Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 4444

Management Information Base for Intermediate System to Intermediate System (IS-IS)

Pages: 103
Proposed Standard
Errata
Part 4 of 4 – Pages 65 to 103
First   Prev   None

Top   ToC   RFC4444 - Page 65   prevText
    isisIPRANextHop OBJECT-TYPE
        SYNTAX InetAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The IP next hop to this destination.

             The type of this address is determined by the value of
             the isisIPRANextHopType object."
    ::= { isisIPRAEntry 6 }

    isisIPRAType OBJECT-TYPE
        SYNTAX INTEGER
            {
                manual (1),
                automatic (2)
            }
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The type of this IP Reachable Address.  Those of type
             manual are created by the network manager.  Those of type
             automatic are created through propagation of routing
             information from another routing protocol.  This object
             follows the ManualOrAutomatic behavior."
    ::= { isisIPRAEntry 7 }

    isisIPRAExistState OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The state of this IP Reachable Address.  This object
             follows the ExistenceState and ManualOrAutomatic
             behaviors.  Support for 'createAndWait' and
             'notInService' is not required.

             A row entry cannot be modified when the value of this
             object is 'active'."
    ::= { isisIPRAEntry 8 }

    isisIPRAAdminState OBJECT-TYPE
        SYNTAX IsisAdminState
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The administrative state of the IP Reachable Address.  This
             object follows the IsisAdminState and ManualOrAutomatic
Top   ToC   RFC4444 - Page 66
             behaviors."
        DEFVAL { off }
    ::= { isisIPRAEntry 9 }

    isisIPRAMetric OBJECT-TYPE
        SYNTAX IsisDefaultMetric
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The metric value for reaching the specified
             destination over this circuit.  This object follows the
             ManualOrAutomatic behavior."
        DEFVAL { 10 }
    ::= { isisIPRAEntry 10 }

    isisIPRAMetricType OBJECT-TYPE
        SYNTAX IsisMetricType
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Indicates whether the metric is internal or
             external.  This object follows the ManualOrAutomatic
             behavior."
        DEFVAL { internal }
    ::= { isisIPRAEntry 11 }

    isisIPRAFullMetric OBJECT-TYPE
        SYNTAX IsisFullMetric
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The wide metric value for reaching the specified
             destination over this circuit.  This object follows the
             ManualOrAutomatic behavior."
        DEFVAL { 10 }
    ::= { isisIPRAEntry 12 }

    isisIPRASNPAAddress OBJECT-TYPE
        SYNTAX IsisOSINSAddress
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "The SNPA Address to which a PDU may be forwarded in
             order to reach a destination that matches this IP
             Reachable Address.  This object follows the
             ManualOrAutomatic behavior."
        DEFVAL { ''H }
    ::= { isisIPRAEntry 13 }
Top   ToC   RFC4444 - Page 67
    isisIPRASourceType OBJECT-TYPE
        SYNTAX INTEGER
            {
                static (1),
                direct (2),
                ospfv2 (3),
                ospfv3 (4),
                isis   (5),
                rip    (6),
                igrp   (7),
                eigrp  (8),
                bgp    (9),
                other (10)
            }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The origin of this route."
    ::= { isisIPRAEntry 14 }

-- The LSP Database Table
--
-- The first table provides Summary Information about LSPs
-- The next table provides a complete record

    isisLSPSummaryTable OBJECT-TYPE
        SYNTAX SEQUENCE OF IsisLSPSummaryEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The table of LSP Headers."
    ::= { isisLSPDataBase 1 }

    isisLSPSummaryEntry OBJECT-TYPE
        SYNTAX IsisLSPSummaryEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Each entry provides a summary describing an
             LSP currently stored in the system.

             Dynamically learned rows will not survive an
             agent reboot."
        INDEX {  isisLSPLevel,
                 isisLSPID }
    ::= { isisLSPSummaryTable 1 }

    IsisLSPSummaryEntry ::=
Top   ToC   RFC4444 - Page 68
        SEQUENCE {
            isisLSPLevel
                IsisISLevel,
            isisLSPID
                IsisLinkStatePDUID,
            isisLSPSeq
                Unsigned32,
            isisLSPZeroLife
                TruthValue,
            isisLSPChecksum
                IsisUnsigned16TC,
            isisLSPLifetimeRemain
                IsisUnsigned16TC,
            isisLSPPDULength
                IsisUnsigned16TC,
            isisLSPAttributes
                IsisUnsigned8TC
        }

    isisLSPLevel OBJECT-TYPE
        SYNTAX IsisISLevel
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "At which level does this LSP appear?"
    ::= { isisLSPSummaryEntry 1 }

    isisLSPID OBJECT-TYPE
        SYNTAX IsisLinkStatePDUID
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The 8-byte LSP ID for this Link State PDU."
    ::= { isisLSPSummaryEntry 2 }

    isisLSPSeq OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The sequence number for this LSP."
    ::= { isisLSPSummaryEntry 3 }

    isisLSPZeroLife OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
Top   ToC   RFC4444 - Page 69
            "Is this LSP being purged by this system?"
    ::= { isisLSPSummaryEntry 4 }

    isisLSPChecksum OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The 16-bit Fletcher Checksum for this LSP."
    ::= { isisLSPSummaryEntry 5 }

    isisLSPLifetimeRemain OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        UNITS "seconds"
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The remaining lifetime, in seconds, for this LSP."
    ::= { isisLSPSummaryEntry 6 }

    isisLSPPDULength OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The length of this LSP."
    ::= { isisLSPSummaryEntry 7 }

    isisLSPAttributes OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Flags carried by the LSP."
    ::= { isisLSPSummaryEntry 8 }

