smilint output for ./MPLS-L3VPN-DRAFT-03-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 4 |
| minor error | 1 |
| warning | 1 |
| Message Types |
|---|
| Type | Count |
|---|
| bad-identifier-case (error) | 1 |
| date-hour (error) | 2 |
| index-element-no-size (minor error) | 1 |
| index-exceeds-too-large (warning) | 1 |
| object-identifier-not-prefix (error) | 1 |
Messages:
MPLS-L3VPN-DRAFT-03-MIB
1: -- extracted from draft-ietf-l3vpn-mpls-vpn-mib-04.txt
2: -- at Thu Jul 8 06:21:49 2004
3:
4: MPLS-L3VPN-DRAFT-03-MIB DEFINITIONS ::= BEGIN
5: IMPORTS
6: MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
7: Integer32, Counter32, Unsigned32,
8: Gauge32
9: FROM SNMPv2-SMI -- [RFC2578]
10: MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
11: FROM SNMPv2-CONF -- [RFC2580]
12: TEXTUAL-CONVENTION, TruthValue, RowStatus,
13: TimeStamp, StorageType
14: FROM SNMPv2-TC -- [RFC2579]
15: InterfaceIndex, InterfaceIndexOrZero
16: FROM IF-MIB -- [RFC2863]
17: VPNId
18: FROM VPN-TC-MIB
19: SnmpAdminString
20: FROM SNMP-FRAMEWORK-MIB -- [RFC3411]
21: IANAipRouteProtocol
22: FROM IANA-RTPROTO-MIB
23: InetAddress, InetAddressType,
24: InetAddressPrefixLength,
25: InetAutonomousSystemNumber
26: FROM INET-ADDRESS-MIB -- [RFC3291]
27: mplsStdMIB
28: FROM MPLS-TC-STD-MIB -- [RFC3811]
29: MplsIndexType
30: FROM MPLS-LSR-STD-MIB -- [RFC3813]
31: ;
32:
33: mplsL3VpnMIB MODULE-IDENTITY
34: LAST-UPDATED "200406018200Z" -- 18 June 2004 12:00:00 GMT
34: error -
date specification `200406018200Z' contains an illegal hour
35: ORGANIZATION "IETF Layer-3 Virtual Private
36: Networks Working Group."
37: CONTACT-INFO
38: " Thomas D. Nadeau
39: tnadeau@cisco.com
40: Harmen van der Linde
41: hvdl@att.com
42:
43: Luyuan Fang
44: luyuanfang@att.com
45:
46: Stephen Brannon
47:
48: Fabio M. Chiussi
49: fabio@bell-labs.com
50:
51: Joseph Dube
52:
53: Martin Tatham
54: martin.tatham@bt.com
55:
56: Comments and discussion to l3vpn@ietf.org"
57: DESCRIPTION
58: "This MIB contains managed object definitions for the
59: Layer-3 Multiprotocol Label Switching Virtual
60: Private Networks.
61:
62: Copyright (C) The Internet Society (2004). This
63: version of this MIB module is part of RFCXXX; see
64: the RFC itself for full legal notices."
65: -- Revision history.
66: REVISION
67: "200406018200Z" -- 18 June 2004 12:00:00 GMT
67: error -
date specification `200406018200Z' contains an illegal hour
68: DESCRIPTION
69: "Initial version. Published as RFC xxxx." -- RFC-editor pls fill in xxx
70: ::= { mplsStdMIB XXX } -- assigned by IANA, see section 18.1 for details
70: error -
`XXX' should start with a lower case letter
70: error -
Object identifier element `XXX' name only allowed as first element
71:
72: -- Textual Conventions.
73: MplsL3VpnName ::= TEXTUAL-CONVENTION
74: STATUS current
75: DESCRIPTION
76: "An identifier that is assigned to each MPLS/BGP VPN and
77: is used to uniquely identify it. This is assigned by the
78: system operator or NMS and SHOULD be unique throughout
79: the MPLS domain. If this is the case, then this identifier
80: can then be used at any LSR within a specific MPLS domain
81: to identify this MPLS/BGP VPN. It may also be possible to
82: preserve the uniqueness of this identifier across MPLS
83: domain boundaries, in which case this identifier can then
84: be used to uniquely identify MPLS/BGP VPNs on a more global
85: basis. This object MAY be set to the VPN ID as defined in
86: RFC 2685."
87: REFERENCE
88: "RFC 2685 Fox B., et al, 'Virtual Private
89: Networks Identifier', September 1999."
90: SYNTAX OCTET STRING(SIZE (0..31))
91:
92: MplsL3VpnRouteDistinguisher ::= TEXTUAL-CONVENTION
93: STATUS current
94: DESCRIPTION
95: "Syntax for a route distinguisher and route target."
96: SYNTAX OCTET STRING(SIZE (0..256))
97:
98: -- Top level components of this MIB.
99: mplsL3VpnNotifications OBJECT IDENTIFIER ::= { mplsL3VpnMIB 0 }
100: mplsL3VpnObjects OBJECT IDENTIFIER ::= { mplsL3VpnMIB 1 }
101: mplsL3VpnScalars OBJECT IDENTIFIER ::= { mplsL3VpnObjects 1 }
102: mplsL3VpnConf OBJECT IDENTIFIER ::= { mplsL3VpnObjects 2 }
103: mplsL3VpnPerf OBJECT IDENTIFIER ::= { mplsL3VpnObjects 3 }
104: mplsL3VpnRoute OBJECT IDENTIFIER ::= { mplsL3VpnObjects 4 }
105: mplsL3VpnConformance OBJECT IDENTIFIER ::= { mplsL3VpnMIB 3 }
106:
107: --
108: -- Scalar Objects
109: --
110:
111: mplsL3VpnConfiguredVrfs OBJECT-TYPE
112: SYNTAX Unsigned32
113: MAX-ACCESS read-only
114: STATUS current
115: DESCRIPTION
116: "The number of VRFs which are configured on this node."
117: ::= { mplsL3VpnScalars 1 }
118:
119: mplsL3VpnActiveVrfs OBJECT-TYPE
120: SYNTAX Unsigned32
121: MAX-ACCESS read-only
122: STATUS current
123: DESCRIPTION
124: "The number of VRFs which are active on this node.
125: That is, those VRFs whose corresponding mplsL3VpnVrfOperStatus
126: object value is equal to operational (1)."
127: ::= { mplsL3VpnScalars 2 }
128:
129: mplsL3VpnConnectedInterfaces OBJECT-TYPE
130: SYNTAX Unsigned32
131: MAX-ACCESS read-only
132: STATUS current
133: DESCRIPTION
134: "Total number of interfaces connected to a VRF."
135: ::= { mplsL3VpnScalars 3 }
136:
137: mplsL3VpnNotificationEnable OBJECT-TYPE
138: SYNTAX TruthValue
139: MAX-ACCESS read-write
140: STATUS current
141: DESCRIPTION
142: "If this object is true, then it enables the
143: generation of all notifications defined in
144: this MIB."
145: REFERENCE
146: "See also RFC3413 for explanation that
147: notifications are under the ultimate control of the
148: MIB modules in this document."
149: DEFVAL { false }
150: ::= { mplsL3VpnScalars 4 }
151:
152: mplsL3VpnVrfConfMaxPossRts OBJECT-TYPE
153: SYNTAX Unsigned32
154: MAX-ACCESS read-only
155: STATUS current
156: DESCRIPTION
157: "Denotes maximum number of routes which the device
158: will allow all VRFs jointly to hold. If this value is
159: set to 0, this indicates that the device is
160: unable to determine the absolute maximum. In this
161: case, the configured maximum MAY not actually
162: be allowed by the device."
163: ::= { mplsL3VpnScalars 5 }
164:
165: mplsL3VpnVrfConfRteMxThrshTime OBJECT-TYPE
166: SYNTAX Unsigned32
167: UNITS "seconds"
168: MAX-ACCESS read-only
169: STATUS current
170: DESCRIPTION
171: "Denotes the interval in seconds, at which the route max threshold
172: notification may be re-issued after the maximum value has been
173: exceeded (or has been reached if mplsL3VpnVrfConfMaxRoutes and
174: mplsL3VpnVrfConfHighRteThresh are equal) and the initial
175: notification has been issued. This value is intended to prevent
176: continuous generation of notifications by an agent in the event
177: that routes are continually added to a VRF after it has reached
178: its maximum value. If this value is set to 0, the agent should
179: only issue a single notification at the time that the maxium
180: threshold has been reached, and should not issue any more
181: notifications until the value of routes has fallen below the
182: configured threshold value. This is the recommended default
183: behavior."
