Internet Engineering Task Force (IETF) Z. Zhang
Request for Comments: 8502 Juniper Networks, Inc.
Category: Standards Track H. Tsunoda
ISSN: 2070-1721 Tohoku Institute of Technology
December 2018
Internet Engineering Task Force (IETF) Z. Zhang
Request for Comments: 8502 Juniper Networks, Inc.
Category: Standards Track H. Tsunoda
ISSN: 2070-1721 Tohoku Institute of Technology
December 2018
L2L3 VPN Multicast MIB
L2L3 VPN多播MIB
Abstract
摘要
This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes two MIB modules that will be used by other MIB modules for monitoring and/or configuring Layer 2 and Layer 3 Virtual Private Networks that support multicast.
此备忘录定义了管理信息库(MIB)的一部分,用于Internet社区中的网络管理协议。特别是,它描述了两个MIB模块,其他MIB模块将使用它们来监视和/或配置支持多播的第2层和第3层虚拟专用网络。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8502.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8502.
Copyright Notice
版权公告
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2018 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Internet-Standard Management Framework . . . . . . . . . 4
3. Summary of MIB Modules . . . . . . . . . . . . . . . . . . . 4
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. L2L3-VPN-MULTICAST-TC-MIB Object Definitions . . . . . . 4
4.2. L2L3-VPN-MULTICAST-MIB Object Definitions . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 15
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
7.1. Normative References . . . . . . . . . . . . . . . . . . 17
7.2. Informative References . . . . . . . . . . . . . . . . . 19
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Internet-Standard Management Framework . . . . . . . . . 4
3. Summary of MIB Modules . . . . . . . . . . . . . . . . . . . 4
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. L2L3-VPN-MULTICAST-TC-MIB Object Definitions . . . . . . 4
4.2. L2L3-VPN-MULTICAST-MIB Object Definitions . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 15
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
7.1. Normative References . . . . . . . . . . . . . . . . . . 17
7.2. Informative References . . . . . . . . . . . . . . . . . 19
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
In BGP/MPLS Virtual Private Networks (VPNs), the Border Gateway Protocol (BGP) is used for distributing routes and Multiprotocol Label Switching (MPLS) is used for forwarding packets across service provider networks.
在BGP/MPLS虚拟专用网络(VPN)中,边界网关协议(BGP)用于分发路由,多协议标签交换(MPLS)用于跨服务提供商网络转发数据包。
The procedures for supporting multicast in a BGP/MPLS Layer 3 (L3) VPN are specified in [RFC6513]. The procedures for supporting multicast in a BGP/MPLS Layer 2 (L2) VPN are specified in [RFC7117]. Throughout this document, we will use the term "L2L3VpnMCast network" to mean a BGP/MPLS L2 and L3 VPN that supports multicast.
[RFC6513]中规定了在BGP/MPLS第3层(L3)VPN中支持多播的过程。[RFC7117]中规定了在BGP/MPLS第2层(L2)VPN中支持多播的过程。在本文档中,我们将使用术语“L2L3VpnMCast网络”来表示支持多播的BGP/MPLS L2和L3 VPN。
L2L3VpnMCast networks use various transport mechanisms for forwarding a packet to all or a subset of Provider Edge (PE) routers across service provider networks. These transport mechanisms are abstracted as provider tunnels (P-tunnels). The type of P-tunnel indicates the type of tunneling technology used to establish the P-tunnel. The syntax and semantics of a Tunnel Identifier are determined by the corresponding P-tunnel type [RFC6514]. The P-tunnel type and P-tunnel identifier together identify a P-tunnel.
L2L3VpnMCast网络使用各种传输机制跨服务提供商网络将数据包转发给所有或部分提供商边缘(PE)路由器。这些传输机制被抽象为提供者隧道(P隧道)。P隧道类型表示用于建立P隧道的隧道技术类型。隧道标识符的语法和语义由相应的P隧道类型[RFC6514]确定。P通道类型和P通道标识符一起标识P通道。
A BGP attribute that specifies information of a P-tunnel is called a Provider Multicast Service Interface (PMSI) Tunnel attribute. The PMSI Tunnel attribute is advertised/received by PEs in BGP auto-discovery (A-D) routes. [RFC6514] defines the format of a PMSI Tunnel attribute. The P-tunnel type and the P-tunnel identifier are included in the corresponding PMSI Tunnel attribute.
指定P隧道信息的BGP属性称为提供者多播服务接口(PMSI)隧道属性。PEs在BGP自动发现(A-D)路由中公布/接收PMSI隧道属性。[RFC6514]定义PMSI隧道属性的格式。P隧道类型和P隧道标识符包含在相应的PMSI隧道属性中。
This document describes textual conventions (TCs) and common managed objects (MOs) that will be used by other Management Information Base (MIB) modules for monitoring and/or configuring L2L3VpnMCast networks.
本文档描述了其他管理信息库(MIB)模块将用于监控和/或配置L2L3VpnMCast网络的文本约定(TC)和公共管理对象(MOs)。
This document defines two TCs to represent
本文档定义了两个要表示的TC
(a) the type of a P-tunnel and (b) the identifier of a P-tunnel
(a) P隧道的类型和(b)P隧道的标识符
The document also defines MOs that will provide the information contained in a PMSI Tunnel attribute and corresponding P-tunnel.
本文档还定义了MOs,该MOs将提供包含在PMSI隧道属性和相应P隧道中的信息。
This document adopts the definitions, acronyms, and mechanisms described in [RFC6513] [RFC6514] [RFC7117] and other documents that they refer to. Familiarity with multicast, MPLS, Layer 3 VPN, and Multicast VPN concepts and/or mechanisms is assumed. Some terms specifically related to this document are explained below.
本文件采用[RFC6513][RFC6514][RFC7117]和其他参考文件中描述的定义、首字母缩略词和机制。假设熟悉多播、MPLS、第3层VPN和多播VPN概念和/或机制。下文解释了与本文件具体相关的一些术语。
PMSI [RFC6513] is a conceptual interface instantiated by a P-tunnel, which is a transport mechanism used to deliver multicast traffic. A PE uses it to send customer multicast traffic to all or some PEs in the same VPN.
PMSI[RFC6513]是一个由P隧道实例化的概念接口,P隧道是一种用于传递多播流量的传输机制。PE使用它向同一VPN中的所有或某些PE发送客户多播流量。
There are two kinds of PMSIs: Inclusive PMSI (I-PMSI) and Selective PMSI (S-PMSI) [RFC6513]. An I-PMSI is a PMSI that enables a PE attached to a particular Multicast VPN to transmit a message to all PEs in the same VPN. An S-PMSI is a PMSI that enables a PE attached to a particular Multicast VPN to transmit a message to some of the PEs in the same VPN.