-- LSP Table
--
-- The full LSP as a sequence of {Type, Len, Value} tuples
-- Since the underlying LSP may have changed while downloading
-- TLVs, we provide the Sequence number and Checksum for each
-- LSP TLV, so the network manager may verify that they are
-- still working on the same version of the LSP.

    isisLSPTLVTable OBJECT-TYPE
        SYNTAX SEQUENCE OF IsisLSPTLVEntry
        MAX-ACCESS not-accessible
        STATUS current
Top   ToC   RFC4444 - Page 70
        DESCRIPTION
            "The table of LSPs in the database."
    ::= { isisLSPDataBase 2 }

    isisLSPTLVEntry OBJECT-TYPE
        SYNTAX IsisLSPTLVEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "Each entry describes a TLV within
             an LSP currently stored in the system.

             Dynamically learned rows will not survive an
             agent reboot."
        INDEX {  isisLSPLevel,
                 isisLSPID,
                 isisLSPTLVIndex }
    ::= { isisLSPTLVTable 1 }

    IsisLSPTLVEntry ::=
        SEQUENCE {
            isisLSPTLVIndex
                Unsigned32,
            isisLSPTLVSeq
                Unsigned32,
            isisLSPTLVChecksum
                IsisUnsigned16TC,
            isisLSPTLVType
                IsisUnsigned8TC,
            isisLSPTLVLen
                IsisUnsigned8TC,
            isisLSPTLVValue
                OCTET STRING
        }

    isisLSPTLVIndex OBJECT-TYPE
        SYNTAX Unsigned32(1..4294967295)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
            "The index of this TLV in the LSP.  The first TLV has
             index 1, and the Nth TLV has an index of N."
    ::= { isisLSPTLVEntry 1 }

    isisLSPTLVSeq OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS read-only
        STATUS current
Top   ToC   RFC4444 - Page 71
        DESCRIPTION
            "The sequence number for this LSP."
    ::= { isisLSPTLVEntry 2 }

    isisLSPTLVChecksum OBJECT-TYPE
        SYNTAX IsisUnsigned16TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The 16-bit Fletcher Checksum for this LSP."
    ::= { isisLSPTLVEntry 3 }

    isisLSPTLVType OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The type of this TLV."
    ::= { isisLSPTLVEntry 4 }

    isisLSPTLVLen OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The length of this TLV."
    ::= { isisLSPTLVEntry 5 }

    isisLSPTLVValue OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(0..255))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "The value of this TLV."
    ::= { isisLSPTLVEntry 6 }


-- The IS-IS Notification Table

-- The IS-IS Notification Table records fields that are
-- required for notifications

    isisNotificationEntry OBJECT IDENTIFIER
        ::= { isisNotification 1 }

    isisNotificationSysLevelIndex OBJECT-TYPE
        SYNTAX IsisLevel
        MAX-ACCESS accessible-for-notify
Top   ToC   RFC4444 - Page 72
        STATUS current
        DESCRIPTION
            "The system level for this notification."
    ::= { isisNotificationEntry 1 }

    isisNotificationCircIfIndex OBJECT-TYPE
        SYNTAX Unsigned32 (1..2147483647)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The identifier of this circuit relevant to
             this notification."
    ::= { isisNotificationEntry 2 }

    isisPduLspId OBJECT-TYPE
        SYNTAX IsisLinkStatePDUID
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "An Octet String that uniquely identifies
             a Link State PDU."
    ::= { isisNotificationEntry 3 }

    isisPduFragment OBJECT-TYPE
        SYNTAX IsisPDUHeader
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds up to 64 initial bytes of a PDU that
             triggered the notification."
    ::= { isisNotificationEntry 4 }

    isisPduFieldLen OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the System ID length reported in PDU we received."
    ::= { isisNotificationEntry 5 }

    isisPduMaxAreaAddress OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the Max Area Addresses reported in a PDU
             we received."
    ::= { isisNotificationEntry 6 }
Top   ToC   RFC4444 - Page 73
    isisPduProtocolVersion OBJECT-TYPE
        SYNTAX IsisUnsigned8TC
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the Protocol version reported in PDU we received."
    ::= { isisNotificationEntry 7 }

    isisPduLspSize OBJECT-TYPE
        SYNTAX Unsigned32 (0..2147483647)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the size of LSP we received that is too
             big to forward."
    ::= { isisNotificationEntry 8 }

