RFC 
 2454 
 TOC 
Network Working GroupM. Daniele
Request for Comments: 2454Compaq Computer Corporation
Category: Standards TrackDecember 1998


IP Version 6 Management Information Base for the User Datagram Protocol

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the “Internet Official Protocol Standards” (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright © The Internet Society (1998). All Rights Reserved.

Abstract

This document is one in the series of documents that define various MIB objects for IPv6. Specifically, this document is the MIB module which defines managed objects for implementations of the User Datagram Protocol (UDP) over IP Version 6 (IPv6).

This document also recommends a specific policy with respect to the applicability of RFC 2013 for implementations of IPv6. Namely, that most of managed objects defined in RFC 2013 are independent of which IP versions underlie UDP, and only the UDP listener information is IP version-specific.

This memo defines an experimental portion of the Management Information Base (MIB) for use with network management protocols in IPv6-based internets.


 RFC 
 2454 
 TOC 

Table of Contents

1.  Introduction
2.  Overview
3.  Transparency of IP versions to UDP
4.  Representing UDP Listeners
5.  Conformance
6.  Definitions
7.  Acknowledgments
8.  References (BOILERPLATE)
9.  Security Considerations
10.  Author's Address (BOILERPLATE)
11.  Full Copyright Statement (BOILERPLATE)
12.  References
§  Author's Address
§  Intellectual Property and Copyright Statements




 TOC 

1.  Introduction

A management system contains: several (potentially many) nodes, each with a processing entity, termed an agent, which has access to management instrumentation; at least one management station; and, a management protocol, used to convey management information between the agents and management stations. Operations of the protocol are carried out under an administrative framework which defines authentication, authorization, access control, and privacy policies. Management stations execute management applications which monitor and control managed elements. Managed elements are devices such as hosts, routers, terminal servers, etc., which are monitored and controlled via access to their management information.

Management information is viewed as a collection of managed objects, residing in a virtual information store, termed the Management Information Base (MIB). Collections of related objects are defined in MIB modules. These modules are written using a subset of OSI's Abstract Syntax Notation One (ASN.1) [ISO.8824.1987] (International Organization for Standardization, “Information Processing Systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1),” December 1987.), termed the Structure of Management Information (SMI) [RFC1902] (Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, “Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2),” January 1996.).



 TOC 

2.  Overview

This document is one in the series of documents that define various MIB objects, and statements of conformance, for IPv6. This document defines the required instrumentation for implementations of UDP over IPv6.



 TOC 

3.  Transparency of IP versions to UDP

The fact that UDP is carried over IPv6 as opposed to IPv4, is largely invisible to a UDP implementation. A "UDPng" did not need to be defined, implementations simply need to support IPv6 addresses.

As such, the managed objects already defined in [RFC2013] (McCloghrie, K., “SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2,” November 1996.) are sufficient for managing UDP in the presence of IPv6. These objects are equally applicable whether the managed node supports IPv4 only, IPv6 only, or both IPv4 and IPv6.

For example, udpInDatagrams counts "The total number of UDP datagrams delivered to UDP users", regardless of which version of IP is used to deliver any of those datagrams.

Stated differently, UDP implementations don't need separate counters for IPv4 and for IPv6.



 TOC 

4.  Representing UDP Listeners

The exception to the statements in section 3 is the udpTable. Since IPv6 addresses cannot be represented with the IpAddress syntax, not all UDP endpoints can be represented in the udpTable defined in [UDP MIB].

This memo defines a new, separate table to represent only those UDP endpoints that utilize an IPv6 address. UDP endpoints on IPv4 addresses continue to be represented in udpTable [RFC2013] (McCloghrie, K., “SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2,” November 1996.). A different approach would have been to define a new table to represent all UDP endpoints regardless of IP version. This would require changes to [RFC2013] (McCloghrie, K., “SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2,” November 1996.) and hence to existing (IPv4-only) UDP implementations. The approach suggested in this memo has the advantage of leaving IPv4-only implementations intact.

It is assumed that the objects defined in this memo will eventually be defined in an update to [RFC2013] (McCloghrie, K., “SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2,” November 1996.). For this reason, the module identity is assigned under the experimental portion of the MIB.