有两种PMSI:包容性PMSI(I-PMSI)和选择性PMSI(S-PMSI)[RFC6513]。I-PMSI是一种PMSI,它使连接到特定多播VPN的PE能够向同一VPN中的所有PE发送消息。S-PMSI是一种PMSI,它使连接到特定多播VPN的PE能够向同一VPN中的某些PE发送消息。
Throughout this document, we will use the term "PMSI" to refer to both "I-PMSI" and "S-PMSI".
在本文件中,我们将使用术语“PMSI”来指代“I-PMSI”和“S-PMSI”。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410].
有关描述当前互联网标准管理框架的文件的详细概述,请参阅RFC 3410[RFC3410]第7节。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580].
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB对象通常通过简单网络管理协议(SNMP)进行访问。MIB中的对象是使用管理信息结构(SMI)中定义的机制定义的。本备忘录规定了符合SMIv2的MIB模块,如STD 58、RFC 2578[RFC2578]、STD 58、RFC 2579[RFC2579]和STD 58、RFC 2580[RFC2580]所述。
This document defines two MIB modules: L2L3-VPN-MULTICAST-TC-MIB and L2L3-VPN-MULTICAST-MIB.
本文档定义了两个MIB模块:L2L3-VPN-MULTICAST-TC-MIB和L2L3-VPN-MULTICAST-MIB。
o L2L3-VPN-MULTICAST-TC-MIB contains two textual conventions: L2L3VpnMcastProviderTunnelType and L2L3VpnMcastProviderTunnelId. L2L3VpnMcastProviderTunnelType provides an enumeration of the P-tunnel types. L2L3VpnMcastProviderTunnelId represents an identifier of a P-tunnel.
o L2L3-VPN-MULTICAST-TC-MIB包含两个文本约定:L2L3VpnMcastProviderTunnelType和L2L3VpnMcastProviderTunnelId。L2L3VpnMcastProviderTunnelType提供P通道类型的枚举。L2L3VpnMcastProviderTunnelId表示P通道的标识符。
o L2L3-VPN-MULTICAST-MIB defines the following table: l2L3VpnMcastPmsiTunnelAttributeTable. An entry in this table corresponds to the attribute information of a specific P-tunnel on a PE router. Entries in this table will be used by other MIB modules for monitoring and/or configuring an L2L3VpnMCast network. The table index uniquely identifies a P-tunnel. It is composed of a type and identifier of a P-tunnel. The table may also be used in conjunction with other MIBs, such as the MPLS Traffic Engineering MIB (MPLS-TE-STD-MIB) [RFC3812], to obtain further information about a P-tunnel. It may also be used in conjunction with the Interfaces Group MIB (IF-MIB) [RFC2863] to obtain further information about the interface corresponding to a P-tunnel.
o L2L3-VPN-MULTICAST-MIB定义下表:l2L3VpnMcastPmsiTunnelAttributeTable。此表中的条目对应于PE路由器上特定P通道的属性信息。此表中的条目将被其他MIB模块用于监控和/或配置L2L3VpnMCast网络。表索引唯一标识P通道。它由P通道的类型和标识符组成。该表还可以与其他MIB(例如MPLS流量工程MIB(MPLS-TE-STD-MIB)[RFC3812]一起使用,以获得关于P隧道的进一步信息。它还可以与接口组MIB(IF-MIB)[RFC2863]结合使用,以获得关于对应于P隧道的接口的进一步信息。
This MIB module makes reference to the following documents: [RFC4875], [RFC5015], [RFC6388], [RFC7524], and [RFC7761].
此MIB模块参考以下文档:[RFC4875]、[RFC5015]、[RFC6388]、[RFC7524]和[RFC7761]。
L2L3-VPN-MULTICAST-TC-MIB DEFINITIONS ::= BEGIN
L2L3-VPN-MULTICAST-TC-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, mib-2 FROM SNMPv2-SMI -- RFC 2578
从SNMPv2 SMI——RFC 2578导入模块标识mib-2
TEXTUAL-CONVENTION FROM SNMPv2-TC; -- RFC 2579
SNMPv2 TC的文本约定;——RFC2579
l2L3VpnMcastTCMIB MODULE-IDENTITY LAST-UPDATED "201812140000Z" -- 14 December 2018 ORGANIZATION "IETF BESS Working Group" CONTACT-INFO "Zhaohui Zhang Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886 United States of America Email: zzhang@juniper.net
l2L3VpnMcastTCMIB模块标识最后一次更新“201812140000Z”--2018年12月14日组织“IETF BESS工作组”联系方式“赵辉Zhang Juniper Networks,Inc.美国马萨诸塞州韦斯特福德科技园大道10号电子邮件:zzhang@juniper.net
Hiroshi Tsunoda Tohoku Institute of Technology 35-1, Yagiyama Kasumi-cho Taihaku-ku, Sendai, 982-8577 Japan Email: tsuno@m.ieice.org"
Hiroshi Tsunoda东北工业大学35-1,Yagiyama Kasumi cho Taihaku,仙台,982-8577日本电子邮件:tsuno@m.ieice.org"
DESCRIPTION "This MIB module specifies textual conventions for Border Gateway Protocol/Multiprotocol Label Switching Layer 2 and Layer 3 Virtual Private Networks that support multicast (L2L3VpnMCast networks).
DESCRIPTION“此MIB模块指定支持多播的边界网关协议/多协议标签交换第2层和第3层虚拟专用网络(L2L3VpnMCast网络)的文本约定。
Copyright (c) 2018 IETF Trust and the persons identified as authors of the code. All rights reserved.
版权所有(c)2018 IETF信托基金和被确定为代码作者的人员。版权所有。
Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). "
根据IETF信托有关IETF文件的法律规定第4.c节规定的简化BSD许可证中包含的许可条款,允许以源代码和二进制格式重新分发和使用,无论是否修改(http://trustee.ietf.org/license-info). "
-- Revision History
--修订历史
REVISION "201812140000Z" -- 14 December 2018 DESCRIPTION "Initial version, published as RFC 8502."
修订版“201812140000Z”-2018年12月14日描述“初始版本,发布为RFC 8502。”
::= { mib-2 244 }
::= { mib-2 244 }
-- Textual Convention
--文本约定
L2L3VpnMcastProviderTunnelType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates values
representing the type of a provider tunnel (P-tunnel)
used for L2L3VpnMCast networks.
These labeled numbers are aligned with the definition
of Tunnel Types in Section 5 of RFC 6514 and
Section 14.1 of RFC 7524.
L2L3VpnMcastProviderTunnelType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention enumerates values
representing the type of a provider tunnel (P-tunnel)
used for L2L3VpnMCast networks.
These labeled numbers are aligned with the definition
of Tunnel Types in Section 5 of RFC 6514 and
Section 14.1 of RFC 7524.