184: DEFVAL { 0 }
185: ::= { mplsL3VpnScalars 6 }
186:
187: -- VPN Interface Configuration Table
188: mplsL3VpnIfConfTable OBJECT-TYPE
189: SYNTAX SEQUENCE OF MplsL3VpnIfConfEntry
190: MAX-ACCESS not-accessible
191: STATUS current
192: DESCRIPTION
193: "This table specifies per-interface MPLS capability
194: and associated information."
195: ::= { mplsL3VpnConf 1 }
196:
197: mplsL3VpnIfConfEntry OBJECT-TYPE
198: SYNTAX MplsL3VpnIfConfEntry
199: MAX-ACCESS not-accessible
200: STATUS current
201: DESCRIPTION
202: "An entry in this table is created by an LSR for
203: every interface capable of supporting MPLS L3VPN.
204: Each entry in this table is meant to correspond to
205: an entry in the Interfaces Table."
206: INDEX { mplsL3VpnVrfName, mplsL3VpnIfConfIndex }
207: ::= { mplsL3VpnIfConfTable 1 }
208:
209: MplsL3VpnIfConfEntry ::= SEQUENCE {
210: mplsL3VpnIfConfIndex InterfaceIndex,
211: mplsL3VpnIfVpnClassification INTEGER,
212: mplsL3VpnIfVpnRouteDistProtocol BITS,
213: mplsL3VpnIfConfStorageType StorageType,
214: mplsL3VpnIfConfRowStatus RowStatus
215: }
216:
217: mplsL3VpnIfConfIndex OBJECT-TYPE
218: SYNTAX InterfaceIndex
219: MAX-ACCESS not-accessible
220: STATUS current
221: DESCRIPTION
222: "This is a unique index for an entry in the
223: mplsL3VpnIfConfTable. A non-zero index for an
224: entry indicates the ifIndex for the corresponding
225: interface entry in the MPLS-VPN-layer in the ifTable.
226: Note that this table does not necessarily correspond
227: one-to-one with all entries in the Interface MIB
228: having an ifType of MPLS-layer; rather, only those
229: which are enabled for MPLS L3VPN functionality."
230: REFERENCE
231: "RFC 2233 - The Interfaces Group MIB using SMIv2,
232: McCloghrie, K., and F. Kastenholtz, Nov. 1997"
233: ::= { mplsL3VpnIfConfEntry 1 }
234:
235: mplsL3VpnIfVpnClassification OBJECT-TYPE
236: SYNTAX INTEGER { carrierOfCarrier (1),
237: enterprise (2),
238: interProvider (3)
239: }
240: MAX-ACCESS read-create
241: STATUS current
242: DESCRIPTION
243: "Denotes whether this link participates in a
244: carrier-of-carrier's, enterprise, or inter-provider
245: scenario."
246: DEFVAL { 2 }
247: ::= { mplsL3VpnIfConfEntry 2 }
248:
249: mplsL3VpnIfVpnRouteDistProtocol OBJECT-TYPE
250: SYNTAX BITS { none (0),
251: bgp (1),
252: ospf (2),
253: rip(3),
254: isis(4),
255: static(5),
256: other (6)
257: }
258: MAX-ACCESS read-create
259: STATUS current
260: DESCRIPTION
261: "Denotes the route distribution protocol across the
262: PE-CE link. Note that more than one routing protocol
263: may be enabled at the same time, thus this object is
264: specified as a bitmask. For example, static(5) and
265: ospf(2) are a typical configuration."
266: DEFVAL { 0 }
267: ::= { mplsL3VpnIfConfEntry 3 }
268:
269: mplsL3VpnIfConfStorageType OBJECT-TYPE
270: SYNTAX StorageType
271: MAX-ACCESS read-create
272: STATUS current
273: DESCRIPTION
274: "The storage type for this entry."
275: REFERENCE
276: "See RFC2579."
277: DEFVAL { volatile }
278: ::= { mplsL3VpnIfConfEntry 4 }
279:
280: mplsL3VpnIfConfRowStatus OBJECT-TYPE
281: SYNTAX RowStatus
282: MAX-ACCESS read-create
283: STATUS current
284: DESCRIPTION
285: "This variable is used to create, modify, and/or
286: delete a row in this table. Rows in this
287: table signify that the specified interface is
288: associated with this VRF. If the row creation
289: operation succeeds, the interface will have been
290: associated with the specified VRF, otherwise the
291: agent MUST not allow the association. If the agent
292: only allows read-only operations on this table, it
293: MUST create entries in this table as they are created
294: on the device. When a row in this
295: table is in active(1) state, no objects in that row
296: can be modified by the agent except
297: mplsL3VpnIfConfStorageType and mplsL3VpnIfConfRowStatus."
298: ::= { mplsL3VpnIfConfEntry 5 }
299:
300: -- VRF Configuration Table
301: mplsL3VpnVrfTable OBJECT-TYPE
302: SYNTAX SEQUENCE OF MplsL3VpnVrfEntry
303: MAX-ACCESS not-accessible
304: STATUS current
305: DESCRIPTION
306: "This table specifies per-interface MPLS L3VPN
307: VRF Table capability and associated information.
308: Entries in this table define VRF routing instances
309: associated with MPLS/VPN interfaces. Note that
310: multiple interfaces can belong to the same VRF
311: instance. The collection of all VRF instances
312: comprises an actual VPN."
313: ::= { mplsL3VpnConf 2 }
314:
315: mplsL3VpnVrfEntry OBJECT-TYPE
316: SYNTAX MplsL3VpnVrfEntry
317: MAX-ACCESS not-accessible
318: STATUS current
319: DESCRIPTION
320: "An entry in this table is created by an LSR for
321: every VRF capable of supporting MPLS L3VPN. The
322: indexing provides an ordering of VRFs per-VPN
323: interface."
324: INDEX { mplsL3VpnVrfName }
325: ::= { mplsL3VpnVrfTable 1 }
326: MplsL3VpnVrfEntry ::= SEQUENCE {
327: mplsL3VpnVrfName MplsL3VpnName,
328: mplsL3VpnVrfVpnId VPNId,
329: mplsL3VpnVrfDescription SnmpAdminString,
330: mplsL3VpnVrfRD MplsL3VpnRouteDistinguisher,
331: mplsL3VpnVrfCreationTime TimeStamp,
332: mplsL3VpnVrfOperStatus INTEGER,
333: mplsL3VpnVrfActiveInterfaces Unsigned32,
334: mplsL3VpnVrfAssociatedInterfaces Unsigned32,
335: mplsL3VpnVrfConfMidRteThresh Unsigned32,
336: mplsL3VpnVrfConfHighRteThresh Unsigned32,
337: mplsL3VpnVrfConfMaxRoutes Unsigned32,
338: mplsL3VpnVrfConfLastChanged TimeStamp,
339: mplsL3VpnVrfConfRowStatus RowStatus,
340: mplsL3VpnVrfConfStorageType StorageType
341: }
342:
343: mplsL3VpnVrfName OBJECT-TYPE
344: SYNTAX MplsL3VpnName
345: MAX-ACCESS not-accessible
346: STATUS current
347: DESCRIPTION
348: "The human-readable name of this VPN. This MAY
349: be equivalent to the RFC2685 VPN-ID, but may
350: also vary. If it is set to the VPN ID, it MUST
351: be equivalent to the value of mplsL3VpnVrfVpnId.
352: It is strongly recommended that all sites supporting
353: VRFs that are part of the same VPN use the same
354: naming convention for VRFs as well as the same VPN
355: ID."
356: REFERENCE
357: "RFC 2685 Fox B., et al, `Virtual
358: Private Networks Identifier`, September 1999."
359: ::= { mplsL3VpnVrfEntry 1 }
360:
361: mplsL3VpnVrfVpnId OBJECT-TYPE
362: SYNTAX VPNId
363: MAX-ACCESS read-create
364: STATUS current
365: DESCRIPTION
366: "The VPN ID as specified in RFC 2685. If a VPN ID
367: has not been specified for this VRF, then this
368: variable SHOULD be set to an empty string."
369: ::= { mplsL3VpnVrfEntry 2 }
370:
371: mplsL3VpnVrfDescription OBJECT-TYPE
372: SYNTAX SnmpAdminString
373: MAX-ACCESS read-create
374: STATUS current
375: DESCRIPTION
376: "The human-readable description of this VRF."
377: DEFVAL { "" }
378: ::= { mplsL3VpnVrfEntry 3 }
379:
380: mplsL3VpnVrfRD OBJECT-TYPE
381: SYNTAX MplsL3VpnRouteDistinguisher
382: MAX-ACCESS read-create
383: STATUS current
384: DESCRIPTION
385: "The route distinguisher for this VRF."
386: DEFVAL { "" }
387: ::= { mplsL3VpnVrfEntry 4 }
388:
389: mplsL3VpnVrfCreationTime OBJECT-TYPE
390: SYNTAX TimeStamp
391: MAX-ACCESS read-only
392: STATUS current
393: DESCRIPTION
394: "The time at which this VRF entry was created."
