Internet Engineering Task Force J. Schoenwaelder Internet-Draft A. Sehgal Intended status: Standards Track Jacobs University Expires: April 21, 2013 T. Tsou Huawei Technologies (USA) C. Zhou Huawei Technologies October 18, 2012 Definition of Managed Objects for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) draft-schoenw-6lowpan-mib-01 Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it defines objects for managing IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 21, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect Schoenwaelder, et al. Expires April 21, 2013 [Page 1] Internet-Draft LOWPAN-MIB October 2012 to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Internet-Standard Management Framework . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5. Relationship to Other MIB Modules . . . . . . . . . . . . . . 4 6. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 10.1. Normative References . . . . . . . . . . . . . . . . . . 11 10.2. Informative References . . . . . . . . . . . . . . . . . 12 Appendix A. JSON Representation . . . . . . . . . . . . . . . . . 12 Schoenwaelder, et al. Expires April 21, 2013 [Page 2] Internet-Draft LOWPAN-MIB October 2012 1. Introduction This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) [RFC4944]. 2. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 [RFC2580]. 3. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 4. Overview The MIB module is organized into groups of scalars and tables. Schoenwaelder, et al. Expires April 21, 2013 [Page 3] Internet-Draft LOWPAN-MIB October 2012 # LOWPAN-MIB registration tree (generated by smidump 0.4.8) --lowpanMIB(1.3.6.1.2.1.XXXX) +--lowpanNotifications(0) +--lowpanObjects(1) | +--lowpanGeneral(1) | | +-- rwn Unsigned32 lowpanReasmTimeout(1) | +--lowpanStats(2) | +-- r-n Counter32 lowpanStatsInReceives(1) | +-- r-n Counter32 lowpanStatsInHdrErrors(2) | +-- r-n Counter32 lowpanStatsReasmReqds(3) | +-- r-n Counter32 lowpanStatsReasmOKs(4) | +-- r-n Counter32 lowpanStatsReasmFails(5) | +-- r-n Counter32 lowpanStatsInDiscards(6) | +-- r-n Counter32 lowpanStatsInDelivers(7) | +-- r-n Counter32 lowpanStatsOutRequests(8) | +-- r-n Counter32 lowpanStatsOutDiscards(9) | +-- r-n Counter32 lowpanStatsOutFragReqds(10) | +-- r-n Counter32 lowpanStatsOutFragOKs(11) | +-- r-n Counter32 lowpanStatsOutFragFails(12) | +-- r-n Counter32 lowpanStatsOutFragCreates(13) | +-- r-n Counter32 lowpanStatsOutTransmits(14) +--lowpanConformance(2) +--lowpanGroups(1) | +--lowpanGeneralGroup(1) | +--lowpanStatsGroup(2) +--lowpanCompliances(2) +--lowpanFullCompliance(1) +--lowpanReadOnlyCompliance(2) 5. Relationship to Other MIB Modules The MIB module IMPORTS definitions from SNMPv2-SMI [RFC2578] and SNMPv2-CONF [RFC2580]. 6. Definitions LOWPAN-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32, mib-2 FROM SNMPv2-SMI -- RFC 2578 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF; -- RFC 2580 lowpanMIB MODULE-IDENTITY LAST-UPDATED "201210180000Z" ORGANIZATION Schoenwaelder, et al. Expires April 21, 2013 [Page 4] Internet-Draft LOWPAN-MIB October 2012 "Jacobs University Bremen" CONTACT-INFO "Juergen Schoenwaelder Jacobs University Bremen Email: j.schoenwaelder@jacobs-university.de Anuj Sehgal Jacobs University Bremen Email: s.anuj@jacobs-university.de Tina Tsou Huawei Technologies Email: tina.tsou.zouting@huawei.com Cathy Zhou Huawei Technologies Email: cathyzhou@huawei.com" DESCRIPTION "The MIB module for monitoring nodes implementing the IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) protocol. Copyright (c) 2012 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info)." REVISION "201210180000Z" DESCRIPTION "Initial version, published as RFC XXXX." -- RFC Ed.: replace XXXX with actual RFC number & remove this note ::= { mib-2 XXXX } -- object definitions lowpanNotifications OBJECT IDENTIFIER ::= { lowpanMIB 0 } lowpanObjects OBJECT IDENTIFIER ::= { lowpanMIB 1 } lowpanConformance OBJECT IDENTIFIER ::= { lowpanMIB 2 } lowpanGeneral OBJECT IDENTIFIER ::= { lowpanObjects 1 } lowpanStats OBJECT IDENTIFIER ::= { lowpanObjects 2 } Schoenwaelder, et al. Expires April 21, 2013 [Page 5] Internet-Draft LOWPAN-MIB October 2012 lowpanReasmTimeout OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The maximum number of seconds