Tech-invite3GPPspaceIETF RFCsSIP
93929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 5324

MIB for Fibre-Channel Security Protocols (FC-SP)

Pages: 216
Proposed Standard
Part 7 of 7 – Pages 188 to 216
First   Prev   None

Top   ToC   RFC5324 - Page 188   prevText
t11FcSpSaTSelNegOutStartRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 7 }

t11FcSpSaTSelNegOutEndRCtl OBJECT-TYPE
    SYNTAX       T11FcRoutingControl
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest 8-bit value contained within a
           Routing Control (R_CTL) field of a frame that will match
           with this Traffic Selector."
    ::= { t11FcSpSaTSelNegOutEntry 8 }

t11FcSpSaTSelNegOutStartType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically smallest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 9 }

t11FcSpSaTSelNegOutEndType OBJECT-TYPE
    SYNTAX       T11FcSpType
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The numerically largest of a range of possible 'type'
           values of frames that will match with this Traffic
           Selector."
    ::= { t11FcSpSaTSelNegOutEntry 10 }

--
--  Traffic Selectors index-ed by SPI
--

t11FcSpSaTSelSpiTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaTSelSpiEntry
    MAX-ACCESS   not-accessible
    STATUS       current
Top   ToC   RFC5324 - Page 189
    DESCRIPTION
           "A table identifying the Traffic Selectors in use on
           particular Security Associations, INDEX-ed by their
           (ingress) SPI values."
    ::= { t11FcSpSaActive 4 }

t11FcSpSaTSelSpiEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaTSelSpiEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry identifies one Traffic Selector in use on an SA
           pair on the interface (identified by t11FcSpSaPairIfIndex)
           to a particular Fabric (identified by
           t11FcSpSaIfFabricIndex), and managed as part of the Fibre
           Channel management instance identified by fcmInstanceIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaPairIfIndex,
             t11FcSpSaIfFabricIndex,
             t11FcSpSaTSelSpiInboundSpi, t11FcSpSaTSelSpiTrafSelIndex }
    ::= { t11FcSpSaTSelSpiTable 1 }

T11FcSpSaTSelSpiEntry ::= SEQUENCE {
    t11FcSpSaTSelSpiInboundSpi     T11FcSpiIndex,
    t11FcSpSaTSelSpiTrafSelIndex   Unsigned32,
    t11FcSpSaTSelSpiDirection      T11FcSaDirection,
    t11FcSpSaTSelSpiTrafSelPtr     Unsigned32
}

t11FcSpSaTSelSpiInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An SPI value that identifies the ingress Security
           Association of a particular SA pair."
    ::= { t11FcSpSaTSelSpiEntry 1 }

t11FcSpSaTSelSpiTrafSelIndex OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "An index value that distinguishes between the
           (potentially multiple) Traffic Selectors in use on
           this Security Association pair."
    ::= { t11FcSpSaTSelSpiEntry 2 }

t11FcSpSaTSelSpiDirection OBJECT-TYPE
Top   ToC   RFC5324 - Page 190
    SYNTAX       T11FcSaDirection
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "This object indicates whether this Traffic Selector
           is being used for ingress or for egress traffic."
    ::= { t11FcSpSaTSelSpiEntry 3 }

t11FcSpSaTSelSpiTrafSelPtr OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "This object contains a pointer into another table that
           can be used to obtain more information about this Traffic
           Selector.

           If the corresponding instance of t11FcSpSaTSelSpiDirection
           has the value 'egress', then this object contains the
           value of t11FcSpSaTSelNegOutPrecedence in the row of
           t11FcSpSaTSelNegOutTable, which contains more information.

           If the corresponding instance of t11FcSpSaTSelSpiDirection
           has the value 'ingress', then this object contains the
           value of t11FcSpSaTSelNegInIndex that identifies the row
           in t11FcSpSaTSelNegInTable containing more information."
    ::= { t11FcSpSaTSelSpiEntry 4 }

--
-- Notification information & control
--

t11FcSpSaControlTable OBJECT-TYPE
    SYNTAX       SEQUENCE OF T11FcSpSaControlEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "A table of control and other information concerning
           the generation of notifications for events related
           to FC-SP Security Associations."
    ::= { t11FcSpSaControl 1 }

t11FcSpSaControlEntry OBJECT-TYPE
    SYNTAX       T11FcSpSaControlEntry
    MAX-ACCESS   not-accessible
    STATUS       current
    DESCRIPTION
           "Each entry identifies information for the one or more
Top   ToC   RFC5324 - Page 191
           interfaces (identified by t11FcSpSaIfIndex) to a
           particular Fabric (identified by t11FcSpSaIfFabricIndex),
           and managed as part of the Fibre Channel management
           instance identified by fcmInstanceIndex.

