smilint output for ./MPLS-L3VPN-MIB-DRAFT-02
| Message Severities |
|---|
| Severity | Count |
|---|
| error | 1 |
| minor error | 1 |
| warning | 2 |
| Message Types |
|---|
| Type | Count |
|---|
| index-element-no-size (minor error) | 1 |
| index-exceeds-too-large (warning) | 1 |
| module-name-suffix (warning) | 1 |
| object-identifier-not-prefix (error) | 1 |
Messages:
MPLS-L3VPN-MIB-DRAFT-02
1: -- extracted from draft-ietf-l3vpn-mpls-vpn-mib-02.txt
2: -- at Tue Feb 10 06:16:44 2004
3:
4: MPLS-L3VPN-MIB-DRAFT-02 DEFINITIONS ::= BEGIN
5: IMPORTS
6: MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE,
7: Integer32, Counter32, Unsigned32,
8: mib-2, Gauge32
9: FROM SNMPv2-SMI
10: MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
11: FROM SNMPv2-CONF
12: TEXTUAL-CONVENTION, TruthValue, RowStatus, StorageType,
13: TimeStamp
14: FROM SNMPv2-TC
15: InterfaceIndex
16: FROM IF-MIB
17: VPNId
18: FROM L3VPN-TC-MIB-DRAFT-01
19: SnmpAdminString
20: FROM SNMP-FRAMEWORK-MIB
21: IANAipRouteProtocol
22: FROM IANA-RTPROTO-MIB
23: InetAddress, InetAddressType,
24: InetAddressPrefixLength,
25: InetAutonomousSystemNumber
26: FROM INET-ADDRESS-MIB
27: MplsIndexType
28: FROM MPLS-LSR-STD-MIB
29: ;
30:
31: mplsL3VpnMIB MODULE-IDENTITY
32: LAST-UPDATED "200210311200Z" -- 31 October 2002 12:00:00 GMT
33: ORGANIZATION "IETF Layer-3 Virtual Private
34: Networks Working Group."
35: CONTACT-INFO
36: " Thomas D. Nadeau
37: tnadeau@cisco.com
38: Harmen van der Linde
39: hvdl@att.com
40:
41: Luyuan Fang
42: luyuanfang@att.com
43:
44: Stephen Brannon
45:
46: Fabio M. Chiussi
47: fabio@bell-labs.com
48:
49: Joseph Dube
50:
51: Martin Tatham
52: martin.tatham@bt.com
53:
54: Comments and discussion to l3vpn@ietf.org"
55: DESCRIPTION
56: "This MIB contains managed object definitions for the
57: Layer-3 Multiprotocol Label Switching Virtual
58: Private Networks.
59:
60: Copyright (C) The Internet Society (2004). This
61: version of this MIB module is part of RFCXXX; see
62: the RFC itself for full legal notices."
63: -- Revision history.
64: REVISION
65: "200210311200Z" -- 31 October 2002 12:00:00 GMT
66: DESCRIPTION
67: "Initial version. Published as RFC xxxx." -- RFC-editor pls fill in xxxx
68: ::= { mib-2 xxx } -- assigned by IANA
68: error -
Object identifier element `xxx' name only allowed as first element
69:
70: -- Textual Conventions.
71: MplsL3VpnName ::= TEXTUAL-CONVENTION
72: STATUS current
73: DESCRIPTION
74: "An identifier that is assigned to each MPLS/BGP VPN and
75: is used to uniquely identify it. This is assigned by the
76: system operator or NMS and SHOULD be unique throughout
77: the MPLS domain. If this is the case, then this identifier
78: can then be used at any LSR within a specific MPLS domain
79: to identify this MPLS/BGP VPN. It may also be possible to
80: preserve the uniqueness of this identifier across MPLS
81: domain boundaries, in which case this identifier can then
82: be used to uniquely identify MPLS/BGP VPNs on a more global
83: basis. This object MAY be set to the VPN ID as defined in
84: RFC 2685."
85: REFERENCE
86: "RFC 2685 Fox B., et al, 'Virtual Private
87: Networks Identifier', September 1999."
88:
89: SYNTAX OCTET STRING(SIZE (0..31))
90:
91: MplsL3VpnRouteDistinguisher ::= TEXTUAL-CONVENTION
92: STATUS current
93: DESCRIPTION
94: "Syntax for a route distinguisher and route target."