395: ::= { mplsL3VpnVrfEntry 5 }
396:
397: mplsL3VpnVrfOperStatus OBJECT-TYPE
398: SYNTAX INTEGER { up (1),
399: down (2)
400: }
401: MAX-ACCESS read-only
402: STATUS current
403: DESCRIPTION
404: "Denotes whether a VRF is operational or not. A VRF is
405: up(1) when at least one interface associated with the
406: VRF, which ifOperStatus is up(1). A VRF is down(2) when:
407: a. There does not exist at least one interface whose
408: ifOperStatus is up(1).
409: b. There are no interfaces associated with the VRF."
410: ::= { mplsL3VpnVrfEntry 6 }
411:
412: mplsL3VpnVrfActiveInterfaces OBJECT-TYPE
413: SYNTAX Unsigned32
414: MAX-ACCESS read-only
415: STATUS current
416: DESCRIPTION
417: "Total number of interfaces connected to this VRF with
418: ifOperStatus = up(1).
419: This counter should be incremented when:
420: a. When the ifOperStatus of one of the connected interfaces
421: changes from down(2) to up(1).
422:
423: b. When an interface with ifOperStatus = up(1) is connected
424: to this VRF.
425: This counter should be decremented when:
426: a. When the ifOperStatus of one of the connected interfaces
427: changes from up(1) to down(2).
428: b. When one of the connected interfaces with
429: ifOperStatus = up(1) gets disconnected from this VRF."
430: ::= { mplsL3VpnVrfEntry 7 }
431:
432: mplsL3VpnVrfAssociatedInterfaces OBJECT-TYPE
433: SYNTAX Unsigned32
434: MAX-ACCESS read-only
435: STATUS current
436: DESCRIPTION
437: "Total number of interfaces connected to this VRF
438: (independent of ifOperStatus type)."
439: ::= { mplsL3VpnVrfEntry 8 }
440:
441: mplsL3VpnVrfConfMidRteThresh OBJECT-TYPE
442: SYNTAX Unsigned32
443: MAX-ACCESS read-create
444: STATUS current
445: DESCRIPTION
446: "Denotes mid-level water marker for the number
447: of routes which this VRF may hold."
448: DEFVAL { 0 }
449: ::= { mplsL3VpnVrfEntry 9 }
450:
451: mplsL3VpnVrfConfHighRteThresh OBJECT-TYPE
452: SYNTAX Unsigned32
453: MAX-ACCESS read-create
454: STATUS current
455: DESCRIPTION
456: "Denotes high-level water marker for the number of
457: routes which this VRF may hold."
458: DEFVAL { 0 }
459: ::= { mplsL3VpnVrfEntry 10 }
460:
461: mplsL3VpnVrfConfMaxRoutes OBJECT-TYPE
462: SYNTAX Unsigned32
463: MAX-ACCESS read-create
464: STATUS current
465: DESCRIPTION
466: "Denotes maximum number of routes which this VRF is
467: configured to hold. This value MUST be less than or
468: equal to mplsL3VpnVrfConfMaxPossRts unless it is set
469: to 0."
470: DEFVAL { 0 }
471: ::= { mplsL3VpnVrfEntry 11 }
472:
473: mplsL3VpnVrfConfLastChanged OBJECT-TYPE
474: SYNTAX TimeStamp
475: MAX-ACCESS read-only
476: STATUS current
477: DESCRIPTION
478: "The value of sysUpTime at the time of the last
479: change of this table entry, which includes changes of
480: VRF parameters defined in this table or addition or
481: deletion of interfaces associated with this VRF."
482: ::= { mplsL3VpnVrfEntry 12 }
483:
484: mplsL3VpnVrfConfRowStatus OBJECT-TYPE
485: SYNTAX RowStatus
486: MAX-ACCESS read-create
487: STATUS current
488: DESCRIPTION
489: "This variable is used to create, modify, and/or
490: delete a row in this table."
491: ::= { mplsL3VpnVrfEntry 13 }
492:
493: mplsL3VpnVrfConfStorageType OBJECT-TYPE
494: SYNTAX StorageType
495: MAX-ACCESS read-create
496: STATUS current
497: DESCRIPTION
498: "The storage type for this entry."
499: REFERENCE
500: "See RFC2579."
501: DEFVAL { volatile }
502: ::= { mplsL3VpnVrfEntry 14 }
503:
504:
505: -- MplsL3VpnVrfRTTable
506: mplsL3VpnVrfRTTable OBJECT-TYPE
507: SYNTAX SEQUENCE OF MplsL3VpnVrfRTEntry
508: MAX-ACCESS not-accessible
509: STATUS current
510: DESCRIPTION
511: "This table specifies per-VRF route target association.
512: Each entry identifies a connectivity policy supported
513: as part of a VPN."
514: ::= { mplsL3VpnConf 3 }
515:
516: mplsL3VpnVrfRTEntry OBJECT-TYPE
517: SYNTAX MplsL3VpnVrfRTEntry
518: MAX-ACCESS not-accessible
519: STATUS current
520: DESCRIPTION
521: " An entry in this table is created by an LSR for
522: each route target configured for a VRF supporting
523: a MPLS L3VPN instance. The indexing provides an
524: ordering per-VRF instance."
525: INDEX { mplsL3VpnVrfName, mplsL3VpnVrfRTIndex,
526: mplsL3VpnVrfRTType }
527: ::= { mplsL3VpnVrfRTTable 1 }
528:
529: MplsL3VpnVrfRTEntry ::= SEQUENCE {
530: mplsL3VpnVrfRTIndex Unsigned32,
531: mplsL3VpnVrfRTType INTEGER,
532: mplsL3VpnVrfRT MplsL3VpnRouteDistinguisher,
533: mplsL3VpnVrfRTDescr SnmpAdminString,
534: mplsL3VpnVrfRTRowStatus RowStatus
535: }
536:
537: mplsL3VpnVrfRTIndex OBJECT-TYPE
538: SYNTAX Unsigned32 (1..4294967295)
539: MAX-ACCESS not-accessible
540: STATUS current
541: DESCRIPTION
542: "Auxiliary index for route-targets configured for a
543: particular VRF."
544: ::= { mplsL3VpnVrfRTEntry 2 }
545:
546: mplsL3VpnVrfRTType OBJECT-TYPE
547: SYNTAX INTEGER { import(1), export(2), both(3) }
548: MAX-ACCESS not-accessible
549: STATUS current
550: DESCRIPTION
551: "The route target export distribution type."
552: ::= { mplsL3VpnVrfRTEntry 3 }
553:
554: mplsL3VpnVrfRT OBJECT-TYPE
555: SYNTAX MplsL3VpnRouteDistinguisher
556: MAX-ACCESS read-create
557: STATUS current
558: DESCRIPTION
559: "The route target distribution policy."
560: DEFVAL { "" }
561: ::= { mplsL3VpnVrfRTEntry 4 }
562:
563: mplsL3VpnVrfRTDescr OBJECT-TYPE
564: SYNTAX SnmpAdminString
565: MAX-ACCESS read-create
566: STATUS current
567: DESCRIPTION
568: "Description of the route target."
569: DEFVAL { "" }
570: ::= { mplsL3VpnVrfRTEntry 5 }
571:
572: mplsL3VpnVrfRTRowStatus OBJECT-TYPE
573: SYNTAX RowStatus
574: MAX-ACCESS read-create
575: STATUS current
576: DESCRIPTION
577: "This variable is used to create, modify, and/or
578: delete a row in this table. When a row in this
579: table is in active(1) state, no objects in that row
580: can be modified by the agent except
581: mplsL3VpnVrfRTRowStatus."
582: ::= { mplsL3VpnVrfRTEntry 6 }
583:
584:
585: -- VRF Security Table
586:
587: mplsL3VpnVrfSecTable OBJECT-TYPE
588: SYNTAX SEQUENCE OF MplsL3VpnVrfSecEntry
589: MAX-ACCESS not-accessible
590: STATUS current
591: DESCRIPTION
592: "This table specifies per MPLS L3VPN VRF Table security
593: features."
594: ::= { mplsL3VpnConf 6 }
595:
596: mplsL3VpnVrfSecEntry OBJECT-TYPE
597: SYNTAX MplsL3VpnVrfSecEntry
598: MAX-ACCESS not-accessible
599: STATUS current
600: DESCRIPTION
601: "An entry in this table is created by an LSR for
602: every VRF capable of supporting MPLS L3VPN. Each
603: entry in this table is used to indicate security-related
604: information for each VRF entry."