    isisPduOriginatingBufferSize OBJECT-TYPE
        SYNTAX IsisUnsigned16TC (0..16000)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the size of isisSysLevelOrigLSPBuffSize advertised
             by the peer in the originatingLSPBufferSize TLV.
             If the peer does not advertise this TLV, this
             value is set to 0."
    ::= { isisNotificationEntry 9 }

    isisPduBufferSize OBJECT-TYPE
        SYNTAX IsisUnsigned16TC (0..16000)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "Holds the size of LSP received from peer."
    ::= { isisNotificationEntry 10 }

    isisPduProtocolsSupported OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(0..255))
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The list of protocols supported by an
             adjacent system.  This may be empty."
    ::= { isisNotificationEntry 11 }

    isisAdjState OBJECT-TYPE
        SYNTAX INTEGER
            {
Top   ToC   RFC4444 - Page 74
                 down (1),
                 initializing (2),
                 up (3),
                 failed(4)
            }
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "The current state of an adjacency."
    ::= { isisNotificationEntry 12 }

    isisErrorOffset OBJECT-TYPE
        SYNTAX Unsigned32
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "An offset to a problem in a PDU.  If the problem
             is a malformed TLV, this points to the beginning
             of the TLV.  If the problem is in the header, this
             points to the byte that is suspicious."
    ::= { isisNotificationEntry 13 }

    isisErrorTLVType OBJECT-TYPE
        SYNTAX Unsigned32 (0..255)
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
             "The type for a malformed TLV."
    ::= { isisNotificationEntry 14 }

    isisNotificationAreaAddress OBJECT-TYPE
        SYNTAX IsisOSINSAddress
        MAX-ACCESS accessible-for-notify
        STATUS current
        DESCRIPTION
            "An Area Address."
    ::= { isisNotificationEntry 15 }

-- Notification definitions
--
-- Note that notifications can be disabled by setting
--     isisSysNotificationEnable false

    isisDatabaseOverload NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisSysLevelState
        }
Top   ToC   RFC4444 - Page 75
        STATUS current
        DESCRIPTION
            "This notification is generated when the system
             enters or leaves the Overload state.  The number
             of times this has been generated and cleared is kept
             track of by isisSysStatLSPDbaseOloads."
    ::= { isisNotifications 1 }

    isisManualAddressDrops NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationAreaAddress
        }
        STATUS current
        DESCRIPTION
            "This notification is generated when one of the
             manual areaAddresses assigned to this system is
             ignored when computing routes.  The object
             isisNotificationAreaAddress describes the area that
             has been dropped.

             The number of times this event has been generated
             is counted by isisSysStatManAddrDropFromAreas.

             The agent must throttle the generation of
             consecutive isisManualAddressDrops notifications
             so that there is at least a 5-second gap between
             notifications of this type.  When notifications
             are throttled, they are dropped, not queued for
             sending at a future time."
    ::= { isisNotifications 2 }

    isisCorruptedLSPDetected NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "This notification is generated when we find that
             an LSP that was stored in memory has become
             corrupted.  The number of times this has been
             generated is counted by isisSysCorrLSPs.

             We forward an LSP ID.  We may have independent
             knowledge of the ID, but in some implementations
             there is a chance that the ID itself will be
             corrupted."
Top   ToC   RFC4444 - Page 76
    ::= { isisNotifications 3 }

    isisAttemptToExceedMaxSequence NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "When the sequence number on an LSP we generate
             wraps the 32-bit sequence counter, we purge and
             wait to re-announce this information.  This
             notification describes that event.  Since these
             should not be generated rapidly, we generate
             an event each time this happens.

             While the first 6 bytes of the LSPID are ours,
             the other two contain useful information."

    ::= { isisNotifications 4 }

    isisIDLenMismatch  NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduFieldLen,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with a different value for the System ID Length.
             This notification includes an index to identify
             the circuit where we saw the PDU and the header of
             the PDU, which may help a network manager identify
             the source of the confusion.

             The agent must throttle the generation of
             consecutive isisIDLenMismatch notifications
             so that there is at least a 5-second gap between
             notifications of this type.  When notifications
             are throttled, they are dropped, not queued for
             sending at a future time."

    ::= { isisNotifications 5 }

    isisMaxAreaAddressesMismatch NOTIFICATION-TYPE
        OBJECTS {
Top   ToC   RFC4444 - Page 77
            isisNotificationSysLevelIndex,
            isisPduMaxAreaAddress,
            isisNotificationCircIfIndex,
            isisPduFragment
        }

        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with a different value for the Maximum Area
             Addresses.  This notification includes the
             header of the packet, which may help a
             network manager identify the source of the
             confusion.

             The agent must throttle the generation of
             consecutive isisMaxAreaAddressesMismatch
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 6 }

    isisOwnLSPPurge NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with our systemID and zero age.  This
             notification includes the circuit Index
             and router ID from the LSP, if available,
             which may help a network manager
             identify the source of the confusion."

    ::= { isisNotifications 7 }

    isisSequenceNumberSkip NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId
        }
        STATUS current
Top   ToC   RFC4444 - Page 78
        DESCRIPTION
            "When we receive an LSP with our System ID
             and different contents, we may need to reissue
             the LSP with a higher sequence number.

