tech-invite   World Map
3GPP     Specs     Glossaries     UICC       T+       IETF     RFCs     Groups     SIP     ABNFs       Search     Home

RFC 4131

Proposed STD
Pages: 85
Top     in Index     Prev     Next
in Group Index     Prev in Group     Next in Group     Group: IPCDN

Management Information Base for Data Over Cable Service Interface Specification (DOCSIS) Cable Modems and Cable Modem Termination Systems for Baseline Privacy Plus

Part 1 of 4, p. 1 to 5
None       Next RFC Part


Top       ToC       Page 1 
Network Working Group                                           S. Green
Request for Comments: 4131                                    Consultant
Category: Standards Track                                       K. Ozawa
                                                         E. Cardona, Ed.
                                                           A. Katsnelson
                                                          September 2005

                    Management Information Base for
 Data Over Cable Service Interface Specification (DOCSIS) Cable Modems
     and Cable Modem Termination Systems for Baseline Privacy Plus

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).


   This memo defines a portion of the Management Information Base (MIB)
   for use with network management protocols in the Internet community.
   In particular, it defines a set of managed objects for Simple Network
   Management Protocol (SNMP) based management of the Baseline Privacy
   Plus features of DOCSIS 1.1 and DOCSIS 2.0 (Data-over-Cable Service
   Interface Specification) compliant Cable Modems and Cable Modem
   Termination Systems.

Table of Contents

   1. The Internet-Standard Management Framework.....................  2
   2. Overview.......................................................  2
      2.1. Structure of the MIB......................................  3
      2.2. Relationship of BPI+ and BPI MIB Modules..................  4
      2.3. BPI+ MIB Module Relationship with The Interfaces Group MIB  5
   3. Definitions....................................................  5
   4. Acknowledgements............................................... 77
   5. Normative References........................................... 77
   6. Informative References......................................... 78
   7. Security Considerations........................................ 79
   8. IANA Considerations............................................ 83

Top      ToC       Page 2 
1.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580

2.  Overview

   This MIB module (BPI+ MIB) provides a set of objects required for the
   management of the Baseline Privacy Interface Plus features of DOCSIS
   1.1 and DOCSIS 2.0 Cable Modem (CM) and Cable Modem Termination
   System (CMTS).  The specification is derived from the operational
   model described in the DOCSIS Baseline Privacy Interface Plus
   Specification [DOCSIS].

   DOCSIS Baseline Privacy Plus is composed of four distinct functional
   and manageable areas:

   o  Key exchange and data encryption

   o  Cable modem authentication

   o  Multicast encryption

   o  Authentication of downloaded software images

   This MIB module is an extension of the DOCSIS 1.0 Baseline Privacy
   MIB module [RFC3083] (BPI MIB), which is derived from the Operational
   model described in the DOCSIS Baseline Privacy Interface
   Specification [DOCSIS-1.0].  The original Baseline Privacy MIB
   structure has mostly been preserved in the Baseline Privacy Plus MIB.
   Please note that the referenced DOCSIS specifications only require
   that Cable Modems process IPv4 customer traffic.  Design choices in
   this MIB module reflect those requirements.  Future versions of the
   DOCSIS specifications are expected to require support for IPv6 as

Top      ToC       Page 3 
   Conventions Used in This Document

      The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      in this document are to be interpreted as described in BCP 14, RFC
      2119 [RFC2119].

2.1.  Structure of the MIB

   This MIB module is structured into several tables and objects.

2.1.1.  Cable Modem

   o  The docsBpi2CmBaseTable contains authorization key exchange
      information for one CM MAC interface.

   o  The docsBpi2CmTEKTable contains traffic key exchange and data
      encryption information for a particular security association ID of
      the cable modem.

   o  Multicast Encryption information is maintained under
      Docsbpi2CmMulticastObjects.  There is currently one multicast
      table object that manages IP multicast encryption,

   o  Digital certificates used for cable modem authentication are
      accessible via docsBpi2CmDeviceCertTable.

   o  Cryptographic suite capabilities for a CM MAC are maintained in
      the docsBpi2CmCryptoSuiteTable.

2.1.2.  Cable Modem Termination System

   o  The docsBpi2CmtsBaseTable contains default settings and summary
      counters for the cable modem termination system.

   o  The DocsBpi2CmtsAuthTable contains Authorization Key Exchange
      information for each CM MAC interface, as well as data from CM
      certificates used in cable modem authentication.

   o  The docsBpi2CmtsTEKTable contains traffic key exchange and data
      encryption information for a particular security association ID.

   o  Multicast Encryption information is maintained under
      Docsbpi2CmtsMulticastObjects.  There are currently two multicast
      table objects.  The Table docsBpi2CmtsIpMulticastMapTable is

Top      ToC       Page 4 
      specifically designed for IP multicast encryption, whereas
      docsBpi2CmtsMulticastAuthTable is meant to manage all multicast
      security associations.

         In particular, the table docsBpi2CmtsIpMulticastMapTable
         defines the object docsBpi2CmtsIpMulticastMask, which could be
         a non-contiguous netmask; this is why the object syntax is
         based on the INET-ADDRESS-MIB MIB Module [RFC4001] Textual
         Convention InetAddress instead of InetAddressPrefixLength.

         This is to facilitate the assignment of same DOCSIS Security
         Association ID (SAID) to one or more IPv6 multicast group IDs
         matching one or more IPv6 multicast scope types within an entry
         in this table.  For example, multicast scopes labeled
         "unassigned" [RFC3513] may be allocated by administrators to a
         particular SAID, regardless of their multicast scope; such
         mapping transient multicast group 'Y' to SAID 'z' for ANY
         multicast scope.  The non-contiguous netmask will be FF10:Y.
         See [RFC3513] for details on IPv6 multicast addressing.

   o  DocsBpi2CmtsCertObjects contains 2 manageable tables: one for
      provisioned cable modem certificates and one for certification
      authority certificates.

2.1.3.  Common

   o  The docsBpi2CodeDownloadControl objects manage the authenticated
      software download process for a given device.

2.2.  Relationship of BPI+ and BPI MIB Modules

   This section describes the relationship between the BPI+ MIB module
   defined in this document and the BPI MIB module defined in RFC 3083
   [RFC3083].  The BPI+ protocol interface is an enhancement to the BPI
   protocol, and it is a distinct protocol from BPI.  The associated
   BPI+ managed objects should be considered separate from the BPI MIB
   objects defined in RFC 3083.

   DOCSIS 1.1 and 2.0 systems implement both the BPI+ and BPI protocols
   to be backward compatible with 1.0 systems.  For more information
   regarding the interoperability between BPI and BPI+ compliant
   systems, refer to appendix C of the DOCSIS BPI+ specification
   [DOCSIS].  For MIB modules requirements, refer to section 4.6.1,
   Figure 9, of the DOCSIS 1.1 OSSI specification [DOCSIS-1.1] and to
   section 7.6.1, Tables 7-9, of the DOCSIS 2.0 OSSI specification

Top      ToC       Page 5 
2.3.  BPI+ MIB Module Relationship with the Interfaces Group MIB

   The BPI+ MIB module is the management framework of Baseline Privacy
   Plus Interface Specification [DOCSIS], which provides the MAC layer
   (Media Access Control) security services of DOCSIS through the
   Baseline Privacy Key Management (BPKM) protocol.  The BPI+ MIB module
   objects are organized as extensions of the Radio Frequency (RF)
   Interface Management [RFC2670].

   The MIB table structures of this MIB Module are extensions of the
   DOCSIS CATV (Community Antenna Television) MAC layer interface
   (DocsCableMaclayer by [IANA]).  In particular, the provisions of the
   Interface Group MIB [RFC2863] for counter discontinuities and system
   re-initialization apply to CM and CMTS to validate the difference
   between two consecutive counter polls.

   All BPI+ MIB module counters are 32 bits and are based on the minimum
   time to wrap up considerations of [RFC2863] and their possible
   frequency occurrence as BPI+ FSM (Finite State Machine) event
   counters.  See [DOCSIS] for BPI+ FSM parameter guidelines.

(page 5 continued on part 2)

Next RFC Part