Received' DESCRIPTION "The number of 'Duplicate Announcement Received'
errors received from the RPKI cache server at errors received from the RPKI cache server at
the other end of this connection. the other end of this connection.
Discontinuities are indicated by the value Discontinuities are indicated by the value
of rpkiRtrDiscontinuityTimer." of rpkiRtrDiscontinuityTimer."
::= { rpkiRtrCacheServerErrorsTableEntry 8 } ::= { rpkiRtrCacheServerErrorsTableEntry 8 }
-- ============================================================== -- ==============================================================
-- The rpkiRtrPrefixOriginTable (was refered to as ROATable in an -- The rpkiRtrPrefixOriginTable
-- earlier version of this table)
-- ============================================================== -- ==============================================================
rpkiRtrPrefixOriginTable OBJECT-TYPE rpkiRtrPrefixOriginTable OBJECT-TYPE
SYNTAX SEQUENCE OF RpkiRtrPrefixOriginTableEntry SYNTAX SEQUENCE OF RpkiRtrPrefixOriginTableEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "This table lists the prefixes that were DESCRIPTION "This table lists the prefixes that were
announced by RPKI cache servers to this system. announced by RPKI cache servers to this system.
That is the prefixes and their Origin ASN That is the prefixes and their Origin ASN
as recieved by announcements via the as received by announcements via the
rpki-rtr protocol." rpki-rtr protocol."
::= { rpkiRtrObjects 4 } ::= { rpkiRtrObjects 4 }
rpkiRtrPrefixOriginTableEntry OBJECT-TYPE rpkiRtrPrefixOriginTableEntry OBJECT-TYPE
SYNTAX RpkiRtrPrefixOriginTableEntry SYNTAX RpkiRtrPrefixOriginTableEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "An entry in the rpkiRtrPrefixOriginTable. DESCRIPTION "An entry in the rpkiRtrPrefixOriginTable.
This represents one announced prefix." This represents one announced prefix. If a Cache
Server is removed from the local configuration, any
table rows associated with that server (indicated by
rpkiRtrPrefixOriginCacheServerId) are also removed
from this table."
INDEX { rpkiRtrPrefixOriginAddressType, INDEX { rpkiRtrPrefixOriginAddressType,
rpkiRtrPrefixOriginAddress, rpkiRtrPrefixOriginAddress,
rpkiRtrPrefixOriginMinLength rpkiRtrPrefixOriginMinLength,
rpkiRtrPrefixOriginMaxLength,
rpkiRtrPrefixOriginASN,
rpkiRtrPrefixOriginCacheServerId
} }
::= { rpkiRtrPrefixOriginTable 1 } ::= { rpkiRtrPrefixOriginTable 1 }
RpkiRtrPrefixOriginTableEntry ::= SEQUENCE { RpkiRtrPrefixOriginTableEntry ::= SEQUENCE {
rpkiRtrPrefixOriginAddressType InetAddressType, rpkiRtrPrefixOriginAddressType InetAddressType,
rpkiRtrPrefixOriginAddress InetAddress, rpkiRtrPrefixOriginAddress InetAddress,
rpkiRtrPrefixOriginMinLength InetAddressPrefixLength, rpkiRtrPrefixOriginMinLength InetAddressPrefixLength,
rpkiRtrPrefixOriginMaxLength InetAddressPrefixLength, rpkiRtrPrefixOriginMaxLength InetAddressPrefixLength,
rpkiRtrPrefixOriginASN InetAutonomousSystemNumber, rpkiRtrPrefixOriginASN InetAutonomousSystemNumber,
rpkiRtrPrefixOriginCacheServerId Unsigned32 rpkiRtrPrefixOriginCacheServerId Unsigned32
} }
rpkiRtrPrefixOriginAddressType OBJECT-TYPE rpkiRtrPrefixOriginAddressType OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2) } SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "The network Address Type for this prefix. DESCRIPTION "The network Address Type for this prefix.
Only IPv4 and IPv6 are supported." Note: Only IPv4, IPv6 and DNS support are required
for RFCxxxx read only compliance."
::= { rpkiRtrPrefixOriginTableEntry 1 } ::= { rpkiRtrPrefixOriginTableEntry 1 }
rpkiRtrPrefixOriginAddress OBJECT-TYPE rpkiRtrPrefixOriginAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE(4|16)) SYNTAX InetAddress
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "The network Address for this prefix. DESCRIPTION "The network Address for this prefix.
The format of the address is defined by the The format of the address is defined by the
value of the corresponding instance of value of the corresponding instance of
rpkiRtrCacheServerAddressType." rpkiRtrPrefixOriginAddressType."