605: AUGMENTS { mplsL3VpnVrfEntry }
606: ::= { mplsL3VpnVrfSecTable 1 }
607:
608: MplsL3VpnVrfSecEntry ::= SEQUENCE {
609: mplsL3VpnVrfSecIllegalLblVltns Counter32,
610: mplsL3VpnVrfSecIllLblRcvThrsh Unsigned32
611: }
612:
613: mplsL3VpnVrfSecIllegalLblVltns OBJECT-TYPE
614: SYNTAX Counter32
615: MAX-ACCESS read-only
616: STATUS current
617: DESCRIPTION
618: "Indicates the number of illegally received labels on this VPN/VRF."
619: ::= { mplsL3VpnVrfSecEntry 1 }
620:
621: mplsL3VpnVrfSecIllLblRcvThrsh OBJECT-TYPE
622: SYNTAX Unsigned32
623: MAX-ACCESS read-create
624: STATUS current
625: DESCRIPTION
626: "The number of illegally received labels above which this
627: notification is issued."
628: ::= { mplsL3VpnVrfSecEntry 2 }
629:
630: -- VRF Performance Table
631:
632: mplsL3VpnVrfPerfTable OBJECT-TYPE
633: SYNTAX SEQUENCE OF MplsL3VpnVrfPerfEntry
634: MAX-ACCESS not-accessible
635: STATUS current
636: DESCRIPTION
637: "This table specifies per MPLS L3VPN VRF Table performance
638: information."
639: ::= { mplsL3VpnPerf 1 }
640:
641: mplsL3VpnVrfPerfEntry OBJECT-TYPE
642: SYNTAX MplsL3VpnVrfPerfEntry
643: MAX-ACCESS not-accessible
644: STATUS current
645: DESCRIPTION
646: "An entry in this table is created by an LSR for
647: every VRF capable of supporting MPLS L3VPN."
648: AUGMENTS { mplsL3VpnVrfEntry }
649: ::= { mplsL3VpnVrfPerfTable 1 }
650:
651: MplsL3VpnVrfPerfEntry ::= SEQUENCE {
652: mplsL3VpnVrfPerfRoutesAdded Counter32,
653: mplsL3VpnVrfPerfRoutesDeleted Counter32,
654: mplsL3VpnVrfPerfCurrNumRoutes Unsigned32,
655: mplsL3VpnVrfPerfRoutesDropped Counter32
656: }
657:
658: mplsL3VpnVrfPerfRoutesAdded OBJECT-TYPE
659: SYNTAX Counter32
660: MAX-ACCESS read-only
661: STATUS current
662: DESCRIPTION
663: "Indicates the number of routes added to this VPN/VRF
664: since this device has last been reset or the VRF
665: was created, whichever came last."
666: ::= { mplsL3VpnVrfPerfEntry 1 }
667:
668: mplsL3VpnVrfPerfRoutesDeleted OBJECT-TYPE
669: SYNTAX Counter32
670: MAX-ACCESS read-only
671: STATUS current
672: DESCRIPTION
673: "Indicates the number of routes removed from this VPN/VRF."
674: ::= { mplsL3VpnVrfPerfEntry 2 }
675:
676: mplsL3VpnVrfPerfCurrNumRoutes OBJECT-TYPE
677: SYNTAX Unsigned32
678: MAX-ACCESS read-only
679: STATUS current
680: DESCRIPTION
681: "Indicates the number of routes currently used by this VRF."
682: ::= { mplsL3VpnVrfPerfEntry 3 }
683:
684:
685: mplsL3VpnVrfPerfRoutesDropped OBJECT-TYPE
686: SYNTAX Counter32
687: MAX-ACCESS read-only
688: STATUS current
689: DESCRIPTION
690: "This counter should be incremented when the number of routes
691: contained by the specified VRF exceeds or attempts to exceed
692: the maximum allowed value as indicated by
693: mplsL3VpnVrfMaxRouteThreshold."
694: ::= { mplsL3VpnVrfPerfEntry 4 }
695:
696: -- VRF Routing Table
697:
698: mplsL3VpnVrfRteTable OBJECT-TYPE
699: SYNTAX SEQUENCE OF MplsL3VpnVrfRteEntry
700: MAX-ACCESS not-accessible
701: STATUS current
702: DESCRIPTION
703: "This table specifies per-interface MPLS L3VPN VRF Table
704: routing information. Entries in this table define VRF routing
705: entries associated with the specified MPLS/VPN interfaces. Note
706: that this table contains both BGP and IGP routes, as both may
707: appear in the same VRF."
708: REFERENCE
709: "1. RFC 1213 Section 6.6, The IP Group.
710: 2. RFC 2096 "
711: ::= { mplsL3VpnRoute 1 }
712:
713: mplsL3VpnVrfRteEntry OBJECT-TYPE
713: warning -
warning: index of row `mplsL3VpnVrfRteEntry' can exceed OID size limit by 554 subidentifier(s)
714: SYNTAX MplsL3VpnVrfRteEntry
715: MAX-ACCESS not-accessible
716: STATUS current
717: DESCRIPTION
718: "An entry in this table is created by an LSR for every route
719: present configured (either dynamically or statically) within
720: the context of a specific VRF capable of supporting MPLS/BGP
721: VPN. The indexing provides an ordering of VRFs per-VPN
722: interface.
723:
724: Implementors need to be aware that if the value of
725: the mplsL3VpnVrfName (an OID) has more
726: that 111 sub-identifiers, then OIDs of column
727: instances in this table will have more than 128
728: sub-identifiers and cannot be accessed using SNMPv1,
729: SNMPv2c, or SNMPv3."
730: INDEX { mplsL3VpnVrfName,
731: mplsL3VpnVrfRteInetCidrDestType,
732: mplsL3VpnVrfRteInetCidrDest,
733: mplsL3VpnVrfRteInetCidrPfxLen,
734: mplsL3VpnVrfRteInetCidrPolicy,
735: mplsL3VpnVrfRteInetCidrNHopType,
736: mplsL3VpnVrfRteInetCidrNextHop
737: }
738: ::= { mplsL3VpnVrfRteTable 1 }
739:
740: MplsL3VpnVrfRteEntry ::= SEQUENCE {
741: mplsL3VpnVrfRteInetCidrDestType InetAddressType,
742: mplsL3VpnVrfRteInetCidrDest InetAddress,
743: mplsL3VpnVrfRteInetCidrPfxLen InetAddressPrefixLength,
744: mplsL3VpnVrfRteInetCidrPolicy OBJECT IDENTIFIER,
745: mplsL3VpnVrfRteInetCidrNHopType InetAddressType,
746: mplsL3VpnVrfRteInetCidrNextHop InetAddress,
747: mplsL3VpnVrfRteInetCidrIfIndex InterfaceIndexOrZero,
748: mplsL3VpnVrfRteInetCidrType INTEGER,
749: mplsL3VpnVrfRteInetCidrProto IANAipRouteProtocol,
750: mplsL3VpnVrfRteInetCidrAge Gauge32,
751: mplsL3VpnVrfRteInetCidrNextHopAS InetAutonomousSystemNumber,
752: mplsL3VpnVrfRteInetCidrMetric1 Integer32,
753: mplsL3VpnVrfRteInetCidrMetric2 Integer32,
754: mplsL3VpnVrfRteInetCidrMetric3 Integer32,
755: mplsL3VpnVrfRteInetCidrMetric4 Integer32,
756: mplsL3VpnVrfRteInetCidrMetric5 Integer32,
757: mplsL3VpnVrfRteXCPointer MplsIndexType,
758: mplsL3VpnVrfRteInetCidrStatus RowStatus
759: }
760:
761: mplsL3VpnVrfRteInetCidrDestType OBJECT-TYPE
762: SYNTAX InetAddressType
763: MAX-ACCESS not-accessible
764: STATUS current
765: DESCRIPTION
766: "The type of the mplsL3VpnVrfRteInetCidrDest address, as
767: defined in the InetAddress MIB.
768:
769: Only those address types that may appear in an actual
770: routing table are allowed as values of this object."
771: REFERENCE "RFC 3291"
772: ::= { mplsL3VpnVrfRteEntry 1 }
773:
774: mplsL3VpnVrfRteInetCidrDest OBJECT-TYPE
775: SYNTAX InetAddress
776: MAX-ACCESS not-accessible
777: STATUS current
778: DESCRIPTION
779: "The destination IP address of this route.
780:
781: The type of this address is determined by the value of
782: the mplsL3VpnVrfRteInetCidrDestType object.
783:
784: The values for the index objects
785: mplsL3VpnVrfRteInetCidrDest and
786: mplsL3VpnVrfRteInetCidrPfxLen must be consistent. When
787: the value of mplsL3VpnVrfRteInetCidrDest is x, then the
788: bitwise logical-AND of x with the value of the mask formed
789: from the corresponding index object
790: mplsL3VpnVrfRteInetCidrPfxLen MUST be
791: equal to x. If not, then the index pair is not
792: consistent and an inconsistentName error must be
793: returned on SET or CREATE requests."