           The StorageType of a row in this table is specified by
           the instance of t11FcSpSaIfStorageType that is INDEX-ed
           by the same values of fcmInstanceIndex, t11FcSpSaIfIndex,
           and t11FcSpSaIfFabricIndex."
    INDEX  { fcmInstanceIndex, t11FcSpSaIfIndex,
             t11FcSpSaIfFabricIndex }
    ::= { t11FcSpSaControlTable 1 }

T11FcSpSaControlEntry ::= SEQUENCE {
    t11FcSpSaControlAuthFailEnable  TruthValue,
    t11FcSpSaControlInboundSpi      T11FcSpiIndex,
    t11FcSpSaControlSource          FcAddressIdOrZero,
    t11FcSpSaControlDestination     FcAddressIdOrZero,
    t11FcSpSaControlFrame           OCTET STRING,
    t11FcSpSaControlElapsed         TimeTicks,
    t11FcSpSaControlSuppressed      Gauge32,
    t11FcSpSaControlWindow          Unsigned32,
    t11FcSpSaControlMaxNotifs       Unsigned32,
    t11FcSpSaControlLifeExcdEnable  TruthValue,
    t11FcSpSaControlLifeExcdSpi     T11FcSpiIndex,
    t11FcSpSaControlLifeExcdDir     T11FcSaDirection,
    t11FcSpSaControlLifeExcdTime    TimeStamp
}

t11FcSpSaControlAuthFailEnable OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "This object specifies whether a t11FcSpSaNotifyAuthFailure
           notification should be generated for the first occurrence
           of an Authentication failure within a time window for this
           Fabric."
    ::= { t11FcSpSaControlEntry 1 }

t11FcSpSaControlInboundSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The SPI value of the ingress Security Association on
           which was received the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.
Top   ToC   RFC5324 - Page 192
           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is zero."
    ::= { t11FcSpSaControlEntry 2 }

t11FcSpSaControlSource OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The S_ID contained in the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.

           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 3 }

t11FcSpSaControlDestination OBJECT-TYPE
    SYNTAX       FcAddressIdOrZero
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The D_ID contained in the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.

           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 4 }

t11FcSpSaControlFrame OBJECT-TYPE
    SYNTAX       OCTET STRING (SIZE (0..256))
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The binary content of the last frame for which a
           t11FcSpSaNotifyAuthFailure was generated.  If more than
           256 bytes of the frame are available, then this object
           contains the first 256 bytes.  If less than 256 bytes of
           the frame are available, then this object contains the
           first N bytes, where N is greater or equal to zero.

           If no t11FcSpSaNotifyAuthFailure notifications have
           been generated, the value of this object is the
           zero-length string."
    ::= { t11FcSpSaControlEntry 5 }

t11FcSpSaControlElapsed OBJECT-TYPE
Top   ToC   RFC5324 - Page 193
    SYNTAX       TimeTicks
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The elapsed time since the last generation of a
           t11FcSpSaNotifyAuthFailure notification on the same
           Fabric, or the value of sysUpTime if no
           t11FcSpSaNotifyAuthFailure notifications have been
           generated since the last restart."
    ::= { t11FcSpSaControlEntry 6 }

t11FcSpSaControlSuppressed OBJECT-TYPE
    SYNTAX       Gauge32
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The number of occurrences of an Authentication failure
           on a Fabric that were suppressed because they occurred
           on the same Fabric within the same time window as a
           previous Authentication failure for which a
           t11FcSpSaNotifyAuthFailure notification was generated.

           The value of this object is reset to zero on a restart
           of the network management subsystem, and whenever a
           t11FcSpSaNotifyAuthFailure notification is generated.
           In the event that the value of this object reaches its
           maximum value, it remains at that value until it is
           reset on the generation of the next
           t11FcSpSaNotifyAuthFailure notification."
    ::= { t11FcSpSaControlEntry 7 }

t11FcSpSaControlWindow OBJECT-TYPE
    SYNTAX       Unsigned32 (1..4294967295)
    UNITS        "seconds"
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "The length of a time window that begins when a
           t11FcSpSaNotifyAuthFailure notification is generated for
           any Security Association on a particular Fabric.  For the
           duration of the time window, further Authentication failures
           occurring for the same Security Association are counted but
           no t11FcSpSaNotifyAuthFailure notification is generated.

           When this object is modified before the end of a time
           window, that time window is immediately terminated, i.e.,
           the next Authentication failure on the relevant Fabric
           after the modification will cause a new time window to
Top   ToC   RFC5324 - Page 194
           begin with the new length."
    DEFVAL   { 300 }
    ::= { t11FcSpSaControlEntry 8 }

t11FcSpSaControlMaxNotifs OBJECT-TYPE
    SYNTAX       Unsigned32
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "The maximum number of t11FcSpSaNotifyAuthFailure
           notifications to be generated per Fabric within a
           t11FcSpSaControlWindow time window.  Subsequent
           Authentication failures occurring on the same Fabric
           in the same time window are counted, but no
           t11FcSpSaNotifyAuthFailure notification is generated.

