8. IANA-SMF-MIB Definitions
This section contains the IANA-SMF-MIB module. This MIB module
defines two Textual Conventions for which IANA SHOULD maintain and
keep synchronized with the registry identified below within the
IANAsmfOpModeIdTC and the IANAsmfRssaIdTC TEXTUAL-CONVENTIONs.
The IANAsmfOpModeIdTC defines an index that identifies through
reference to a specific SMF operations mode. The index is an integer
valued named-number enumeration consisting of an integer and label.
IANA is to create and maintain this Textual Convention. Future
assignments are made to anyone on a first come, first served basis.
There is no substantive review of the request, other than to ensure
that it is well-formed and does not duplicate an existing assignment.
However, requests must include a minimal amount of clerical
information, such as a point of contact (including an email address)
and a brief description of the method being identified as a new SMF
operations mode.
The IANAsmfRssaIdTC defines an index that identifies through
reference to a specific Reduced Set Selection Algorithm (RSSA). The
index is an integer valued named-number enumeration consisting of an
integer and label. IANA is to create and maintain this Textual
Convention.
Future assignments to the IANAsmfRssaIdTC for the index range 5-127
require an RFC publication (either as an IETF submission or as an
Independent submission [RFC5742]). The category of RFC MUST be
Standards Track. The specific RSSAs MUST be documented in sufficient
detail so that interoperability between independent implementations
is possible.
Future assignments to the IANAsmfRssaIdTC for the index range 128-239
are private or local use only, with the type and purpose defined by
the local site. No attempt is made to prevent multiple sites from
using the same value in different (and incompatible) ways. There is
no need for IANA to review such assignments (since IANA will not
record these), and assignments are not generally useful for broad
interoperability. It is the responsibility of the sites making use
of the Private Use range to ensure that no conflicts occur (within
the intended scope of use).
Future assignments to the IANAsmfRssaIdTC for the index range 240-255
are to facilitate experimentation. These require an RFC publication
(either as an IETF submission or as an Independent submission
[RFC5742]). The category of RFC MUST be Experimental. The RSSA
algorithms MUST be documented in sufficient detail so that
interoperability between independent implementations is possible.
This MIB module references [RFC3626], [RFC5614], [RFC6621], and
[RFC7181].
IANA-SMF-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, mib-2
FROM SNMPv2-SMI -- RFC 2578
TEXTUAL-CONVENTION
FROM SNMPv2-TC; -- RFC 2579
ianaSmfMIB MODULE-IDENTITY
LAST-UPDATED "201410100000Z" -- October 10, 2014
ORGANIZATION "IANA"
CONTACT-INFO "Internet Assigned Numbers Authority
Postal: ICANN
12025 Waterfront Drive, Suite 300
Los Angeles, CA 90094-2536
United States
Tel: +1 310 301 5800
EMail: iana@iana.org"
DESCRIPTION "This MIB module defines the
IANAsmfOpModeIdTC and IANAsmfRssaIdTC
Textual Conventions, and thus the
enumerated values of the
smfCapabilitiesOpModeID and
smfCapabilitiesRssaID objects defined
in the SMF-MIB."
REVISION "201410100000Z" -- October 10, 2014
DESCRIPTION
"Initial version of this MIB as published in RFC 7367.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
"
::= { mib-2 225 }
IANAsmfOpModeIdTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An index that identifies through reference to a specific
SMF operations mode. There are basically three styles
of SMF operation with reduced relay sets currently
identified:
Independent operation 'independent(1)' -
SMF performs its own relay
set selection using information from an associated
MANET NHDP process.
CDS-aware unicast routing operation 'routing(2)'-
a coexistent unicast routing
protocol provides dynamic relay
set state based upon its own control plane
Connected Dominating Set (CDS) or neighborhood
discovery information.
Cross-layer operation 'crossLayer(3)' -
SMF operates using neighborhood
status and triggers from a
cross-layer information base for dynamic relay
set selection and maintenance.
IANA MUST update this Textual Convention accordingly.
The definition of this Textual Convention with the
addition of newly assigned values is updated
periodically by the IANA, in the
IANA-maintained registries. (The
latest arrangements can be obtained by contacting the
IANA.)
Requests for new values SHOULD be made to IANA via
email (iana@iana.org)."