::= { rpkiRtrPrefixOriginTableEntry 2 } ::= { rpkiRtrPrefixOriginTableEntry 2 }
rpkiRtrPrefixOriginMinLength OBJECT-TYPE rpkiRtrPrefixOriginMinLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX InetAddressPrefixLength
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "The minimum prefix length allowed for this prefix." DESCRIPTION "The minimum prefix length allowed for this prefix."
::= { rpkiRtrPrefixOriginTableEntry 3 } ::= { rpkiRtrPrefixOriginTableEntry 3 }
rpkiRtrPrefixOriginMaxLength OBJECT-TYPE rpkiRtrPrefixOriginMaxLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "The maximum prefix length allowed for this prefix. DESCRIPTION "The maximum prefix length allowed for this prefix.
Note, this value must be greater or equal to the Note, this value must be greater or equal to the
value of rpkiRtrPrefixOriginMinLength." value of rpkiRtrPrefixOriginMinLength."
::= { rpkiRtrPrefixOriginTableEntry 4 } ::= { rpkiRtrPrefixOriginTableEntry 4 }
rpkiRtrPrefixOriginASN OBJECT-TYPE rpkiRtrPrefixOriginASN OBJECT-TYPE
SYNTAX InetAutonomousSystemNumber SYNTAX InetAutonomousSystemNumber
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION "The ASN that is authorized to announce the DESCRIPTION "The ASN that is authorized to announce the
prefix or sub-prefixes covered by this entry." prefix or sub-prefixes covered by this entry."
::= { rpkiRtrPrefixOriginTableEntry 5 } ::= { rpkiRtrPrefixOriginTableEntry 5 }
rpkiRtrPrefixOriginCacheServerId OBJECT-TYPE rpkiRtrPrefixOriginCacheServerId OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The unique ID of the connection to the cache DESCRIPTION "The unique ID of the connection to the cache
skipping to change at page 17, line 49 skipping to change at page 18, line 4
::= { rpkiRtrPrefixOriginTableEntry 5 } ::= { rpkiRtrPrefixOriginTableEntry 5 }
rpkiRtrPrefixOriginCacheServerId OBJECT-TYPE rpkiRtrPrefixOriginCacheServerId OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295) SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION "The unique ID of the connection to the cache DESCRIPTION "The unique ID of the connection to the cache
server from which this announcement was received. server from which this announcement was received.
That connection is identified/found by a matching That connection is identified/found by a matching
value in attribute rpkiRtrCacheServerId." value in attribute rpkiRtrCacheServerId."
::= { rpkiRtrPrefixOriginTableEntry 6 } ::= { rpkiRtrPrefixOriginTableEntry 6 }
-- ============================================================== -- ==============================================================
-- Notifications -- Notifications
-- ============================================================== -- ==============================================================
rpkiRtrCacheServerConnectionStateChange NOTIFICATION-TYPE rpkiRtrCacheServerConnectionStateChange NOTIFICATION-TYPE
OBJECTS { rpkiRtrCacheServerConnectionStatus, OBJECTS { rpkiRtrCacheServerConnectionStatus,
rpkiRtrCacheServerLatestSerial, rpkiRtrCacheServerLatestSerial,
rpkiRtrCacheServerNonce rpkiRtrCacheServerSessionID
} }
STATUS current STATUS current
DESCRIPTION "This notification signals a change in the status DESCRIPTION "This notification signals a change in the status
of an rpkiRtrCacheServerConnection. of an rpkiRtrCacheServerConnection.
The SNMP agent MUST throttle the generation of The management agent MUST throttle the generation of
consecutive rpkiRtrCacheServerConnectionStateChange consecutive rpkiRtrCacheServerConnectionStateChange
notifications such that there is at least a notifications such that there is at least a 5 second
5 second gap between them. gap between them.
"
If more than one notification has occurred locally
during that time, the most recent notification is
sent at the end of the 5 second gap and the others
are discarded."
::= { rpkiRtrNotifications 1 } ::= { rpkiRtrNotifications 1 }
rpkiRtrCacheServerConnectionToGoStale NOTIFICATION-TYPE rpkiRtrCacheServerConnectionToGoStale NOTIFICATION-TYPE
OBJECTS { rpkiRtrCacheServerV4ActiveRecords, OBJECTS { rpkiRtrCacheServerV4ActiveRecords,
rpkiRtrCacheServerV6ActiveRecords, rpkiRtrCacheServerV6ActiveRecords,
rpkiRtrCacheServerLatestSerial, rpkiRtrCacheServerLatestSerial,
rpkiRtrCacheServerNonce, rpkiRtrCacheServerSessionID,
rpkiRtrCacheServerRefreshTimer, rpkiRtrCacheServerRefreshTimer,
rpkiRtrCacheServerTimeToRefresh rpkiRtrCacheServerTimeToRefresh
} }
STATUS current STATUS current
DESCRIPTION "This notification signals that an RPKI cache DESCRIPTION "This notification signals that an RPKI cache
server connection is about to go stale. server connection is about to go stale.