             We send this notification if we need to increase
             the sequence number by more than one.  If two
             Intermediate Systems are configured with the same
             System ID, this notification will fire."

    ::= { isisNotifications 8 }

    isisAuthenticationTypeFailure NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with the wrong authentication type field.
             This notification includes the header of the
             packet, which may help a network manager
             identify the source of the confusion.

             The agent must throttle the generation of
             consecutive isisAuthenticationTypeFailure
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 9 }

    isisAuthenticationFailure NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a PDU
             with an incorrect authentication information
             field.  This notification includes the header
             of the packet, which may help a network manager
             identify the source of the confusion.
Top   ToC   RFC4444 - Page 79
             The agent must throttle the generation of
             consecutive isisAuthenticationFailure
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 10 }

    isisVersionSkew NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduProtocolVersion,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a Hello
             PDU from an IS running a different version
             of the protocol.  This notification includes
             the header of the packet, which may help a
             network manager identify the source of the
             confusion.

             The agent must throttle the generation of
             consecutive isisVersionSkew notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 11 }

    isisAreaMismatch NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a Hello
             PDU from an IS that does not share any
             area address.  This notification includes
             the header of the packet, which may help a
             network manager identify the source of the
             confusion.
Top   ToC   RFC4444 - Page 80
             The agent must throttle the generation of
             consecutive isisAreaMismatch notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 12 }

    isisRejectedAdjacency NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we receive a Hello
             PDU from an IS but do not establish an
             adjacency for some reason.

             The agent must throttle the generation of
             consecutive isisRejectedAdjacency notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 13 }

    isisLSPTooLargeToPropagate NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspSize,
            isisPduLspId
        }
        STATUS current
        DESCRIPTION
            "A notification sent when we attempt to propagate
             an LSP that is larger than the dataLinkBlockSize
             for the circuit.

             The agent must throttle the generation of
             consecutive isisLSPTooLargeToPropagate notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
Top   ToC   RFC4444 - Page 81
             queued for sending at a future time."

    ::= { isisNotifications 14 }

    isisOrigLSPBuffSizeMismatch NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId,
            isisPduOriginatingBufferSize,
            isisPduBufferSize
        }
        STATUS current
        DESCRIPTION
            "A notification sent when a Level 1 LSP or Level
             2 LSP is received that is larger than the local
             value for isisSysLevelOrigLSPBuffSize, or when an
             LSP is received that contains the supported Buffer Size
             option and the value in the PDU option field does
             not match the local value for isisSysLevelOrigLSPBuffSize.
             We pass up the size from the option field and the
             size of the LSP when one of them exceeds our configuration.

             The agent must throttle the generation of
             consecutive isisOrigLSPBuffSizeMismatch notifications
             so that there is at least a 5-second gap
             between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 15 }

    isisProtocolsSupportedMismatch NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduProtocolsSupported,
            isisPduLspId,
            isisPduFragment
        }
        STATUS current
        DESCRIPTION
            "A notification sent when a non-pseudonode
             segment 0 LSP is received that has no matching
             protocols supported.  This may be because the system
             does not generate the field, or because there are no
             common elements.  The list of protocols supported
             should be included in the notification: it may be
Top   ToC   RFC4444 - Page 82
             empty if the TLV is not supported, or if the
             TLV is empty.

             The agent must throttle the generation of
             consecutive isisProtocolsSupportedMismatch
             notifications so that there is at least a 5-second
             gap between notifications of this type.  When
             notifications are throttled, they are dropped, not
             queued for sending at a future time."

    ::= { isisNotifications 16 }

    isisAdjacencyChange NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId,
            isisAdjState
        }
        STATUS current
        DESCRIPTION
            "A notification sent when an adjacency changes
             state, entering or leaving state up.
             The first 6 bytes of the isisPduLspId are the
             SystemID of the adjacent IS.
             The isisAdjState is the new state of the adjacency."

    ::= { isisNotifications 17 }

    isisLSPErrorDetected NOTIFICATION-TYPE
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisPduLspId,
            isisNotificationCircIfIndex,
            isisPduFragment,
            isisErrorOffset,
            isisErrorTLVType
        }
        STATUS current
        DESCRIPTION
            "This notification is generated when we receive
             an LSP with a parse error.  The isisCircIfIndex
             holds an index of the circuit on which the PDU
             arrived.  The isisPduFragment holds the start of the
             LSP, and the isisErrorOffset points to the problem.

             If the problem is a malformed TLV, isisErrorOffset
             points to the start of the TLV, and isisErrorTLVType
Top   ToC   RFC4444 - Page 83
             holds the value of the type.

             If the problem is with the LSP header, isisErrorOffset
             points to the suspicious byte.

             The number of such LSPs is accumulated in
             isisSysStatLSPErrors."

    ::= { isisNotifications 18 }

-- Agent Conformance Definitions
-- We define the objects a conformant agent must define

isisCompliances OBJECT IDENTIFIER ::= { isisConformance 1 }
isisGroups      OBJECT IDENTIFIER ::= { isisConformance 2 }

-- compliance statements

    isisCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
            "The compliance statement for agents that support
             the IS-IS MIB.