REFERENCE
"See Section 7.2 'Reduced Relay Set Forwarding',
and the Appendices A, B, and C in
RFC 6621 - 'Simplified Multicast Forwarding',
Macker, J., Ed., May 2012."
SYNTAX INTEGER {
independent (1),
routing (2),
crossLayer (3)
-- future (4-255)
}
IANAsmfRssaIdTC ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"An index that identifies through reference to specific
RSSAs. Several are currently defined
in the Appendices A, B, and C of RFC 6621.
Examples of RSSAs already identified within
this Textual Convention (TC) are:
Classical Flooding (cF(1)) - is the standard
flooding algorithm where each node in the next
retransmits the information on each of its interfaces.
Source-Based Multipoint Relay (sMPR(2)) -
this algorithm is used by Optimized Link State Routing
(OLSR) and OLSR version 2 (OLSRv2) protocols for the
relay of link state updates and other control
information (RFC 3626, RFC 7181). Since each router
picks its neighboring relays independently, sMPR
forwarders depend upon previous hop information
(e.g., source Media Access Control (MAC) address) to
operate correctly.
Essential Connected Dominating Set (eCDS(3)) -
defined in RFC 5614, this algorithm forms a single
CDS mesh for the SMF operating region. Its
packet-forwarding rules are not dependent upon
previous hop knowledge in contrast to sMPR.
Multipoint Relay Connected Dominating Set (mprCDS(4)) -
This algorithm is an extension to the basic sMPR
election algorithm that results in a shared
(non-source-specific) SMF CDS. Thus, its forwarding
rules are not dependent upon previous hop information,
similar to eCDS.
IANA MUST update this Textual Convention accordingly.
The definition of this Textual Convention with the
addition of newly assigned values is updated
periodically by the IANA, in the
IANA-maintained registries. (The
latest arrangements can be obtained by contacting the
IANA.)
Requests for new values SHOULD be made to IANA via
email (iana@iana.org)."
REFERENCE
"For example, see:
Section 8.1.1. 'SMF Message TLV Type' and the AppendicesA, B, and C in
RFC 6621 - 'Simplified Multicast Forwarding',
Macker, J., Ed., May 2012.
RFC 3626 - Clausen, T., Ed., and P. Jacquet, Ed., 'Optimized
Link State Routing Protocol (OLSR)', October 2003.
RFC 5614 - Ogier, R. and P. Spagnolo, 'Mobile Ad Hoc
Network (MANET) Extension of OSPF Using Connected
Dominating Set (CDS) Flooding', August 2009.
RFC 7181 - Clausen, T., Dearlove, C., Jacquet, P., and
U. Herberg, 'The Optimized Link State Routing Protocol
Version 2', April 2014."
SYNTAX INTEGER {
cF(1),
sMPR(2),
eCDS(3),
mprCDS(4)
-- future(5-127)
-- noStdAction(128-239)
-- experimental(240-255)
}
END
9. Security Considerations
This section discusses security implications of the choices made in
this SMF-MIB module.
There are a number of management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These are the tables and objects and their
sensitivity/vulnerability:
o 'smfCfgAdminStatus' - this writable configuration object controls
the operational status of the SMF process. If this setting is
configured inconsistently across the MANET multicast domain, then
delivery of multicast data may be inconsistent across the domain;
some nodes may not receive multicast data intended for them.
o 'smfCfgRouterIDAddrType' and 'smfCfgRouterID' - these writable
configuration objects define the ID of the SMF process. These
objects should be configured with a routable address defined on
the local SMF device. The smfCfgRouterID is a logical
identification that MUST be configured as unique across
interoperating SMF neighborhoods, and it is RECOMMENDED to be
chosen as the numerically largest address contained in a node's
'Neighbor Address List' as defined in NHDP. A smfCfgRouterID MUST
be unique within the scope of the operating MANET network
regardless of the method used for selecting it. If these objects
are misconfigured or configured inconsistently across the MANET,
then the ability of various RSSAs, e.g., eCDS, may be compromised.
This would potentially result in some routers within the MANET not
receiving multicast packets destine to them. Hence, intentionally
misconfiguring these objects could pose a form of Denial-of-
Service (DoS) attack against the MANET.
o 'smfCfgOpMode' - this writable configuration object defines the
operational mode of the SMF process. The operational mode defines
how the SMF process receives its data to form its local estimate
of the CDS. It is recommended that the value for this object be
set consistently across the MANET to ensure proper operation of
the multicast packet forwarding. If the value for this object is
set inconsistently across the MANET, the result may be that
multicast packet delivery will be compromised within the MANET.