It is suggested that this notifiation is It is suggested that this notification is
generated when the value of the generated when the value of the
rpkiRtrCacheServerTimeToRefresh attribute rpkiRtrCacheServerTimeToRefresh attribute
goes below 60 seconds. goes below 60 seconds.
The SNMP agent MUST throttle the generation of The SNMP agent MUST throttle the generation of
consecutive rpkiRtrCacheServerConnectionToGoStale consecutive rpkiRtrCacheServerConnectionToGoStale
notifications such that there is at least a notifications such that there is at least a
5 second gap between them. 5 second gap between them.
" "
::= { rpkiRtrNotifications 2 } ::= { rpkiRtrNotifications 2 }
-- ============================================================== -- ==============================================================
-- Module Compliance information -- Module Compliance information
-- ============================================================== -- ==============================================================
rpkiRtrCompliances OBJECT IDENTIFIER ::= rpkiRtrCompliances OBJECT IDENTIFIER ::=
{rpkiRtrConformance 1} {rpkiRtrConformance 1}
rpkiRtrGroups OBJECT IDENTIFIER ::= rpkiRtrGroups OBJECT IDENTIFIER ::=
{rpkiRtrConformance 2} {rpkiRtrConformance 2}
rpkiRtrReadOnlyCompliance MODULE-COMPLIANCE rpkiRtrRFCxxxxReadOnlyCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION "The compliance statement for the rpkiRtrMIB DESCRIPTION "The compliance statement for the rpkiRtrMIB
module. There are only read-only objects in this module. There are only read-only objects in this
MIB module, so the 'ReadOnly' in the name of this MIB module, so the 'ReadOnly' in the name of this
compliance statement is there only for clarity compliance statement is there only for clarity
and truth in advertising. and truth in advertising.
In order to be compliant, the InetAddressType
objects in this MIB, rpkiRtrCacheServerAddressType
and rpkiRtrPrefixOriginAddressType, are only
required to support the ipv4, ipv6, and dns types.
" "
MODULE -- This module MODULE -- This module
MANDATORY-GROUPS { rpkiRtrCacheServerGroup, MANDATORY-GROUPS { rpkiRtrCacheServerGroup,
rpkiRtrPrefixOriginGroup, rpkiRtrPrefixOriginGroup,
rpkiRtrNotificationsGroup rpkiRtrNotificationsGroup,
rpkiRtrCacheServerAddressType
} }
GROUP rpkiRtrCacheServerErrorsGroup GROUP rpkiRtrCacheServerErrorsGroup
DESCRIPTION "Implemntation of this group is optional and DESCRIPTION "Implementation of this group is optional and
would be useful for debugging." would be useful for debugging."
::= { rpkiRtrCompliances 1 } ::= { rpkiRtrCompliances 1 }
rpkiRtrCacheServerGroup OBJECT-GROUP rpkiRtrCacheServerGroup OBJECT-GROUP
OBJECTS { rpkiRtrDiscontinuityTimer, OBJECTS {
rpkiRtrDiscontinuityTimer,
rpkiRtrCacheServerLocalAddress, rpkiRtrCacheServerLocalAddress,
rpkiRtrCacheServerLocalPort, rpkiRtrCacheServerLocalPort,
rpkiRtrCacheServerPreference, rpkiRtrCacheServerPreference,
rpkiRtrCacheServerConnectionType, rpkiRtrCacheServerConnectionType,
rpkiRtrCacheServerConnectionStatus, rpkiRtrCacheServerConnectionStatus,
rpkiRtrCacheServerDescription, rpkiRtrCacheServerDescription,
rpkiRtrCacheServerMsgsReceived, rpkiRtrCacheServerMsgsReceived,
rpkiRtrCacheServerMsgsSent, rpkiRtrCacheServerMsgsSent,
rpkiRtrCacheServerV4ActiveRecords, rpkiRtrCacheServerV4ActiveRecords,
rpkiRtrCacheServerV4Announcements, rpkiRtrCacheServerV4Announcements,
rpkiRtrCacheServerV4Withdrawals, rpkiRtrCacheServerV4Withdrawals,
rpkiRtrCacheServerV6ActiveRecords, rpkiRtrCacheServerV6ActiveRecords,
rpkiRtrCacheServerV6Announcements, rpkiRtrCacheServerV6Announcements,
rpkiRtrCacheServerV6Withdrawals, rpkiRtrCacheServerV6Withdrawals,
rpkiRtrCacheServerLatestSerial, rpkiRtrCacheServerLatestSerial,
rpkiRtrCacheServerNonce, rpkiRtrCacheServerSessionID,
rpkiRtrCacheServerRefreshTimer, rpkiRtrCacheServerRefreshTimer,
rpkiRtrCacheServerTimeToRefresh, rpkiRtrCacheServerTimeToRefresh,
rpkiRtrCacheServerId rpkiRtrCacheServerId
} }
STATUS current STATUS current
DESCRIPTION "The collection of objects to monitor the RPKI peer DESCRIPTION "The collection of objects to monitor the RPKI peer
connections." connections."