794: ::= { mplsL3VpnVrfRteEntry 2 }
795:
796: mplsL3VpnVrfRteInetCidrPfxLen OBJECT-TYPE
797: SYNTAX InetAddressPrefixLength (0..128)
798: MAX-ACCESS not-accessible
799: STATUS current
800: DESCRIPTION
801: "Indicates the number of leading one bits which form the
802: mask to be logical-ANDed with the destination address
803: before being compared to the value in the
804: mplsL3VpnVrfRteInetCidrDest field.
805:
806: The values for the index objects
807: mplsL3VpnVrfRteInetCidrDest and
808: mplsL3VpnVrfRteInetCidrPfxLen must be consistent. When
809: the value of mplsL3VpnVrfRteInetCidrDest is x, then the
810: bitwise logical-AND of x with the value of the mask formed
811: from the corresponding index object
812: mplsL3VpnVrfRteInetCidrPfxLen MUST be
813: equal to x. If not, then the index pair is not
814: consistent and an inconsistentName error must be
815: returned on SET or CREATE requests."
816: ::= { mplsL3VpnVrfRteEntry 3 }
817:
818: mplsL3VpnVrfRteInetCidrPolicy OBJECT-TYPE
818: minor error -
index element `mplsL3VpnVrfRteInetCidrPolicy' of row `mplsL3VpnVrfRteEntry' should but cannot have a size restriction
819: SYNTAX OBJECT IDENTIFIER
820: MAX-ACCESS not-accessible
821: STATUS current
822: DESCRIPTION
823: "This object is an opaque object without any defined
824: semantics. Its purpose is to serve as an additional
825: index which may delineate between multiple entries to
826: the same destination. The value { 0 0 } shall be used
827: as the default value for this object."
828: ::= { mplsL3VpnVrfRteEntry 4 }
829:
830: mplsL3VpnVrfRteInetCidrNHopType OBJECT-TYPE
831: SYNTAX InetAddressType
832: MAX-ACCESS not-accessible
833: STATUS current
834: DESCRIPTION
835: "The type of the mplsL3VpnVrfRteInetCidrNextHop address,
836: as defined in the InetAddress MIB.
837: Value should be set to unknown(0) for non-remote
838: routes.
839:
840: Only those address types that may appear in an actual
841: routing table are allowed as values of this object."
842: REFERENCE "RFC 3291"
843: ::= { mplsL3VpnVrfRteEntry 5 }
844:
845: mplsL3VpnVrfRteInetCidrNextHop OBJECT-TYPE
846: SYNTAX InetAddress
847: MAX-ACCESS not-accessible
848: STATUS current
849: DESCRIPTION
850: "On remote routes, the address of the next system en
851: route. For non-remote routes, a zero length string.
852: The type of this address is determined by the value of
853: the mplsL3VpnVrfRteInetCidrNHopType object."
854: ::= { mplsL3VpnVrfRteEntry 6 }
855:
856: mplsL3VpnVrfRteInetCidrIfIndex OBJECT-TYPE
857: SYNTAX InterfaceIndexOrZero
858: MAX-ACCESS read-create
859: STATUS current
860: DESCRIPTION
861: "The ifIndex value which identifies the local interface
862: through which the next hop of this route should be
863: reached. A value of 0 is valid and represents the
864: scenario where no interface is specified."
865: DEFVAL { 0 }
866: ::= { mplsL3VpnVrfRteEntry 7 }
867:
868: mplsL3VpnVrfRteInetCidrType OBJECT-TYPE
869: SYNTAX INTEGER {
870: other (1), -- not specified by this MIB
871: reject (2), -- route which discards traffic and
872: -- returns ICMP notification
873: local (3), -- local interface
874:
875: remote (4), -- remote destination
876: blackhole(5) -- route which discards traffic
877: -- silently
878: }
879: MAX-ACCESS read-create
880: STATUS current
881: DESCRIPTION
882: "The type of route. Note that local(3) refers to a
883: route for which the next hop is the final destination;
884: remote(4)refers to a route for which the next hop is
885: not the final destination.
886: Routes which do not result in traffic forwarding or
887: rejection should not be displayed even if the
888: implementation keeps them stored internally.
889:
890: reject(2) refers to a route which, if matched, discards
891: the message as unreachable and returns a notification
892: (e.g. ICMP error) to the message sender. This is used
893: in some protocols as a means of correctly aggregating
894: routes.
895:
896: blackhole(5) refers to a route which, if matched,
897: discards the message silently."
898: DEFVAL { 1 }
899: ::= { mplsL3VpnVrfRteEntry 8 }
900:
901: mplsL3VpnVrfRteInetCidrProto OBJECT-TYPE
902: SYNTAX IANAipRouteProtocol
903: MAX-ACCESS read-only
904: STATUS current
905: DESCRIPTION
906: "The routing mechanism via which this route was learned.
907: Inclusion of values for gateway routing protocols is
908: not intended to imply that hosts should support those
909: protocols."
910: ::= { mplsL3VpnVrfRteEntry 9 }
911:
912: mplsL3VpnVrfRteInetCidrAge OBJECT-TYPE
913: SYNTAX Gauge32
914: MAX-ACCESS read-only
915: STATUS current
916: DESCRIPTION
917: "The number of seconds since this route was last updated
918: or otherwise determined to be correct. Note that no
919: semantics of 'too old' can be implied except through
920: knowledge of the routing protocol by which the route
921: was learned."
922: ::= { mplsL3VpnVrfRteEntry 10 }
923:
924: mplsL3VpnVrfRteInetCidrNextHopAS OBJECT-TYPE
925: SYNTAX InetAutonomousSystemNumber
926: MAX-ACCESS read-create
927: STATUS current
928: DESCRIPTION
929: "The Autonomous System Number of the Next Hop. The
930: semantics of this object are determined by the routing-
931: protocol specified in the route's
932: mplsL3VpnVrfRteInetCidrProto
933: value. When this object is unknown or not relevant its
934: value should be set to zero."
935: DEFVAL { 0 }
936: ::= { mplsL3VpnVrfRteEntry 11 }
937:
938: mplsL3VpnVrfRteInetCidrMetric1 OBJECT-TYPE
939: SYNTAX Integer32
940: MAX-ACCESS read-create
941: STATUS current
942: DESCRIPTION
943: "The primary routing metric for this route. The
944: semantics of this metric are determined by the routing-
945: protocol specified in the route's
946: mplsL3VpnVrfRteInetCidrProto
947: value. If this metric is not used, its value should be
948: set to -1."
949: DEFVAL { -1 }
950: ::= { mplsL3VpnVrfRteEntry 12 }
951:
952: mplsL3VpnVrfRteInetCidrMetric2 OBJECT-TYPE
953: SYNTAX Integer32
954: MAX-ACCESS read-create
955: STATUS current
956: DESCRIPTION
957: "An alternate routing metric for this route. The
958: semantics of this metric are determined by the routing-
959: protocol specified in the route's
960: mplsL3VpnVrfRteInetCidrProto
961: value. If this metric is not used, its value should be
962: set to -1."
963: DEFVAL { -1 }
964: ::= { mplsL3VpnVrfRteEntry 13 }
965:
966: mplsL3VpnVrfRteInetCidrMetric3 OBJECT-TYPE
967: SYNTAX Integer32
968: MAX-ACCESS read-create
969: STATUS current
970: DESCRIPTION
971: "An alternate routing metric for this route. The
972: semantics of this metric are determined by the routing-
973: protocol specified in the route's
974: mplsL3VpnVrfRteInetCidrProto
975: value. If this metric is not used, its value should be
976: set to -1."
977: DEFVAL { -1 }
978: ::= { mplsL3VpnVrfRteEntry 14 }
979:
980: mplsL3VpnVrfRteInetCidrMetric4 OBJECT-TYPE
981: SYNTAX Integer32
982: MAX-ACCESS read-create
983: STATUS current
984: DESCRIPTION
985: "An alternate routing metric for this route. The
986: semantics of this metric are determined by the routing-
987: protocol specified in the route's
988: mplsL3VpnVrfRteInetCidrProto value. If this metric
989: is not used, its value should be set to -1."
990: DEFVAL { -1 }
991: ::= { mplsL3VpnVrfRteEntry 15 }
992:
993: mplsL3VpnVrfRteInetCidrMetric5 OBJECT-TYPE
994: SYNTAX Integer32
995: MAX-ACCESS read-create
996: STATUS current
997: DESCRIPTION
998: "An alternate routing metric for this route. The
999: semantics of this metric are determined by the routing-
1000: protocol specified in the route's
1001: mplsL3VpnVrfRteInetCidrProto value. If this metric is
1002: not used, its value should be set to -1."