             There are a number of INDEX objects that cannot be
             represented in the form of OBJECT clauses in SMIv2,
             but for which there are compliance requirements.
             Those requirements and similar requirements for
             related objects are expressed below, in
             pseudo-OBJECT clause form, in this description:

             -- OBJECT isisSummAddressType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 Summary
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
             --
             --
             -- OBJECT isisRedistributeAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Redistribution Addresses and anticipates
             --    the support of IPv6 addresses."
             --
Top   ToC   RFC4444 - Page 84
             --
             -- OBJECT isisISAdjIPAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Adjacency Addresses and anticipates the
             --    support of IPv6 addresses.
        MODULE -- this module
            MANDATORY-GROUPS {
                    isisSystemGroup,
                    isisCircuitGroup,
                    isisISAdjGroup,
                    isisNotificationObjectGroup,
                    isisNotificationGroup
            }
    ::= { isisCompliances 1 }

    -- List of all groups, mandatory and optional
    isisAdvancedCompliance MODULE-COMPLIANCE
        STATUS current
        DESCRIPTION
            "The compliance statement for agents that fully
             support the IS-IS MIB.

             There are a number of INDEX objects that cannot be
             represented in the form of OBJECT clauses in SMIv2,
             but for which there are compliance requirements.
             Those requirements and similar requirements for
             related objects are expressed below, in
             pseudo-OBJECT clause form, in this description:

             -- OBJECT isisSummAddressType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 Summary
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
             --
             --
             -- OBJECT isisRedistributeAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Redistribution Addresses and anticipates
             --    the support of IPv6 addresses."
Top   ToC   RFC4444 - Page 85
             --
             --
             -- OBJECT isisISAdjIPAddrType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4
             --    Adjacency Addresses and anticipates the
             --    support of IPv6 addresses.
             --
             --
             -- OBJECT isisIPRADestType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 RA
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
             --
             --
             -- OBJECT isisIPRANextHopType
             -- SYNTAX InetAddressType { ipv4(1), ipv6(2) }
             --
             -- DESCRIPTION
             --    The MIB requires support for IPv4 NextHop
             --    Addresses and anticipates the support of
             --    IPv6 addresses.
        MODULE -- this module
            MANDATORY-GROUPS {
                    isisSystemGroup,
                    isisCircuitGroup,
                    isisISAdjGroup,
                    isisNotificationObjectGroup,
                    isisNotificationGroup,
                    isisISPDUCounterGroup,
                    isisRATableGroup,
                    isisISIPRADestGroup,
                    isisLSPGroup
            }
    ::= { isisCompliances 2 }

    isisReadOnlyCompliance MODULE-COMPLIANCE
       STATUS     current
       DESCRIPTION
               "When this MIB is implemented without support for
                read-create (i.e., in read-only mode), the
                implementation can claim read-only compliance.  Such
                a device can then be monitored but cannot be
Top   ToC   RFC4444 - Page 86
                configured with this MIB."
       MODULE -- this module
            MANDATORY-GROUPS {
                    isisSystemGroup,
                    isisCircuitGroup,
                    isisISAdjGroup
            }

       OBJECT isisSysLevelType
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysID
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysMaxPathSplits
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysMaxLSPGenInt
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysPollESHelloRate
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysWaitTime
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysAdminState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysL2toL1Leaking
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."
Top   ToC   RFC4444 - Page 87
       OBJECT isisSysMaxAge
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisManAreaAddrExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelOrigLSPBuffSize
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelMinLSPGenInt
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelSetOverload
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelSetOverloadUntil
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelMetricStyle
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelSPFConsiders
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysLevelTEEnabled
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSysReceiveLSPBufferSize
       MIN-ACCESS read-only
       DESCRIPTION
Top   ToC   RFC4444 - Page 88
            "Write access is not required."

       OBJECT isisSummAddrExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSummAddrMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisSummAddrFullMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisRedistributeAddrExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircAdminState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircExistState
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircType
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircExtDomain
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelType
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircPassiveCircuit
Top   ToC   RFC4444 - Page 89
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircMeshGroupEnabled
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircMeshGroup
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircSmallHellos
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircExtendedCircID
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircIfIndex
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCirc3WayEnabled
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelWideMetric
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelISPriority
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."
Top   ToC   RFC4444 - Page 90
       OBJECT isisCircLevelHelloMultiplier
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelHelloTimer
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelDRHelloTimer
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelLSPThrottle
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelMinLSPRetransInt
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelCSNPInterval
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

       OBJECT isisCircLevelPartSNPInterval
       MIN-ACCESS read-only
       DESCRIPTION
            "Write access is not required."

