Internet Engineering Task Force (IETF)                          E. Beili
Request for Comments: 7124                              Actelis Networks
Updates: 5066                                              February 2014
Category: Standards Track
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                          E. Beili
Request for Comments: 7124                              Actelis Networks
Updates: 5066                                              February 2014
Category: Standards Track
ISSN: 2070-1721
        

Ethernet in the First Mile Copper (EFMCu) Interfaces MIB

第一英里铜缆(EFMCu)接口MIB中的以太网

Abstract

摘要

This document updates RFC 5066. It amends that specification by informing the Internet community about the transition of the EFM-CU-MIB module from the concluded IETF Ethernet Interfaces and Hub MIB Working Group to the Institute of Electrical and Electronics Engineers (IEEE) 802.3 working group.

本文档更新了RFC 5066。它通过向互联网社区通知EFM-CU-MIB模块从已结束的IETF以太网接口和集线器MIB工作组过渡到电气和电子工程师协会(IEEE)802.3工作组,对该规范进行了修改。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7124.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7124.

Copyright Notice

版权公告

Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  The Internet-Standard Management Framework  . . . . . . . . .   3
   3.  Mapping between EFM-CU-MIB and IEEE8023-EFM-CU-MIB  . . . . .   3
   4.  Updating the MIB Modules  . . . . . . . . . . . . . . . . . .   3
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   6.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   5
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   5
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  The Internet-Standard Management Framework  . . . . . . . . .   3
   3.  Mapping between EFM-CU-MIB and IEEE8023-EFM-CU-MIB  . . . . .   3
   4.  Updating the MIB Modules  . . . . . . . . . . . . . . . . . .   3
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   6.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   5
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   5
        
1. Introduction
1. 介绍

RFC 5066 [RFC5066] defines two MIB modules:

RFC 5066[RFC5066]定义了两个MIB模块:

EFM-CU-MIB, with a set of objects for managing 10PASS-TS and 2BASE-TL Ethernet in the First Mile Copper (EFMCu) interfaces;

EFM-CU-MIB,具有一组用于在第一英里铜缆(EFMCu)接口中管理10PASS-TS和2BASE-TL以太网的对象;

IF-CAP-STACK-MIB, with a set of objects describing cross-connect capability of a managed device with multi-layer (stacked) interfaces, extending the stack management objects in the Interfaces Group MIB and the Inverted Stack Table MIB modules.

IF-CAP-STACK-MIB,具有一组描述具有多层(堆叠)接口的受管设备的交叉连接能力的对象,扩展接口组MIB和反向堆栈表MIB模块中的堆栈管理对象。

With the conclusion of the [HUBMIB] working group, the responsibility for the maintenance and further development of a MIB module for managing 2BASE-TL and 10PASS-TS interfaces has been transferred to the Institute of Electrical and Electronics Engineers (IEEE) 802.3 [IEEE802.3] working group. In 2011, the IEEE developed the IEEE8023-EFM-CU-MIB module, based on the original EFM-CU-MIB module [RFC5066]. The current revision of IEEE8023-EFM-CU-MIB is defined in IEEE Std 802.3.1-2013 [IEEE802.3.1].

[HUBMIB]工作组结束后,用于管理2BASE-TL和10PASS-TS接口的MIB模块的维护和进一步开发责任已移交给电气和电子工程师协会(IEEE)802.3[IEEE802.3]工作组。2011年,IEEE在原EFM-CU-MIB模块[RFC5066]的基础上开发了IEEE8023-EFM-CU-MIB模块。IEEE8023-EFM-CU-MIB的当前版本在IEEE标准802.3.1-2013[IEEE802.3.1]中定义。

The IEEE8023-EFM-CU-MIB and EFM-CU-MIB MIB modules can coexist. Existing deployments of the EFM-CU-MIB need not be upgraded, but operators using the MIB should expect that new equipment will use the IEEE8023-EFM-CU-MIB.

IEEE8023-EFM-CU-MIB和EFM-CU-MIB MIB模块可以共存。EFM-CU-MIB的现有部署无需升级,但使用MIB的运营商应预计新设备将使用IEEE8023-EFM-CU-MIB。

Please note that the IF-CAP-STACK-MIB module was not transferred to IEEE and remains as defined in RFC 5066. This memo provides an updated security considerations section for that module, since the original RFC did not list any security considerations for IF-CAP-STACK-MIB.

请注意,IF-CAP-STACK-MIB模块未传输至IEEE,并保持RFC 5066中的定义。由于原始RFC没有列出IF-CAP-STACK-MIB的任何安全注意事项,本备忘录为该模块提供了更新的安全注意事项部分。

2. The Internet-Standard Management Framework
2. 因特网标准管理框架

For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].