           When this object is modified before the end of a time
           window, that time window is immediately terminated, i.e.,
           the next Authentication failure on the relevant Fabric
           after the modification will cause a new time window to
           begin with the new length."
    DEFVAL   { 16 }
    ::= { t11FcSpSaControlEntry 9 }

t11FcSpSaControlLifeExcdEnable OBJECT-TYPE
    SYNTAX       TruthValue
    MAX-ACCESS   read-write
    STATUS       current
    DESCRIPTION
           "This object specifies whether t11FcSpSaNotifyLifeExceeded
           notifications should be generated for this Fabric."
    DEFVAL   { true }
    ::= { t11FcSpSaControlEntry 10 }

t11FcSpSaControlLifeExcdSpi OBJECT-TYPE
    SYNTAX       T11FcSpiIndex
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The SPI of the SA that was most recently terminated
           because its lifetime (in seconds or in passed bytes)
           was exceeded.  Such terminations include those due to
           a failed attempt to renew an SA after its lifetime was
           exceeded."
    ::= { t11FcSpSaControlEntry 11 }

t11FcSpSaControlLifeExcdDir OBJECT-TYPE
    SYNTAX       T11FcSaDirection
Top   ToC   RFC5324 - Page 195
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The direction of frame transmission on the SA that was
           most recently terminated because its lifetime (in seconds
           or in passed bytes) was exceeded."
    ::= { t11FcSpSaControlEntry 12 }

t11FcSpSaControlLifeExcdTime OBJECT-TYPE
    SYNTAX       TimeStamp
    MAX-ACCESS   read-only
    STATUS       current
    DESCRIPTION
           "The time of the most recent termination of an SA
           due to its lifetime (in seconds or in passed bytes)
           being exceeded.  Such terminations include those
           due to a failed attempt to renew an SA after its
           lifetime was exceeded."
    ::= { t11FcSpSaControlEntry 13 }

--
-- Notification definitions
--

t11FcSpSaNotifyAuthFailure NOTIFICATION-TYPE
    OBJECTS      { t11FcSpSaControlInboundSpi,
                   t11FcSpSaControlSource,
                   t11FcSpSaControlDestination,
                   t11FcSpSaControlFrame,
                   t11FcSpSaControlElapsed,
                   t11FcSpSaControlSuppressed }
    STATUS       current
    DESCRIPTION
           "When this notification is generated, it indicates the
           occurrence of an Authentication failure for a received
           FC-2 or CT_IU frame.  The t11FcSpSaControlInboundSpi,
           t11FcSpSaControlSource, and t11FcSpSaControlDestination
           objects in the varbindlist are the frame's SPI, source and
           destination addresses, respectively.  t11FcSpSaControlFrame
           provides the (beginning of the) frame's content if such is
           available.

           This notification is generated only for the first
           occurrence of an Authentication failure on a Fabric within
           a time window.  Subsequent occurrences of an Authentication
           Failure on the same Fabric within the same time window
           are counted but suppressed.
Top   ToC   RFC5324 - Page 196
           The value of t11FcSpSaControlElapsed contains (a lower bound
           on) the elapsed time since the last generation of this
           notification for the same Fabric.  The value of
           t11FcSpSaControlSuppressed contains the number of
           generations which were suppressed in the time window after
           that last generation, or zero if unknown."
    ::= { t11FcSpSaMIBNotifications 1 }

t11FcSpSaNotifyLifeExceeded NOTIFICATION-TYPE
    OBJECTS      { t11FcSpSaControlLifeExcdSpi,
                   t11FcSpSaControlLifeExcdDir }
    STATUS       current
    DESCRIPTION
           "This notification is generated when the lifetime (in
           seconds or in passed bytes) of an SA is exceeded, and the
           SA is either immediately terminated or is terminated
           because an attempt to renew the SA fails.  The values of
           t11FcSpSaControlLifeExcdSpi and t11FcSpSaControlLifeExcdDir
           contain the SPI and direction of the terminated SA."
    ::= { t11FcSpSaMIBNotifications 2 }

--
-- Conformance
--

t11FcSpSaMIBCompliances
                    OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 1 }
t11FcSpSaMIBGroups  OBJECT IDENTIFIER ::= { t11FcSpSaMIBConformance 2 }

t11FcSpSaMIBCompliance MODULE-COMPLIANCE
    STATUS       current
    DESCRIPTION
           "The compliance statement for entities that implement
           FC-SP Security Associations."

    MODULE  -- this module
        MANDATORY-GROUPS
            { t11FcSpSaCapabilityGroup,
              t11FcSpSaParamStatusGroup,
              t11FcSpSaSummaryCountGroup,
              t11FcSpSaProposalGroup,
              t11FcSpSaDropBypassGroup,
              t11FcSpSaActiveGroup,
              t11FcSpSaNotifInfoGroup,
              t11FcSpSaNotificationGroup
            }

       -- The following is an auxiliary (listed in an INDEX clause)
Top   ToC   RFC5324 - Page 197
       -- object for which the SMIv2 does not allow an OBJECT clause
       -- to be specified, but for which this MIB has the following
       -- compliance requirement:
       --      OBJECT        t11FcSpSaIfIndex
       --      DESCRIPTION
       --          Compliance requires support for either one of:
       --          - individual interfaces using ifIndex values, or
       --          - the use of the zero value.

