📄 rfc2787.txt
字号:
::= { vrrpRouterStatsEntry 11 } vrrpStatsPacketLengthErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of packets received with a packet length less than the length of the VRRP header." ::= { vrrpRouterStatsEntry 12 }-- *******************************************************************-- Trap Definitions-- ******************************************************************* vrrpNotifications OBJECT IDENTIFIER ::= { vrrpMIB 0 } vrrpTrapPacketSrc OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IP address of an inbound VRRP packet. Used by vrrpTrapAuthFailure trap." ::= { vrrpOperations 5 } vrrpTrapAuthErrorType OBJECT-TYPE SYNTAX INTEGER { invalidAuthType (1), authTypeMismatch (2), authFailure (3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Potential types of configuration conflicts. Used by vrrpAuthFailure trap."Jewell & Chuang Standards Track [Page 24]
RFC 2787 VRRP MIB Management Objects March 2000 ::= { vrrpOperations 6 } vrrpTrapNewMaster NOTIFICATION-TYPE OBJECTS { vrrpOperMasterIpAddr } STATUS current DESCRIPTION "The newMaster trap indicates that the sending agent has transitioned to 'Master' state." ::= { vrrpNotifications 1 } vrrpTrapAuthFailure NOTIFICATION-TYPE OBJECTS { vrrpTrapPacketSrc, vrrpTrapAuthErrorType } STATUS current DESCRIPTION "A vrrpAuthFailure trap signifies that a packet has been received from a router whose authentication key or authentication type conflicts with this router's authentication key or authentication type. Implementation of this trap is optional." ::= { vrrpNotifications 2 }-- *******************************************************************-- Conformance Information-- ******************************************************************* vrrpMIBCompliances OBJECT IDENTIFIER ::= { vrrpConformance 1 } vrrpMIBGroups OBJECT IDENTIFIER ::= { vrrpConformance 2 }-- ...................................................................-- Compliance Statements-- ................................................................... vrrpMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The core compliance statement for all VRRP implementations." MODULE -- this module MANDATORY-GROUPS { vrrpOperGroup, vrrpStatsGroup } OBJECT vrrpOperPriority WRITE-SYNTAX Integer32 (1..255) DESCRIPTION "SETable values are from 1 to 255."Jewell & Chuang Standards Track [Page 25]
RFC 2787 VRRP MIB Management Objects March 2000 ::= { vrrpMIBCompliances 1 }-- ...................................................................-- Conformance Groups-- ................................................................... vrrpOperGroup OBJECT-GROUP OBJECTS { vrrpNodeVersion, vrrpNotificationCntl, vrrpOperVirtualMacAddr, vrrpOperState, vrrpOperAdminState, vrrpOperPriority, vrrpOperIpAddrCount, vrrpOperMasterIpAddr, vrrpOperPrimaryIpAddr, vrrpOperAuthType, vrrpOperAuthKey, vrrpOperAdvertisementInterval, vrrpOperPreemptMode, vrrpOperVirtualRouterUpTime, vrrpOperProtocol, vrrpOperRowStatus, vrrpAssoIpAddrRowStatus } STATUS current DESCRIPTION "Conformance group for VRRP operations." ::= { vrrpMIBGroups 1 } vrrpStatsGroup OBJECT-GROUP OBJECTS { vrrpRouterChecksumErrors, vrrpRouterVersionErrors, vrrpRouterVrIdErrors, vrrpStatsBecomeMaster, vrrpStatsAdvertiseRcvd, vrrpStatsAdvertiseIntervalErrors, vrrpStatsAuthFailures, vrrpStatsIpTtlErrors, vrrpStatsPriorityZeroPktsRcvd, vrrpStatsPriorityZeroPktsSent, vrrpStatsInvalidTypePktsRcvd, vrrpStatsAddressListErrors, vrrpStatsInvalidAuthType, vrrpStatsAuthTypeMismatch, vrrpStatsPacketLengthErrorsJewell & Chuang Standards Track [Page 26]
RFC 2787 VRRP MIB Management Objects March 2000 } STATUS current DESCRIPTION "Conformance group for VRRP statistics." ::= { vrrpMIBGroups 2 } vrrpTrapGroup OBJECT-GROUP OBJECTS { vrrpTrapPacketSrc, vrrpTrapAuthErrorType } STATUS current DESCRIPTION "Conformance group for objects contained in VRRP notifications." ::= { vrrpMIBGroups 3 } vrrpNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { vrrpTrapNewMaster, vrrpTrapAuthFailure } STATUS current DESCRIPTION "The VRRP MIB Notification Group." ::= { vrrpMIBGroups 4 }END4. Security Considerations There are a number of management objects defined in this MIB that have a MAX-ACCESS clause of read-write or read-create. Such objects may be considered sensitive or vulnerable to security attacks in some networking environments. The support for SET operations in a non- secure environment without proper protection can have a negative effect on VRRP router operations. A number of objects in the vrrpOperTable possess the read-create attribute. Manipulation of these objects is capable of affecting the operation of a virtual router. Specific examples of this include, but are not limited to: o The vrrpOperAdminState object which could be used to disable a virtual router. o The vrrpOperPrimaryIpAddr object which, if compromised, could allow assignment of an invalid IP address to a master router.Jewell & Chuang Standards Track [Page 27]
RFC 2787 VRRP MIB Management Objects March 2000 o The authentication type/key related objects which could potentially render the VRRP security mechanisms ineffective. Of additional concern is the ability to disable the transmission of traps. This would nullify the capability of a virtual router to provide notification in the event of an authentication failure. SNMPv1 by itself is not a secure environment. Even if the network itself is secure (for example by using IPSec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB. It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [RFC2574] and the View- based Access Control Model RFC 2575 [RFC2575] is recommended. It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.5. Acknowledgements The authors would like to thank Danny Mitzel, Venkat Prasad, Al Pham, Robert Hinden, Venkat Prasad, Barbera Denny, Fred Baker, Jeff Case, Flavio Fernandes, Acee Lindem, Scott Barvick, and Bert Wijnen for their comments and suggestions.6. References [1] Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999. [2] Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990. [3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991. [4] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991. [5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.Jewell & Chuang Standards Track [Page 28]
RFC 2787 VRRP MIB Management Objects March 2000 [6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999. [7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M. and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999. [8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990. [9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996. [10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996. [11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999. [12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999. [13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996. [14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999. [15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999 [16] Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction to Version 3 of the Internet-standard Network Management Framework", RFC 2570, April 1999 [17] Knight, S., Weaver, D., Whipple, D., Hinden, R., Mitzel, D., Hunt, P., Higginson, P., Shand, M. and Lindem, A., "Virtual Router Redundancy Protocol", RFC 2338, November 1997. [18] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB using SMIv2", RFC 2233, November 1997.Jewell & Chuang Standards Track [Page 29]
RFC 2787 VRRP MIB Management Objects March 20007. Authors' Addresses Brian R. Jewell Copper Mountain Networks, Inc. 2470 Embarcadero Way Palo Alto, California 94303 US Phone: +1 650 687 3367 EMail: bjewell@coppermountain.com David Chuang CoSine Communications 1200 Bridge Parkway Redwood City, CA 94065 US Phone: +1 650 628 4850 EMail: david_chuang@cosinecom.com8. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards- related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.Jewell & Chuang Standards Track [Page 30]
RFC 2787 VRRP MIB Management Objects March 20009. Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.Jewell & Chuang Standards Track [Page 31]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -