Network Working Group S. De Cnodder Internet-Draft Alcatel-Lucent Intended status: Standards Track M. Morgenstern Expires: January 31, 2010 ECI Telecom Ltd. July 30, 2009 Access Node Control Protocol (ANCP) MIB module for Access Nodes draft-ietf-ancp-mib-an-04.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 31, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. De Cnodder & Morgenstern Expires January 31, 2010 [Page 1] Internet-Draft ANCP MIB July 2009 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing access nodes that are using the Access Node Control Protocol (ANCP). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 5.1. Textual Conventions . . . . . . . . . . . . . . . . . . . 4 5.2. The ANCP MIB module Subtree . . . . . . . . . . . . . . . 4 5.3. The Notifications Subtree . . . . . . . . . . . . . . . . 4 5.4. The Table Structures . . . . . . . . . . . . . . . . . . . 4 6. Relationship to Other MIB Modules . . . . . . . . . . . . . . 6 6.1. Relationship to the Interfaces Group MIB module . . . . . 6 6.2. MIB modules required for IMPORTS . . . . . . . . . . . . . 6 7. ANCP MIB Definitions for the Access Node . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 29 9. IANA considerations . . . . . . . . . . . . . . . . . . . . . 34 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 34 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 34 11.1. Normative References . . . . . . . . . . . . . . . . . . . 34 11.2. Informative References . . . . . . . . . . . . . . . . . . 35 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 De Cnodder & Morgenstern Expires January 31, 2010 [Page 2] Internet-Draft ANCP MIB July 2009 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing access nodes as described in [ANCPFW] that are using the Access Node Control Protocol defined in [ANCPPR]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies MIB modules that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 4. Overview In [ANCPFW], the framework for the Access Node Control Protocol (ANCP) is described. It defines 2 network entities, the Access Node (AN) and the Network Access Server (NAS), between which ANCP sessions are established. The detailed protocol specification of ANCP is described in [ANCPPR]. This document specifies a MIB module for an AN that supports ANCP, and a MIB module that defines textual conventions. Note: the current MIB definition is specific for [ANCPPR]. If [ANCPPR] gets updated later, then the MIB definition in this document will also follow these changes. De Cnodder & Morgenstern Expires January 31, 2010 [Page 3] Internet-Draft ANCP MIB July 2009 5. Structure of the MIB Module 5.1. Textual Conventions Two new textual convention, GsmpSubVersion and AncpSessionCapabilities, are defined in a seperate MIB module in this document. The ANCP specification in [ANCPPR] is re-using the GSMP specification in [RFC3292] where the GSMP subversion is introduced. The textual conventions defined in this document complement the textual conventions defined in [RFC3295], GsmpVersion, GsmpNameType, and GsmpPartitionIdType, which are also used in the ANCP MIB module for ANs. These textual conventions are used for the convenience of humans reading the MIB. 5.2. The ANCP MIB module Subtree ANCP-TC-MIB is the first MIB module defined in this document, and it is put under mib-2. Also the second MIB module defined in this document, ANCP-AN-MIB is put under mib-2. 5.3. The Notifications Subtree Notifications are defined to inform the management station about state changes of ANCP sessions, whenever an ANCP session changes state. Two notifications are defined for this purpose. The notification ancpAnSessionUp is to inform the management station when the session comes up, and the notification ancpAnSessionDown is to inform when the ANCP session is down again after it was up before. Attributes are introduced to enable and disable the generation of these notifications per ANCP session. No other special measures for congestion avoidance for the notifications are needed because the number of ANCP sessions in an access node is typically small. In addition, establishing an ANCP session and tearing down it again, takes some time such that for a particular ANCP session, not many notifications in a short time period can be generated. 5.4. The Table Structures The ANCP MIB module for the AN has 3 tables. The tables are the following: o ancpAnSessionConfigTable This table is used to configure ANCP sessions at the AN towards a specific NAS. The NAS is identified by a number of attributes in this table (ancpAnSessionConfigNasIpAddressType and ancpAnSessionConfigNasIpAddress). The other attributes in this De Cnodder & Morgenstern Expires January 31, 2010 [Page 4] Internet-Draft ANCP MIB July 2009 table can be used to configure properties that are specific for that particular ANCP session. Also the interface to which the ANCP session is bound, is also configured in this table. This interface can be an IP interface, an ATM PVC, a VLAN (or VLAN stack), or any other interface defined in IF-MIB. o ancpAnCurrentSessionTable This table shows the operational state of a particular ANCP session. Each session configured in ancpAnSessionConfigTable has a corresponding row in ancpAnCurrentSessionTable. When a session is configured or deleted in the ancpAnSessionConfigTable, then the corresponding row of that session in the ancpAnCurrentSessionTable is, respectively, automatically created or deleted. o ancpAnInterfaceConfigTable This table is used to assign interfaces to particular partitions if partitions are being used as indicated by the scalar ancpAnPartitionsUsed. When partitions are used, a row in this table is created automatically when an interface is created in the ifTable of the IF- MIB [RFC2863] for which the system supports ANCP. Four groups are defined: o ancpAnConfigGroup This group contains all objects of the ancpAnSessionConfigTable in which the ANCP sessions are configured in the access node. o ancpAnCurrentGroup This group contains all objects of the ancpAnCurrentSessionTable where the operational state and other information of the ANCP sessions are shown. o ancpAnInterfaceGroup This group contains all objects to configure interfaces to be used by ANCP. Assigning interfaces to particular partitions is part of this group in case partitions are used. o ancpAnNotificationsGroup This group contains the notifications that indicate state changes of ANCP sessions. De Cnodder & Morgenstern Expires January 31, 2010 [Page 5] Internet-Draft ANCP MIB July 2009 6. Relationship to Other MIB Modules 