有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”应按照RFC 2119[RFC2119]中的说明进行解释。

3. Mapping between EFM-CU-MIB and IEEE8023-EFM-CU-MIB
3. EFM-CU-MIB和IEEE8023-EFM-CU-MIB之间的映射

The current version of IEEE8023-EFM-CU-MIB, defined in IEEE Std 802.3.1-2013, has MODULE-IDENTITY of ieee8023efmCuMIB with an object identifier allocated under the { iso(1) iso-identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) lan-man-stds(802) ieee802dot3(3) ieee802dot3dot1mibs(1) } sub-tree.

IEEE标准802.3.1-2013中定义的IEEE8023-EFM-CU-MIB的当前版本具有ieee8023efmCuMIB的模块标识,其对象标识符分配在{iso(1)iso标识组织(3)IEEE(111)标准协会编号的系列标准(2)lan man Std(802)ieee802dot3(3)ieee802dot3dot1mibs(1)}子树下。

The EFM-CU-MIB has MODULE-IDENTITY of efmCuMIB with an object identifier allocated under the mib-2 sub-tree.

EFM-CU-MIB具有efmCuMIB的模块标识,并在MIB-2子树下分配了一个对象标识符。

The names of the objects in the first version of the IEEE8023-EFM-CU-MIB are identical to those in the EFM-CU-MIB. However, since both MIB modules have different OID values, they can coexist, allowing the management of the newer IEEE MIB-based devices alongside the legacy IETF MIB-based devices.

IEEE8023-EFM-CU-MIB第一版中的对象名称与EFM-CU-MIB中的对象名称相同。但是,由于两个MIB模块具有不同的OID值,因此它们可以共存,从而允许管理基于IEEE MIB的较新设备以及基于传统IETF MIB的设备。

4. Updating the MIB Modules
4. 更新MIB模块

With the transfer of the responsibility for maintenance and further development of the EFM-CU-MIB module to the IEEE 802.3 working group, the EFM-CU-MIB defined in RFC 5066 becomes the last version of that MIB module.

随着EFM-CU-MIB模块的维护和进一步开发责任移交给IEEE 802.3工作组,RFC 5066中定义的EFM-CU-MIB成为该MIB模块的最后版本。

All further development of the EFM Copper Interfaces MIB will be done by the IEEE 802.3 working group in the IEEE8023-EFM-CU-MIB module. Requests and comments pertaining to EFM Copper Interfaces MIB should be sent to the IEEE 802.3.1 task force, currently chartered with MIB development, via its mailing list [LIST802.3.1].

EFM铜接口MIB的所有进一步开发将由IEEE8023-EFM-CU-MIB模块中的IEEE 802.3工作组完成。与EFM铜接口MIB有关的请求和意见应通过其邮件列表[LIST802.3.1]发送给IEEE 802.3.1工作组,该工作组目前由MIB开发部特许。

The IF-CAP-STACK-MIB remains under IETF control and is currently maintained by the [OPSAWG] working group.

IF-CAP-STACK-MIB仍受IETF控制,目前由[OPSAWG]工作组维护。

5. Security Considerations
5. 安全考虑

There are no managed objects defined in the IF-CAP-STACK-MIB module with a MAX-ACCESS clause of read-write and/or read-create. So, if this MIB module is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB module via direct SNMP SET operations.

IF-CAP-STACK-MIB模块中未定义具有读写和/或读创建MAX-ACCESS子句的托管对象。因此,如果此MIB模块实现正确,则入侵者不会通过直接的SNMP集操作更改或创建此MIB模块的任何管理对象。

Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments.

在某些网络环境中,此MIB模块中的某些可读对象(即具有MAX-ACCESS而非not ACCESS的对象)可能被视为敏感或易受攻击。

In particular, ifCapStackStatus and ifInvCapStackStatus can identify cross-connect capability of multi-layer (stacked) network interfaces, potentially revealing the underlying hardware architecture of the managed device.

特别是,ifCapStackStatus和ifInvCapStackStatus可以识别多层(堆叠)网络接口的交叉连接能力,潜在地揭示受管设备的底层硬件架构。

It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP.

因此,在通过SNMP通过网络发送这些对象时,控制甚至获取和/或通知对这些对象的访问,甚至可能加密这些对象的值,这一点非常重要。

SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.

SNMPv3之前的SNMP版本未包含足够的安全性。即使网络本身是安全的(例如通过使用IPsec),也无法控制安全网络上的谁可以访问和获取/设置(读取/更改/创建/删除)此MIB模块中的对象。

   Implementations SHOULD provide the security features described by the
   SNMPv3 framework (see [RFC3410]), and implementations claiming
   compliance to the SNMPv3 standard MUST include full support for
   authentication and privacy via the User-based Security Model (USM)
   [RFC3414] with the AES cipher algorithm [RFC3826].  Implementations
   MAY also provide support for the Transport Security Model (TSM)
   [RFC5591] in combination with a secure transport such as SSH
   [RFC5592] or TLS/DTLS [RFC6353].
        