95: SYNTAX OCTET STRING(SIZE (0..256))
96:
97: -- Top level components of this MIB.
98: mplsL3VpnNotifications OBJECT IDENTIFIER ::= { mplsL3VpnMIB 0 }
99: mplsL3VpnObjects OBJECT IDENTIFIER ::= { mplsL3VpnMIB 1 }
100: mplsL3VpnScalars OBJECT IDENTIFIER ::= { mplsL3VpnObjects 1 }
101: mplsL3VpnConf OBJECT IDENTIFIER ::= { mplsL3VpnObjects 2 }
102: mplsL3VpnPerf OBJECT IDENTIFIER ::= { mplsL3VpnObjects 3 }
103: mplsL3VpnRoute OBJECT IDENTIFIER ::= { mplsL3VpnObjects 4 }
104: mplsL3VpnConformance OBJECT IDENTIFIER ::= { mplsL3VpnMIB 3 }
105:
106: --
107: -- Scalar Objects
108: --
109:
110: mplsL3VpnConfiguredVrfs OBJECT-TYPE
111: SYNTAX Unsigned32
112: MAX-ACCESS read-only
113: STATUS current
114: DESCRIPTION
115: "The number of VRFs which are configured on this node."
116: ::= { mplsL3VpnScalars 1 }
117: mplsL3VpnActiveVrfs OBJECT-TYPE
118: SYNTAX Unsigned32
119: MAX-ACCESS read-only
120: STATUS current
121: DESCRIPTION
122: "The number of VRFs which are active on this node.
123: That is, those VRFs whose corresponding mplsL3VpnVrfOperStatus
124: object value is equal to operational (1)."
125: ::= { mplsL3VpnScalars 2 }
126:
127: mplsL3VpnConnectedInterfaces OBJECT-TYPE
128: SYNTAX Unsigned32
129: MAX-ACCESS read-only
130: STATUS current
131: DESCRIPTION
132: "Total number of interfaces connected to a VRF."
133: ::= { mplsL3VpnScalars 3 }
134:
135: mplsL3VpnNotificationEnable OBJECT-TYPE
136: SYNTAX TruthValue
137: MAX-ACCESS read-write
138: STATUS current
139: DESCRIPTION
140: "If this object is true, then it enables the
141: generation of all notifications defined in
142: this MIB."
143: DEFVAL { false }
144: ::= { mplsL3VpnScalars 4 }
145:
146: mplsL3VpnVrfConfMaxPossRts OBJECT-TYPE
147: SYNTAX Unsigned32
148: MAX-ACCESS read-only
149: STATUS current
150: DESCRIPTION
151: "Denotes maximum number of routes which the device
152: will allow all VRFs jointly to hold. If this value is
153: set to 0, this indicates that the device is
154: unable to determine the absolute maximum. In this
155: case, the configured maximum MAY not actually
156: be allowed by the device."
157: ::= { mplsL3VpnScalars 5 }
158:
159: mplsL3VpnVrfConfRteMxThrshTime OBJECT-TYPE
160: SYNTAX Unsigned32
161: UNITS "seconds"
162: MAX-ACCESS read-only
163: STATUS current
164: DESCRIPTION
165: "Denotes the interval in seconds, at which the route max threshold
166: notification may be re-issued after the maximum value has been
167: exceeded (or has been reached if mplsL3VpnVrfConfMaxRoutes and
168: mplsL3VpnVrfConfHighRteThresh are equal) and the initial
169: notification has been issued. This value is intended to prevent
170: continuous generation of notifications by an agent in the event
171: that routes are continually added to a VRF after it has reached
172: its maximum value. If this value is set to 0, the agent should
173: only issue a single notification at the time that the maxium
174: threshold has been reached, and should not issue any more
175: notifications until the value of routes has fallen below the
176: configured threshold value. This is the recommended default
177: behavior."
178: DEFVAL { 0 }
179: ::= { mplsL3VpnScalars 6 }
180:
181: -- VPN Interface Configuration Table
182:
183: mplsL3VpnIfConfTable OBJECT-TYPE
184: SYNTAX SEQUENCE OF MplsL3VpnIfConfEntry
185: MAX-ACCESS not-accessible
186: STATUS current
187: DESCRIPTION
188: "This table specifies per-interface MPLS capability
189: and associated information."