6.1. Relationship to the Interfaces Group MIB module There is a dependency between the ANCP MIB module and the Interfaces Group MIB (IF-MIB) defined in [RFC2863]. The ifIndex defined in the ifTable of IF-MIB is used as the index of the ancpAnInterfaceConfigTable defined in the ANCP MIB module for access nodes. Each time that an entry is created in the ifTable for which the system supports ANCP (e.g., in a DSLAM this is typically for each DSL line), a row is created automatically in the ancpAnInterfaceConfigTable if partitions are being used. 6.2. MIB modules required for IMPORTS The ANCP TC MIB module requires following MIB modules for IMPORTS: o SNMPv2-SMI defined in [RFC2578] o SNMPv2-TC defined in [RFC2579] The ANCP MIB module for access nodes requires following MIB modules for IMPORTS: o SNMPv2-SMI defined in [RFC2578] o RMON2-MIB defined in [RFC4502] o IF-MIB defined in [RFC2863] o INET-ADDRESS-MIB defined in [RFC4001] o SNMPv2-CONF defined in [RFC2580] o GSMP-MIB defined in [RFC3295] o SNMPv2-TC defined in [RFC2579] o Q-BRIDGE-MIB defined in [RFC4363] o ANCP-TC-MIB defined in this document 7. ANCP MIB Definitions for the Access Node ANCP-TC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, Unsigned32, mib-2 FROM SNMPv2-SMI -- [RFC2578] TEXTUAL-CONVENTION FROM SNMPv2-TC; -- [RFC2579] ancpTcMIB MODULE-IDENTITY LAST-UPDATED "200806180000Z" -- 18 June 2008 ORGANIZATION "IETF ANCP Working Group" De Cnodder & Morgenstern Expires January 31, 2010 [Page 6] Internet-Draft ANCP MIB July 2009 CONTACT-INFO " Editors: Stefaan De Cnodder Alcatel-Lucent Postal: Copernicuslaan 50 B-2018 Antwerp Belgium EMail: stefaan.de_cnodder@alcatel-lucent.com Phone: +32 3 240 85 15 Moti Morgenstern ECI Telecom Ltd. Postal: 30 Hasivim St. Petach Tikva 49517, Israel Email: moti.morgenstern@ecitele.com Phone: +972 3 926 6258 " DESCRIPTION "This MIB module provides Textual Conventions to be used by MIB modules for AN and NAS that are implementing the Access Node Control Protocol (ANCP). Copyright (C) The IETF Trust (2008). The initial version of this MIB module was published in RFC yyyy; for full legal notices see the RFC itself." -- RFC Ed.: replace yyyy with actual RFC number & remove this note REVISION "200806180000Z" -- 18 June 2008 DESCRIPTION "Initial version as published in RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this note ::= { mib-2 xxx } -- The value xxx to be assigned by IANA. -- -- Textual Conventions -- GsmpSubVersion ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "The subversion numbers defined for the GSMP protocol." SYNTAX Unsigned32 AncpSessionCapabilities ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "ANCP capabilities supported by the AN. De Cnodder & Morgenstern Expires January 31, 2010 [Page 7] Internet-Draft ANCP MIB July 2009 The following capabilities are available: topologyDiscovery (0)- Access Topology Discovery lineConfig (1) - Line Configuration multicast (2) - Multicast l2Oam (3) - Layer 2 OAM A bit set means the associated capability is supported." SYNTAX BITS { topologyDiscovery (0), lineConfig (1), multicast (2), l2Oam (3) } END ANCP-AN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, TimeTicks,zeroDotZero, NOTIFICATION-TYPE, mib-2 FROM SNMPv2-SMI -- [RFC2578] ZeroBasedCounter32 FROM RMON2-MIB -- [RFC4502] InterfaceIndex, ifIndex FROM IF-MIB -- [RFC2863] InetAddressType, InetAddress, InetPortNumber FROM INET-ADDRESS-MIB -- [RFC4001] MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF -- [RFC2580] GsmpVersion, GsmpNameType, GsmpPartitionIdType FROM GSMP-MIB -- [RFC3295] RowStatus, TruthValue, RowPointer FROM SNMPv2-TC -- [RFC2579] VlanIdOrNone FROM Q-BRIDGE-MIB -- [RFC4363] GsmpSubVersion, AncpSessionCapabilities FROM ANCP-TC-MIB; -- [This document] ancpAnMIB MODULE-IDENTITY LAST-UPDATED "200806180000Z" -- 18 June 2008 ORGANIZATION "IETF ANCP Working Group" CONTACT-INFO " Editors: Stefaan De Cnodder Alcatel-Lucent Postal: Copernicuslaan 50 B-2018 Antwerp De Cnodder & Morgenstern Expires January 31, 2010 [Page 8] Internet-Draft ANCP MIB July 2009 Belgium EMail: stefaan.de_cnodder@alcatel-lucent.com Phone: +32 3 240 85 15 Moti Morgenstern ECI Telecom Ltd. Postal: 30 Hasivim St. Petach Tikva 49517, Israel Email: moti.morgenstern@ecitele.com Phone: +972 3 926 6258 " DESCRIPTION "The MIB module for entities implementing the access node side of the Access Node Control Protocol (ANCP). Copyright (C) The IETF Trust (2008). The initial version of this MIB module was published in RFC yyyy; for full legal notices see the RFC itself." -- RFC Ed.: replace yyyy with actual RFC number & remove this note REVISION "200806180000Z" -- 18 June 2008 DESCRIPTION "Initial version as published in RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this note ::= { mib-2 xxx } -- The value xxx to be assigned by IANA. ancpAnNotifications OBJECT IDENTIFIER ::= { ancpAnMIB 0 } ancpAnObjects OBJECT IDENTIFIER ::= { ancpAnMIB 1 } ancpAnConformance OBJECT IDENTIFIER ::= { ancpAnMIB 2 } -- -- Global ANCP Control Parameters -- -- The following scalar parameters globally control the behavior -- of the ANCP implementation -- ancpAnPartitionsUsed OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This object allows the manager to specify whether or not to use the 'Partition ID' field in the GSMP message header. When set to 'false' the application does not use partitions and the ancpAnSessionConfigPartitionId object MUST be zero for all sessions. In addition, rows De Cnodder & Morgenstern Expires January 31, 2010 [Page 9] Internet-Draft ANCP MIB July 2009 SHOULD NOT be created in the ancpAnInterfaceConfigTable. When set to 'true' the application uses partitions and the ancpAnSessionConfigPartitionId object MUST be set, for every session, to a nonzero value. In such a case, rows are created in ancpAnInterfaceConfigTable. The default value zero in ancpAnInterfaceConfigPartitionId object means that the operator did not associate the interface with a particular partition. Note that modifying the value of this object is restricted. E.g., prior to setting it from 'true' to 'false' ancpAnSessionConfigRowStatus objects for all sessions should be set to notInService and the partition ID value MUST be set to zero. The value of this object is persistent." DEFVAL { false } ::= { ancpAnObjects 1 } -- -- Configuration of ANCP Sessions -- ancpAnNextSessionId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object reports the next index (potential value of ancpAnSessionConfigSessionId) which is available for creating a new row in ancpAnSessionConfigTable. If no such value is available (e.g., the