The enumerated values and the corresponding P-tunnel types are as follows:
枚举值和相应的P隧道类型如下所示:
noTunnelInfo (0) : No tunnel information RFC 6514 rsvpP2mp (1) : RSVP-TE P2MP LSP RFC 4875 ldpP2mp (2) : mLDP P2MP LSP RFC 6388 pimSsm (3) : PIM-SSM Tree RFC 7761 pimAsm (4) : PIM-SM Tree RFC 7761 pimBidir (5) : BIDIR-PIM Tree RFC 5015 ingressReplication (6) : Ingress Replication RFC 6513 ldpMp2mp (7) : mLDP MP2MP LSP RFC 6388 transportTunnel (8) : Transport Tunnel RFC 7524
NOTUNELINFO(0):无隧道信息RFC 6514 rsvpP2mp(1):RSVP-TE P2MP LSP RFC 4875 ldpP2mp(2):mLDP P2MP LSP RFC 6388 pimSsm(3):PIM-SSM树RFC 7761 pimAsm(4):PIM-SM树RFC 7761 pimBidir(5):BIDIR-PIM树RFC 5015入口复制(6):入口复制RFC 6513 LDMP2MP(7):mLDP MP2MP LSP RFC 6388传输隧道(8):运输隧道RFC 7524
These numbers are registered at IANA. A current list of assignments can be found at <https://www.iana.org/assignments/bgp-parameters/>. " REFERENCE "RFC 4875 RFC 5015 RFC 6388 RFC 6513 RFC 6514, Section 5 RFC 7524, Section 14.1 RFC 7761 "
这些号码在IANA注册。当前分配列表可在以下位置找到:<https://www.iana.org/assignments/bgp-parameters/>. 参考“RFC 4875 RFC 5015 RFC 6388 RFC 6513 RFC 6514第5节RFC 7524第14.1节RFC 7761”
SYNTAX INTEGER
{
noTunnelInfo (0),
rsvpP2mp (1),
ldpP2mp (2),
pimSsm (3),
pimAsm (4),
pimBidir (5),
ingressReplication (6),
ldpMp2mp (7),
transportTunnel (8)
}
SYNTAX INTEGER
{
noTunnelInfo (0),
rsvpP2mp (1),
ldpP2mp (2),
pimSsm (3),
pimAsm (4),
pimBidir (5),
ingressReplication (6),
ldpMp2mp (7),
transportTunnel (8)
}
L2L3VpnMcastProviderTunnelId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention represents the Tunnel Identifier
of a P-tunnel.
L2L3VpnMcastProviderTunnelId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention represents the Tunnel Identifier
of a P-tunnel.
The size of the identifier depends on the address family (IPv4 or IPv6) and the value of the corresponding L2L3VpnMcastProviderTunnelType object.
标识符的大小取决于地址系列(IPv4或IPv6)和相应L2L3VpnMcastProviderTunnelType对象的值。
The corresponding L2L3VpnMcastProviderTunnelType object represents the type of tunneling technology used to establish the P-tunnel.
相应的L2L3VpnMcastProviderTunnelType对象表示用于建立P隧道的隧道技术类型。
The size of the identifier for each tunneling technology is summarized below.
每种隧道技术的标识符大小总结如下。
L2L3VpnMcastProviderTunnelType Size (in octets)
(tunneling technology) IPv4 IPv6
-----------------------------------------------------------
noTunnelInfo (No tunnel information) 0 0
rsvpP2mp (RSVP-TE P2MP LSP) 12 24
ldpP2mp (mLDP P2MP LSP) 17 29
pimSsm (PIM-SSM Tree) 8 32
pimAsm (PIM-SM Tree) 8 32
pimBidir (BIDIR-PIM Tree) 8 32
ingressReplication (Ingress Replication) 4 16
ldpMp2mp (mLDP MP2MP LSP) 17 29
transportTunnel (Transport Tunnel) 8 32
L2L3VpnMcastProviderTunnelType Size (in octets)
(tunneling technology) IPv4 IPv6
-----------------------------------------------------------
noTunnelInfo (No tunnel information) 0 0
rsvpP2mp (RSVP-TE P2MP LSP) 12 24
ldpP2mp (mLDP P2MP LSP) 17 29
pimSsm (PIM-SSM Tree) 8 32
pimAsm (PIM-SM Tree) 8 32
pimBidir (BIDIR-PIM Tree) 8 32
ingressReplication (Ingress Replication) 4 16
ldpMp2mp (mLDP MP2MP LSP) 17 29
transportTunnel (Transport Tunnel) 8 32
The Tunnel Type is set to 'No tunnel information' when the PMSI Tunnel attribute carries no tunnel information (there is no Tunnel Identifier). The value of the corresponding L2L3VpnMcastProviderTunnelId object will be a string of length zero.
当PMSI隧道属性不包含隧道信息(没有隧道标识符)时,隧道类型设置为“无隧道信息”。相应的L2L3VpnMcastProviderTunnelId对象的值将是长度为零的字符串。
For Tunnel Type rsvpP2mp(1), the corresponding Tunnel Identifier is composed of an Extended Tunnel ID (4 octets in IPv4, 16 octets in IPv6), 2 unused (Reserved) octets that of value zero, a Tunnel ID (2 octets), and a Point-to-Multipoint (P2MP) ID (4 octets). The size of the corresponding L2L3VpnMcastProviderTunnelId object will be 12 octets in IPv4 and 24 octets in IPv6.
对于隧道类型rsvpP2mp(1),相应的隧道标识符由扩展隧道ID(IPv4中为4个八位字节,IPv6中为16个八位字节)、2个值为零的未使用(保留)八位字节、一个隧道ID(2个八位字节)和一个点对多点(P2MP)ID(4个八位字节)组成。相应的L2L3VpnMcastProviderTunnelId对象的大小在IPv4中为12个八位字节,在IPv6中为24个八位字节。
For Tunnel Type ldpP2mp(2), the corresponding Tunnel Identifier is the P2MP Forwarding Equivalence Class (FEC) Element (RFC 6388). The size of the corresponding L2L3VpnMcastProviderTunnelId object will be 17 octets in IPv4 and 29 octets in IPv6.
对于隧道类型ldpP2mp(2),相应的隧道标识符是P2MP转发等价类(FEC)元素(RFC 6388)。相应的L2L3VpnMcastProviderTunnelId对象的大小在IPv4中为17个八位字节,在IPv6中为29个八位字节。
For Tunnel Types pimSsm(3), PimAsm(4), and PimBidir(5), the corresponding Tunnel Identifier is composed of the source IP address and the group IP address. The size of the corresponding L2L3VpnMcastProviderTunnelId object will be 8 octets in IPv4 and 32 octets in IPv6.
对于隧道类型pimSsm(3)、PimAsm(4)和PimBidir(5),相应的隧道标识符由源IP地址和组IP地址组成。相应的L2L3VpnMcastProviderTunnelId对象的大小在IPv4中为8个八位字节,在IPv6中为32个八位字节。
For Tunnel Type ingressReplication(6), the Tunnel Identifier is the unicast tunnel endpoint IP address of the local PE. The size of the corresponding L2L3VpnMcastProviderTunnelId object will be 4 octets in IPv4 and 16 octets in IPv6.