    ::= { isisCompliances 3 }

-- MIB Grouping

    isisSystemGroup OBJECT-GROUP
        OBJECTS {
            isisSysVersion,
            isisSysLevelType,
            isisSysID,
            isisSysMaxPathSplits,
            isisSysMaxLSPGenInt,
            isisSysPollESHelloRate,
            isisSysWaitTime,
Top   ToC   RFC4444 - Page 91
            isisSysAdminState,
            isisSysL2toL1Leaking,
            isisSysMaxAge,
            isisSysProtSupported,
            isisSysNotificationEnable,
            isisManAreaAddrExistState,
            isisSysLevelOrigLSPBuffSize,
            isisSysLevelMinLSPGenInt,
            isisSysLevelState,
            isisSysLevelSetOverload,
            isisSysLevelSetOverloadUntil,
            isisSysLevelMetricStyle,
            isisSysLevelSPFConsiders,
            isisSysLevelTEEnabled,
            isisSysReceiveLSPBufferSize,
            isisSummAddrExistState,
            isisSummAddrMetric,
            isisAreaAddr,
            isisSummAddrFullMetric,
            isisRedistributeAddrExistState,
            isisRouterHostName,
            isisRouterID,
            isisSysStatCorrLSPs,
            isisSysStatLSPDbaseOloads,
            isisSysStatManAddrDropFromAreas,
            isisSysStatAttmptToExMaxSeqNums,
            isisSysStatSeqNumSkips,
            isisSysStatOwnLSPPurges,
            isisSysStatIDFieldLenMismatches,
            isisSysStatPartChanges,
            isisSysStatSPFRuns,
            isisSysStatAuthTypeFails,
            isisSysStatAuthFails,
            isisSysStatLSPErrors
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage an
             IS-IS router."
    ::= { isisGroups 1 }

    isisCircuitGroup OBJECT-GROUP
        OBJECTS {
            isisNextCircIndex,
            isisCircAdminState,
            isisCircExistState,
            isisCircType,
            isisCircExtDomain,
Top   ToC   RFC4444 - Page 92
            isisCircLevelType,
            isisCircAdjChanges,
            isisCircNumAdj,
            isisCircInitFails,
            isisCircRejAdjs,
            isisCircIDFieldLenMismatches,
            isisCircMaxAreaAddrMismatches,
            isisCircAuthTypeFails,
            isisCircAuthFails,
            isisCircLANDesISChanges,
            isisCircPassiveCircuit,
            isisCircMeshGroupEnabled,
            isisCircMeshGroup,
            isisCircSmallHellos,
            isisCircLastUpTime,
            isisCirc3WayEnabled,
            isisCircExtendedCircID,
            isisCircIfIndex,
            isisCircLevelMetric,
            isisCircLevelWideMetric,
            isisCircLevelISPriority,
            isisCircLevelIDOctet,
            isisCircLevelID,
            isisCircLevelDesIS,
            isisCircLevelHelloMultiplier,
            isisCircLevelHelloTimer,
            isisCircLevelDRHelloTimer,
            isisCircLevelLSPThrottle,
            isisCircLevelMinLSPRetransInt,
            isisCircLevelCSNPInterval,
            isisCircLevelPartSNPInterval
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to describe an
             IS-IS Circuit."
    ::= { isisGroups 2 }

    isisISAdjGroup OBJECT-GROUP
        OBJECTS {
            isisISAdjState,
            isisISAdj3WayState,
            isisISAdjNeighSNPAAddress,
            isisISAdjNeighSysType,
            isisISAdjNeighSysID,
            isisISAdjNbrExtendedCircID,
            isisISAdjUsage,
            isisISAdjHoldTimer,
Top   ToC   RFC4444 - Page 93
            isisISAdjNeighPriority,
            isisISAdjLastUpTime,
            isisISAdjAreaAddress,
            isisISAdjIPAddrType,
            isisISAdjIPAddrAddress,
            isisISAdjProtSuppProtocol
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage an
             IS-IS Adjacency."
    ::= { isisGroups 3 }

    isisNotificationObjectGroup OBJECT-GROUP
        OBJECTS {
            isisNotificationSysLevelIndex,
            isisNotificationCircIfIndex,
            isisPduLspId,
            isisPduFragment,
            isisPduFieldLen,
            isisPduMaxAreaAddress,
            isisPduProtocolVersion,
            isisPduLspSize,
            isisPduOriginatingBufferSize,
            isisPduBufferSize,
            isisPduProtocolsSupported,
            isisAdjState,
            isisErrorOffset,
            isisErrorTLVType,
            isisNotificationAreaAddress
        }
        STATUS current
        DESCRIPTION
            "The objects used to record notification parameters."
    ::= { isisGroups 4 }


    isisNotificationGroup        NOTIFICATION-GROUP
        NOTIFICATIONS {
            isisDatabaseOverload,
            isisManualAddressDrops,
            isisCorruptedLSPDetected,
            isisAttemptToExceedMaxSequence,
            isisIDLenMismatch,
            isisMaxAreaAddressesMismatch,
            isisOwnLSPPurge,
            isisSequenceNumberSkip,
            isisAuthenticationTypeFailure,
Top   ToC   RFC4444 - Page 94
            isisAuthenticationFailure,
            isisVersionSkew,
            isisAreaMismatch,
            isisRejectedAdjacency,
            isisLSPTooLargeToPropagate,
            isisOrigLSPBuffSizeMismatch,
            isisProtocolsSupportedMismatch,
            isisAdjacencyChange,
            isisLSPErrorDetected
        }
        STATUS current
        DESCRIPTION
            "The collections of notifications sent by an IS."
    ::= { isisGroups 5 }