table is full or any other reason) the object reports '0' (zero). An available value V becomes unavailable when a row is actually created with ancpAnSessionConfigSessionId=V and until then consecutive GET commands with this object may return the same value V. Note that eventually only one row creation with the value V can succeed. An unavailable value V becomes available again when a row with ancpAnSessionConfigSessionId=V in ancpAnSessionConfigTable is deleted." ::= { ancpAnObjects 2 } ancpAnSessionConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpAnSessionConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table represents the ANCP sessions in the access node. An entry in this table needs to be configured De Cnodder & Morgenstern Expires January 31, 2010 [Page 10] Internet-Draft ANCP MIB July 2009 (created) before an ANCP session might be started." ::= { ancpAnObjects 3 } ancpAnSessionConfigEntry OBJECT-TYPE SYNTAX AncpAnSessionConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table showing the data for a specific actual or yet to be established session. If partitions are used, one session corresponds to one specific access node partition." INDEX { ancpAnSessionConfigSessionId } ::= { ancpAnSessionConfigTable 1 } AncpAnSessionConfigEntry ::= SEQUENCE { ancpAnSessionConfigSessionId Unsigned32, ancpAnSessionConfigRowStatus RowStatus, ancpAnSessionConfigGsmpVersion GsmpVersion, ancpAnSessionConfigGsmpSubVersion GsmpSubVersion, ancpAnSessionConfigEncapsulationType INTEGER, ancpAnSessionConfigCapabilities AncpSessionCapabilities, ancpAnSessionConfigAliveTimer Unsigned32, ancpAnSessionConfigPortReportShaper Unsigned32, ancpAnSessionConfigAggregateReportShaper Unsigned32, ancpAnSessionConfigTransportRetryTimer Unsigned32, ancpAnSessionConfigAncpRetryTimer Unsigned32, ancpAnSessionConfigAnName GsmpNameType, ancpAnSessionConfigPartitionId GsmpPartitionIdType, ancpAnSessionConfigWindowSize Unsigned32, ancpAnSessionConfigRelatedInterface InterfaceIndex, ancpAnSessionConfigRelatedEntity RowPointer, ancpAnSessionConfigSvid VlanIdOrNone, ancpAnSessionConfigSPrio Unsigned32, ancpAnSessionConfigCvid VlanIdOrNone, ancpAnSessionConfigCPrio Unsigned32, ancpAnSessionConfigNasIpAddressType InetAddressType, ancpAnSessionConfigNasIpAddress InetAddress, ancpAnSessionConfigEncapPortNumber InetPortNumber, ancpAnSessionConfigNotifyDnEnable TruthValue, ancpAnSessionConfigNotifyUpEnable TruthValue } ancpAnSessionConfigSessionId OBJECT-TYPE SYNTAX Unsigned32 (1..255) MAX-ACCESS not-accessible STATUS current DESCRIPTION De Cnodder & Morgenstern Expires January 31, 2010 [Page 11] Internet-Draft ANCP MIB July 2009 "An index of a session referred by this row. The index is unique accross all partitions. The referred session may be actually established or just potential. Prior to creating a row in the table it is advised to check the ancpAnNextSessionId for an available index." ::= { ancpAnSessionConfigEntry 1 } ancpAnSessionConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "An object that allows entries in this table to be created, modified and deleted using the RowStatus convention. A SET operation to any other attribute in this row, when this object is set to 'active' (1), MUST be rejected with an SNMP error (e.g., inconsistentValue). In order to perform a SET operation to any other attribute in this table the manager MUST set this object to notInService (2). After setting the object back to 'active' the implementation MAY tear down the session and recreate it, depending on what session attributes have been modified. " ::= { ancpAnSessionConfigEntry 2 } ancpAnSessionConfigGsmpVersion OBJECT-TYPE SYNTAX GsmpVersion MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum version number of the GSMP protocol that may be used in this session. The value of this object is persistent." DEFVAL { 3 } ::= { ancpAnSessionConfigEntry 3 } ancpAnSessionConfigGsmpSubVersion OBJECT-TYPE SYNTAX GsmpSubVersion MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum subversion number of the GSMP protocol that may be used in this session. The value of this object is persistent." DEFVAL { 1 } ::= { ancpAnSessionConfigEntry 4 } De Cnodder & Morgenstern Expires January 31, 2010 [Page 12] Internet-Draft ANCP MIB July 2009 ancpAnSessionConfigEncapsulationType OBJECT-TYPE SYNTAX INTEGER { tcp(1) } MAX-ACCESS read-create STATUS current DESCRIPTION "Required encapsulation for this session. The value of this object is persistent." DEFVAL { tcp } ::= { ancpAnSessionConfigEntry 5 } ancpAnSessionConfigCapabilities OBJECT-TYPE SYNTAX AncpSessionCapabilities MAX-ACCESS read-create STATUS current DESCRIPTION "ANCP capabilities supported by the AN in this session. When all bits are set to zero then this means that no capabilities are supported. The value of this object is persistent." DEFVAL { { topologyDiscovery, l2Oam } } ::= { ancpAnSessionConfigEntry 6 } ancpAnSessionConfigAliveTimer OBJECT-TYPE SYNTAX Unsigned32(1..255) UNITS "deciseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between periodic adjacency protocol messages generated by the access node. It is a constant for the duration of an ANCP session. The timer is specified in units of 100ms. The value of this object is persistent." DEFVAL { 100 } ::= { ancpAnSessionConfigEntry 7 } ancpAnSessionConfigPortReportShaper OBJECT-TYPE SYNTAX Unsigned32(1..255) UNITS "deciseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 EventReport messages related to the same port. It is a constant for the duration of a GSMP session. The timer is specified in units of 100ms. The value De Cnodder & Morgenstern Expires January 31, 2010 [Page 13] Internet-Draft ANCP MIB July 2009 of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 8 } ancpAnSessionConfigAggregateReportShaper OBJECT-TYPE SYNTAX Unsigned32(1..2550) UNITS "centiseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 EventReport messages related to any port. It is a constant for the duration of a GSMP session. The timer is specified in units of 10ms. The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 9 } ancpAnSessionConfigTransportRetryTimer OBJECT-TYPE SYNTAX Unsigned32(0..255) UNITS "deciseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 transport connection setup attempts done by the access node. The transport protocol is specified in ancpAnSessionConfigEncapsulationType. The timer is specified in units of 100ms. A value 0 means that the access node will NOT initiate nor setup the transport connection. The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 10 } ancpAnSessionConfigAncpRetryTimer OBJECT-TYPE