-- Write access is not required for any objects in this MIB module:

        OBJECT       t11FcSpSaIfStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransStorageType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaIfReplayPrevention
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaIfReplayWindowSize
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaIfTerminateAllSas
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropSecurityProt
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropTSelListIndex
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropTransListIndex
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropAcceptAlgorithm
Top   ToC   RFC5324 - Page 198
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPropRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropDirection
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropStartType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropEndType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelPropRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransSecurityProt
Top   ToC   RFC5324 - Page 199
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransEncryptAlg
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransEncryptKeyLen
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransIntegrityAlg
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTransRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByAction
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndSrcAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndDstAddr
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndRCtl
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByStartType
Top   ToC   RFC5324 - Page 200
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByEndType
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaTSelDrByRowStatus
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaPairTerminate
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlAuthFailEnable
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlWindow
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlMaxNotifs
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

        OBJECT       t11FcSpSaControlLifeExcdEnable
        MIN-ACCESS   read-only
        DESCRIPTION  "Write access is not required."

    ::= { t11FcSpSaMIBCompliances 1 }

-- Units of Conformance

t11FcSpSaCapabilityGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaIfEspHeaderCapab,
               t11FcSpSaIfCTAuthCapab,
               t11FcSpSaIfIKEv2Capab,
               t11FcSpSaIfIkev2AuthCapab
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to capabilities of FC-SP entities."
    ::= { t11FcSpSaMIBGroups 1 }

t11FcSpSaParamStatusGroup OBJECT-GROUP
Top   ToC   RFC5324 - Page 201
    OBJECTS  { t11FcSpSaIfStorageType,
               t11FcSpSaIfReplayPrevention,
               t11FcSpSaIfReplayWindowSize,
               t11FcSpSaIfDeadPeerDetections,
               t11FcSpSaIfTerminateAllSas
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing parameters
           and status information related to FC-SP entities."
    ::= { t11FcSpSaMIBGroups 2 }

t11FcSpSaSummaryCountGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaIfOutDrops,
               t11FcSpSaIfOutBypasses,
               t11FcSpSaIfOutProcesses,
               t11FcSpSaIfOutUnMatcheds,
               t11FcSpSaIfInUnprotUnmtchDrops,
               t11FcSpSaIfInDetReplays,
               t11FcSpSaIfInUnprotMtchDrops,
               t11FcSpSaIfInBadXforms,
               t11FcSpSaIfInGoodXforms,
               t11FcSpSaIfInProtUnmtchs
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing summary
           counters for FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 3 }

t11FcSpSaProposalGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaPropSecurityProt,
               t11FcSpSaPropTSelListIndex,
               t11FcSpSaPropTransListIndex,
               t11FcSpSaPropAcceptAlgorithm,
               t11FcSpSaPropOutMatchSucceeds,
               t11FcSpSaPropRowStatus,
               t11FcSpSaTSelPropDirection,
               t11FcSpSaTSelPropStartSrcAddr,
               t11FcSpSaTSelPropEndSrcAddr,
               t11FcSpSaTSelPropStartDstAddr,
               t11FcSpSaTSelPropEndDstAddr,
               t11FcSpSaTSelPropStartRCtl,
               t11FcSpSaTSelPropEndRCtl,
               t11FcSpSaTSelPropStartType,
               t11FcSpSaTSelPropEndType,
               t11FcSpSaTSelPropStorageType,
               t11FcSpSaTSelPropRowStatus
Top   ToC   RFC5324 - Page 202
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to making and accepting proposals for
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 4 }

t11FcSpSaDropBypassGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaTSelDrByAction,
               t11FcSpSaTSelDrByStartSrcAddr,
               t11FcSpSaTSelDrByEndSrcAddr,
               t11FcSpSaTSelDrByStartDstAddr,
               t11FcSpSaTSelDrByEndDstAddr,
               t11FcSpSaTSelDrByStartRCtl,
               t11FcSpSaTSelDrByEndRCtl,
               t11FcSpSaTSelDrByStartType,
               t11FcSpSaTSelDrByEndType,
               t11FcSpSaTSelDrByMatches,
               t11FcSpSaTSelDrByRowStatus
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           about Traffic Selectors of traffic to drop or bypass
           for FC-SP Security."
    ::= { t11FcSpSaMIBGroups 5 }