1003: DEFVAL { -1 }
1004: ::= { mplsL3VpnVrfRteEntry 16 }
1005:
1006: mplsL3VpnVrfRteXCPointer OBJECT-TYPE
1007: SYNTAX MplsIndexType
1008: MAX-ACCESS read-create
1009: STATUS current
1010: DESCRIPTION
1011: "Index into mplsXCTable which identifies which cross-
1012: connect entry is associated with this VRF route entry
1013: by containing the mplsXCIndex of that cross-connect entry.
1014: The string containing the single octet 0x00 indicates that
1015: a label stack is not associated with this route entry. This
1016: can be the case because the label bindings have not yet
1017: been established, or because some change in the agent has
1018: removed them.
1019:
1020: When the label stack associated with this VRF route is created
1021: by the agent, it MUST establish the associated cross-connect
1022: entry in the mplsXCTable and then set that index to the value
1023: of this object. Changes to the cross-connect object in the
1024: mplsXCTable MUST automatically be be reflected the value of
1025: this object. If this object represents a static routing entry,
1026: then the manager must ensure that this entry is also maintained
1027: consistently in the corresponding mplsXCTable as well."
1028: REFERENCE
1029: "RFC 3813 - Multiprotocol Label Switching (MPLS) Label Switching
1030: Router (LSR) Management Information base (MIB), C. Srinivasan,
1031: A. Vishwanathan, and T. Nadeau, June 2004"
1032: DEFVAL { "" }
1033: ::= { mplsL3VpnVrfRteEntry 17 }
1034:
1035: mplsL3VpnVrfRteInetCidrStatus OBJECT-TYPE
1036: SYNTAX RowStatus
1037: MAX-ACCESS read-create
1038: STATUS current
1039: DESCRIPTION
1040: "The row status variable, used according to row
1041: installation and removal conventions.
1042: A row entry cannot be modified when the status is
1043: marked as active(1)."
1044: ::= { mplsL3VpnVrfRteEntry 18 }
1045:
1046:
1047: -- MPLS L3VPN Notifications
1048:
1049: mplsVrfIfUp NOTIFICATION-TYPE
1050: OBJECTS { mplsL3VpnIfConfRowStatus,
1051: mplsL3VpnVrfOperStatus
1052: }
1053: STATUS current
1054: DESCRIPTION
1055: "This notification is generated when:
1056: a. The ifOperStatus of an interface associated with a VRF
1057: changes to the up(1) state.
1058: b. When an interface with ifOperStatus = up(1) is
1059: associated with a VRF."
1060: ::= { mplsL3VpnNotifications 1 }
1061:
1062: mplsVrfIfDown NOTIFICATION-TYPE
1063: OBJECTS { mplsL3VpnIfConfRowStatus,
1064: mplsL3VpnVrfOperStatus
1065: }
1066: STATUS current
1067: DESCRIPTION
1068: "This notification is generated when:
1069: a. The ifOperStatus of an interface associated with a VRF
1070: changes to the down(1) state.
1071: b. When an interface with ifOperStatus = up(1) state is
1072: disassociated with a VRF."
1073: ::= { mplsL3VpnNotifications 2 }
1074:
1075: mplsNumVrfRouteMidThreshExceeded NOTIFICATION-TYPE
1076: OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes,
1077: mplsL3VpnVrfConfMidRteThresh
1078: }
1079: STATUS current
1080: DESCRIPTION
1081: "This notification is generated when the number of routes
1082: contained by the specified VRF exceeds the value indicated by
1083: mplsL3VpnVrfMidRouteThreshold. A single notification MUST be
1084: generated when this threshold is exceeded, and no other
1085: notifications of this type should be issued until the value
1086: of mplsL3VpnVrfPerfCurrNumRoutes has fallen below that of
1087: mplsL3VpnVrfConfMidRteThresh."
1088: ::= { mplsL3VpnNotifications 3 }
1089:
1090: mplsNumVrfRouteMaxThreshExceeded NOTIFICATION-TYPE
1091: OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes,
1092: mplsL3VpnVrfConfHighRteThresh
1093: }
1094: STATUS current
1095: DESCRIPTION
1096: "This notification is generated when the number of routes
1097: contained by the specified VRF exceeds or attempts to exceed
1098: the maximum allowed value as indicated by
1099: mplsL3VpnVrfMaxRouteThreshold. In cases where
1100: mplsL3VpnVrfConfHighRteThresh is set to the same value
1101: as mplsL3VpnVrfConfMaxRoutes, mplsL3VpnVrfConfHighRteThresh
1102: need not be exceeded; rather, just reached for this notification
1103: to be issued.
1104: Note that mplsL3VpnVrfConfRteMxThrshTime denotes the interval
1105: at which the this notification will be re-issued after the
1106: maximum value has been exceeded (or reached if
1107: mplsL3VpnVrfConfMaxRoutes and mplsL3VpnVrfConfHighRteThresh are
1108: equal) and the initial notification has been issued. This value
1109: is intended to prevent continuous generation of notifications by
1110: an agent in the event that routes are continually added to a VRF
1111: after it has reached its maximum value. The default value is 0
1112: minutes. If this value is set to 0, the agent should only issue
1113: a single notification at the time that the maximum threshold has
1114: been reached, and should not issue any more notifications until
1115: the value of routes has fallen below the configured threshold
1116: value."
1117: ::= { mplsL3VpnNotifications 4 }
1118:
1119: mplsNumVrfSecIllglLblThrshExcd NOTIFICATION-TYPE
1120: OBJECTS { mplsL3VpnVrfSecIllegalLblVltns }
1121: STATUS current
1122: DESCRIPTION
1123: "This notification is generated when the number of illegal
1124: label violations on a VRF as indicated by
1125: mplsL3VpnVrfSecIllegalLblVltns has exceeded
1126: mplsL3VpnVrfSecIllLblRcvThrsh. The threshold is not
1127: included in the varbind here because the value of
1128: mplsL3VpnVrfSecIllegalLblVltns should be one greater than
1129: the threshold at the time this notification is issued."
1130: ::= { mplsL3VpnNotifications 5 }
1131:
1132: mplsNumVrfRouteMaxThreshCleared NOTIFICATION-TYPE
1133: OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes,
1134: mplsL3VpnVrfConfHighRteThresh
1135: }
1136:
1137: STATUS current
1138: DESCRIPTION
1139: "This notification is generated only after the number of routes
1140: contained by the specified VRF exceeds or attempts to exceed
1141: the maximum allowed value as indicated by
1142: mplsVrfMaxRouteThreshold, and then falls below this value. The
1143: emission of this notification informs the operator that the
1144: error condition has been cleared without the operator having to
1145: query the device.
1146:
1147: Note that mplsL3VpnVrfConfRteMxThrshTime denotes the interval at
1148: which the the mplsNumVrfRouteMaxThreshExceeded notification will
1149: be re-issued after the maximum value has been exceeded (or reached
1150: if mplsL3VpnVrfConfMaxRoutes and mplsL3VpnVrfConfHighRteThresh
1151: are equal) and the initial notification has been issued. Therefore,
1152: the generation of this notification should also be emitted with
1153: this same frequency (assuming that the error condition is
1154: cleared). Specifically, if the error condition is reached and
1155: cleared several times during the period of time specified in
1156: mplsL3VpnVrfConfRteMxThrshTime, only a single notification will
1157: be issued to indicate the first instance of the error condition
1158: as well as the first time the error condition is cleared.
1159: This behavior is intended to prevent continuous generation of
1160: notifications by an agent in the event that routes are continually
1161: added and removed to/from a VRF after it has reached its maximum
1162: value. The default value is 0. If this value is set to 0,
1163: the agent should issue a notification whenever the maximum
1164: threshold has been cleared."
1165: ::= { mplsL3VpnNotifications 6 }
1166:
1167: -- Conformance Statement
1168: mplsL3VpnGroups
1169: OBJECT IDENTIFIER ::= { mplsL3VpnConformance 1 }
1170:
1171: mplsL3VpnCompliances
1172: OBJECT IDENTIFIER ::= { mplsL3VpnConformance 2 }
1173:
1174: -- Module Compliance
1175:
1176: mplsL3VpnModuleFullCompliance MODULE-COMPLIANCE
1177: STATUS current
1178: DESCRIPTION
1179: "Compliance statement for agents that provide full support
1180: for the L3 MPLS VPN MIB"
1181: MODULE -- this module
1182: MANDATORY-GROUPS { mplsL3VpnScalarGroup,
1183: mplsL3VpnVrfGroup,
1184: mplsL3VpnIfGroup,
1185: mplsL3VpnPerfGroup,
1186: mplsL3VpnVrfRteGroup,
1187: mplsL3VpnVrfRTGroup,
1188: mplsL3VpnSecGroup,
1189: mplsL3VpnNotificationGroup
1190: }
1191:
1192: GROUP mplsL3VpnPerfRouteGroup
1193: DESCRIPTION "This group is only mandatory for LSRs that wish to
1194: support tracking the number of routes attempted to
1195: be added to VRFs."