SYNTAX Unsigned32(0..255) UNITS "deciseconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The timer specifies the nominal time between 2 ANCP connection setup attempts. The timer is specified in units of 100ms. A value 0 means that the access node will NOT spontaneously trigger an ANCP session. Whatever the setting of this timer, the access node shall always listen for ANCP session setup. De Cnodder & Morgenstern Expires January 31, 2010 [Page 14] Internet-Draft ANCP MIB July 2009 The value of this object is persistent." DEFVAL { 10 } ::= { ancpAnSessionConfigEntry 11 } ancpAnSessionConfigAnName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the access node. The first three octets must be an Organizationally Unique Identifier (OUI) that identifies the manufacturer of the access node. This object can be (one of) the MAC address(es) of the access node on the network side. When set to zero, the access node shall autonomously decide on using the most appropriate MAC address of the access node. Then the actually used access node name can be read from ancpAnCurrentSessionAnName. The value of this object is persistent." DEFVAL { '000000000000'H } ::= { ancpAnSessionConfigEntry 12 } ancpAnSessionConfigPartitionId OBJECT-TYPE SYNTAX GsmpPartitionIdType MAX-ACCESS read-create STATUS current DESCRIPTION "The Id for this session's specific access node partition. This object has a meaning only if partitions are used (ancpAnPartitionsUsed='true') and is ignored otherwise. The value of this object is persistent." DEFVAL { '00'H } ::= { ancpAnSessionConfigEntry 13 } ancpAnSessionConfigWindowSize OBJECT-TYPE SYNTAX Unsigned32(1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The maximum number of unacknowledged request messages that may be transmitted by the controller without the possibility of loss. This field is used to prevent request messages from being lost in the access node because of overflow in the receive buffer. The field is a hint to the controller. The value of this object is persistent." DEFVAL { 10 } De Cnodder & Morgenstern Expires January 31, 2010 [Page 15] Internet-Draft ANCP MIB July 2009 ::= { ancpAnSessionConfigEntry 14 } ancpAnSessionConfigRelatedInterface OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS read-create STATUS current DESCRIPTION "This object contains the value of an ifIndex object, defined in IF-MIB, indicating an interface corresponding to this session. The corresponding interface might be either physical or logical (e.g., IP Interface). The value of this object is persistent." ::= { ancpAnSessionConfigEntry 15 } ancpAnSessionConfigRelatedEntity OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-create STATUS current DESCRIPTION "This object contains the name of an object instance uniquely identifying a lower layer entity associated with this session. For example, in the case where the session is associated with an ATM VCC, this object might be set to an object identifier uniquely identifying that VCC (e.g., an object instance in atmVclTable). If unused, this object MUST have the value zeroDotZero. The value of this object is persistent." DEFVAL { zeroDotZero } ::= { ancpAnSessionConfigEntry 16 } ancpAnSessionConfigSvid OBJECT-TYPE SYNTAX VlanIdOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "If the session is associated with a single VLAN, this object contains the VLAN ID of the single VLAN tag. If ancpAnSessionConfigCvid is also nonzero then the session is associated with two VLAN tags, S-VLAN tag and C-VLAN tag, then this object contains the VLAN ID of the S-VLAN tag (the outer VLAN tag). In both cases the value of this object SHOULD be nonzero. If the session is not associated with any VLAN, this object MUST have the default value 0. The value of this object is persistent." DEFVAL { 0 } ::= { ancpAnSessionConfigEntry 17 } De Cnodder & Morgenstern Expires January 31, 2010 [Page 16] Internet-Draft ANCP MIB July 2009 ancpAnSessionConfigSPrio OBJECT-TYPE SYNTAX Unsigned32(0..7 | 65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If the session is associated with a single VLAN, this object contains the priority value of the single VLAN tag. If ancpAnSessionConfigCvid is also nonzero then the session is associated with two VLAN tags, S-VLAN tag and C-VLAN tag, then this object contains the priority value of the S-VLAN tag (the priority value of the outer VLAN tag). In both cases the value of this object SHOULD be in the range 0 to 7 inclusive. If the session is not associated with any VLAN, this object MUST have the default value 65535. The value of this object is persistent." DEFVAL { 65535 } ::= { ancpAnSessionConfigEntry 18 } ancpAnSessionConfigCvid OBJECT-TYPE SYNTAX VlanIdOrNone MAX-ACCESS read-create STATUS current DESCRIPTION "If the session is associated with two VLANs, has both S-VLAN tag and C-VLAN tag, this object contains the VLAN ID of the inner VLAN tag (also called C-VLAN ID). In such a case the value of this object SHOULD be nonzero. If the session is not associated with any VLAN or if it is associated with a single VLAN, this object MUST have the default value 0. The value of this object is persistent." DEFVAL { 0 } ::= { ancpAnSessionConfigEntry 19 } ancpAnSessionConfigCPrio OBJECT-TYPE SYNTAX Unsigned32(0..7 | 65535) MAX-ACCESS read-create STATUS current DESCRIPTION "If the session is associated with two VLANs, has both S-VLAN tag and C-VLAN tag, this object contains the priority value of the inner VLAN tag (also called C-VLAN priority). In such a case the value of this object SHOULD be in the range 0 to 7 inclusive. If the session is not associated with any VLAN or if it is associated with a single VLAN, this object MUST have the default value 65535. De Cnodder & Morgenstern Expires January 31, 2010 [Page 17] Internet-Draft ANCP MIB July 2009 The value of this object is persistent." DEFVAL { 65535 } ::= { ancpAnSessionConfigEntry 20 } ancpAnSessionConfigNasIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The type of address in ancpAnSessionConfigNasIpAddress. The value of this object is persistent." ::= { ancpAnSessionConfigEntry 21 } ancpAnSessionConfigNasIpAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The IP address used for the ANCP session peer (NAS). The type of this IP address attribute is determined by the value of ancpAnSessionConfigNasIpAddressType. The value of this object is persistent." ::= { ancpAnSessionConfigEntry 22 } ancpAnSessionConfigEncapPortNumber OBJECT-TYPE SYNTAX InetPortNumber (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The port number used for the transport protocol establishment to the ANCP peer. The transport protocol type is specified by ancpAnSessionConfigEncapsulationType and as it is set by default to 'tcp' then the default port number is set to 6068 (see details in http://www.iana.org/). Other port numbers may be relevant if other transport protocols are used. The value of this object is persistent." DEFVAL { 6068 } ::= { ancpAnSessionConfigEntry 23 } ancpAnSessionConfigNotifyDnEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies if ancpAnSessionDown notification should be generated when this session De Cnodder & Morgenstern Expires January 31, 2010 [Page 18] Internet-Draft ANCP MIB July 2009 leaves the 'estab' state as given by ancpAnCurrentSessionState in the corresponding row in ancpAnCurrentSessionTable. The value of this object is persistent." DEFVAL { false } ::= { ancpAnSessionConfigEntry 24 } ancpAnSessionConfigNotifyUpEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies if ancpAnSessionUp notification should be generated when this session goes to 'estab' state as given by ancpAnCurrentSessionState in the corresponding row in ancpAnCurrentSessionTable. The value of this object is persistent." DEFVAL { false } ::= { ancpAnSessionConfigEntry 25 } -- -- Operational Information of ANCP Sessions -- ancpAnCurrentSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpAnCurrentSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table gives actual information of the sessions in the access node. A row in this table is created when the corresponding row in the ancpAnSessionConfigTable is created. A row in this table is deleted when the corresponding row in the ancpAnSessionConfigTable is deleted." ::= { ancpAnObjects 4 } ancpAnCurrentSessionEntry OBJECT-TYPE SYNTAX AncpAnCurrentSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table showing the data for a specific actual session." INDEX { ancpAnSessionConfigSessionId } ::= { ancpAnCurrentSessionTable 1 } De Cnodder & Morgenstern Expires January 31, 2010 [Page 19] Internet-Draft ANCP MIB July 2009 AncpAnCurrentSessionEntry ::= SEQUENCE { ancpAnCurrentSessionState INTEGER, ancpAnCurrentSessionGsmpVersion GsmpVersion, ancpAnCurrentSessionGsmpSubVersion GsmpSubVersion, ancpAnCurrentSessionAnName GsmpNameType, ancpAnCurrentSessionNasName GsmpNameType, ancpAnCurrentSessionAnIpAddressType InetAddressType, ancpAnCurrentSessionAnIpAddress InetAddress, ancpAnCurrentSessionAnInstance Unsigned32, ancpAnCurrentSessionNasInstance Unsigned32, ancpAnCurrentSessionCapabilities AncpSessionCapabilities, ancpAnCurrentSessionStartUptime TimeTicks, ancpAnCurrentSessionDiscontinuityTime TimeTicks, ancpAnCurrentSessionStatSentMessages ZeroBasedCounter32, ancpAnCurrentSessionStatReceivedValidMessages ZeroBasedCounter32, ancpAnCurrentSessionStatDiscardedMessages ZeroBasedCounter32 } ancpAnCurrentSessionState OBJECT-TYPE SYNTAX INTEGER { null(1), synsent(2), synrcvd(3), estab(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The state of this session. The null (1) state is returned if the proper encapsulation data is not yet configured, if the row is not in active status or if the session is in NULL state as defined in the GSMP specification." ::= { ancpAnCurrentSessionEntry 1 } ancpAnCurrentSessionGsmpVersion OBJECT-TYPE SYNTAX GsmpVersion MAX-ACCESS read-only STATUS current DESCRIPTION "The actual version number of the GSMP protocol that is used in this session. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 2 } ancpAnCurrentSessionGsmpSubVersion OBJECT-TYPE SYNTAX GsmpSubVersion De Cnodder & Morgenstern Expires January 31, 2010 [Page 20] Internet-Draft ANCP MIB July 2009 MAX-ACCESS read-only STATUS current DESCRIPTION "The actual subversion number of the GSMP protocol that may be used in this session. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 3 } ancpAnCurrentSessionAnName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the access node used in this session. It should be the same as ancpAnSessionConfigAnName if that object is not set to zero. If ancpAnSessionConfigAnName is set to zero, then this object will contain the MAC address selected by the access node as described in the description of ancpAnSessionConfigAnName. The value of this object is used as value for the 'Sender Name' field in the header of the ANCP messages generated for this session by the AN." ::= { ancpAnCurrentSessionEntry 4 } ancpAnCurrentSessionNasName OBJECT-TYPE SYNTAX GsmpNameType MAX-ACCESS read-only STATUS current DESCRIPTION "The name of the NAS as advertised in the adjacency message. The value of this object is set to the value of the 'Sender Name' field in the header of the ANCP messages received on this session. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 5 } ancpAnCurrentSessionAnIpAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address in ancpAnCurrentSessionAnIpAddress." ::= { ancpAnCurrentSessionEntry 6 } ancpAnCurrentSessionAnIpAddress OBJECT-TYPE SYNTAX InetAddress De Cnodder & Morgenstern Expires January 31, 2010 [Page 21] Internet-Draft ANCP MIB July 2009 MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address used for the access node. The type of this IP address attribute is determined by the value of ancpAnCurrentSessionAnIpAddressType." ::= { ancpAnCurrentSessionEntry 7 } ancpAnCurrentSessionAnInstance OBJECT-TYPE SYNTAX Unsigned32(0..16777215) MAX-ACCESS read-only STATUS current DESCRIPTION "The instance number used by the access node during this session. The Instance number is a 24-bit number that should be guaranteed to be unique within the recent past and to change when the link or node comes back up after going down. Zero is not a valid instance number. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 8 } ancpAnCurrentSessionNasInstance OBJECT-TYPE SYNTAX Unsigned32(0..16777215) MAX-ACCESS read-only STATUS current DESCRIPTION "The instance number used by the NAS during this session. The Instance number is a 24-bit number that should be guaranteed to be unique within the recent past and to change when the link or node comes back up after going down. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 9 } ancpAnCurrentSessionCapabilities OBJECT-TYPE SYNTAX AncpSessionCapabilities MAX-ACCESS read-only STATUS current DESCRIPTION "The common ANCP capabilities supported by the AN and NAS in this session. The object has the value 0 if no capabilities are supported or if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 10 } De Cnodder & Morgenstern Expires January 31, 2010 [Page 22] Internet-Draft ANCP MIB July 2009 ancpAnCurrentSessionStartUptime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime when the session came to established state. This object has value 0 if ancpAnCurrentSessionState is not estab(4)." ::= { ancpAnCurrentSessionEntry 11 } ancpAnCurrentSessionDiscontinuityTime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The value of sysUpTime on the most recent occasion at which session's counters suffered a discontinuity. If no such discontinuities have occurred since then, this object contains the same value as ancpAnCurrentSessionStartUptime." ::= { ancpAnCurrentSessionEntry 12 } ancpAnCurrentSessionStatSentMessages OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that have been sent in this session by the access node. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. Discontinuities of this counter are indicated by ancpAnCurrentSessionDiscontinuityTime." ::= { ancpAnCurrentSessionEntry 13 } ancpAnCurrentSessionStatReceivedValidMessages OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that have been received and processed in this session by the access node. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages De Cnodder & Morgenstern Expires January 31, 2010 [Page 23] Internet-Draft ANCP MIB July 2009 and failure response messages. Discontinuities of this counter are indicated by ancpAnCurrentSessionDiscontinuityTime." ::= { ancpAnCurrentSessionEntry 14 } ancpAnCurrentSessionStatDiscardedMessages OBJECT-TYPE SYNTAX ZeroBasedCounter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of messages that in this session have been received and discarded for whatever reason by the access node. All ANCP messages pertaining to this session after the session came to established state shall be counted, also including adjacency protocol messages and failure response messages. Discontinuities of this counter are indicated by ancpAnCurrentSessionDiscontinuityTime." ::= { ancpAnCurrentSessionEntry 15 } -- -- Partitions -- ancpAnInterfaceConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF AncpAnInterfaceConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table configures the association of user facing interfaces to ANCP partitions in the access node. An entry in this table needs to be added by the agent for each relevant user facing interface with the value of ancpAnInterfaceConfigPartitionId set to zero at the time of the creation of the row. A relevant user facing interface is created whenever a row is created in the ifTable of the IF-MIB that can be controlled by ANCP. When such an interface is deleted from the ifTable, the corresponding row in this table has to be removed by the agent. Rows should only be created by the agent when ancpAnPartitionsUsed is set to 'true'. If no partitions are used, then no rows should be created in this table." ::= { ancpAnObjects 5 } ancpAnInterfaceConfigEntry OBJECT-TYPE De Cnodder & Morgenstern Expires January 31, 2010 [Page 24] Internet-Draft ANCP MIB July 2009 SYNTAX AncpAnInterfaceConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the table showing the partition id for a specific user facing interface" INDEX { ifIndex } ::= { ancpAnInterfaceConfigTable 1 } AncpAnInterfaceConfigEntry ::= SEQUENCE { ancpAnInterfaceConfigPartitionId GsmpPartitionIdType } ancpAnInterfaceConfigPartitionId OBJECT-TYPE SYNTAX GsmpPartitionIdType MAX-ACCESS read-write STATUS current DESCRIPTION "A partition Id associated with the related ifIndex. Upon creation of the row, the value is set to '00'H. The value of this object is persistent." DEFVAL { '00'H } ::= { ancpAnInterfaceConfigEntry 1 } -- -- Notifications -- ancpAnSessionDown NOTIFICATION-TYPE OBJECTS { ancpAnCurrentSessionAnIpAddressType, ancpAnCurrentSessionAnIpAddress, ancpAnSessionConfigNasIpAddressType, ancpAnSessionConfigNasIpAddress, ancpAnCurrentSessionAnInstance, ancpAnCurrentSessionNasInstance, ancpAnCurrentSessionStartUptime, ancpAnCurrentSessionDiscontinuityTime, ancpAnCurrentSessionStatSentMessages, ancpAnCurrentSessionStatReceivedValidMessages, ancpAnCurrentSessionStatDiscardedMessages } STATUS current DESCRIPTION "This notification is generated whenever an ANCP session goes down. A session can go down for several reasons: 1) The ANCP session can be deleted by a manager from the ancpAnSessionConfigTable, and hence it will also be De Cnodder & Morgenstern Expires January 31, 2010 [Page 25] Internet-Draft ANCP MIB July 2009 removed from the ancpAnCurrentSessionTable. 2) The session can go operational down due to some malfunction in the network, the AN, or the NAS. In this case, the ANCP session will be still in the ancpAnSessionConfigTable and ancpAnCurrentSessionTable, but the ancpAnCurrentSessionState moves from the estab state to another state. This notification is only generated when ancpAnSessionConfigNotifyDnEnable of this session is set to true." ::= { ancpAnNotifications 1 } ancpAnSessionUp NOTIFICATION-TYPE OBJECTS { ancpAnCurrentSessionAnInstance } STATUS current DESCRIPTION "This notification is generated when an ANCP session enters the estab state as given by ancpAnCurrentSessionState. Since ancpAnCurrentSessionAnInstance identifies the ANCP session uniquely the other attributes can be derived from this attribute. This notification is only generated when ancpAnSessionConfigNotifyUpEnable of this session is set to true." ::= { ancpAnNotifications 2 } -- -- ANCP AN Compliance -- ancpAnGroups OBJECT IDENTIFIER ::= { ancpAnConformance 1 } ancpAnCompliances OBJECT IDENTIFIER ::= { ancpAnConformance 2 } ancpAnModuleCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for agents that support the ANCP MIB module for access nodes." MODULE -- this module MANDATORY-GROUPS { ancpAnConfigGroup, ancpAnCurrentGroup, ancpAnInterfaceGroup, ancpAnNotificationsGroup } ::= { ancpAnCompliances 1 } De Cnodder & Morgenstern Expires January 31, 2010 [Page 26] Internet-Draft ANCP MIB July 2009 -- units of conformance ancpAnConfigGroup OBJECT-GROUP OBJECTS { ancpAnNextSessionId, ancpAnSessionConfigRowStatus, ancpAnSessionConfigGsmpVersion, ancpAnSessionConfigGsmpSubVersion, ancpAnSessionConfigEncapsulationType, ancpAnSessionConfigCapabilities, ancpAnSessionConfigAliveTimer, ancpAnSessionConfigPortReportShaper, ancpAnSessionConfigAggregateReportShaper, ancpAnSessionConfigTransportRetryTimer, ancpAnSessionConfigAncpRetryTimer, ancpAnSessionConfigAnName, ancpAnSessionConfigPartitionId, ancpAnSessionConfigWindowSize, ancpAnSessionConfigNasIpAddressType, ancpAnSessionConfigNasIpAddress, ancpAnSessionConfigEncapPortNumber, ancpAnSessionConfigNotifyDnEnable, ancpAnSessionConfigNotifyUpEnable } STATUS current DESCRIPTION "These objects apply to the