190: ::= { mplsL3VpnConf 1 }
191:
192: mplsL3VpnIfConfEntry OBJECT-TYPE
193: SYNTAX MplsL3VpnIfConfEntry
194: MAX-ACCESS not-accessible
195: STATUS current
196: DESCRIPTION
197: "An entry in this table is created by an LSR for
198: every interface capable of supporting MPLS L3VPN.
199: Each entry in this table is meant to correspond to
200: an entry in the Interfaces Table."
201: INDEX { mplsL3VpnVrfName, mplsL3VpnIfConfIndex }
202: ::= { mplsL3VpnIfConfTable 1 }
203:
204: MplsL3VpnIfConfEntry ::= SEQUENCE {
205: mplsL3VpnIfConfIndex InterfaceIndex,
206: mplsL3VpnIfVpnClassification INTEGER,
207: mplsL3VpnIfVpnRouteDistProtocol BITS,
208: mplsL3VpnIfConfStorageType StorageType,
209: mplsL3VpnIfConfRowStatus RowStatus
210: }
211:
212: mplsL3VpnIfConfIndex OBJECT-TYPE
213: SYNTAX InterfaceIndex
214: MAX-ACCESS not-accessible
215: STATUS current
216: DESCRIPTION
217: "This is a unique index for an entry in the
218: mplsL3VpnIfConfTable. A non-zero index for an
219: entry indicates the ifIndex for the corresponding
220: interface entry in the MPLS-VPN-layer in the ifTable.
221: Note that this table does not necessarily correspond
222: one-to-one with all entries in the Interface MIB
223: having an ifType of MPLS-layer; rather, only those
224: which are enabled for MPLS L3VPN functionality."
225: REFERENCE
226: "RFC 2233 - The Interfaces Group MIB using SMIv2,
227: McCloghrie, K., and F. Kastenholtz, Nov. 1997"
228: ::= { mplsL3VpnIfConfEntry 1 }
229:
230: mplsL3VpnIfVpnClassification OBJECT-TYPE
231: SYNTAX INTEGER { carrierOfCarrier (1),
232: enterprise (2),
233: interProvider (3)
234: }
235: MAX-ACCESS read-create
236: STATUS current
237: DESCRIPTION
238: "Denotes whether this link participates in a
239: carrier-of-carrier's, enterprise, or inter-provider
240: scenario."
241: ::= { mplsL3VpnIfConfEntry 2 }
242:
243: mplsL3VpnIfVpnRouteDistProtocol OBJECT-TYPE
244: SYNTAX BITS { none (0),
245: bgp (1),
246: ospf (2),
247: rip(3),
248: isis(4),
249: static(5),
250: other (6)
251: }
252: MAX-ACCESS read-create
253: STATUS current
254: DESCRIPTION
255: "Denotes the route distribution protocol across the
256: PE-CE link. Note that more than one routing protocol
257: may be enabled at the same time, thus this object is
258: specified as a bitmask. For example, static(5) and
259: ospf(2) are a typical configuration."
260: ::= { mplsL3VpnIfConfEntry 3 }
261:
262: mplsL3VpnIfConfStorageType OBJECT-TYPE
263: SYNTAX StorageType
264: MAX-ACCESS read-create
265: STATUS current
266: DESCRIPTION
267: "The storage type for this entry."
268: ::= { mplsL3VpnIfConfEntry 4 }
269:
270: mplsL3VpnIfConfRowStatus OBJECT-TYPE
271: SYNTAX RowStatus
272: MAX-ACCESS read-create
273: STATUS current
274: DESCRIPTION
275: "This variable is used to create, modify, and/or
276: delete a row in this table. Rows in this
277: table signify that the specified interface is
278: associated with this VRF. If the row creation
279: operation succeeds, the interface will have been
280: associated with the specified VRF, otherwise the
281: agent MUST not allow the association. If the agent
282: only allows read-only operations on this table, it
283: MUST create entries in this table as they are created
284: on the device. When a row in this
285: table is in active(1) state, no objects in that row
286: can be modified by the agent except
287: mplsL3VpnIfConfStorageType and mplsL3VpnIfConfRowStatus
288: ."