    isisISPDUCounterGroup OBJECT-GROUP
        OBJECTS {
            isisPacketCountIIHello,
            isisPacketCountISHello,
            isisPacketCountESHello,
            isisPacketCountLSP,
            isisPacketCountCSNP,
            isisPacketCountPSNP,
            isisPacketCountUnknown
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to count protocol PDUs."
    ::= { isisGroups 6 }


    isisRATableGroup OBJECT-GROUP
        OBJECTS {
            isisRAExistState,
            isisRAAdminState,
            isisRAAddrPrefix,
            isisRAMapType,
            isisRAMetric,
            isisRAMetricType,
            isisRASNPAAddress,
            isisRASNPAMask,
            isisRASNPAPrefix,
            isisRAType
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage the
Top   ToC   RFC4444 - Page 95
             reachable NSAP prefixes."
    ::= { isisGroups 7 }


    isisISIPRADestGroup OBJECT-GROUP
        OBJECTS {
            isisIPRANextHopType,
            isisIPRANextHop,
            isisIPRAType,
            isisIPRAExistState,
            isisIPRAAdminState,
            isisIPRAMetric,
            isisIPRAFullMetric,
            isisIPRAMetricType,
            isisIPRASNPAAddress,
            isisIPRASourceType
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to manage configured
             IP addresses."
    ::= { isisGroups 8 }

    isisLSPGroup OBJECT-GROUP
        OBJECTS {
            isisLSPSeq,
            isisLSPZeroLife,
            isisLSPChecksum,
            isisLSPLifetimeRemain,
            isisLSPPDULength,
            isisLSPAttributes,
            isisLSPTLVSeq,
            isisLSPTLVChecksum,
            isisLSPTLVType,
            isisLSPTLVLen,
            isisLSPTLVValue
        }
        STATUS current
        DESCRIPTION
            "The collections of objects used to observe the LSP
             Database."
    ::= { isisGroups 9 }

END
Top   ToC   RFC4444 - Page 96

5. IANA Considerations

The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- isisMIB { mib-2 138 }

6. Acknowledgements

This MIB is based on a March 1994 document by Chris Gunner, who should be held blameless for the errors introduced since then. This version has been modified to include MIB-II syntax, to exclude portions of the protocol that are not relevant to IP, such as the ES-IS protocol, and to add management support for current practice. We would like to thank the following individuals for constructive and valuable comments: Mike Bartlett, Neal Castagnoli, Ken Chapman, Joan Cucchiara, Satish Dattatri, Nagi Jonnala, Adrian Farrel, Shamik Ganguly, Les Ginsberg, Don Goodspeed, Jeff Gross, Jim Halpin, Jon Harrison, Dimitri Haskin, C. M. Heard, Peter Higginson, Christian Hopps, Laura Liu, Gavin McPherson, Kay Noguchi, Serge Maskalik, Z. Opalka, Jeff Pickering, Sundar Ramachandran, Swaminatha Ramalingam, Aravind Ravikumar, Juergen Schoenwaelder, Koen Vermeulen, Hans De Vleeschouwer, Bert Wijnen, and Bingzhang Zhao.

7. Security Considerations

Management information defined in this MIB may be considered sensitive in some network environments.

7.1. Discussion

This MIB may be used to manage an IP router, which is used to direct network traffic. The control of network traffic allows an attacker to deny service to a region of the network or to forward traffic to adversaries. By raising or lowering metrics, traffic may be directed to insecure portions of the network. By disabling the protocol on an interface, the network may be partitioned. Changes to the network topology will force all routers to recompute their routes. Periodic route changes have brought down networks in the past by subjecting routers to stressful recomputations. There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network
Top   ToC   RFC4444 - Page 97
   environments.  The support for SET operations in a non-secure
   environment without proper protection can have a negative effect on
   network operations.  Authentication of received SNMP requests and
   controlled access to management information should be employed in
   such environments.

   We identify a set of threats and then list attributes that can be
   used in each form of attack.  We discuss the effects that can be
   obtained by a single change to the variable in each class.