configuration of ANCP sessions in access nodes." ::= { ancpAnGroups 1 } ancpAnRelatedInterfaceGroup OBJECT-GROUP OBJECTS { ancpAnSessionConfigRelatedInterface } STATUS current DESCRIPTION "This object contains the ifIndex of an interface defined in IF-MIB. If an ANCP session must be associated with an IP interface, then this group must be supported. This group also must be supported together with the ancpAnRelatedEntityGroup in case the ANCP session is to be associated with an ATM PVC." ::= { ancpAnGroups 2 } ancpAnRelatedEntityGroup OBJECT-GROUP OBJECTS { ancpAnSessionConfigRelatedEntity } De Cnodder & Morgenstern Expires January 31, 2010 [Page 27] Internet-Draft ANCP MIB July 2009 STATUS current DESCRIPTION "This object contains the name of an object instance uniquely identifying a lower layer entity. If an ANCP session must be associated with an ATM PVC, then this group together with ancpAnRelatedInterfaceGroup must be supported." ::= { ancpAnGroups 3 } ancpAnRelatedVlanGroup OBJECT-GROUP OBJECTS { ancpAnSessionConfigSvid, ancpAnSessionConfigSPrio, ancpAnSessionConfigCvid, ancpAnSessionConfigCPrio } STATUS current DESCRIPTION "These objects contains all VLAN related configuration when the ANCP session is associated with a particular VLAN. If an ANCP session must be associated with a VLAN (or VLAN stack), then this group must be supported." ::= { ancpAnGroups 4 } ancpAnCurrentGroup OBJECT-GROUP OBJECTS { ancpAnCurrentSessionState, ancpAnCurrentSessionGsmpVersion, ancpAnCurrentSessionGsmpSubVersion, ancpAnCurrentSessionAnName, ancpAnCurrentSessionNasName, ancpAnCurrentSessionAnIpAddressType, ancpAnCurrentSessionAnIpAddress, ancpAnCurrentSessionAnInstance, ancpAnCurrentSessionNasInstance, ancpAnCurrentSessionCapabilities, ancpAnCurrentSessionStartUptime, ancpAnCurrentSessionDiscontinuityTime, ancpAnCurrentSessionStatSentMessages, ancpAnCurrentSessionStatReceivedValidMessages, ancpAnCurrentSessionStatDiscardedMessages } STATUS current DESCRIPTION "These objects show the operational state of all ANCP sessions configured in the access node." ::= { ancpAnGroups 5 } De Cnodder & Morgenstern Expires January 31, 2010 [Page 28] Internet-Draft ANCP MIB July 2009 ancpAnInterfaceGroup OBJECT-GROUP OBJECTS { ancpAnPartitionsUsed, ancpAnInterfaceConfigPartitionId } STATUS current DESCRIPTION "These objects are used to assign user facing interface to partitions." ::= { ancpAnGroups 6 } ancpAnNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { ancpAnSessionDown, ancpAnSessionUp } STATUS current DESCRIPTION "These objects are used to enable or disable the generation of notifications by the access node about changes in the state of ANCP sessions." ::= { ancpAnGroups 7 } END 8. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: o ancpAnPartitionsUsed This scalar object supports SET operations. Unauthorized changes to this object could result in a wrong interpretation of ancpAnSessionConfigPartitionId attribute of all sessions, as if all sessions use partition id zero, or to actually disabling the use of partitions in the system. o ancpAnSessionConfigTable The table consists of the following objects that support SET operations: De Cnodder & Morgenstern Expires January 31, 2010 [Page 29] Internet-Draft ANCP MIB July 2009 * ancpAnSessionConfigRowStatus * ancpAnSessionConfigGsmpVersion * ancpAnSessionConfigGsmpSubVersion * ancpAnSessionConfigEncapsulationType * ancpAnSessionConfigCapabilities * ancpAnSessionConfigAliveTimer * ancpAnSessionConfigPortReportShaper * ancpAnSessionConfigAggregateReportShaper * ancpAnSessionConfigTransportRetryTimer * ancpAnSessionConfigAncpRetryTimer * ancpAnSessionConfigAnName * ancpAnSessionConfigPartitionId * ancpAnSessionConfigWindowSize * ancpAnSessionConfigRelatedInterface * ancpAnSessionConfigRelatedEntity * ancpAnSessionConfigSvid * ancpAnSessionConfigSPrio * ancpAnSessionConfigCvid * ancpAnSessionConfigCPrio * ancpAnSessionConfigNasIpAddressType * ancpAnSessionConfigNasIpAddress * ancpAnSessionConfigEncapPortNumber * ancpAnSessionConfigNotifyDnEnable * ancpAnSessionConfigNotifyUpEnable Unauthorized changes to ancpAnSessionConfigRowStatus could result in session being created or brought into service prematurely; or could result in session being inadvertently deleted or taken out of service. Unauthorized changes to ancpAnSessionConfigGsmpVersion or ancpAnSessionConfigGsmpSubVersion could have an adverse operational effect by limiting the GSMP version to be used in the context of this session or enabling a GSMP version number that is actually unsupported by the access node. Unauthorized changes to ancpAnSessionConfigEncapsulationType could have an adverse operational effect by configuring the session to use an undesired or even unsupported protocol. Unauthorized changes to ancpAnSessionConfigCapabilities could have an adverse operational effect by disabling certain ANCP capabilities that the operator assumed that are enabled, or enable a capability that the operator would not like to activate. Unauthorized changes to ancpAnSessionConfigAliveTimer could have an adverse operational effect by increasing the frequency of adjacency protocol messages generated by the access node and De Cnodder & Morgenstern Expires January 31, 2010 [Page 30] Internet-Draft ANCP MIB July 2009 leading to an overload of such messages. Decreasing the frequency of such messages may harm the synchronization between the access node and the NAS. Unauthorized changes to ancpAnSessionConfigPortReportShaper or ancpAnSessionConfigAggregateReportShaper could have an adverse operational effect by increasing the frequency of Event Report messages generated by the access node and leading to an overload of such messages. Decreasing the frequency of such messages may delay the responsiveness of the system to events associated with one or more ports. Unauthorized changes to ancpAnSessionConfigTransportRetryTimer could have an adverse operational effect by increasing the frequency of transport connection setup attempts initiated by the access node or even unexpectedly enabling the access node to initiate the transport connection setup when that supposed to be disabled. Alternatively, when the operator basically planned transport connection setup attempts by the access node unauthorized changes to the attribute may cause unexpected low frequency of such attempts or unexpectedly disable those attempts. Unauthorized changes to ancpAnSessionConfigAncpRetryTimer could have an adverse operational effect by increasing the frequency of ANCP connection setup attempts initiated by the access node or even unexpectedly enabling