Hence, intentionally misconfiguring this object could pose a form
DoS attack against the MANET.
o 'smfCfgRssa' - this writable configuration object sets the
specific RSSA for the SMF process. If this object is set
inconsistently across the MANET domain, multicast delivery of data
will likely fail. Hence, intentionally misconfiguring this object
could pose a form DoS attack against the MANET.
o 'smfCfgRssaMember' - this writable configuration object sets the
'interest' of the local SMF node in participating in the CDS.
Setting this object to 'never(3)' on a highly connected device
could lead to frequent island formation. Setting this object to
'always(2)' could support data ex-filtration from the MANET
domain.
o 'smfCfgIpv4Dpd' - this writable configuration object sets the
duplicate packet detection method, i.e., H-DPD or I-DPD, for
forwarding of IPv4 multicast packets. Forwarders may operate with
mixed H-DPD and I-DPD modes as long as they consistently perform
the appropriate DPD routines outlined in [RFC6621]. However, it
is RECOMMENDED that a deployment be configured with a common mode
for operational consistency.
o 'smfCfgIpv6Dpd' - this writable configuration object sets the
duplicate packet detection method for the forwarding of IPv6
multicast packets. Since IPv6 SMF does specify an option header,
the interoperability constraints are not as loose as in the IPv4
version, and forwarders SHOULD NOT operate with mixed H-DPD and
I-DPD modes. Hence, the value for this object SHOULD be
consistently set within the forwarders comprising the MANET, else
inconsistent forwarding may result unnecessary multicast packet
dropping.
o 'smfCfgMaxPktLifetime' - this writable configuration object sets
the estimate of the network packet traversal time. If set too
small, this could lead to poor multicast data delivery ratios
throughout the MANET domain. This could serve as a form of DoS
attack if this object value is set too small.
o 'smfCfgDpdEntryMaxLifetime' - this writable configuration object
sets the maximum lifetime (in seconds) for the cached DPD records
for the combined IPv4 and IPv6 methods. If the memory is running
low prior to the MaxLifetime being exceeded, the local SMF devices
should purge the oldest records first. If this object value is
set too small, then the effectiveness of the SMF DPD algorithms
may become greatly diminished causing a higher than necessary
packet load on the MANET.
o 'smfCfgNhdpRssaMesgTLVIncluded' - this writable configuration
object indicates whether or not the associated NHDP messages
include the RSSA Message TLV. It is highly RECOMMENDED that this
object be set to 'true(1)' when the SMF operation mode is set to
independent as this information will inform the local forwarder of
the RSSA implemented in neighboring forwarders and is used to
ensure consistent forwarding across the MANET. While it is
possible that SMF neighbors MAY be configured differently with
respect to the RSSA and still operate cooperatively, but these
cases will vary dependent upon the algorithm types designated and
this situation SHOULD be avoided.
o 'smfCfgNhdpRssaAddrBlockTLVIncluded' - this writable configuration
object indicates whether or not the associated NHDP messages
include the RSSA Address Block TLV. The
smfNhdpRssaAddrBlockTLVIncluded is optional in all cases as it
depends on the existence of an address block that may not be
present. If this SMF device is configured with NHDP, then this
object should be set to 'true(1)' as this TLV enables CDS relay
algorithm operation and configuration to be shared among 2-hop
neighborhoods. Some relay algorithms require 2-hop neighbor
configuration in order to correctly select relay sets.
o 'smfCfgAddrForwardingTable' - the writable configuration objects
in this table indicate which multicast IP addresses are to be
forwarded by this SMF node. Misconfiguration of rows within this
table can limit the ability of this SMF device to properly forward
multicast data.
o 'smfCfgInterfaceTable' - the writable configuration objects in
this table indicate which SMF node interfaces are participating in
the SMF packet forwarding process. Misconfiguration of rows
within this table can limit the ability of this SMF device to
properly forward multicast data.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
o 'smfNodeRsStatusIncluded' - this readable state object indicates
whether or not this SMF node is part of the CDS. Being part of
the CDS makes this node a distinguished device. It could be
exploited for data ex-filtration, or DoS attacks.
o 'smfStateNeighborTable' - the readable state objects in this table
indicate current neighbor nodes to this SMF node. Exposing this
information to an attacker could allow the attacker easier access
to the larger MANET domain.
The remainder of the objects in the SMF-MIB module are performance
counter objects. While these give an indication of the activity of
the SMF process on this node, it is not expected that exposing these
values poses a security risk to the MANET network.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
Implementations SHOULD provide the security features described by the
SNMPv3 framework (see [RFC3410]), and implementations claiming
compliance to the SNMPv3 standard MUST include full support for
authentication and privacy via the User-based Security Model (USM)
[RFC3414] with the AES cipher algorithm [RFC3826]. Implementations
MAY also provide support for the Transport Security Model (TSM)
[RFC5591] in combination with a secure transport such as SSH
[RFC5592] or TLS/DTLS [RFC6353].
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
10. Applicability Statement
This document describes objects for configuring parameters of the
Simplified Multicast Forwarding [RFC6621] process on a Mobile Ad Hoc
Network (MANET) router. This MIB module, denoted SMF-MIB, also
reports state and performance information and notifications. This
section provides some examples of how this MIB module can be used in
MANET network deployments. A fuller discussion of MANET network
management use cases and challenges is out of scope for this
document.
SMF is designed to allow MANET routers to forward IPv4 and IPv6
packets over the MANET and cover the MANET nodes through the
automatic discovery of efficient estimates of the Minimum Connected
Dominating Set (MCDS) of nodes within the MANET. The MCDS is
estimated using the Relay Set Selection Algorithms (RSSAs) discussed
within this document. In the following, three scenarios are listed
where this MIB module is useful:
o For a Parking Lot Initial Configuration Situation - it is common
for the vehicles comprising the MANET being forward deployed at a
remote location, e.g., the site of a natural disaster, to be off-
loaded in a parking lot where an initial configuration of the
networking devices is performed. The configuration is loaded into
the devices from a fixed-location Network Operations Center (NOC)
at the parking lot, and the vehicles are stationary at the parking
lot while the configuration changes are made. Standards-based
methods for configuration management from the co-located NOC are
necessary for this deployment option. The set of interesting
configuration objects for the SMF process are listed within this
MIB module.
o For Mobile vehicles with Low Bandwidth Satellite Link to a Fixed
NOC - Here the vehicles carrying the MANET routers carry multiple
wireless interfaces, one of which is a relatively low-bandwidth
on-the-move satellite connection that interconnects a fix NOC to
the nodes of the MANET. Standards-based methods for monitoring
and fault management from the fixed NOC are necessary for this
deployment option.
o For Fixed NOC and Mobile Local Manager in Larger Vehicles - for
larger vehicles, a hierarchical network management arrangement is
useful. Centralized network management is performed from a fixed
NOC while local management is performed locally from within the
vehicles. Standards-based methods for configuration, monitoring,
and fault management are necessary for this deployment option.
Here we provide an example of the simplest of configurations to
establish an operational multicast forwarding capability in a MANET.
This discussion only identifies the configuration necessary through
the SMF-MIB module and assumes that other configuration has occurred.
Assume that the MANET is to support only IPv4 addressing and that the
MANET nodes are to be configured in the context of the Parking Lot
Initialization case above. Then, the SMF-MIB module defines ten
configuration OIDs and two configuration tables, i.e., the
smfCfgAddrForwardingTable and the smfCfgInterfaceTable. Of the ten
OIDs defined, all but one, i.e., the smfCfgRouterID, have DEFVAL
clauses that allow for a functional configuration of the SMF process
within the MANET. The smfCfgRouterIDType defaults to 'ipv4' so the
smfCfgRouterID can be set as, e.g., (assuming the use of the Net-SNMP
toolkit),:
snmpset [options] <smfCfgRouterID_OID>.0 a 192.0.2.100
If the smfCfgAddrForwardingTable is left empty, then the SMF local
forwarder will forward all multicast addresses. So this table does
not require configuration if you want to have the MANET forward all
multicast addresses.