that received fragments are held while they are awaiting reassembly at this entity." ::= { lowpanGeneral 1 } lowpanStatsInReceives OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of datagrams received, including those received in error." ::= { lowpanStats 1 } lowpanStatsInHdrErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received datagrams discarded due to errors in their headers, including unknown dispatch values, errors discovered during any decompression attempts, etc." ::= { lowpanStats 2 } lowpanStatsReasmReqds OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received datagrams that needed to be reassembled." ::= { lowpanStats 3 } lowpanStatsReasmOKs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received datagrams successfully reassembled." ::= { lowpanStats 4 } lowpanStatsReasmFails OBJECT-TYPE SYNTAX Counter32 Schoenwaelder, et al. Expires April 21, 2013 [Page 6] Internet-Draft LOWPAN-MIB October 2012 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of failures detected by the re-assembly algorithm (e.g., timeouts)." ::= { lowpanStats 5 } lowpanStatsInDiscards OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of received datagrams for which no problems were encountered to prevent their continued processing, but were discarded (e.g., for lack of buffer space). Note that this counter does not include any datagrams discarded while awaiting re-assembly." ::= { lowpanStats 6 } lowpanStatsInDelivers OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of datagrams successfully delivered to the IPv6 layer." ::= { lowpanStats 7 } lowpanStatsOutRequests OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of datagrams supplied by the IPv6 layer." ::= { lowpanStats 8 } lowpanStatsOutDiscards OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of datagrams for which no problem was encountered to prevent their transmission to their destination, but were discarded (e.g., for lack of buffer space).." ::= { lowpanStats 9 } lowpanStatsOutFragReqds OBJECT-TYPE Schoenwaelder, et al. Expires April 21, 2013 [Page 7] Internet-Draft LOWPAN-MIB October 2012 SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of datagrams that would require fragmentation in order to be transmitted." ::= { lowpanStats 10 } lowpanStatsOutFragOKs OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IP datagrams that have been successfully fragmented." ::= { lowpanStats 11 } lowpanStatsOutFragFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of IP datagrams that have been discarded because they needed to be fragmented but could not be." ::= { lowpanStats 12 } lowpanStatsOutFragCreates OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of datagram fragments that have been generated as a result of fragmentation." ::= { lowpanStats 13 } lowpanStatsOutTransmits OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of datagram fragments that this entity supplied to the lower layers for transmission." ::= { lowpanStats 14 } -- conformance definitions lowpanGroups OBJECT IDENTIFIER ::= { lowpanConformance 1 } lowpanCompliances OBJECT IDENTIFIER ::= { lowpanConformance 2 } Schoenwaelder, et al. Expires April 21, 2013 [Page 8] Internet-Draft LOWPAN-MIB October 2012 lowpanFullCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance statement for implementations supporting read/write access, according to the object definitions." MODULE -- this module MANDATORY-GROUPS { lowpanGeneralGroup, lowpanStatsGroup } ::= { lowpanCompliances 1 } lowpanReadOnlyCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "Compliance statement for implementations supporting only readonly access." MODULE -- this module MANDATORY-GROUPS { lowpanGeneralGroup, lowpanStatsGroup } OBJECT lowpanReasmTimeout MIN-ACCESS read-only DESCRIPTION "Write access is not required." ::= { lowpanCompliances 2 } lowpanGeneralGroup OBJECT-GROUP OBJECTS { lowpanReasmTimeout } STATUS current DESCRIPTION "A collection of objects providing general information about the 6LoWPAN implementation." ::= { lowpanGroups 1 } lowpanStatsGroup OBJECT-GROUP OBJECTS { lowpanStatsInReceives, lowpanStatsInHdrErrors, lowpanStatsReasmReqds, lowpanStatsReasmOKs, lowpanStatsReasmFails, lowpanStatsInDiscards, Schoenwaelder, et al. Expires April 21, 2013 [Page 9] Internet-Draft LOWPAN-MIB