对于隧道类型入口复制(6),隧道标识符是本地PE的单播隧道端点IP地址。相应的L2L3VpnMcastProviderTunnelId对象的大小在IPv4中为4个八位字节,在IPv6中为16个八位字节。
For Tunnel Type ldpMp2mp(7), the Tunnel Identifier is a Multipoint-to-Multipoint (MP2MP) FEC Element (RFC 6388). The size of the corresponding L2L3VpnMcastProviderTunnelId object will be 17 octets in IPv4 and 29 octets in IPv6.
对于隧道类型ldpMp2mp(7),隧道标识符是多点对多点(MP2MP)FEC元素(RFC 6388)。相应的L2L3VpnMcastProviderTunnelId对象的大小在IPv4中为17个八位字节,在IPv6中为29个八位字节。
For Tunnel Type transportTunnel(8), the Tunnel Identifier is a tuple of Source PE Address and Local Number, which is a number that is unique to the Source PE (RFC 7524). Both Source PE Address and Local Number are 4 octets in IPv4 and 16 octets in IPv6. The size of the corresponding L2L3VpnMcastProviderTunnelId object will be 8 octets in IPv4 and 32 octets in IPv6. " REFERENCE "RFC 6514, Section 5 RFC 4875, Section 19.1 RFC 6388, Sections 2.2 and 3.2 RFC 7524, Section 14.1 " SYNTAX OCTET STRING ( SIZE (0|4|8|12|16|17|24|29|32) )
对于隧道类型transportTunnel(8),隧道标识符是源PE地址和本地号码的元组,本地号码是源PE唯一的号码(RFC 7524)。源PE地址和本地号码在IPv4中为4个八位字节,在IPv6中为16个八位字节。相应的L2L3VpnMcastProviderTunnelId对象的大小在IPv4中为8个八位字节,在IPv6中为32个八位字节。“参考”RFC 6514,第5节RFC 4875,第19.1节RFC 6388,第2.2节和第3.2节RFC 7524,第14.1节“语法八位字符串(大小(0 | 4 | 8 | 12 | 16 | 17 | 24 | 29 | 32))
END
终止
This MIB module makes reference to the following documents: [RFC3811].
此MIB模块参考以下文档:[RFC3811]。
L2L3-VPN-MULTICAST-MIB DEFINITIONS ::= BEGIN
L2L3-VPN-MULTICAST-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, mib-2, zeroDotZero FROM SNMPv2-SMI -- RFC 2578
从SNMPv2 SMI--RFC 2578导入模块标识、对象类型、mib-2、zeroDotZero
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- RFC 2580
SNMPv2 CONF中的模块遵从性、对象组——RFC 2580
RowPointer FROM SNMPv2-TC -- RFC 2579
来自SNMPv2 TC的行指针--RFC 2579
MplsLabel FROM MPLS-TC-STD-MIB -- RFC 3811
来自MPLS-TC-STD-MIB的MplsLabel——RFC 3811
L2L3VpnMcastProviderTunnelType, L2L3VpnMcastProviderTunnelId FROM L2L3-VPN-MULTICAST-TC-MIB; -- RFC 8502
L2L3VpnMcastProviderTunnelType,L2L3-VPN-MULTICAST-TC-MIB中的L2L3VpnMcastProviderTunnelId;--RFC 8502
l2L3VpnMcastMIB MODULE-IDENTITY LAST-UPDATED "201812140000Z" -- 14 December 2018 ORGANIZATION "IETF BESS Working Group" CONTACT-INFO "Zhaohui Zhang Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886 United States of America Email: zzhang@juniper.net
l2L3VpnMcastMIB模块标识最后一次更新“201812140000Z”-2018年12月14日组织“IETF BESS工作组”联系方式“赵辉Zhang Juniper Networks,Inc.美国马萨诸塞州韦斯特福德科技园大道10号电子邮件:zzhang@juniper.net
Hiroshi Tsunoda Tohoku Institute of Technology 35-1, Yagiyama Kasumi-cho Taihaku-ku, Sendai, 982-8577 Japan Email: tsuno@m.ieice.org"
Hiroshi Tsunoda东北工业大学35-1,Yagiyama Kasumi cho Taihaku,仙台,982-8577日本电子邮件:tsuno@m.ieice.org"
DESCRIPTION "This MIB module defines a table representing the attribute information of the provider tunnels (P-tunnels) on a PE router. This MIB module will be used by other MIB modules designed for monitoring and/or configuring Border Gateway Protocol/Multiprotocol Label Switching
DESCRIPTION“此MIB模块定义了一个表,表示PE路由器上提供程序隧道(P隧道)的属性信息。此MIB模块将由其他MIB模块使用,这些模块用于监控和/或配置边界网关协议/多协议标签交换
Layer 2 and Layer 3 Virtual Private Network that support multicast (L2L3VpnMCast network).
支持多播的第2层和第3层虚拟专用网络(L2L3VpnMCast网络)。
Copyright (c) 2018 IETF Trust and the persons identified as authors of the code. All rights reserved.
版权所有(c)2018 IETF信托基金和被确定为代码作者的人员。版权所有。
Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). "
根据IETF信托有关IETF文件的法律规定第4.c节规定的简化BSD许可证中包含的许可条款,允许以源代码和二进制格式重新分发和使用,无论是否修改(http://trustee.ietf.org/license-info). "
-- Revision History
--修订历史
REVISION "201812140000Z" -- 14 December 2018 DESCRIPTION "Initial version, published as RFC 8502."
修订版“201812140000Z”-2018年12月14日描述“初始版本,发布为RFC 8502。”
::= { mib-2 245 }
::= { mib-2 245 }
-- Top-level components of this MIB.
l2L3VpnMcastStates OBJECT IDENTIFIER
::= { l2L3VpnMcastMIB 1 }
-- Top-level components of this MIB.
l2L3VpnMcastStates OBJECT IDENTIFIER
::= { l2L3VpnMcastMIB 1 }
l2L3VpnMcastConformance OBJECT IDENTIFIER
::= { l2L3VpnMcastMIB 2 }
l2L3VpnMcastConformance OBJECT IDENTIFIER
::= { l2L3VpnMcastMIB 2 }
-- Tables, Scalars, Conformance Information
-- Table of PMSI Tunnel Attributes
-- Tables, Scalars, Conformance Information
-- Table of PMSI Tunnel Attributes
l2L3VpnMcastPmsiTunnelAttributeTable OBJECT-TYPE SYNTAX SEQUENCE OF L2L3VpnMcastPmsiTunnelAttributeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in this table corresponds to the attribute information of a specific P-tunnel on a PE router. A part of the attributes corresponds to fields in a Provider Multicast Service Interface (PMSI) Tunnel attribute advertised and received by a PE router. The entries will be referred to by other MIB modules for monitoring and/or configuring L2L3VpnMCast networks. "
L2L3VpnMcastPmsiTunnelAttributeEntry的L2L3VpnMcastPmsiTunnelAttributeEntry MAX-ACCESS的L2L3VPNMCASTPMSITUNNELATTRIBUTENTERTY对象类型语法序列不可访问状态当前描述“此表中的条目对应于PE路由器上特定P通道的属性信息。属性的一部分对应于由PE路由器播发和接收的提供商多播服务接口(PMSI)隧道属性中的字段。其他MIB模块将参考这些条目来监控和/或配置L2L3VpnMCast网络。"
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastStates 1 }
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastStates 1 }
l2L3VpnMcastPmsiTunnelAttributeEntry OBJECT-TYPE
SYNTAX L2L3VpnMcastPmsiTunnelAttributeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row corresponding to a specific
P-tunnel on this router.