289: ::= { mplsL3VpnIfConfEntry 5 }
290:
291: -- VRF Configuration Table
292: mplsL3VpnVrfTable OBJECT-TYPE
293: SYNTAX SEQUENCE OF MplsL3VpnVrfEntry
294: MAX-ACCESS not-accessible
295: STATUS current
296: DESCRIPTION
297: "This table specifies per-interface MPLS L3VPN
298: VRF Table capability and associated information.
299: Entries in this table define VRF routing instances
300: associated with MPLS/VPN interfaces. Note that
301: multiple interfaces can belong to the same VRF
302: instance. The collection of all VRF instances
303: comprises an actual VPN."
304: ::= { mplsL3VpnConf 2 }
305:
306: mplsL3VpnVrfEntry OBJECT-TYPE
307: SYNTAX MplsL3VpnVrfEntry
308: MAX-ACCESS not-accessible
309: STATUS current
310: DESCRIPTION
311: "An entry in this table is created by an LSR for
312: every VRF capable of supporting MPLS L3VPN. The
313: indexing provides an ordering of VRFs per-VPN
314: interface."
315: INDEX { mplsL3VpnVrfName }
316: ::= { mplsL3VpnVrfTable 1 }
317: MplsL3VpnVrfEntry ::= SEQUENCE {
318: mplsL3VpnVrfName MplsL3VpnName,
319: mplsL3VpnVrfVpnId VPNId,
320: mplsL3VpnVrfDescription SnmpAdminString,
321: mplsL3VpnVrfRD MplsL3VpnRouteDistinguisher,
322: mplsL3VpnVrfCreationTime TimeStamp,
323: mplsL3VpnVrfOperStatus INTEGER,
324: mplsL3VpnVrfActiveInterfaces Unsigned32,
325: mplsL3VpnVrfAssociatedInterfaces Unsigned32,
326: mplsL3VpnVrfConfMidRteThres Unsigned32,
327: mplsL3VpnVrfConfHighRteThresh Unsigned32,
328: mplsL3VpnVrfConfMaxRoutes Unsigned32,
329: mplsL3VpnVrfConfLastChanged TimeStamp,
330: mplsL3VpnVrfConfRowStatus RowStatus,
331: mplsL3VpnVrfConfStorageType StorageType
332: }
333:
334: mplsL3VpnVrfName OBJECT-TYPE
335: SYNTAX MplsL3VpnName
336: MAX-ACCESS not-accessible
337: STATUS current
338: DESCRIPTION
339: "The human-readable name of this VPN. This MAY
340: be equivalent to the RFC2685 VPN-ID, but may
341: also vary. If it is set to the VPN ID, it MUST
342: be equivalent to the value of mplsL3VpnVrfVpnId.
343: It is strongly recommended that all sites supporting
344: VRFs that are part of the same VPN use the same
345: naming convention for VRFs as well as the same VPN
346: ID."
347: REFERENCE
348: "RFC 2685 Fox B., et al, `Virtual
349: Private Networks Identifier`, September 1999."
350: ::= { mplsL3VpnVrfEntry 1 }
351:
352: mplsL3VpnVrfVpnId OBJECT-TYPE
353: SYNTAX VPNId
354: MAX-ACCESS read-create
355: STATUS current
356: DESCRIPTION
357: "The VPN ID as specified in RFC 2685. If a VPN ID
358: has not been specified for this VRF, then this
359: variable SHOULD be set to an empty string."
360: ::= { mplsL3VpnVrfEntry 2 }
361:
362: mplsL3VpnVrfDescription OBJECT-TYPE
363: SYNTAX SnmpAdminString
364: MAX-ACCESS read-create
365: STATUS current
366: DESCRIPTION
367: "The human-readable description of this VRF."
368: ::= { mplsL3VpnVrfEntry 3 }
369:
370: mplsL3VpnVrfRD OBJECT-TYPE
371: SYNTAX MplsL3VpnRouteDistinguisher
372: MAX-ACCESS read-create
373: STATUS current
374: DESCRIPTION
375: "The route distinguisher for this VRF."
376: ::= { mplsL3VpnVrfEntry 4 }
377:
378: mplsL3VpnVrfCreationTime OBJECT-TYPE
379: SYNTAX TimeStamp
380: MAX-ACCESS read-only
381: STATUS current
382: DESCRIPTION
383: "The time at which this VRF entry was created."