t11FcSpSaActiveGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaPairSecurityProt,
               t11FcSpSaPairTransListIndex,
               t11FcSpSaPairTransIndex,
               t11FcSpSaPairLifetimeLeft,
               t11FcSpSaPairLifetimeLeftUnits,
               t11FcSpSaPairTerminate,
               t11FcSpSaPairInProtUnMatchs,
               t11FcSpSaPairInDetReplays,
               t11FcSpSaPairInBadXforms,
               t11FcSpSaPairInGoodXforms,
               t11FcSpSaTransSecurityProt,
               t11FcSpSaTransEncryptAlg,
               t11FcSpSaTransEncryptKeyLen,
               t11FcSpSaTransIntegrityAlg,
               t11FcSpSaTransStorageType,
               t11FcSpSaTransRowStatus,
               t11FcSpSaTSelNegInInboundSpi,
               t11FcSpSaTSelNegInStartSrcAddr,
               t11FcSpSaTSelNegInEndSrcAddr,
Top   ToC   RFC5324 - Page 203
               t11FcSpSaTSelNegInStartDstAddr,
               t11FcSpSaTSelNegInEndDstAddr,
               t11FcSpSaTSelNegInStartRCtl,
               t11FcSpSaTSelNegInEndRCtl,
               t11FcSpSaTSelNegInStartType,
               t11FcSpSaTSelNegInEndType,
               t11FcSpSaTSelNegInUnpMtchDrops,
               t11FcSpSaTSelNegOutInboundSpi,
               t11FcSpSaTSelNegOutStartSrcAddr,
               t11FcSpSaTSelNegOutEndSrcAddr,
               t11FcSpSaTSelNegOutStartDstAddr,
               t11FcSpSaTSelNegOutEndDstAddr,
               t11FcSpSaTSelNegOutStartRCtl,
               t11FcSpSaTSelNegOutEndRCtl,
               t11FcSpSaTSelNegOutStartType,
               t11FcSpSaTSelNegOutEndType,
               t11FcSpSaTSelSpiDirection,
               t11FcSpSaTSelSpiTrafSelPtr
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information related
           to currently active FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 6 }

t11FcSpSaNotifInfoGroup OBJECT-GROUP
    OBJECTS  { t11FcSpSaControlAuthFailEnable,
               t11FcSpSaControlInboundSpi,
               t11FcSpSaControlSource,
               t11FcSpSaControlDestination,
               t11FcSpSaControlFrame,
               t11FcSpSaControlElapsed,
               t11FcSpSaControlSuppressed,
               t11FcSpSaControlWindow,
               t11FcSpSaControlMaxNotifs,
               t11FcSpSaControlLifeExcdEnable,
               t11FcSpSaControlLifeExcdSpi,
               t11FcSpSaControlLifeExcdDir,
               t11FcSpSaControlLifeExcdTime
             }
    STATUS   current
    DESCRIPTION
           "A collection of objects containing information
           related to notifications of events concerning
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 7 }
Top   ToC   RFC5324 - Page 204
t11FcSpSaNotificationGroup NOTIFICATION-GROUP
    NOTIFICATIONS  { t11FcSpSaNotifyAuthFailure,
                     t11FcSpSaNotifyLifeExceeded
                   }
    STATUS         current
    DESCRIPTION
           "A collection of notifications of events concerning
           FC-SP Security Associations."
    ::= { t11FcSpSaMIBGroups 8 }

END

7. IANA Considerations

IANA has made one MIB OID assignment, under the appropriate subtree, for each of the five MIB modules defined in this document.

8. Security Considerations

In this section, the first sub-section explains why this document does not define MIB objects for particular items of (management) information. This is followed by one sub-section for each of the MIB modules defined in section 6, listing their individual Security Considerations. The section concludes with Security Considerations common to all of these MIB modules. The key word "RECOMMENDED" contained in this section is to be interpreted as described in BCP 14 [RFC2119].

8.1. Information Not Defined in This Document

This document doesn't define any MIB objects for the secrets that need to be known/determined by FC-SP entities in order to use DH-CHAP to authenticate each other. Such secrets are "highly sensitive" and need to be "strong secrets" (e.g., randomly generated and/or from an external source, see section 5.4.8 of [FC-SP]) rather than just passwords. Thus, such secrets need to be managed by mechanisms other than the MIB modules defined here.

8.2. The T11-FC-SP-TC-MIB Module

This MIB module defines some data types and assigns some Object Identifiers, for use as the syntax and as values of MIB objects, respectively, but it itself defines no MIB objects. Thus, there is no direct read or write access via a management protocol, such as SNMP, to these definitions. Nevertheless, it does include the assignment of enumerations and OIDs to represent cryptographic algorithms/transforms, and it is appropriate for such assignments to
Top   ToC   RFC5324 - Page 205
   be augmented with new assignments as and when new
   algorithms/transforms are available.