"
REFERENCE
"RFC 6514, Section 5"
INDEX {
l2L3VpnMcastPmsiTunnelAttributeType,
l2L3VpnMcastPmsiTunnelAttributeId
}
::= { l2L3VpnMcastPmsiTunnelAttributeTable 1 }
l2L3VpnMcastPmsiTunnelAttributeEntry OBJECT-TYPE
SYNTAX L2L3VpnMcastPmsiTunnelAttributeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A conceptual row corresponding to a specific
P-tunnel on this router.
"
REFERENCE
"RFC 6514, Section 5"
INDEX {
l2L3VpnMcastPmsiTunnelAttributeType,
l2L3VpnMcastPmsiTunnelAttributeId
}
::= { l2L3VpnMcastPmsiTunnelAttributeTable 1 }
L2L3VpnMcastPmsiTunnelAttributeEntry ::=
SEQUENCE {
l2L3VpnMcastPmsiTunnelAttributeType
L2L3VpnMcastProviderTunnelType,
l2L3VpnMcastPmsiTunnelAttributeId
L2L3VpnMcastProviderTunnelId,
l2L3VpnMCastPmsiTunnelLeafInfoRequired
INTEGER,
l2L3VpnMcastPmsiTunnelAttributeMplsLabel
MplsLabel,
l2L3VpnMcastPmsiTunnelPointer
RowPointer,
l2L3VpnMcastPmsiTunnelIf
RowPointer
}
L2L3VpnMcastPmsiTunnelAttributeEntry ::=
SEQUENCE {
l2L3VpnMcastPmsiTunnelAttributeType
L2L3VpnMcastProviderTunnelType,
l2L3VpnMcastPmsiTunnelAttributeId
L2L3VpnMcastProviderTunnelId,
l2L3VpnMCastPmsiTunnelLeafInfoRequired
INTEGER,
l2L3VpnMcastPmsiTunnelAttributeMplsLabel
MplsLabel,
l2L3VpnMcastPmsiTunnelPointer
RowPointer,
l2L3VpnMcastPmsiTunnelIf
RowPointer
}
l2L3VpnMcastPmsiTunnelAttributeType OBJECT-TYPE SYNTAX L2L3VpnMcastProviderTunnelType MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object indicates the type of tunneling technology used to establish the P-tunnel corresponding to this entry.
l2L3VpnMcastPmsiTunnelAttributeType对象类型语法L2L3VpnMcastProviderTunnelType MAX-ACCESS不可访问状态当前描述“此对象表示用于建立与此条目对应的P隧道的隧道技术类型。
When BGP-based PMSI signaling is used, the value of this object corresponds to the Tunnel Type field in the PMSI Tunnel attribute advertised/received in a PMSI auto-discovery (A-D) route.
当使用基于BGP的PMSI信令时,此对象的值对应于PMSI自动发现(a-D)路由中公布/接收的PMSI隧道属性中的隧道类型字段。
"
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 1 }
"
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 1 }
l2L3VpnMcastPmsiTunnelAttributeId OBJECT-TYPE SYNTAX L2L3VpnMcastProviderTunnelId MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the Tunnel Identifier field, which uniquely identifies a P-tunnel, in the PMSI Tunnel attribute of the P-tunnel corresponding to this entry.
l2L3VpnMcastPmsiTunnelAttributeId对象类型语法L2L3VpnMcastProviderTunnelId MAX-ACCESS not ACCESS STATUS current DESCRIPTION“此对象表示隧道标识符字段,该字段在与此条目对应的P隧道的PMSI隧道属性中唯一标识P隧道。
The size of the identifier depends on the address family
(IPv4 or IPv6) and the value of the corresponding
l2L3VpnMcastPmsiTunnelAttributeType object, i.e., the type of
tunneling technology used to establish the P-tunnel.
"
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 2 }
The size of the identifier depends on the address family
(IPv4 or IPv6) and the value of the corresponding
l2L3VpnMcastPmsiTunnelAttributeType object, i.e., the type of
tunneling technology used to establish the P-tunnel.
"
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 2 }
l2L3VpnMCastPmsiTunnelLeafInfoRequired OBJECT-TYPE
SYNTAX INTEGER {
false (0),
true (1),
notAvailable (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When the value of this object is set to 1 (true),
it indicates that the PE that originated the
PMSI Tunnel attribute of the P-tunnel corresponding
to this entry requests receivers to originate
a new Leaf A-D route.
l2L3VpnMCastPmsiTunnelLeafInfoRequired OBJECT-TYPE
SYNTAX INTEGER {
false (0),
true (1),
notAvailable (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"When the value of this object is set to 1 (true),
it indicates that the PE that originated the
PMSI Tunnel attribute of the P-tunnel corresponding
to this entry requests receivers to originate
a new Leaf A-D route.
A value of zero (false) indicates that there is no such request.
值为零(false)表示没有此类请求。
When the P-tunnel does not have a corresponding PMSI Tunnel attribute, the value of this object will be 2 (notAvailable).
当P通道没有相应的PMSI通道属性时,此对象的值将为2(notAvailable)。
In the case of multicast in MPLS/BGP IP VPNs,
this object represents the 'Leaf Information Required flag'
(RFC 6514) in the Flags field in the PMSI Tunnel attribute
of the P-tunnel corresponding to this entry.
"
REFERENCE
"RFC 6514, Section 5
"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 3 }
In the case of multicast in MPLS/BGP IP VPNs,
this object represents the 'Leaf Information Required flag'
(RFC 6514) in the Flags field in the PMSI Tunnel attribute
of the P-tunnel corresponding to this entry.
"
REFERENCE
"RFC 6514, Section 5
"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 3 }
l2L3VpnMcastPmsiTunnelAttributeMplsLabel OBJECT-TYPE SYNTAX MplsLabel MAX-ACCESS read-only STATUS current DESCRIPTION "This object represents the MPLS Label in the PMSI Tunnel attribute of the P-tunnel corresponding to this entry.