 TOC 

5.  Conformance

This memo contains conformance statements to define conformance to this MIB for UDP over IPv6 implementations.



 TOC 

6.  Definitions

IPV6-UDP-MIB DEFINITIONS ::= BEGIN

IMPORTS
   MODULE-COMPLIANCE, OBJECT-GROUP      FROM SNMPv2-CONF
   MODULE-IDENTITY, OBJECT-TYPE,
   mib-2, experimental                  FROM SNMPv2-SMI
   Ipv6Address, Ipv6IfIndexOrZero       FROM IPV6-TC;


ipv6UdpMIB MODULE-IDENTITY
   LAST-UPDATED "9801290000Z"
   ORGANIZATION "IETF IPv6 MIB Working Group"
   CONTACT-INFO
        "               Mike Daniele


                Postal: Compaq Computer Corporation
                        110 Spitbrook Rd
                        Nashua, NH 03062.
                        US


                Phone:  +1 603 884 1423
                Email:  daniele@zk3.dec.com"
   DESCRIPTION
        "The MIB module for entities implementing UDP over IPv6."
   ::= { experimental 87 }


-- objects specific to UDP for IPv6


udp      OBJECT IDENTIFIER ::= { mib-2 7 }


-- the UDP over IPv6 Listener table
-- This table contains information about this entity's
-- UDP/IPv6 endpoints.  Only endpoints utilizing IPv6 addresses
-- are contained in this table.  This entity's UDP/IPv4 endpoints
-- are contained in udpTable.


ipv6UdpTable OBJECT-TYPE
   SYNTAX      SEQUENCE OF Ipv6UdpEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
        "A table containing UDP listener information for
         UDP/IPv6 endpoints."
   ::= { udp 6 }


ipv6UdpEntry OBJECT-TYPE
   SYNTAX      Ipv6UdpEntry
   MAX-ACCESS  not-accessible
   STATUS      current
   DESCRIPTION
        "Information about a particular current UDP listener.


         Note that conceptual rows in this table require an
         additional index object compared to udpTable, since
         IPv6 addresses are not guaranteed to be unique on the
         managed node."
   INDEX   { ipv6UdpLocalAddress,
             ipv6UdpLocalPort,
             ipv6UdpIfIndex }
   ::= { ipv6UdpTable 1 }


Ipv6UdpEntry ::= SEQUENCE {
   ipv6UdpLocalAddress    Ipv6Address,
   ipv6UdpLocalPort       INTEGER (0..65535),
   ipv6UdpIfIndex         Ipv6IfIndexOrZero }


ipv6UdpLocalAddress OBJECT-TYPE
   SYNTAX       Ipv6Address
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
        "The local IPv6 address for this UDP listener.
         In the case of a UDP listener which is willing
         to accept datagrams for any IPv6 address
         associated with the managed node, the value ::0
         is used."
   ::= { ipv6UdpEntry 1 }


ipv6UdpLocalPort OBJECT-TYPE
    SYNTAX     INTEGER (0..65535)
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
        "The local port number for this UDP listener."
    ::= { ipv6UdpEntry 2 }


ipv6UdpIfIndex OBJECT-TYPE
   SYNTAX     Ipv6IfIndexOrZero
   MAX-ACCESS   read-only
   STATUS     current
   DESCRIPTION
        "An index object used to disambiguate conceptual rows in
         the table, since the ipv6UdpLocalAddress/ipv6UdpLocalPort
         pair may not be unique.


         This object identifies the local interface that is
         associated with ipv6UdpLocalAddress for this UDP listener.
         If such a local interface cannot be determined, this object
         should take on the value 0.  (A possible example of this
         would be if the value of ipv6UdpLocalAddress is ::0.)


         The interface identified by a particular non-0 value of
         this index is the same interface as identified by the same
         value of ipv6IfIndex.