8.3. The T11-FC-SP-AUTHENTICATION-MIB Module

There are several management objects defined in this MIB module with a MAX-ACCESS clause of read-write. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These objects and their sensitivity/vulnerability are: t11FcSpAuStorageType - could cause changes in the configuration to be retained or not retained over restarts, against the wishes of management. t11FcSpAuSendRejNotifyEnable t11FcSpAuRcvRejNotifyEnable - could cause the suppression of SNMP notifications (e.g., of authentication failures or protocol failures), or the disruption of network operations due to the generation of unwanted notifications. t11FcSpAuDefaultLifetime t11FcSpAuDefaultLifetimeUnits - could cause the lifetimes of Security Associations to be extended longer than might be secure, or shortened to cause an increase in the overhead of using security. t11FcSpAuRejectMaxRows - could cause a smaller audit trail of Authentication rejects, thereby hiding the tracks of an attacker, or a larger audit trail of Authentication rejects causing resources to be wasted. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability: t11FcSpAuEntityTable - the capabilities of FC-SP Authentication entities in terms of what cryptographic algorithms they support, and various configuration parameters of FC-SP Authentication entities.
Top   ToC   RFC5324 - Page 206
      t11FcSpAuIfStatTable
         - the mapping of which FC-SP Authentication entities operate on
           which interfaces.

      t11FcSpAuRejectTable
         - an audit trail of authentication failures and other
           Authentication Protocol failures.

8.4. The T11-FC-SP-ZONING-MIB Module

There are several management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These objects and their sensitivity/vulnerability are: t11FcSpZsServerEnabled - could cause FC-SP Zoning mode to be enabled or not enabled, against the wishes of management. t11FcSpZoneSetHashStatus - could cause an FC-SP implementation to recalculate the values of the Active Zone Set Hash and the Zone Set Database Hash more frequently than is required by management. t11FcSpZsNotifyJoinSuccessEnable t11FcSpZsNotifyJoinFailureEnable - could cause the suppression of SNMP notifications that a Switch in one Fabric has successfully joined/failed to join with a Switch in another Fabric, or the disruption of network operations due to the generation of unwanted notifications. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the objects and their sensitivity/vulnerability: t11FcSpZsServerCapabilityObject t11FcSpZsServerEnabled - the FC-SP Zoning capabilities and status of the FC-SP implementation.
Top   ToC   RFC5324 - Page 207
      t11FcSpZoneSetHashStatus
      t11FcSpActiveZoneSetHashType
      t11FcSpActiveZoneSetHash
      t11FcSpZoneSetDatabaseHashType
      t11FcSpZoneSetDatabaseHash
         - the current values of the Active Zone Set Hash and the Zone
           Set Database Hash.

8.5. The T11-FC-SP-POLICY-MIB Module

There are many management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. The objects and tables and their sensitivity/vulnerability are: t11FcSpPoNaSummaryTable t11FcSpPoNaSwListTable t11FcSpPoNaSwMembTable t11FcSpPoNaNoMembTable t11FcSpPoNaCtDescrTable t11FcSpPoNaSwConnTable t11FcSpPoNaIpMgmtTable - could change the currently inactive FC-SP Fabric Policies, so as to allow unauthorized connectivity of Switches and/or Nodes to the network, or between Switches in the network, or, to prohibit such connectivity even when authorized. t11FcSpPoNaIpMgmtTable t11FcSpPoNaWkpDescrTable - could change the currently inactive FC-SP Fabric Policies, so as to allow unauthorized management access to Switches, or prohibit authorized management access to Switches. t11FcSpPoNaSummaryTable t11FcSpPoNaSwMembTable t11FcSpPoNaNoMembTable t11FcSpPoNaAttribTable t11FcSpPoNaAuthProtTable - could change the currently inactive FC-SP Fabric Policies, so as to allow Security Associations with reduced security or require Security Associations that are unnecessarily secure.
Top   ToC   RFC5324 - Page 208
      t11FcSpPoOperActivate
      t11FcSpPoOperDeActivate
         - could cause the currently active FC-SP Fabric Policies to be
           de-activated and currently inactive FC-SP Fabric Policies
           (e.g., those modified as above) to be activated instead.

      t11FcSpPoStorageType
         - could cause changes in the configuration and/or in FC-SP
           Fabric Policies to be retained or not retained over restarts,
           against the wishes of management.

      t11FcSpPoNotificationEnable
         - could cause the suppression of SNMP notifications on the
           successful/unsuccessful activation/deactivation of Fabric
           Policies, and thereby hide successful/failed attempts to make
           unauthorized changes, or cause the disruption of network
           operations due to the generation of unwanted notifications.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and their
   sensitivity/vulnerability:

      t11FcSpPoTable
      t11FcSpPoSummaryTable
      t11FcSpPoSwMembTable
      t11FcSpPoNoMembTable
      t11FcSpPoCtDescrTable
      t11FcSpPoSwConnTable
      t11FcSpPoIpMgmtTable
      t11FcSpPoWkpDescrTable
      t11FcSpPoAttribTable
      t11FcSpPoAuthProtTable
         - the currently active FC-SP Fabric Policies that can be
           examined by an attacker looking for possible security
           vulnerabilities in the active policies.
Top   ToC   RFC5324 - Page 209