1196:
1197: OBJECT mplsL3VpnIfConfRowStatus
1198: SYNTAX RowStatus { active(1), notInService(2) }
1199: WRITE-SYNTAX RowStatus { active(1), notInService(2),
1200: createAndGo(4), destroy(6)
1201: }
1202: DESCRIPTION "Support for createAndWait and notReady is
1203: not required."
1204:
1205:
1206: OBJECT mplsL3VpnVrfConfRowStatus
1207: SYNTAX RowStatus { active(1), notInService(2) }
1208: WRITE-SYNTAX RowStatus { active(1), notInService(2),
1209: createAndGo(4), destroy(6)
1210: }
1211: DESCRIPTION "Support for createAndWait and notReady is
1212: not required."
1213:
1214:
1215: OBJECT mplsL3VpnVrfRTRowStatus
1216: SYNTAX RowStatus { active(1), notInService(2) }
1217: WRITE-SYNTAX RowStatus { active(1), notInService(2),
1218: createAndGo(4), destroy(6)
1219: }
1220: DESCRIPTION "Support for createAndWait and notReady is
1221: not required."
1222:
1223:
1224: ::= { mplsL3VpnCompliances 1 }
1225:
1226:
1227: --
1228: -- ReadOnly Compliance
1229: --
1230:
1231: mplsL3VpnModuleReadOnlyComplianc MODULE-COMPLIANCE
1232: STATUS current
1233: DESCRIPTION "Compliance requirement for implementations that only
1234: provide read-only support for L3-MPLS-VPN-STD-MIB.
1235: Such devices can then be monitored but cannot be
1236: configured using this MIB module.
1237:
1238: "
1239: MODULE -- this module
1240: MANDATORY-GROUPS { mplsL3VpnScalarGroup,
1241: mplsL3VpnVrfGroup,
1242: mplsL3VpnIfGroup,
1243: mplsL3VpnPerfGroup,
1244: mplsL3VpnVrfRteGroup,
1245: mplsL3VpnVrfRTGroup,
1246: mplsL3VpnSecGroup,
1247: mplsL3VpnNotificationGroup
1248: }
1249:
1250: GROUP mplsL3VpnPerfRouteGroup
1251: DESCRIPTION "This group is only mandatory for LSRs that wish to
1252: support tracking the number of routes attempted to
1253: be added to VRFs."
1254:
1255: OBJECT mplsL3VpnIfConfRowStatus
1256: SYNTAX RowStatus { active(1), notInService(2) }
1257: WRITE-SYNTAX RowStatus { active(1), notInService(2),
1258: createAndGo(4), destroy(6)
1259: }
1260: DESCRIPTION "Support for createAndWait and notReady is not
1261: required."
1262:
1263: OBJECT mplsL3VpnVrfConfRowStatus
1264: SYNTAX RowStatus { active(1), notInService(2) }
1265: WRITE-SYNTAX RowStatus { active(1), notInService(2),
1266: createAndGo(4), destroy(6)
1267: }
1268: DESCRIPTION "Support for createAndWait and notReady is not
1269: required."
1270:
1271: OBJECT mplsL3VpnVrfRTRowStatus
1272: SYNTAX RowStatus { active(1), notInService(2) }
1273: WRITE-SYNTAX RowStatus { active(1), notInService(2),
1274: createAndGo(4), destroy(6)
1275: }
1276: DESCRIPTION "Support for createAndWait and notReady is not
1277: required."
1278:
1279: OBJECT mplsL3VpnIfVpnClassification
1280: MIN-ACCESS read-only
1281: DESCRIPTION "Write access is not required."
1282:
1283: OBJECT mplsL3VpnIfVpnRouteDistProtocol
1284: MIN-ACCESS read-only
1285: DESCRIPTION "Write access is not required."
1286:
1287: OBJECT mplsL3VpnIfConfStorageType
1288: MIN-ACCESS read-only
1289: DESCRIPTION "Write access is not required."
1290:
1291: OBJECT mplsL3VpnVrfVpnId
1292: MIN-ACCESS read-only
1293: DESCRIPTION "Write access is not required."
1294:
1295: OBJECT mplsL3VpnVrfDescription
1296: MIN-ACCESS read-only
1297: DESCRIPTION "Write access is not required."
1298:
1299: OBJECT mplsL3VpnVrfRD
1300: MIN-ACCESS read-only
1301: DESCRIPTION "Write access is not required."
1302:
1303: OBJECT mplsL3VpnVrfConfMidRteThresh
1304: MIN-ACCESS read-only
1305: DESCRIPTION "Write access is not required."
1306:
1307: OBJECT mplsL3VpnVrfConfHighRteThresh
1308: MIN-ACCESS read-only
1309: DESCRIPTION "Write access is not required."
1310:
1311: OBJECT mplsL3VpnVrfConfMaxRoutes
1312: MIN-ACCESS read-only
1313: DESCRIPTION "Write access is not required."
1314:
1315: OBJECT mplsL3VpnVrfConfLastChanged
1316: MIN-ACCESS read-only
1317: DESCRIPTION "Write access is not required."
1318:
1319: OBJECT mplsL3VpnVrfConfStorageType
1320: MIN-ACCESS read-only
1321: DESCRIPTION "Write access is not required."
1322:
1323: OBJECT mplsL3VpnVrfRT
1324: MIN-ACCESS read-only
1325: DESCRIPTION "Write access is not required."
1326:
1327: OBJECT mplsL3VpnVrfRTDescr
1328: MIN-ACCESS read-only
1329: DESCRIPTION "Write access is not required."
1330:
1331: OBJECT mplsL3VpnVrfSecIllLblRcvThrsh
1332: MIN-ACCESS read-only
1333: DESCRIPTION "Write access is not required."
1334:
1335: OBJECT mplsL3VpnVrfRteInetCidrIfIndex
1336: MIN-ACCESS read-only
1337: DESCRIPTION "Write access is not required."
1338: OBJECT mplsL3VpnVrfRteInetCidrType
1339: MIN-ACCESS read-only
1340: DESCRIPTION "Write access is not required."
1341:
1342: OBJECT mplsL3VpnVrfRteInetCidrNextHopAS
1343: MIN-ACCESS read-only
1344: DESCRIPTION "Write access is not required."
1345:
1346: OBJECT mplsL3VpnVrfRteInetCidrMetric1
1347: MIN-ACCESS read-only
1348: DESCRIPTION "Write access is not required."
1349:
1350: OBJECT mplsL3VpnVrfRteInetCidrMetric2
1351: MIN-ACCESS read-only
1352: DESCRIPTION "Write access is not required."
1353:
1354: OBJECT mplsL3VpnVrfRteInetCidrMetric3
1355: MIN-ACCESS read-only
1356: DESCRIPTION "Write access is not required."
1357:
1358: OBJECT mplsL3VpnVrfRteInetCidrMetric4
1359: MIN-ACCESS read-only
1360: DESCRIPTION "Write access is not required."
1361:
1362: OBJECT mplsL3VpnVrfRteInetCidrMetric5
1363: MIN-ACCESS read-only
1364: DESCRIPTION "Write access is not required."
1365:
1366: OBJECT mplsL3VpnVrfRteXCPointer
1367: MIN-ACCESS read-only
1368: DESCRIPTION "Write access is not required."
1369:
1370: OBJECT mplsL3VpnVrfRteInetCidrStatus
1371: MIN-ACCESS read-only
1372: DESCRIPTION "Write access is not required."
1373:
1374: ::= { mplsL3VpnCompliances 2 }
1375:
1376:
1377: -- Units of conformance.
1378: mplsL3VpnScalarGroup OBJECT-GROUP
1379: OBJECTS { mplsL3VpnConfiguredVrfs,
1380: mplsL3VpnActiveVrfs,
1381: mplsL3VpnConnectedInterfaces,
1382: mplsL3VpnNotificationEnable,
1383: mplsL3VpnVrfConfMaxPossRts,
1384: mplsL3VpnVrfConfRteMxThrshTime
1385: }
1386: STATUS current
1387: DESCRIPTION
1388: "Collection of scalar objects required for MPLS VPN
1389: management."
1390: ::= { mplsL3VpnGroups 1 }
1391:
1392: mplsL3VpnVrfGroup OBJECT-GROUP
1393: OBJECTS { mplsL3VpnVrfVpnId,
1394: mplsL3VpnVrfDescription,
1395: mplsL3VpnVrfRD,
1396: mplsL3VpnVrfCreationTime,
1397: mplsL3VpnVrfOperStatus,
1398: mplsL3VpnVrfActiveInterfaces,
1399: mplsL3VpnVrfAssociatedInterfaces,
1400: mplsL3VpnVrfConfMidRteThresh,
1401: mplsL3VpnVrfConfHighRteThresh,
1402: mplsL3VpnVrfConfMaxRoutes,
1403: mplsL3VpnVrfConfLastChanged,
1404: mplsL3VpnVrfConfRowStatus,
1405: mplsL3VpnVrfConfStorageType
1406: }
1407: STATUS current
1408: DESCRIPTION
1409: "Collection of objects needed for MPLS VPN VRF
1410: management."