L2L3VPNMCASTPMSITUNNELATTRIBUTEMPSLABEL对象类型语法MplsLabel MAX-ACCESS只读状态当前描述“此对象表示与此条目对应的P隧道的PMSI隧道属性中的MPLS标签。
When BGP-based PMSI signaling is used, the PMSI Tunnel attribute of the P-tunnel will be advertised/received in a PMSI A-D route. The value of this object corresponds to the MPLS Label in the attribute.
当使用基于BGP的PMSI信令时,P隧道的PMSI隧道属性将在PMSI a-D路由中通告/接收。此对象的值对应于属性中的MPLS标签。
When the P-tunnel does not have a PMSI tunnel
attribute, the value of this object will be zero.
"
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 4 }
When the P-tunnel does not have a PMSI tunnel
attribute, the value of this object will be zero.
"
REFERENCE
"RFC 6514, Section 5"
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 4 }
l2L3VpnMcastPmsiTunnelPointer OBJECT-TYPE SYNTAX RowPointer MAX-ACCESS read-only STATUS current DESCRIPTION "Details of a P-tunnel identified by l2L3VpnMcastPmsiTunnelAttributeId may be present in some other table, e.g., mplsTunnelTable (RFC 3812). This object specifies the pointer to the row that pertains to the entry in the table.
l2L3VpnMcastPmsiTunnelPointer对象类型语法RowPointer MAX-ACCESS只读状态当前描述“由l2L3VpnMcastPmsiTunnelAttributeId标识的P通道的详细信息可能存在于其他一些表中,例如mplsTunnelTable(RFC 3812)。此对象指定指向与表中的条目相关的行的指针。
If no such entry exists, the value of this object will be zeroDotZero. " REFERENCE "RFC 3812, Sections 6.1 and 11" DEFVAL { zeroDotZero }
如果不存在此类条目,则此对象的值将为zeroDotZero。“参考”RFC 3812,第6.1节和第11节“定义{zeroDotZero}”
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 5 }
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 5 }
l2L3VpnMcastPmsiTunnelIf OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the P-tunnel identified by
l2L3VpnMcastPmsiTunnelAttributeId has a corresponding
entry in ifXTable (RFC 2863), this object will
point to the row in ifXTable that pertains to the entry.
Otherwise, the value of this object will be zeroDotZero.
"
REFERENCE
"RFC 2863, Section 6"
DEFVAL { zeroDotZero }
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 6 }
l2L3VpnMcastPmsiTunnelIf OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the P-tunnel identified by
l2L3VpnMcastPmsiTunnelAttributeId has a corresponding
entry in ifXTable (RFC 2863), this object will
point to the row in ifXTable that pertains to the entry.
Otherwise, the value of this object will be zeroDotZero.
"
REFERENCE
"RFC 2863, Section 6"
DEFVAL { zeroDotZero }
::= { l2L3VpnMcastPmsiTunnelAttributeEntry 6 }
-- Conformance Information
--一致性信息
l2L3VpnMcastCompliances OBJECT IDENTIFIER
::= { l2L3VpnMcastConformance 1 }
l2L3VpnMcastGroups OBJECT IDENTIFIER
::= { l2L3VpnMcastConformance 2 }
l2L3VpnMcastCompliances OBJECT IDENTIFIER
::= { l2L3VpnMcastConformance 1 }
l2L3VpnMcastGroups OBJECT IDENTIFIER
::= { l2L3VpnMcastConformance 2 }
-- Compliance Statements
--合规声明
l2L3VpnMcastCoreCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The core compliance statement for SNMP entities that implement the L2L3-VPN-MULTICAST-MIB module. " MODULE -- this module
l2L3VpnMcastCoreCompliance MODULE-COMPLIANCE STATUS当前描述“实现L2L3-VPN-MULTICAST-MIB模块的SNMP实体的核心符合性声明”。模块—此模块
MANDATORY-GROUPS {
l2L3VpnMcastCoreGroup
}
::= { l2L3VpnMcastCompliances 1 }
MANDATORY-GROUPS {
l2L3VpnMcastCoreGroup
}
::= { l2L3VpnMcastCompliances 1 }
l2L3VpnMcastFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The full compliance statement for SNMP entities that implement the L2L3-VPN-MULTICAST-MIB module. " MODULE -- this module
l2L3VpnMcastFullCompliance MODULE-COMPLIANCE STATUS当前描述“实现L2L3-VPN-MULTICAST-MIB模块的SNMP实体的完整符合性声明”。模块—此模块
MANDATORY-GROUPS {
l2L3VpnMcastCoreGroup,
l2L3VpnMcastOptionalGroup
}
::= { l2L3VpnMcastCompliances 2 }
MANDATORY-GROUPS {
l2L3VpnMcastCoreGroup,
l2L3VpnMcastOptionalGroup
}
::= { l2L3VpnMcastCompliances 2 }
-- Units of Conformance
--一致性单位
l2L3VpnMcastCoreGroup OBJECT-GROUP
OBJECTS {
l2L3VpnMCastPmsiTunnelLeafInfoRequired,
l2L3VpnMcastPmsiTunnelAttributeMplsLabel
}
STATUS current
DESCRIPTION
"Support of these objects is required.
"
::= { l2L3VpnMcastGroups 1 }
l2L3VpnMcastCoreGroup OBJECT-GROUP
OBJECTS {
l2L3VpnMCastPmsiTunnelLeafInfoRequired,
l2L3VpnMcastPmsiTunnelAttributeMplsLabel
}
STATUS current
DESCRIPTION
"Support of these objects is required.
"
::= { l2L3VpnMcastGroups 1 }
l2L3VpnMcastOptionalGroup OBJECT-GROUP
OBJECTS {
l2L3VpnMcastPmsiTunnelPointer,
l2L3VpnMcastPmsiTunnelIf
}
STATUS current
DESCRIPTION
"Support of these objects is optional.
"
::= { l2L3VpnMcastGroups 2 }
l2L3VpnMcastOptionalGroup OBJECT-GROUP
OBJECTS {
l2L3VpnMcastPmsiTunnelPointer,
l2L3VpnMcastPmsiTunnelIf
}
STATUS current
DESCRIPTION
"Support of these objects is optional.
"
::= { l2L3VpnMcastGroups 2 }
END
终止
There are no management objects defined in these MIB modules that have a MAX-ACCESS clause of read-write and/or read-create. So, if this MIB module is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB module via direct SNMP SET operations.