8.6. The T11-FC-SP-SA-MIB Module

There are several management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These objects and their sensitivity/vulnerability are: t11FcSpSaIfStorageType t11FcSpSaTSelPropStorageType t11FcSpSaTransStorageType - could cause changes in configuration information related to FC-SP Security Associations to be retained or not retained over restarts, against the wishes of management. t11FcSpSaIfReplayPrevention t11FcSpSaIfReplayWindowSize - could cause changes in the operation of anti-replay protection, thereby permitting an attacker to conduct replay attacks, or requiring FC-SP implementations to engage in unnecessary protection against replay. t11FcSpSaIfTerminateAllSas t11FcSpSaPairTerminate - could cause FC-SP Security Associations to be aborted unnecessarily. t11FcSpSaControlAuthFailEnable - could cause the suppression of SNMP notifications on the occurrence of Authentication failures for received FC-2 or CT_IU frames, thereby hiding attempts to subvert security measures, or cause the disruption of network operations due to the generation of unwanted notifications. t11FcSpSaControlLifeExcdEnable - could cause the suppression of SNMP notifications on the occurrence of an FC-SP Security Association exceeding its lifetime, thereby possibly causing disruption to network usage due to a delay in determining the problem and/or re- establishing the Security Association.
Top   ToC   RFC5324 - Page 210
      t11FcSpSaControlWindow
         - could cause the suppression of second and subsequent SNMP
           notifications on the occurrence of Authentication failures
           for received FC-2 or CT_IU frames, thereby masking repeated
           attempts to subvert security measures, or cause the
           disruption of network operations due to the generation of
           unwanted notifications.

      t11FcSpSaControlMaxNotifs
         - could cause the suppression of all SNMP notifications on the
           occurrence of Authentication failures for received FC-2 or
           CT_IU frames, thereby masking attempts to subvert security
           measures, or cause the disruption of network operations due
           to the generation of unwanted notifications.

      t11FcSpSaPropTable
      t11FcSpSaTSelPropTable
      t11FcSpSaTransTable
         - could cause an FC-SP entity to propose the setup of Security
           Associations that apply to a different selection of traffic
           and/or using different security transforms, such that some
           traffic has a reduced level of security that might improve an
           attacker's chance of subverting security, or an increased
           level of security that would involve unnecessary security
           processing, or cause the negotiation of Security Associations
           to fail to find commonly acceptable parameters such that no
           Security Associations can be established.

      t11FcSpSaTSelDrByTable
         - could cause an FC-SP entity to select different sets of
           traffic which are: a) to be sent/received without being
           protected by FC-SP security, thereby providing an attacker
           with access to read authentic traffic or the ability to
           introduce unauthentic traffic; or b) to be dropped instead of
           being sent/after being received, thereby causing disruption
           to network usage.

   Some of the readable objects in this MIB module (i.e., objects with a
   MAX-ACCESS other than not-accessible) may be considered sensitive or
   vulnerable in some network environments.  It is thus important to
   control even GET and/or NOTIFY access to these objects and possibly
   to even encrypt the values of these objects when sending them over
   the network via SNMP.  These are the tables and objects and their
   sensitivity/vulnerability:
Top   ToC   RFC5324 - Page 211
      t11FcSpSaIfTable
         - information concerning the capabilities, parameters and
           status of an FC-SP entity's support for Security
           Associations.

      t11FcSpSaPropTable
      t11FcSpSaTSelPropTable
      t11FcSpSaTransTable
         - information on the proposals that will be used by an FC-SP
           entity to negotiate Security Associations.

      t11FcSpSaTSelDrByTable
         - information on which subsets of traffic an FC-SP entity will
           send or receive without being protected by FC-SP security, or
           will drop before sending/after receiving.

      t11FcSpSaPairTable
      t11FcSpSaTSelNegInTable
      t11FcSpSaTSelNegOutTable
      t11FcSpSaTSelSpiTable
         - information on which Security Associations are currently
           active, what subsets of traffic they are carrying, and what
           security protection is being given to them.

8.7. Recommendations Common to All MIB Modules

SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementors consider the security features as provided by the SNMPv3 framework (see [RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them. Because the two algorithms currently specified for T11FcSpPolicyHashFormat are SHA-1 and SHA-256, the definition of T11FcSpHashCalculationStatus expresses a concern in regard to not
Top   ToC   RFC5324 - Page 212
   incrementally recomputing the hashes after each change when a series
   of multiple related changes are being made.  This method of reducing
   computation is intended as a responsiveness measure (i.e.,
   cooperating SNMP managers and agents can get things done faster), not
   as a Denial-of-Service (DoS) countermeasure.  Nevertheless,
   implementations should also consider the DoS possibilities in these
   scenarios; potential countermeasures include: requiring
   authentication for SETs and the rate-limiting of SET operations if
   they can cause significant computation.