the access node to initiate the ANCP connection setup when that supposed to be disabled. Alternatively, when the operator basically planned ANCP connection setup attempts by the access node unauthorized changes to the attribute may cause unexpected low frequency of such attempts or unexpectedly disable those attempts. Unauthorized changes to ancpAnSessionConfigAnName could confuse the NAS, e.g., by detecting the same name from multiple access nodes. This may also override the operator's will to allow/avoid the access node to autonomously determine its name. Unauthorized changes to ancpAnSessionConfigPartitionId could mean that partitions are used when actually they are not, or vice versa. It could also al least specify a different partition ID than the one actually associated with the session. Unauthorized changes to ancpAnSessionConfigWindowSize are not directly harmful. However, if the controller adopts the suggested wrong window size it may either cause the controller to send too many messages in a window or unnecessarily limit itself and that could reduce the system performance. De Cnodder & Morgenstern Expires January 31, 2010 [Page 31] Internet-Draft ANCP MIB July 2009 Unauthorized changes to ancpAnSessionConfigRelatedInterface and/or ancpAnSessionConfigRelatedEntity and/or ancpAnSessionConfigSvid and/or ancpAnSessionConfigCvid can result in the ANCP packets to be sent out on the wrong interface. This means that the ANCP packets to establish a session can be received by someone who is not the intended receiver. Unauthorized changes to ancpAnSessionConfigSPrio and/or ancpAnSessionConfigCPrio may give the ANCP packets a lower or a higher priority in the network compared to other packets. Lowering the priority might result in a reduced timely behavior of the ANCP session, and increasing the priority may result in impacting other traffic in the network than ANCP. Unauthorized changes to ancpAnSessionConfigNasIpAddressType and/or ancpAnSessionConfigNasIpAddress and/or ancpAnSessionConfigEncapPortNumber could produce a wrong address type (interpretation) and/or IP address for the NAS and/or specify a wrong transport protocol port number for the session, respectively. Unauthorized changes to ancpAnSessionConfigNotifyDnEnable could lead (if the change was setting the attribute to 'enable') to overload of notification messages at the SNMP manager in case multiple sessions leave the 'estab' state simultaneously. If the change was setting the attribute to 'disable' it could lead to hiding the actual session state from the SNMP manager. Unauthorized changes to ancpAnSessionConfigNotifyUpEnable could lead (if the change was setting the attribute to 'enable') to overload of notification messages at the SNMP manager in case multiple sessions enter the 'estab' state simultaneously. If the change was setting the attribute to 'disable' it could lead to hiding the actual session state from the SNMP manager. o ancpAnInterfaceConfigTable The table consists of the following objects that support SET operations: * ancpAnInterfaceConfigPartitionId Unauthorized changes to ancpAnInterfaceConfigPartitionId could result in a wrong association between the interface and a partition. It could result in not being able to manage the interface from the correct session and/or to exposing the interface to a wrong NAS. De Cnodder & Morgenstern Expires January 31, 2010 [Page 32] Internet-Draft ANCP MIB July 2009 Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. This is the table and these are the objects and their sensitivity/vulnerability: o ancpAnCurrentSessionTable Access to these objects would allow an intruder to obtain information about which vendor's equipment is in use on the network. Further, such information is considered sensitive in many environments for competitive reasons. * ancpAnCurrentSessionState * ancpAnCurrentSessionGsmpVersion * ancpAnCurrentSessionGsmpSubVersion * ancpAnCurrentSessionAnName * ancpAnCurrentSessionNasName * ancpAnCurrentSessionAnIpAddressType * ancpAnCurrentSessionAnIpAddress * ancpAnCurrentSessionAnInstance * ancpAnCurrentSessionNasInstance * ancpAnCurrentSessionCapabilities * ancpAnCurrentSessionStartUptime * ancpAnCurrentSessionDiscontinuityTime * ancpAnCurrentSessionStatSentMessages * ancpAnCurrentSessionStatReceivedValidMessages * ancpAnCurrentSessionStatDiscardedMessages SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], Section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate De Cnodder & Morgenstern Expires January 31, 2010 [Page 33] Internet-Draft ANCP MIB July 2009 rights to indeed GET or SET (change/create/delete) them. 9. IANA considerations IANA is requested to assign two OID's xxx under mib-2 for ANCP-TC-MIB and ANCP-AN-MIB. 10. Acknowledgements The authors would like to thank Paul Reynders and Bert Wijnen for their feedback. 11. References 11.1. Normative References [ANCPPR] Wadhwa, S., Moisand, J., Subramanian, S., Haag, T., Voigt, N., and R. Maglione, "Protocol for Access Node Control Mechanism in Broadband Networks", draft-ietf-ancp-protocol-06.txt, work in progress, July 2009. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3292] Doria, A., Hellstrand, F., Sundell, K., and T. Worster, "General Switch Management Protocol (GSMP) V3", RFC 3292, June 2002. [RFC3295] Sjostrand, H., Buerkle, J., and B. Srinivasan, De Cnodder & Morgenstern Expires January 31, 2010 [Page 34] Internet-Draft ANCP MIB July 2009 "Definitions of Managed Objects for the General Switch Management Protocol (GSMP)", RFC 3295, June 2002. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [RFC4363] Levi, D. and D. Harrington, "Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual LAN Extensions", RFC 4363, January 2006. [RFC4502] Waldbusser, S., "Remote Network Monitoring Management Information Base Version 2", RFC 4502, May 2006. 11.2. Informative References [ANCPFW] Ooghe, S., Voigt, N., Platnic, M., Haag, T., and S. Wadhwa, "Framework and Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks", draft-ietf-ancp-framework-11.txt, work in progress, July 2009. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. Authors' Addresses Stefaan De Cnodder Alcatel-Lucent Copernicuslaan 50 B-2018 Antwerp Belgium Phone: +32 3 240 85 15 Email: stefaan.de_cnodder@alcatel-lucent.com De Cnodder & Morgenstern Expires January 31, 2010 [Page 35] Internet-Draft ANCP MIB July 2009 Moti Morgenstern ECI Telecom Ltd. 30 Hasivim St. Petach Tikva 49517 Israel Phone: +972 3 926 6258 Fax: +972 3 928 7342 Email: moti.Morgenstern@ecitele.com De Cnodder & Morgenstern Expires January 31, 2010 [Page 36]