All that remains is to configure at least one row in the
smfCfgInterfaceTable. Assume that the node has a wireless interface
with an <ifName>='wlan0' and an <ifIndex>='1'. All of the objects in
the rows of the smfCfgInterfaceTable have a DEFVAL clause; hence,
only the RowStatus object needs to be set. So the SMF process will
be activated on the 'wlan0' interface by the following network
manager snmpset command:
snmpset [options] <smfCfgIfRowStatus>.1 i active(1)
At this point, the configured forwarder will begin a Classical
Flooding algorithm to forward all multicast addresses IPv4 packets it
receives.
To provide a more efficient multicast forwarding within the MANET,
the network manager could walk the smfCapabilitiesTable to identify
other SMF Operational Modes, for example:
snmpwalk [options] <smfCapabilitiesTable>
SMF-MIB::smfCapabilitiesIndex.1 = INTEGER: 1
SMF-MIB::smfCapabilitiesIndex.2 = INTEGER: 2
SMF-MIB::smfCapabilitiesOpModeID.1 = INTEGER: cfOnly(1)
SMF-MIB::smfCapabilitiesOpModeiD.2 = INTEGER: independent(2)
SMF-MIB::smfCapabilitiesRssaID.1 = INTEGER: cF(1)
SMF-MIB::smfCapabilitiesRssaID.2 = INTEGER: eCDS(3)
In this example, the forwarding device also supports the Essential
Connected Dominating Set (eCDS) RSSA with the forwarder in the
'independent(2)' operational mode. If the network manager were to
then issue an snmpset, for example:
snmpset [options] <smfCfgOperationalMode>.0 i 2
then the local forwarder would switch its forwarding behavior from
Classical Flooding to the more efficient eCDS flooding.
11. IANA Considerations
This document defines two MIB modules:
1. SMF-MIB is defined in Section 7 and is an experimental MIB
module.
2. IANA-SMF-MIB is defined in Section 8 and is an IANA MIB module
that IANA maintains.
Thus, IANA has completed three actions:
IANA has allocated an OBJECT IDENTIFIER value and recorded it in the
SMI Numbers registry in the subregistry called "SMI Experimental
Codes" under the experimental branch (1.3.6.1.3).
Decimal | Name | Description | Reference
--------+---------+---------------+------------
126 | smfMib | SMF-MIB | [RFC7367]
IANA has allocated an OBJECT IDENTIFIER value and recorded it in the
SMI Numbers registry in the subregistry called "SMI Network
Management MGMT Codes Internet-standard MIB" under the mib-2 branch
(1.3.6.1.2.1).
Decimal | Name | Description | Reference
--------+---------------+-----------------+------------
225 | ianaSmfMIB | IANA-SMF-MIB | [RFC7367]
IANA maintains a MIB module called ianaSmfMIB and has populated it
with the initial MIB module defined in Section 8 of this document by
creating a new entry in the registry "IANA Maintained MIBs" called
"IANA-SMF-MIB".
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999,
<http://www.rfc-editor.org/info/rfc2578>.
Acknowledgements
The authors would like to acknowledge the valuable comments from Sean
Harnedy in the early phases of the development of this MIB module.
The authors would like to thank Adrian Farrel, Dan Romascanu, Juergen
Shoenwaelder, Stephen Hanna, and Brian Haberman for their careful
review of this document and their insightful comments. We also wish
to thank the entire MANET WG for many reviews of this document.
Further, the authors would like to thank James Nguyen for his careful
review and comments on this MIB module and his work on the
definitions of the follow-on MIB modules to configure specific RSSAs
related to SMF. Further, the authors would like to acknowledge the
work of James Nguyen, Brian Little, Ryan Morgan, and Justin Dean on
their software development of the SMF-MIB.
Contributors
This MIB document uses the template authored by D. Harrington that
is based on contributions from the MIB Doctors, especially Juergen
Schoenwaelder, Dave Perkins, C.M. Heard, and Randy Presuhn.
Authors' Addresses
Robert G. Cole
US Army CERDEC
6010 Frankford Road
Aberdeen Proving Ground, Maryland 21005
United States
Phone: +1 443 395 8744
EMail: robert.g.cole@us.army.mil
Joseph Macker
Naval Research Laboratory
Washington, D.C. 20375
United States
EMail: macker@itd.nrl.navy.mil
Brian Adamson
Naval Research Laboratory
Washington, D.C. 20375
United States
EMail: adamson@itd.nrl.navy.mil