1411: ::= { mplsL3VpnGroups 2 }
1412:
1413: mplsL3VpnIfGroup OBJECT-GROUP
1414: OBJECTS { mplsL3VpnIfVpnClassification,
1415: mplsL3VpnIfVpnRouteDistProtocol,
1416: mplsL3VpnIfConfStorageType,
1417: mplsL3VpnIfConfRowStatus
1418: }
1419: STATUS current
1420: DESCRIPTION
1421: "Collection of objects needed for MPLS VPN interface
1422: management."
1423: ::= { mplsL3VpnGroups 3 }
1424:
1425: mplsL3VpnPerfGroup OBJECT-GROUP
1426: OBJECTS { mplsL3VpnVrfPerfRoutesAdded,
1427: mplsL3VpnVrfPerfRoutesDeleted,
1428: mplsL3VpnVrfPerfCurrNumRoutes
1429: }
1430: STATUS current
1431: DESCRIPTION
1432: "Collection of objects needed for MPLS VPN
1433: performance information."
1434: ::= { mplsL3VpnGroups 4 }
1435:
1436: mplsL3VpnPerfRouteGroup OBJECT-GROUP
1437: OBJECTS { mplsL3VpnVrfPerfRoutesDropped
1438: }
1439: STATUS current
1440: DESCRIPTION
1441: "Collection of objects needed to track MPLS VPN
1442: routing table dropped routes."
1443: ::= { mplsL3VpnGroups 5 }
1444:
1445: mplsL3VpnSecGroup OBJECT-GROUP
1446: OBJECTS { mplsL3VpnVrfSecIllegalLblVltns,
1447: mplsL3VpnVrfSecIllLblRcvThrsh }
1448: STATUS current
1449: DESCRIPTION
1450: "Collection of objects needed for MPLS VPN
1451: security-related information."
1452: ::= { mplsL3VpnGroups 7 }
1453:
1454: mplsL3VpnVrfRteGroup OBJECT-GROUP
1455: OBJECTS {
1456: mplsL3VpnVrfRteInetCidrIfIndex,
1457: mplsL3VpnVrfRteInetCidrType,
1458: mplsL3VpnVrfRteInetCidrProto,
1459: mplsL3VpnVrfRteInetCidrAge,
1460: mplsL3VpnVrfRteInetCidrNextHopAS,
1461: mplsL3VpnVrfRteInetCidrMetric1,
1462: mplsL3VpnVrfRteInetCidrMetric2,
1463: mplsL3VpnVrfRteInetCidrMetric3,
1464: mplsL3VpnVrfRteInetCidrMetric4,
1465: mplsL3VpnVrfRteInetCidrMetric5,
1466: mplsL3VpnVrfRteXCPointer,
1467: mplsL3VpnVrfRteInetCidrStatus
1468: }
1469: STATUS current
1470: DESCRIPTION
1471: "Objects required for VRF route table management."
1472: ::= { mplsL3VpnGroups 8 }
1473:
1474: mplsL3VpnVrfRTGroup OBJECT-GROUP
1475: OBJECTS { mplsL3VpnVrfRTDescr,
1476: mplsL3VpnVrfRT,
1477: mplsL3VpnVrfRTRowStatus
1478: }
1479: STATUS current
1480: DESCRIPTION
1481: "Objects required for VRF route target management."
1482: ::= { mplsL3VpnGroups 9 }
1483:
1484: mplsL3VpnNotificationGroup NOTIFICATION-GROUP
1485: NOTIFICATIONS { mplsVrfIfUp,
1486: mplsVrfIfDown,
1487: mplsNumVrfRouteMidThreshExceeded,
1488: mplsNumVrfRouteMaxThreshExceeded,
1489: mplsNumVrfSecIllglLblThrshExcd,
1490: mplsNumVrfRouteMaxThreshCleared
1491: }
1492: STATUS current
1493: DESCRIPTION
1494: "Objects required for MPLS VPN notifications."
1495: ::= { mplsL3VpnGroups 10 }
1496: -- End of MPLS-VPN-MIB
1497: END
1498:
1499: --
1500: -- Copyright (C) The Internet Society (2004). All Rights Reserved.
1501: --
1502: -- This document and translations of it may be copied and furnished
1503: -- to others, and derivative works that comment on or otherwise
1504: -- explain it or assist in its implementation may be prepared,
1505: -- copied, published and distributed, in whole or in part, without
1506: -- restriction of any kind, provided that the above copyright notice
1507: -- and this paragraph are included on all such copies and derivative
1508: -- works. However, this document itself may not be modified in any
1509: -- way, such as by removing the copyright notice or references to the
1510: -- Internet Society or other Internet organizations, except as needed
1511: -- for the purpose of developing Internet standards in which case
1512: -- the procedures for copyrights defined in the Internet Standards
1513: -- process must be followed, or as required to translate it into
1514: -- languages other than English.
1515: --
1516: -- The limited permissions granted above are perpetual and will not
1517: -- be revoked by the Internet Society or its successors or assigns.
1518: -- This document and the information contained herein is provided on
1519: -- an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
1520: -- ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
1521: -- IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
1522: -- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1523: -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1524: --
1525: --
1526: -- 16.0 Security Considerations
1527: --
1528: -- It is clear that these MIB modules are potentially useful for
1529: -- monitoring of MPLS LSRs supporting L3 MPLS VPN. This
1530: -- MIB module can also be used for configuration of certain objects,
1531: -- and anything that can be configured can be incorrectly configured,
1532: -- with potentially disastrous results.
1533: --
1534: -- There are a number of management objects defined in this MIB module
1535: -- with a MAX-ACCESS clause of read-write and/or read-create. Such
1536: -- objects may be considered sensitive or vulnerable in some network
1537: -- environments. The support for SET operations in a non-secure
1538: -- environment without proper protection can have a negative effect on
1539: -- network operations. These are the tables and objects and their
1540: -- sensitivity/vulnerability:
1541: -- o the mplsL3VpnVrfRouteTable, mplsL3VpnIfConfTable and
1542: -- mplsL3VpnVrfTable tables collectively
1543: -- contain objects which may be used to provision MPLS VRF
1544: -- interfaces and configuration. Unauthorized access to objects
1545: -- in these tables, could result in disruption of traffic on the
1546: -- network. This is especially true if these VRFs have been
1547: -- previously provisioned and are in use. The use of stronger
1548: -- mechanisms such as SNMPv3 security should be considered where
1549: -- possible. Specifically,
1550: -- SNMPv3 VACM and USM MUST be used with any v3 agent which
1551: -- implements this MIB module. Administrators should consider
1552: -- whether read access to these objects should be allowed,
1553: -- since read access may be undesirable under certain
1554: -- circumstances.
1555: --
1556: -- Some of the readable objects in this MIB module (i.e., objects with a
1557: -- MAX-ACCESS other than not-accessible) may be considered sensitive or
1558: -- vulnerable in some network environments. It is thus important to
1559: -- control even GET and/or NOTIFY access to these objects and possibly
1560: -- to even encrypt the values of these objects when sending them over
1561: -- the network via SNMP. These are the tables and objects and their
1562: -- sensitivity/vulnerability:
1563: --
1564: -- o the mplsL3VpnVrfTable, mplsL3VpnIfConfTable tables
1565: -- collectively show the VRF interfaces and
1566: -- associated VRF configurations as well as their linkages to other
1567: -- MPLS-related configuration and/or performanc statistics.
1568: -- Administrators not wishing to reveal this information should
1569: -- consider these objects sensitive/vulnerable and take
1570: -- precautions so they are not revealed.
1571: --
1572: -- SNMP versions prior to SNMPv3 did not include adequate security.
1573: -- Even if the network itself is secure (for example by using IPSec),
1574: -- even then, there is no control as to who on the secure network is
1575: -- allowed to access and GET/SET (read/change/create/delete) the objects
1576: -- in this MIB module.
1577: --
1578: -- It is RECOMMENDED that implementers consider the security features as
1579: -- provided by the SNMPv3 framework (see [RFC3410], section 8),
1580: -- including full support for the SNMPv3 cryptographic mechanisms (for
1581: -- authentication and privacy).
1582: --
1583: -- Further, deployment of SNMP versions prior to SNMPv3 is NOT
1584: -- RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
1585: -- enable cryptographic security. It is then a customer/operator
1586: -- responsibility to ensure that the SNMP entity giving access to an
1587: -- instance of this MIB module, is properly configured to give access
1588: -- to the objects only to those principals (users) that have legitimate
1589: -- rights to indeed GET or SET (change/create/delete) them.
1590: