Inter-Domain Routing Working Group J. Haas Internet-Draft June 24, 2008 Intended status: Standards Track Expires: December 26, 2008 Definitions of Managed Objects for the Fourth Version of Border Gateway Protocol (BGP-4), BGP Community Extension draft-jhaas-idr-bgp4-mibv2-community-01 Status of This Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 26, 2008. Copyright Notice Copyright (C) The IETF Trust (2008). Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing the Border Gateway Protocol's Community extension. Haas Expires December 26, 2008 [Page 1] Internet-Draft BGP-4 Community MIB June 2008 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 5.1. Global Scalars . . . . . . . . . . . . . . . . . . . . . . 3 5.2. Tables . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5.3. Textual Conventions . . . . . . . . . . . . . . . . . . . 4 6. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 6.1. Relationship to the BGP-4 MIB, Second Version . . . . . . 4 6.2. MIB modules required for IMPORTS . . . . . . . . . . . . . 4 7. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 8. Security Considerations . . . . . . . . . . . . . . . . . . . 11 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 11.1. Normative References . . . . . . . . . . . . . . . . . . . 12 11.2. Informative References . . . . . . . . . . . . . . . . . . 12 Haas Expires December 26, 2008 [Page 2] Internet-Draft BGP-4 Community MIB June 2008 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing the Border Gateway Protocol's Community extension. [RFC1997]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 4. Overview The BGP-4 MIB, Version 2, provides for an extension mechanism by which BGP extensions can have MIBs created under the BGP-4 MIB subtree. This MIB documents the objects for managing the BGP-4 Community extension as documented in [RFC1997]. 5. Structure of the MIB Module 5.1. Global Scalars o bgpCommunityTotal - The total number of community sets managed by this system. 5.2. Tables o bgpCommunityAfPathAttrTable - This table provides access to a human-readable version of the community associated with BGP reachability and also an index into the bgpCommunityElementTable which can be used for a canonical version of that set of Haas Expires December 26, 2008 [Page 3] Internet-Draft BGP-4 Community MIB June 2008 communities. o bgpCommunityElementTable - This table provides canonical access to a set of community values. o bgpCommunitySetTable - This table provides additional information about a set of communities. 5.3. Textual Conventions o BgpCommunityTC - The representation of a BGP Community. 6. Relationship to Other MIB Modules 6.1. Relationship to the BGP-4 MIB, Second Version The BGP-4 MIB provides the bgpExtensions point which is used in the root OID for this module. Additionally, as BGP communities are properties of the Path Attributes set sent for reachability, the base BGP-4 MIB provides the index for this table, bgpAfPathAttrIndex. Note well that bgpAfPathAttrIndex is meant to be distinct for each received set of Path Attributes. 6.2. MIB modules required for IMPORTS The following MIB module IMPORTS objects from SNMPv2-SMI [RFC2578], SNMPv2-TC [RFC2579], SNMPv2-CONF [RFC2580] and the BGP-4 MIB, Version 2. 7. Definitions BGP4-COMMUNITY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Gauge32, Unsigned32 FROM SNMPv2-SMI TEXTUAL-CONVENTION FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB bgpExtensions, bgpAfPathAttrIndex FROM BGP4-MIB; Haas Expires December 26, 2008 [Page 4] Internet-Draft BGP-4 Community MIB June 2008 bgpCommunity MODULE-IDENTITY LAST-UPDATED "200806240000Z" ORGANIZATION "IETF IDR Working Group" CONTACT-INFO "E-mail: idr@ietf.org" DESCRIPTION "This MIB module defines additional management objects for the Border Gateway Protocol, Version 4. Specifically, it adds objects for the management of the BGP Community PATH_ATTRIBUTE as documented in RFC 1997." ::= { bgpExtensions 1 } -- -- Textual Conventions -- BgpCommunityTC ::= TEXTUAL-CONVENTION DISPLAY-HINT "2d:" STATUS current DESCRIPTION "The representation of a BGP Community." SYNTAX OCTET STRING(SIZE(4)) -- -- BGP