384: ::= { mplsL3VpnVrfEntry 5 }
385:
386: mplsL3VpnVrfOperStatus OBJECT-TYPE
387: SYNTAX INTEGER { up (1),
388: down (2)
389:
390: }
391: MAX-ACCESS read-only
392: STATUS current
393: DESCRIPTION
394: "Denotes whether a VRF is operational or not. A VRF is
395: up(1) when at least one interface associated with the
396: VRF, which ifOperStatus is up(1). A VRF is down(2) when:
397: a. There does not exist at least one interface whose
398: ifOperStatus is up(1).
399: b. There are no interfaces associated with the VRF."
400: ::= { mplsL3VpnVrfEntry 6 }
401:
402: mplsL3VpnVrfActiveInterfaces OBJECT-TYPE
403: SYNTAX Unsigned32
404: MAX-ACCESS read-only
405: STATUS current
406: DESCRIPTION
407: "Total number of interfaces connected to this VRF with
408: ifOperStatus = up(1).
409: This counter should be incremented when:
410: a. When the ifOperStatus of one of the connected interfaces
411: changes from down(2) to up(1).
412:
413: b. When an interface with ifOperStatus = up(1) is connected
414: to this VRF.
415: This counter should be decremented when:
416: a. When the ifOperStatus of one of the connected interfaces
417: changes from up(1) to down(2).
418: b. When one of the connected interfaces with
419: ifOperStatus = up(1) gets disconnected from this VRF."
420: ::= { mplsL3VpnVrfEntry 7 }
421:
422: mplsL3VpnVrfAssociatedInterfaces OBJECT-TYPE
423: SYNTAX Unsigned32
424: MAX-ACCESS read-only
425: STATUS current
426: DESCRIPTION
427: "Total number of interfaces connected to this VRF
428: (independent of ifOperStatus type)."
429: ::= { mplsL3VpnVrfEntry 8 }
430:
431: mplsL3VpnVrfConfMidRteThres OBJECT-TYPE
432: SYNTAX Unsigned32
433: MAX-ACCESS read-create
434: STATUS current
435: DESCRIPTION
436: "Denotes mid-level water marker for the number
437: of routes which this VRF may hold."
438: ::= { mplsL3VpnVrfEntry 9 }
439:
440: mplsL3VpnVrfConfHighRteThresh OBJECT-TYPE
441: SYNTAX Unsigned32
442: MAX-ACCESS read-create
443: STATUS current
444: DESCRIPTION
445: "Denotes high-level water marker for the number of
446: routes which this VRF may hold."
447: ::= { mplsL3VpnVrfEntry 10 }
448:
449: mplsL3VpnVrfConfMaxRoutes OBJECT-TYPE
450: SYNTAX Unsigned32
451: MAX-ACCESS read-create
452: STATUS current
453: DESCRIPTION
454: "Denotes maximum number of routes which this VRF is
455: configured to hold. This value MUST be less than or
456: equal to mplsVrfMaxPossibleRoutes unless it is set
457: to 0."
458: ::= { mplsL3VpnVrfEntry 11 }
459:
460: mplsL3VpnVrfConfLastChanged OBJECT-TYPE
461: SYNTAX TimeStamp
462: MAX-ACCESS read-only
463: STATUS current
464: DESCRIPTION
465: "The value of sysUpTime at the time of the last
466: change of this table entry, which includes changes of
467: VRF parameters defined in this table or addition or
468: deletion of interfaces associated with this VRF."
469: ::= { mplsL3VpnVrfEntry 12 }
470:
471: mplsL3VpnVrfConfRowStatus OBJECT-TYPE
472: SYNTAX RowStatus
473: MAX-ACCESS read-create
474: STATUS current
475: DESCRIPTION
476: "This variable is used to create, modify, and/or
477: delete a row in this table."
478: ::= { mplsL3VpnVrfEntry 13 }
479:
480: mplsL3VpnVrfConfStorageType OBJECT-TYPE
481: SYNTAX StorageType
482: MAX-ACCESS read-create
483: STATUS current
484: DESCRIPTION
485: "The storage type for this entry."