这些MIB模块中没有定义具有读写和/或读创建MAX-ACCESS子句的管理对象。因此,如果此MIB模块实现正确,则入侵者不会通过直接的SNMP集操作更改或创建此MIB模块的任何管理对象。
Some of the objects in these MIB modules may be considered sensitive or vulnerable in some network environments. This includes INDEX objects with a MAX-ACCESS of not-accessible, and any indices from other modules exposed via AUGMENTS. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:
在某些网络环境中,这些MIB模块中的某些对象可能被视为敏感或易受攻击。这包括MAX-ACCESS为not-accessible的索引对象,以及通过增强公开的其他模块的任何索引。因此,在通过SNMP通过网络发送这些对象时,控制甚至获取和/或通知对这些对象的访问,甚至可能加密这些对象的值,这一点非常重要。以下是表和对象及其敏感度/漏洞:
o the l2L3VpnMcastPmsiTunnelAttributeTable collectively shows the P-tunnel network topology and its performance characteristics. For instance, l2L3VpnMcastPmsiTunnelAttributeId in this table will contain the identifier that uniquely identifies a P-tunnel. This identifier may be composed of source and multicast group IP addresses. l2L3VpnMcastPmsiTunnelPointer and l2L3VpnMcastPmsiTunnelIf will point to the corresponding entries in other tables containing configuration and/or performance information of a P-tunnel and its interface. If an Administrator does not want to reveal this information, then these objects should be considered sensitive/vulnerable.
o l2L3VpnMcastPmsiTunnelAttributeTable集中显示了P隧道网络拓扑及其性能特征。例如,此表中的l2L3VpnMcastPmsiTunnelAttributeId将包含唯一标识P隧道的标识符。该标识符可以由源和多播组IP地址组成。L2L3VPNMCASTPMSITUNELLPOINTER和L2L3VPNMCASTPMSITUNELIF将指向包含P隧道及其接口的配置和/或性能信息的其他表中的相应条目。如果管理员不想透露此信息,则应将这些对象视为敏感/易受攻击。
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module.
SNMPv3之前的SNMP版本未包含足够的安全性。即使网络本身是安全的(例如通过使用IPsec),也无法控制安全网络上的谁可以访问和获取/设置(读取/更改/创建/删除)此MIB模块中的对象。
Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM)
[RFC5591] in combination with a secure transport such as SSH
[RFC5592] or TLS/DTLS [RFC6353].
Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM)
[RFC5591] in combination with a secure transport such as SSH
[RFC5592] or TLS/DTLS [RFC6353].
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
此外,不建议部署SNMPv3之前的SNMP版本。相反,建议部署SNMPv3并启用加密安全性。然后,客户/运营商应负责确保授予访问此MIB模块实例权限的SNMP实体已正确配置为仅授予那些拥有确实获取或设置(更改/创建/删除)对象的合法权限的主体(用户)访问对象。
The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the "SMI Network Management MGMT Codes Internet-standard MIB" registry:
本文档中的MIB模块使用“SMI网络管理代码Internet标准MIB”注册表中记录的以下IANA分配的对象标识符值:
Name Description OBJECT-IDENTIFIER value
----------------- -------------------------- ----------------------
l2L3VpnMcastTCMIB L2L3-VPN-MULTICAST-TC-MIB { mib-2 244 }
l2L3VpnMcastMIB L2L3-VPN-MULTICAST-MIB { mib-2 245 }
Name Description OBJECT-IDENTIFIER value
----------------- -------------------------- ----------------------
l2L3VpnMcastTCMIB L2L3-VPN-MULTICAST-TC-MIB { mib-2 244 }
l2L3VpnMcastMIB L2L3-VPN-MULTICAST-MIB { mib-2 245 }
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, DOI 10.17487/RFC2578, April 1999, <https://www.rfc-editor.org/info/rfc2578>.
[RFC2578]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,DOI 10.17487/RFC2578,1999年4月<https://www.rfc-editor.org/info/rfc2578>.
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, <https://www.rfc-editor.org/info/rfc2579>.
[RFC2579]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“SMIv2的文本约定”,STD 58,RFC 2579,DOI 10.17487/RFC2579,1999年4月<https://www.rfc-editor.org/info/rfc2579>.
[RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Conformance Statements for SMIv2", STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, <https://www.rfc-editor.org/info/rfc2580>.
[RFC2580]McCloghrie,K.,Ed.,Perkins,D.,Ed.,和J.Schoenwaeld,Ed.“SMIv2的一致性声明”,STD 58,RFC 2580,DOI 10.17487/RFC2580,1999年4月<https://www.rfc-editor.org/info/rfc2580>.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, <https://www.rfc-editor.org/info/rfc2863>.
[RFC2863]McCloghrie,K.和F.Kastenholz,“接口组MIB”,RFC 2863,DOI 10.17487/RFC2863,2000年6月<https://www.rfc-editor.org/info/rfc2863>.
[RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", STD 62, RFC 3414, DOI 10.17487/RFC3414, December 2002, <https://www.rfc-editor.org/info/rfc3414>.
[RFC3414]Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)版本3的基于用户的安全模型(USM)”,STD 62,RFC 3414,DOI 10.17487/RFC3414,2002年12月<https://www.rfc-editor.org/info/rfc3414>.
[RFC3811] Nadeau, T., Ed. and J. Cucchiara, Ed., "Definitions of Textual Conventions (TCs) for Multiprotocol Label Switching (MPLS) Management", RFC 3811, DOI 10.17487/RFC3811, June 2004, <https://www.rfc-editor.org/info/rfc3811>.
[RFC3811]Nadeau,T.,Ed.和J.Cucchiara,Ed.,“多协议标签交换(MPLS)管理的文本约定(TC)定义”,RFC 3811,DOI 10.17487/RFC3811,2004年6月<https://www.rfc-editor.org/info/rfc3811>.
[RFC3812] Srinivasan, C., Viswanathan, A., and T. Nadeau, "Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB)", RFC 3812, DOI 10.17487/RFC3812, June 2004, <https://www.rfc-editor.org/info/rfc3812>.
[RFC3812]Srinivasan,C.,Viswanathan,A.,和T.Nadeau,“多协议标签交换(MPLS)流量工程(TE)管理信息库(MIB)”,RFC 3812,DOI 10.17487/RFC3812,2004年6月<https://www.rfc-editor.org/info/rfc3812>.
[RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The Advanced Encryption Standard (AES) Cipher Algorithm in the SNMP User-based Security Model", RFC 3826, DOI 10.17487/RFC3826, June 2004, <https://www.rfc-editor.org/info/rfc3826>.
[RFC3826]Blumenthal,U.,Maino,F.,和K.McCloghrie,“基于SNMP用户的安全模型中的高级加密标准(AES)密码算法”,RFC 3826,DOI 10.17487/RFC3826,2004年6月<https://www.rfc-editor.org/info/rfc3826>.
[RFC4875] Aggarwal, R., Ed., Papadimitriou, D., Ed., and S. Yasukawa, Ed., "Extensions to Resource Reservation Protocol - Traffic Engineering (RSVP-TE) for Point-to-Multipoint TE Label Switched Paths (LSPs)", RFC 4875, DOI 10.17487/RFC4875, May 2007, <https://www.rfc-editor.org/info/rfc4875>.