   Implementations SHOULD provide the security features described by the
   SNMPv3 framework (see [RFC3410]), and implementations claiming
   compliance to the SNMPv3 standard MUST include full support for
   authentication and privacy via the User-based Security Model (USM)
   [RFC3414] with the AES cipher algorithm [RFC3826].  Implementations
   MAY also provide support for the Transport Security Model (TSM)
   [RFC5591] in combination with a secure transport such as SSH
   [RFC5592] or TLS/DTLS [RFC6353].
        

Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.

此外,不建议部署SNMPv3之前的SNMP版本。相反,建议部署SNMPv3并启用加密安全性。然后,客户/运营商应负责确保授予访问此MIB模块实例权限的SNMP实体已正确配置为仅授予那些拥有确实获取或设置(更改/创建/删除)对象的合法权限的主体(用户)访问对象。

6. Acknowledgments
6. 致谢

This document was produced by the OPSAWG working group, whose efforts were advanced by the contributions of the following people (in alphabetical order):

本文件由OPSAWG工作组编制,以下人员(按字母顺序)的贡献推动了该工作组的工作:

Dan Romascanu

丹·罗马斯卡努

David Harrington

大卫·哈林顿

Michael MacFaden

麦克法登

Tom Petch

汤姆佩奇

This document updates RFC 5066, authored by Edward Beili of Actelis Networks, and produced by the now-concluded HUBMIB working group.

本文件更新了RFC 5066,该文件由Actelis Networks的Edward Beili编写,并由现已结束的HUBMIB工作组制作。

7. References
7. 工具书类
7.1. Normative References
7.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.

[RFC3414]Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)版本3的基于用户的安全模型(USM)”,STD 62,RFC 3414,2002年12月。

[RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model", RFC 3826, June 2004.

[RFC3826]Blumenthal,U.,Maino,F.,和K.McCloghrie,“基于SNMP用户的安全模型中的高级加密标准(AES)密码算法”,RFC 3826,2004年6月。

[RFC5066] Beili, E., "Ethernet in the First Mile Copper (EFMCu) Interfaces MIB", RFC 5066, November 2007.

[RFC5066]Beili,E.“第一英里铜缆(EFMCu)接口MIB中的以太网”,RFC 5066,2007年11月。

7.2. Informative References
7.2. 资料性引用

[HUBMIB] IETF, "Ethernet Interfaces and Hub MIB (hubmib) Charter", <http://datatracker.ietf.org/wg/hubmib/charter/>.

[HUBMIB]IETF,“以太网接口和集线器MIB(HUBMIB)章程”<http://datatracker.ietf.org/wg/hubmib/charter/>.

[IEEE802.3.1] IEEE, "IEEE Standard for Management Information Base (MIB) Definitions for Ethernet", IEEE Std 802.3.1-2013, June 2013, <http://standards.ieee.org/getieee802/download/ 802.3.1-2013.pdf>.

[IEEE802.3.1]IEEE,“以太网管理信息库(MIB)定义的IEEE标准”,IEEE标准802.3.1-2013,2013年6月<http://standards.ieee.org/getieee802/download/ 802.3.1-2013.pdf>。

[IEEE802.3] IEEE, "802.3 Ethernet Working Group", <http://www.ieee802.org/3>.

[IEEE802.3]IEEE,“802.3以太网工作组”<http://www.ieee802.org/3>.

[LIST802.3.1] IEEE, "802.3 MIB Email Reflector", <http://www.ieee802.org/3/be/reflector.html>.

[LIST802.3.1]IEEE,“802.3 MIB电子邮件反射器”<http://www.ieee802.org/3/be/reflector.html>.

[OPSAWG] IETF, "Operations and Management Area Working Group (opsawg) Charter", <http://datatracker.ietf.org/wg/opsawg/charter/>.

[OPSAWG]IETF,“运营和管理区域工作组(OPSAWG)章程”<http://datatracker.ietf.org/wg/opsawg/charter/>.

[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002.

[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 34102002年12月。

[RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", RFC 5591, June 2009.

[RFC5591]Harrington,D.和W.Hardaker,“简单网络管理协议(SNMP)的传输安全模型”,RFC 55912009年6月。

[RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", RFC 5592, June 2009.

[RFC5592]Harrington,D.,Salowey,J.,和W.Hardaker,“简单网络管理协议(SNMP)的安全外壳传输模型”,RFC 55922009年6月。

[RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", RFC 6353, July 2011.

[RFC6353]Hardaker,W.“简单网络管理协议(SNMP)的传输层安全(TLS)传输模型”,RFC 63532011年7月。

Author's Address

作者地址

Edward Beili Actelis Networks Bazel 25 Petach-Tikva 49103 Israel

Edward Beili Actelis Networks Bazel 25 Petach Tikva 49103以色列

   Phone: +972-73-237-6852
   EMail: edward.beili@actelis.com
        
   Phone: +972-73-237-6852
   EMail: edward.beili@actelis.com