9. Normative References

[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, December 2002. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [RFC4044] McCloghrie, K., "Fibre Channel Management MIB", RFC 4044, May 2005. [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005. [RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005.
Top   ToC   RFC5324 - Page 213
   [RFC4438]  DeSanti, C., Gaonkar, V., Vivek, H., McCloghrie, K., and
              S. Gai, "Fibre-Channel Name Server MIB", RFC 4438, April
              2006.

   [RFC4439]  DeSanti, C., Gaonkar, V., McCloghrie, K., and S. Gai,
              "Fibre Channel Fabric Address Manager MIB", RFC 4439,
              March 2006.

   [RFC4936]  DeSanti, C., Vivek, H., McCloghrie, K., and S. Gai, "Fibre
              Channel Zone Server MIB", RFC 4936, August 2007.

   [FC-FS-2]  "Fibre Channel - Framing and Signaling-2 (FC-FS-2)",
              ANSI INCITS 424-2007, February 2007.

   [FC-GS-5]  "Fibre Channel - Generic Services-5 (FC-GS-5)",
              ANSI INCITS 427-2006, December 2006.

   [FC-SP]    "Fibre Channel - Security Protocols (FC-SP)",
              ANSI INCITS 426-2007, T11/Project 1570-D, February 2007.

   [FC-SW-4]  "Fibre Channel - Switch Fabric-4 (FC-SW-4)",
              ANSI INCITS 418-2006, April 2006.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

10. Informative References

[RFC1492] Finseth, C., "An Access Control Protocol, Sometimes Called TACACS", RFC 1492, July 1993. [RFC2741] Daniele, M., Wijnen, B., Ellison, M., and D. Francisco, "Agent Extensibility (AgentX) Protocol Version 1", RFC 2741, January 2000. [RFC2837] Teow, K., "Definitions of Managed Objects for the Fabric Element in Fibre Channel Standard", RFC 2837, May 2000. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000. [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework", RFC 3410, December 2002. [RFC3588] Calhoun, P., Loughney, J., Guttman, E., Zorn, G., and J. Arkko, "Diameter Base Protocol", RFC 3588, September 2003.
Top   ToC   RFC5324 - Page 214
   [RFC4595]  Maino, F. and D. Black, "Use of IKEv2 in the Fibre Channel
              Security Association Management Protocol", RFC 4595, July
              2006.

   [RFC4625]  DeSanti, C., McCloghrie, K., Kode, S., and S. Gai, "Fibre
              Channel Routing Information MIB", RFC 4625, September
              2006.

   [RFC4626]  DeSanti, C., Gaonkar, V., McCloghrie, K., and S. Gai, "MIB
              for Fibre Channel's Fabric Shortest Path First (FSPF)
              Protocol", RFC 4626, September 2006.

   [RFC4668]  Nelson, D., "RADIUS Authentication Client MIB for IPv6",
              RFC 4668, August 2006.

   [RFC4747]  Kipp, S., Ramkumar, G., and K. McCloghrie, "The Virtual
              Fabrics MIB", RFC 4747, November 2006.

   [RFC4935]  DeSanti, C., Vivek, H., McCloghrie, K., and S. Gai, "Fibre
              Channel Fabric Configuration Server MIB", RFC 4935, August
              2007.

   [RFC4983]  DeSanti, C., Vivek, H., McCloghrie, K., and S. Gai, "Fibre
              Channel Registered State Change Notification (RSCN) MIB",
              RFC 4983, August 2007.
Top   ToC   RFC5324 - Page 215

11. Acknowledgements

This document was initially developed and approved by the INCITS Task Group T11.5 (http://www.t11.org) as the SM-FSM project. We wish to acknowledge the contributions and comments from the INCITS Technical Committee T11, including the following: T11 Chair: Robert Snively, Brocade T11 Vice Chair: Claudio DeSanti, Cisco Systems T11.5 Chair: Roger Cummings, Symantec T11.5 members: David Black, EMC Don Fraser, HP Larry Hofer, Brocade Scott Kipp, Brocade Ralph Weber, ENDL The document was subsequently a work item of the IMSS Working Group (of the IETF), chaired by David Black (EMC Corporation). Bert Wijnen (Alcatel-Lucent) deserves many thanks for his thorough review of all five MIB modules in this (large!) document. We also wish to acknowledge Dan Romascanu (Avaya), the IETF Area Director, for his comments and assistance.

Authors' Addresses

Claudio DeSanti Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Phone: +1 408 853-9172 EMail: cds@cisco.com Fabio Maino Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Phone: +1 408 853-7530 EMail: fmaino@cisco.com Keith McCloghrie Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA USA 95134 Phone: +1 408-526-5260 EMail: kzm@cisco.com
Top   ToC   RFC5324 - Page 216
Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.