         The value of this object must remain constant during
         the life of this UDP endpoint."
   ::= { ipv6UdpEntry 3 }


--
-- conformance information
--


ipv6UdpConformance OBJECT IDENTIFIER ::= { ipv6UdpMIB 2 }


ipv6UdpCompliances OBJECT IDENTIFIER ::= { ipv6UdpConformance 1 }
ipv6UdpGroups      OBJECT IDENTIFIER ::= { ipv6UdpConformance 2 }


-- compliance statements


ipv6UdpCompliance MODULE-COMPLIANCE
   STATUS  current
   DESCRIPTION
        "The compliance statement for SNMPv2 entities which
         implement UDP over IPv6."
   MODULE  -- this module
   MANDATORY-GROUPS { ipv6UdpGroup }
   ::= { ipv6UdpCompliances 1 }


ipv6UdpGroup OBJECT-GROUP
   OBJECTS   { -- these are defined in this module
               -- ipv6UdpLocalAddress (not-accessible)
               -- ipv6UdpLocalPort (not-accessible)
               ipv6UdpIfIndex }
   STATUS    current
   DESCRIPTION
        "The group of objects providing management of
         UDP over IPv6."
   ::= { ipv6UdpGroups 1 }

END


 TOC 

7.  Acknowledgments

This memo is a product of the IPng work group, and benefited especially from the contributions of the following working group members:

Dimitry Haskin Bay Networks Margaret Forsythe Epilogue Tim Hartrick Mentat Frank Solensky FTP Jack McCann DEC



 TOC 

8.  References (BOILERPLATE)

This RFC contained boilerplate in this section which has been moved to the RFC2223-compliant unnumbered section "References."



 TOC 

9.  Security Considerations

There are no management objects defined in this MIB that have a MAX- ACCESS clause of read-write and/or read-create. So, if this MIB is implemented correctly, then there is no risk that an intruder can alter or create any management objects of this MIB via direct SNMP SET operations.

There are a number of managed objects in this MIB that may be considered to contain sensitive information in some environments. For example, the MIB identifies UDP ports on which processes are listening. Although this information might be considered sensitive in some environments (i.e., to identify ports on which to launch denial-of-service or other attacks), there are already other ways of obtaining similar information. For example, sending a random UDP packet to an unused port prompts the generation of an ICMP port unreachable message.

Therefore, it may be important in some environments to control read access to these objects and possibly to even encrypt the values of these object when sending them over the network via SNMP. Not all versions of SNMP provide features for such a secure environment. SNMPv1 by itself does not provide encryption or strong authentication.

It is recommended that the implementors consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model [RFC2274] (Blumenthal, U., “User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3),” January 1998.) and the View-based Access Control Model [RFC2275] (Wijnen, B., Presuhn, R., and K. McCloghrie, “View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP),” January 1998.) is recommended.

It is then a customer/user responsibility to ensure that the SNMP entity giving access to an instance of this MIB, is properly configured to give access to those objects only to those principals (users) that have legitimate rights to access them.



 TOC 

10.  Author's Address (BOILERPLATE)

This RFC contained boilerplate in this section which has been moved to the RFC2223-compliant unnumbered section "Author's Address."



 TOC 

11.  Full Copyright Statement (BOILERPLATE)

This RFC contained boilerplate in this section which has been moved to the RFC2223-compliant unnumbered section "Full Copyright Statement."



 TOC 

12. References

[ISO.8824.1987] International Organization for Standardization, “Information Processing Systems - Open Systems Interconnection - Specification of Abstract Syntax Notation One (ASN.1),” ISO Standard 8824, December 1987.
[RFC1902] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, “Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2),” RFC 1902, January 1996 (TXT).
[RFC2013] McCloghrie, K., “SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2,” RFC 2013, November 1996 (TXT, HTML, XML).
[RFC2465] Haskin, D. and S. Onishi, “Management Information Base for IP Version 6: Textual Conventions and General Group,” RFC 2465, December 1998 (TXT, HTML, XML).
[RFC2460] Deering, S. and R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification,” RFC 2460, December 1998 (TXT, HTML, XML).
[RFC2274] Blumenthal, U., “User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3),” RFC 2274, January 1998 (TXT, HTML, XML).
[RFC2275] Wijnen, B., Presuhn, R., and K. McCloghrie, “View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP),” RFC 2275, January 1998 (TXT, HTML, XML).


 TOC 

Author's Address

  Mike Daniele
  Compaq Computer Corporation
  110 Spit Brook Rd
  Nashua
  NH 03062
  USA
Phone:  +1 603 884 1423
Email:  daniele@zk3.dec.com


 TOC 

Full Copyright Statement

Intellectual Property