486: ::= { mplsL3VpnVrfEntry 14 }
487:
488: -- MplsL3VpnVrfRTTable
489: mplsL3VpnVrfRTTable OBJECT-TYPE
490: SYNTAX SEQUENCE OF MplsL3VpnVrfRTEntry
491: MAX-ACCESS not-accessible
492: STATUS current
493: DESCRIPTION
494: "This table specifies per-VRF route target association.
495: Each entry identifies a connectivity policy supported
496: as part of a VPN."
497: ::= { mplsL3VpnConf 3 }
498:
499: mplsL3VpnVrfRTEntry OBJECT-TYPE
500: SYNTAX MplsL3VpnVrfRTEntry
501: MAX-ACCESS not-accessible
502: STATUS current
503: DESCRIPTION
504: " An entry in this table is created by an LSR for
505: each route target configured for a VRF supporting
506: a MPLS L3VPN instance. The indexing provides an
507: ordering per-VRF instance."
508: INDEX { mplsL3VpnVrfName, mplsL3VpnVrfRTIndex,
509: mplsL3VpnVrfRTType }
510: ::= { mplsL3VpnVrfRTTable 1 }
511:
512: MplsL3VpnVrfRTEntry ::= SEQUENCE {
513: mplsL3VpnVrfRTIndex Unsigned32,
514: mplsL3VpnVrfRTType INTEGER,
515: mplsL3VpnVrfRT MplsL3VpnRouteDistinguisher,
516: mplsL3VpnVrfRTDescr SnmpAdminString,
517: mplsL3VpnVrfRTRowStatus RowStatus
518: }
519:
520: mplsL3VpnVrfRTIndex OBJECT-TYPE
521: SYNTAX Unsigned32 (1..4294967295)
522: MAX-ACCESS not-accessible
523: STATUS current
524: DESCRIPTION
525: "Auxiliary index for route-targets configured for a
526: particular VRF."
527: ::= { mplsL3VpnVrfRTEntry 2 }
528:
529: mplsL3VpnVrfRTType OBJECT-TYPE
530: SYNTAX INTEGER { import(1), export(2), both(3) }
531: MAX-ACCESS not-accessible
532: STATUS current
533: DESCRIPTION
534: "The route target export distribution type."
535: ::= { mplsL3VpnVrfRTEntry 3 }
536:
537: mplsL3VpnVrfRT OBJECT-TYPE
538: SYNTAX MplsL3VpnRouteDistinguisher
539: MAX-ACCESS read-create
540: STATUS current
541: DESCRIPTION
542: "The route target distribution policy."
543: ::= { mplsL3VpnVrfRTEntry 4 }
544:
545: mplsL3VpnVrfRTDescr OBJECT-TYPE
546: SYNTAX SnmpAdminString
547: MAX-ACCESS read-create
548: STATUS current
549: DESCRIPTION
550: "Description of the route target."
551: ::= { mplsL3VpnVrfRTEntry 5 }
552:
553: mplsL3VpnVrfRTRowStatus OBJECT-TYPE
554: SYNTAX RowStatus
555: MAX-ACCESS read-create
556: STATUS current
557: DESCRIPTION
558: "This variable is used to create, modify, and/or
559: delete a row in this table. When a row in this
560: table is in active(1) state, no objects in that row
561: can be modified by the agent except
562: mplsL3VpnVrfRTRowStatus."
563: ::= { mplsL3VpnVrfRTEntry 6 }
564:
565:
566: -- VRF Security Table
567:
568: mplsL3VpnVrfSecTable OBJECT-TYPE
569: SYNTAX SEQUENCE OF MplsL3VpnVrfSecEntry
570: MAX-ACCESS not-accessible
571: STATUS current
572: DESCRIPTION
573: "This table specifies per MPLS L3VPN VRF Table security
574: features."
575: ::= { mplsL3VpnConf 6 }
576:
577: mplsL3VpnVrfSecEntry OBJECT-TYPE
578: SYNTAX MplsL3VpnVrfSecEntry
579: MAX-ACCESS not-accessible
580: STATUS current
581: DESCRIPTION
582: "An entry in this table is created by an LSR for
583: every VRF capable of supporting MPLS L3VPN. Each
584: entry in this table is used to indicate security-related
585: information for each VRF entry."