7.2. Threats

- Drop an Adjacency - Drop all Peers - Drop Subnetwork - Split the Network - Intermittent Outages - Redirect Traffic - Delay Convergence - Avoid Detection - Prevent Updates - Hijack LAN - Create Problems for CLNS Networks

7.2.1. Drop an Adjacency

By changing attributes that are used to peer, we can disrupt an adjacency and bring a link down. isisCirc3WayEnabled isisCircAdminState isisCircExistState isisCircLevelDRHelloTimer isisCircLevelHelloTimer isisCircLevelType isisCircSmallHellos

7.2.2. Drop All Adjacencies

These attributes can be used to break some or all of a router's adjacencies. In the case of System ID, the adjacency may be restored. However, it will subject the network to additional stress. isisSysLevelType isisManAreaAddrExistState isisSysAdminState isisSysID
Top   ToC   RFC4444 - Page 98

7.2.3. Drop Subnetwork

This attribute can be used to stop advertisement of a subnetwork reachable through a single interface. isisCircPassiveCircuit

7.2.4. Split the Network

If the network design depends upon Wide Metrics or TE, we can use these attributes to prevent traffic from passing through a router. isisSysLevelMetricStyle isisSysLevelOrigLSPBuffSize isisSysLevelSPFConsiders isisSysLevelTEEnabled isisSysReceiveLSPBufferSize

7.2.5. Intermittent Outages

We can use these attributes to subject the network to a series of topology changes, or otherwise force extensive recomputations of routes. isisSysLevelMinLSPGenInt isisSysLevelSetOverload isisSysLevelSetOverloadUntil isisSysMaxAge isisSysMaxLSPGenInt isisSysL2toL1Leaking isisSysID

7.2.6. Redirect Traffic

By changing attributes such as metrics, we can push traffic to different parts of the network. This may allow an intruder to observe data traffic from otherwise remote parts of the network. We may also use these attributes to deny service to parts of the network. isisSysMaxPathSplits isisCircLevelMetric isisCircLevelWideMetric isisIPRAAdminState isisIPRAExistState isisIPRAFullMetric isisIPRAMetric
Top   ToC   RFC4444 - Page 99
      isisIPRAMetricType
      isisIPRANextHop
      isisIPRANextHopType
      isisIPRASNPAAddress
      isisIPRAType
      isisRedistributeAddrExistState
      isisSummAddrExistState
      isisSummAddrFullMetric
      isisSummAddrMetric
      isisSysL2toL1Leaking

7.2.7. Delay Convergence

These attributes can be used to slow convergence by increasing the minimal interval required to update a packet. isisCircLevelCSNPInterval isisCircLevelLSPThrottle isisCircLevelMinLSPRetransInt isisCircLevelPartSNPInterval isisSysWaitTime isisCircPassiveCircuit

7.2.8. Avoid Detection

By turning off traps, we can prevent a Network Management station from observing problems in the network caused by other aspects of an attack. isisSysNotificationEnable

7.2.9. Prevent Updates

Mesh Groups can be used to prevent the transmission of Link State PDUs on certain interfaces, delaying or preventing the propagation of updates. isisCircMeshGroup isisCircMeshGroupEnabled

7.2.10. Hijack LAN

If we have compromised a router, we can use this attribute to become the designated router and lie about the topology of a LAN. isisCircLevelISPriority
Top   ToC   RFC4444 - Page 100

7.2.11. Create Problems for CLNS Networks

This attribute can be used to modify the handling of CLNS traffic. isisRAAddrPrefix isisRAAdminState isisRAExistState isisRAMapType isisRAMetric isisRAMetricType isisRASNPAAddress isisRASNPAMask isisRASNPAPrefix isisRAType isisSysPollESHelloRate

7.2.12. Mostly Harmless

The following writable attributes do not pose a known security risk. isisCircExtDomain isisCircExtendedCircID isisCircIfIndex isisCircLevelHelloMultiplier isisCircType

7.2.13. Recommendations

Much of the MIB is used to set or read attributes which are readily visible to any intruder who has access to traffic. None of the security attributes are setable or visible through the MIB. Read access to the MIB does not pose additional risks or vulnerabilities. If write access is to be provided, it is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. Deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an
Top   ToC   RFC4444 - Page 101
   instance of this MIB module is properly configured to give access to
   the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change/create/delete) them.

8. Normative References

[ISO10589] ISO 10589, "Intermediate system to Intermediate system routeing information exchange protocol for use in conjunction with the Protocol for providing the Connectionless-mode Network Service (ISO 8473)," ISO/IEC 10589:2002. [ISO10733] ISO 10733, "Information Processing Systems - Open Systems Interconnection - Specification of the elements of Management Information related to OSI Network layer Standards", September 1998. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP and dual environments", RFC 1195, December 1990. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3289] Baker, F., Chan, K., and A. Smith, "Management Information Base for the Differentiated Services Architecture", RFC 3289, May 2002. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
Top   ToC   RFC4444 - Page 102
   [RFC4001]  Daniele, M., Haberman, B., Routhier, S., and J.
              Schoenwaelder, "Textual Conventions for Internet Network
              Addresses", RFC 4001, February 2005.

9. Informative References

[RFC2973] Balay, R., Katz, D., and J. Parker, "IS-IS Mesh Groups", RFC 2973, October 2000. [RFC3373] Katz, D. and R. Saluja, "Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point- to-Point Adjacencies", RFC 3373, September 2002. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002.

Authors' Address

Jeff Parker Department of Computer Science Middlebury College, Middlebury, Vermont 05753 EMail: jeffp@middlebury.edu
Top   ToC   RFC4444 - Page 103
Full Copyright Statement

   Copyright (C) The Internet Society (2006).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).