Community Scalars -- bgpCommunityTotal OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of community sets managed by this system." ::= { bgpCommunity 1 } -- -- BGP Communities per-NLRI entry. -- bgpCommunityAfPathAttrTable OBJECT-TYPE SYNTAX SEQUENCE OF BgpCommunityAfPathAttrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BGP-4 Path Attribute Community Table contains the per network path (NLRI) data on the community membership advertised with a route. The absence of row data for a Haas Expires December 26, 2008 [Page 5] Internet-Draft BGP-4 Community MIB June 2008 given index value for bgpCommunityPathAttrIndex indicates a lack of this attribute information for the indicated network path." ::= { bgpCommunity 2 } bgpCommunityAfPathAttrEntry OBJECT-TYPE SYNTAX BgpCommunityAfPathAttrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a community association provided with a path to a network." INDEX { bgpAfPathAttrIndex } ::= { bgpCommunityAfPathAttrTable 1 } BgpCommunityAfPathAttrEntry ::= SEQUENCE { bgpCommunityString SnmpAdminString, bgpCommunityIndex Unsigned32 } bgpCommunityString OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This is a string depicting the set of communities associated with a given NLRI. The format of this string is implementation-dependent and should be designed for operator readability. Note that SnmpAdminString is only capable of representing a maximum of 255 characters. This may lead to the string being truncated in the presence of a large community set. The bgpCommunityTable will give access to the full community set. It is RECOMMENDED that for rows sharing the same value in bgpCommunityTableIndex that the bgpCommunityString also be identical." ::= { bgpCommunityAfPathAttrEntry 1 } bgpCommunityIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only Haas Expires December 26, 2008 [Page 6] Internet-Draft BGP-4 Community MIB June 2008 STATUS current DESCRIPTION "This value is an index for the sub-components of a community set in the bgpCommunityElementTable. It is assigned by the agent at the point of creation of the bgpCommunityElementTable row entry. While its value is guaranteed to be unique at any time, it is otherwise opaque to the management application with respect to its value or the contiguity of the bgpCommunityTableIndex row intance values across rows of the bgpCommunityTable. Additionally, this value, which represents a distinct set of communities, is used as an index in the bgpCommunitySetTable. It is particularly important to note that there may be a many-to-one relationship between this object for a given set of indices to a particular bgpCommunityTableIndex. This is because many NLRI may share the same community set." ::= { bgpCommunityAfPathAttrEntry 2 } -- -- Table of a Community Set's Components -- bgpCommunityElementTable OBJECT-TYPE SYNTAX SEQUENCE OF BgpCommunityElementEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The bgpCommunityElementTable allows individual sub-components of a community set to be examined in a canonical fashion." ::= { bgpCommunity 3 } bgpCommunityElementEntry OBJECT-TYPE SYNTAX BgpCommunityElementEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about sub-components for a set of communities." INDEX { bgpCommunityIndex, bgpCommunityElementIndex } Haas Expires December 26, 2008 [Page 7] Internet-Draft BGP-4 Community MIB June 2008 ::= { bgpCommunityElementTable 1 } BgpCommunityElementEntry ::= SEQUENCE { bgpCommunityElementIndex Unsigned32, bgpCommunityElementValue BgpCommunityTC, bgpCommunityElementWellKnown INTEGER } bgpCommunityElementIndex OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An integer index for a row in this table." ::= { bgpCommunityElementEntry 1 } bgpCommunityElementValue OBJECT-TYPE SYNTAX BgpCommunityTC MAX-ACCESS read-only STATUS current DESCRIPTION "A value representing a community. There are certain 4-octet long values which could be returned in this columnar row data that carry additional semantics." REFERENCE "RFC 1997 - BGP Community Attribute" ::= { bgpCommunityElementEntry 2 } bgpCommunityElementWellKnown OBJECT-TYPE SYNTAX INTEGER { notWellKnown(1), noExport(2), noAdvertise(3), noExportSubconfed(4), noPeer(5) } MAX-ACCESS read-only STATUS current DESCRIPTION "In the case that a given community is a 'well-known' community, this object is set to the appropriate value." REFERENCE "RFC 1997, 'Well-Known Communities'. RFC 3765, NOPEER Community for Border Gateway Protocol." Haas Expires December 26, 2008 [Page 8] Internet-Draft BGP-4 Community MIB June 2008 ::= { bgpCommunityElementEntry 3 } -- -- Table of a Community Set's common properties. -- bgpCommunitySetTable OBJECT-TYPE SYNTAX SEQUENCE OF BgpCommunitySetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table tracks properties that a given set of communities, as identified by a bgpCommunityIndex, may share." ::= { bgpCommunity 4 } bgpCommunitySetEntry OBJECT-TYPE SYNTAX BgpCommunitySetEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Properties shared by a given set of communities." INDEX { bgpCommunityIndex } ::= { bgpCommunitySetTable 1 } BgpCommunitySetEntry ::= SEQUENCE { bgpCommunitySetReferences Gauge32 } bgpCommunitySetReferences OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Some implementation may track the number of times that a distinct community set is referenced. One example of this is a set of NLRI that share the same set of communities. The implementation of this object is completely OPTIONAL." ::= { bgpCommunitySetEntry 1 } -- Haas Expires December 26, 2008 [Page 9] Internet-Draft BGP-4 Community MIB June 2008 -- Conformance Information -- bgpCommunityConformance OBJECT IDENTIFIER ::= { bgpCommunity 5 } bgpCommunityMIBCompliances OBJECT IDENTIFIER ::= { bgpCommunityConformance 1 } bgpCommunityMIBGroups OBJECT IDENTIFIER ::= { bgpCommunityConformance 2 } bgpCommunityMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the BGP4 mib." MODULE -- this module MANDATORY-GROUPS { bgpCommunityRequiredGroup } GROUP bgpCommunityRequiredGroup DESCRIPTION "All members of this GROUP MUST be implemented to support this MIB." GROUP bgpCommunityOptionalGroup DESCRIPTION "Members of this GROUP MAY be implemented. Individual objects with implementation dependencies will be documented in the DESCRIPTION clauses for those objects." ::= { bgpCommunityMIBCompliances 1 } bgpCommunityRequiredGroup OBJECT-GROUP OBJECTS { bgpCommunityTotal, bgpCommunityString, bgpCommunityIndex, bgpCommunityElementValue, bgpCommunityElementWellKnown } STATUS current DESCRIPTION "Objects associated with BGP communities that are Haas Expires December 26, 2008 [Page 10] Internet-Draft BGP-4 Community MIB June 2008 required to be implemented in this MIB." ::= { bgpCommunityMIBGroups 1 } bgpCommunityOptionalGroup OBJECT-GROUP OBJECTS { bgpCommunitySetReferences } STATUS current DESCRIPTION "Objects associated with BGP communities that may optionally be implemented in this MIB." ::= { bgpCommunityMIBGroups 2 } END 8. Security Considerations Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: o bgpCommunityElementValue, bgpCommunityElementWellKnown - BGP Communities may be used to implement routing policy for ISPs and that routing policy may reflect business relationships. Inadvertent disclosure of this information inadvertently expose sensitive information about those business relationships. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. Haas Expires December 26, 2008 [Page 11] Internet-Draft BGP-4 Community MIB June 2008 9. IANA Considerations This memo includes no request to IANA. 10. Acknowledgements The BGP-4 MIB extension mechanism owes thanks to Wayne Tackabury and the OPS Working Group MIB Doctors. An earlier form of this extension mechanism was originally attempted with Mathew Richardson and Shane Wright, formerly of NextHop Technologies. 11. References 11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC1997] Chandrasekeran, R., Traina, P., and T. Li, "BGP Communities Attribute", RFC 1997, August 1996. 11.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. Author's Address Jeffrey Haas Phone: EMail: jhaas@pfrc.org Haas Expires December 26, 2008 [Page 12] Internet-Draft BGP-4 Community MIB June 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Haas Expires December 26, 2008 [Page 13]