::= { rpkiRtrGroups 1 } ::= { rpkiRtrGroups 1 }
rpkiRtrCacheServerErrorsGroup OBJECT-GROUP rpkiRtrCacheServerErrorsGroup OBJECT-GROUP
OBJECTS { rpkiRtrCacheServerErrorsCorruptData, OBJECTS {
rpkiRtrCacheServerErrorsCorruptData,
rpkiRtrCacheServerErrorsInternalError, rpkiRtrCacheServerErrorsInternalError,
rpkiRtrCacheServerErrorsNoData, rpkiRtrCacheServerErrorsNoData,
rpkiRtrCacheServerErrorsInvalidRequest, rpkiRtrCacheServerErrorsInvalidRequest,
rpkiRtrCacheServerErrorsUnsupportedVersion, rpkiRtrCacheServerErrorsUnsupportedVersion,
rpkiRtrCacheServerErrorsUnsupportedPdu, rpkiRtrCacheServerErrorsUnsupportedPdu,
rpkiRtrCacheServerErrorsWithdrawalUnknown, rpkiRtrCacheServerErrorsWithdrawalUnknown,
rpkiRtrCacheServerErrorsDuplicateAnnounce rpkiRtrCacheServerErrorsDuplicateAnnounce
} }
STATUS current STATUS current
DESCRIPTION "The collection of objects that may help in DESCRIPTION "The collection of objects that may help in
debugging the communication between rpki debugging the communication between rpki
clients and cache servers." clients and cache servers."
::= { rpkiRtrGroups 2 } ::= { rpkiRtrGroups 2 }
rpkiRtrPrefixOriginGroup OBJECT-GROUP rpkiRtrPrefixOriginGroup OBJECT-GROUP
OBJECTS { rpkiRtrPrefixOriginMaxLength, OBJECTS {
rpkiRtrPrefixOriginASN,
rpkiRtrPrefixOriginCacheServerId rpkiRtrPrefixOriginCacheServerId
} }
STATUS current STATUS current
DESCRIPTION "The collection of objects that represent DESCRIPTION "The collection of objects that represent
the prefix(es) and their validated origin the prefix(es) and their validated origin
ASes." ASes."
::= { rpkiRtrGroups 3 } ::= { rpkiRtrGroups 3 }
rpkiRtrNotificationsGroup NOTIFICATION-GROUP rpkiRtrNotificationsGroup NOTIFICATION-GROUP
NOTIFICATIONS { rpkiRtrCacheServerConnectionStateChange, NOTIFICATIONS { rpkiRtrCacheServerConnectionStateChange,
skipping to change at page 22, line 4 skipping to change at page 22, line 16
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
7. References 7. References
7.1. Normative References
[I-D.ietf-sidr-rpki-rtr] 7.1. Normative References
Bush, R. and R. Austein, "The RPKI/Router Protocol",
draft-ietf-sidr-rpki-rtr-26 (work in progress),
February 2012.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level [RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level
Managed Objects for Applications", RFC 2287, Managed Objects for Applications", RFC 2287,
February 1998. February 1998.
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)", "Structure of Management Information Version 2 (SMIv2)",
skipping to change at page 22, line 34 skipping to change at page 22, line 42
April 1999. April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, "Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999. April 1999.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005. Addresses", RFC 4001, February 2005.
[RFC6810] Bush, R. and R. Austein, "The Resource Public Key
Infrastructure (RPKI) to Router Protocol", RFC 6810,
January 2013.
7.2. Informative References 7.2. Informative References
[RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
August 1996. August 1996.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
 End of changes. 63 change blocks. 
87 lines changed or deleted 109 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/