[RFC4875]Aggarwal,R.,Ed.,Papadimitriou,D.,Ed.,和S.Yasukawa,Ed.,“资源预留协议的扩展-点对多点TE标签交换路径(LSP)的流量工程(RSVP-TE)”,RFC 4875,DOI 10.17487/RFC4875,2007年5月<https://www.rfc-editor.org/info/rfc4875>.
[RFC5015] Handley, M., Kouvelas, I., Speakman, T., and L. Vicisano, "Bidirectional Protocol Independent Multicast (BIDIR-PIM)", RFC 5015, DOI 10.17487/RFC5015, October 2007, <https://www.rfc-editor.org/info/rfc5015>.
[RFC5015]Handley,M.,Kouvelas,I.,Speakman,T.,和L.Vicisano,“双向协议独立多播(BIDIR-PIM)”,RFC 5015,DOI 10.17487/RFC5015,2007年10月<https://www.rfc-editor.org/info/rfc5015>.
[RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model for the Simple Network Management Protocol (SNMP)", STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, <https://www.rfc-editor.org/info/rfc5591>.
[RFC5591]Harrington,D.和W.Hardaker,“简单网络管理协议(SNMP)的传输安全模型”,STD 78,RFC 5591,DOI 10.17487/RFC55912009年6月<https://www.rfc-editor.org/info/rfc5591>.
[RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure Shell Transport Model for the Simple Network Management Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 2009, <https://www.rfc-editor.org/info/rfc5592>.
[RFC5592]Harrington,D.,Salowey,J.,和W.Hardaker,“简单网络管理协议(SNMP)的安全外壳传输模型”,RFC 5592,DOI 10.17487/RFC5592,2009年6月<https://www.rfc-editor.org/info/rfc5592>.
[RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)", STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, <https://www.rfc-editor.org/info/rfc6353>.
[RFC6353]Hardaker,W.“简单网络管理协议(SNMP)的传输层安全(TLS)传输模型”,STD 78,RFC 6353,DOI 10.17487/RFC6353,2011年7月<https://www.rfc-editor.org/info/rfc6353>.
[RFC6388] Wijnands, IJ., Ed., Minei, I., Ed., Kompella, K., and B. Thomas, "Label Distribution Protocol Extensions for Point- to-Multipoint and Multipoint-to-Multipoint Label Switched Paths", RFC 6388, DOI 10.17487/RFC6388, November 2011, <https://www.rfc-editor.org/info/rfc6388>.
[RFC6388]Wijnands,IJ.,Ed.,Minei,I.,Ed.,Kompella,K.和B.Thomas,“点对多点和多点对多点标签交换路径的标签分发协议扩展”,RFC 6388,DOI 10.17487/RFC6388,2011年11月<https://www.rfc-editor.org/info/rfc6388>.
[RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 2012, <https://www.rfc-editor.org/info/rfc6513>.
[RFC6513]Rosen,E.,Ed.和R.Aggarwal,Ed.,“MPLS/BGP IP VPN中的多播”,RFC 6513,DOI 10.17487/RFC6513,2012年2月<https://www.rfc-editor.org/info/rfc6513>.
[RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP Encodings and Procedures for Multicast in MPLS/BGP IP VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, <https://www.rfc-editor.org/info/rfc6514>.
[RFC6514]Aggarwal,R.,Rosen,E.,Morin,T.,和Y.Rekhter,“MPLS/BGP IP VPN中的BGP编码和多播过程”,RFC 6514,DOI 10.17487/RFC6514,2012年2月<https://www.rfc-editor.org/info/rfc6514>.
[RFC7117] Aggarwal, R., Ed., Kamite, Y., Fang, L., Rekhter, Y., and C. Kodeboniya, "Multicast in Virtual Private LAN Service (VPLS)", RFC 7117, DOI 10.17487/RFC7117, February 2014, <https://www.rfc-editor.org/info/rfc7117>.
[RFC7117]Aggarwal,R.,Ed.,Kamite,Y.,Fang,L.,Rekhter,Y.,和C.Kodeboniya,“虚拟专用局域网服务(VPLS)中的多播”,RFC 7117,DOI 10.17487/RFC71172014年2月<https://www.rfc-editor.org/info/rfc7117>.
[RFC7524] Rekhter, Y., Rosen, E., Aggarwal, R., Morin, T., Grosclaude, I., Leymann, N., and S. Saad, "Inter-Area Point-to-Multipoint (P2MP) Segmented Label Switched Paths (LSPs)", RFC 7524, DOI 10.17487/RFC7524, May 2015, <https://www.rfc-editor.org/info/rfc7524>.
[RFC7524]Rekhter,Y.,Rosen,E.,Aggarwal,R.,Morin,T.,Grosclaude,I.,Leymann,N.,和S.Saad,“区域间点对多点(P2MP)分段标签交换路径(LSP)”,RFC 7524,DOI 10.17487/RFC7524,2015年5月<https://www.rfc-editor.org/info/rfc7524>.
[RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 2016, <https://www.rfc-editor.org/info/rfc7761>.
[RFC7761]Fenner,B.,Handley,M.,Holbrook,H.,Kouvelas,I.,Parekh,R.,Zhang,Z.,和L.Zheng,“协议独立多播-稀疏模式(PIM-SM):协议规范(修订版)”,STD 83,RFC 7761,DOI 10.17487/RFC7761,2016年3月<https://www.rfc-editor.org/info/rfc7761>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, DOI 10.17487/RFC3410, December 2002, <https://www.rfc-editor.org/info/rfc3410>.
[RFC3410]Case,J.,Mundy,R.,Partain,D.,和B.Stewart,“互联网标准管理框架的介绍和适用性声明”,RFC 3410,DOI 10.17487/RFC3410,2002年12月<https://www.rfc-editor.org/info/rfc3410>.
Acknowledgements
致谢
Glenn Mansfield Keeni did the MIB Doctor review and provided valuable comments.
格伦·曼斯菲尔德·基尼对MIB医生进行了评估,并提供了宝贵的意见。
Authors' Addresses
作者地址
Zhaohui (Jeffrey) Zhang Juniper Networks, Inc. 10 Technology Park Drive Westford, MA 01886 United States of America
美国马萨诸塞州韦斯特福德科技园大道10号赵晖(杰弗里)张纯柏网络有限公司01886
Email: zzhang@juniper.net
Email: zzhang@juniper.net
Hiroshi Tsunoda Tohoku Institute of Technology 35-1, Yagiyama Kasumi-cho Taihaku-ku, Sendai 982-8577 Japan
日本仙台太谷Yagiyama Kasumi cho东北工业大学35-1 Hiroshi Tsunoda日本仙台982-8577
Phone: +81-22-305-3411
Email: tsuno@m.ieice.org
Phone: +81-22-305-3411
Email: tsuno@m.ieice.org