October 2012 lowpanStatsInDelivers, lowpanStatsOutRequests, lowpanStatsOutDiscards, lowpanStatsOutFragReqds, lowpanStatsOutFragOKs, lowpanStatsOutFragFails, lowpanStatsOutFragCreates, lowpanStatsOutTransmits } STATUS current DESCRIPTION "A collection of objects providing statistics about the 6LoWPAN implementation." ::= { lowpanGroups 2 } END 7. Security Considerations There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: o lowpanReasmTimeout: This object controls how long received fragments are kept in memory awaiting reassembly. An attacker might set this object to a very small value in order to prevent successful reassembly of fragmented IPv6 packets. An attacker might as well set this object to a very large value in order to reserve memory for a long time as part of a denial of service attack. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: The read-only counters provide insights into the amount of 6LoWPAN traffic a node is receiving or transmitting. This might provide information whether a device is regularly exchanging information with other devices or whether a device is mostly not participating in any communication (e.g., the device might be "easier" to take away Schoenwaelder, et al. Expires April 21, 2013 [Page 10] Internet-Draft LOWPAN-MIB October 2012 unnoticed). The reassembly counters could be used to direct denial of service attacks on the reassembly mechanism. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. 8. IANA Considerations IANA is requested to assign a value for "XXXX" under the 'mib-2' subtree and to record the assignment in the SMI Numbers registry. When the assignment has been made, the RFC Editor is asked to replace "XXXX" (here and in the MIB module) with the assigned value and to remove this note. 9. Acknowledgements This specification borrows heavily from the IP-MIB defined in [RFC4293]. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Schoenwaelder, et al. Expires April 21, 2013 [Page 11] Internet-Draft LOWPAN-MIB October 2012 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, "Transmission of IPv6 Packets over IEEE 802.15.4 Networks", RFC 4944, September 2007. 10.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC4293] Routhier, S., "Management Information Base for the Internet Protocol (IP)", RFC 4293, April 2006. [RFC6643] Schoenwaelder, J., "Translation of Structure of Management Information Version 2 (SMIv2) MIB Modules to YANG Modules", RFC 6643, July 2012. [I-D.lhotka-netmod-yang-json] Lhotka, L., "Modeling JSON Text with YANG", draft-lhotka-netmod-yang-json-00 (work in progress), October 2012. Appendix A. JSON Representation Using the translation algorithm defined in [RFC6643], the SMIv2 module can be translated to YANG. Using the JSON representation of data modeled in YANG defined in [I-D.lhotka-netmod-yang-json], the objects defined in the MIB module can be represented in JSON as shown below. The compact representation without any white space uses 468 octets. (Of course, this number depends on the number of octets needed for the counter values.) Schoenwaelder, et al. Expires April 21, 2013 [Page 12] Internet-Draft LOWPAN-MIB October 2012 { "LOWPAN-MIB:LOWPAN-MIB": { "lowpanGeneral": { "lowpanReasmTimeout": 120 }, "lowpanStats": { "lowpanStatsInReceives": 42, "lowpanStatsInHdrErrors": 0, "lowpanStatsReasmReqds": 22, "lowpanStatsReasmOKs": 20, "lowpanStatsReasmFails": 2, "lowpanStatsInDiscards": 1, "lowpanStatsInDelivers": 12, "lowpanStatsOutRequests": 12, "lowpanStatsOutDiscards": 0, "lowpanStatsOutFragReqds": 5, "lowpanStatsOutFragOKs": 5, "lowpanStatsOutFragFails": 0, "lowpanStatsOutFragCreates": 8, "lowpanStatsOutTransmits": 15 } } } Authors' Addresses Juergen Schoenwaelder Jacobs University Campus Ring 1 Bremen 28759 Germany EMail: j.schoenwaelder@jacobs-university.de Anuj Sehgal Jacobs University Campus Ring 1 Bremen 28759 Germany EMail: s.anuj@jacobs-university.de Schoenwaelder, et al. Expires April 21, 2013 [Page 13] Internet-Draft LOWPAN-MIB October 2012 Tina Tsou Huawei Technologies (USA) 2330 Central Expressway Santa Clara CA 95050 USA EMail: tina.tsou.zouting@huawei.com Cathy Zhou Huawei Technologies Bantian, Longgang District Shenzhen 518129 P.R. China EMail: cathyzhou@huawei.com Schoenwaelder, et al. Expires April 21, 2013 [Page 14]