586: AUGMENTS { mplsL3VpnVrfEntry }
587: ::= { mplsL3VpnVrfSecTable 1 }
588:
589: MplsL3VpnVrfSecEntry ::= SEQUENCE {
590: mplsL3VpnVrfSecIllegalLblVltns Counter32,
591: mplsL3VpnVrfSecIllLblRcvThrsh Unsigned32
592: }
593:
594: mplsL3VpnVrfSecIllegalLblVltns OBJECT-TYPE
595: SYNTAX Counter32
596: MAX-ACCESS read-only
597: STATUS current
598: DESCRIPTION
599: "Indicates the number of illegally received labels on this VPN/VRF."
600: ::= { mplsL3VpnVrfSecEntry 1 }
601:
602: mplsL3VpnVrfSecIllLblRcvThrsh OBJECT-TYPE
603: SYNTAX Unsigned32
604: MAX-ACCESS read-create
605: STATUS current
606: DESCRIPTION
607: "The number of illegally received labels above which this
608: notification is issued."
609: ::= { mplsL3VpnVrfSecEntry 2 }
610:
611: -- VRF Performance Table
612:
613: mplsL3VpnVrfPerfTable OBJECT-TYPE
614: SYNTAX SEQUENCE OF MplsL3VpnVrfPerfEntry
615: MAX-ACCESS not-accessible
616: STATUS current
617: DESCRIPTION
618: "This table specifies per MPLS L3VPN VRF Table performance
619: information."
620: ::= { mplsL3VpnPerf 1 }
621:
622: mplsL3VpnVrfPerfEntry OBJECT-TYPE
623: SYNTAX MplsL3VpnVrfPerfEntry
624: MAX-ACCESS not-accessible
625: STATUS current
626: DESCRIPTION
627: "An entry in this table is created by an LSR for
628: every VRF capable of supporting MPLS L3VPN."
629: AUGMENTS { mplsL3VpnVrfEntry }
630: ::= { mplsL3VpnVrfPerfTable 1 }
631:
632: MplsL3VpnVrfPerfEntry ::= SEQUENCE {
633: mplsL3VpnVrfPerfRoutesAdded Counter32,
634: mplsL3VpnVrfPerfRoutesDeleted Counter32,
635: mplsL3VpnVrfPerfCurrNumRoutes Unsigned32
636: }
637:
638: mplsL3VpnVrfPerfRoutesAdded OBJECT-TYPE
639: SYNTAX Counter32
640: MAX-ACCESS read-only
641: STATUS current
642: DESCRIPTION
643: "Indicates the number of routes added to this VPN/VRF
644: since this device has last been reset or the VRF
645: was created, whichever came last."
646: ::= { mplsL3VpnVrfPerfEntry 1 }
647:
648: mplsL3VpnVrfPerfRoutesDeleted OBJECT-TYPE
649: SYNTAX Counter32
650: MAX-ACCESS read-only
651: STATUS current
652: DESCRIPTION
653: "Indicates the number of routes removed from this VPN/VRF."
654: ::= { mplsL3VpnVrfPerfEntry 2 }
655:
656: mplsL3VpnVrfPerfCurrNumRoutes OBJECT-TYPE
657: SYNTAX Unsigned32
658: MAX-ACCESS read-only
659: STATUS current
660: DESCRIPTION
661: "Indicates the number of routes currently used by this VRF."
662: ::= { mplsL3VpnVrfPerfEntry 3 }
663:
664:
665: -- VRF Routing Table
666:
667: mplsL3VpnVrfRteTable OBJECT-TYPE
668: SYNTAX SEQUENCE OF MplsL3VpnVrfRteEntry
669: MAX-ACCESS not-accessible
670: STATUS current
671: DESCRIPTION
672: "This table specifies per-interface MPLS L3VPN VRF Table
673: routing information. Entries in this table define VRF routing
674: entries associated with the specified MPLS/VPN interfaces. Note
675: that this table contains both BGP and IGP routes, as both may
676: appear in the same VRF."
677: REFERENCE
678: "1. RFC 1213 Section 6.6, The IP Group.
679: 2. RFC 2096 "
680: ::= { mplsL3VpnRoute 1 }
681:
682: mplsL3VpnVrfRteEntry OBJECT-TYPE
682: warning -
warning: index of row `mplsL3VpnVrfRteEntry' can exceed OID size limit by 554 subidentifier(s)
683: SYNTAX MplsL3VpnVrfRteEntry
684: MAX-ACCESS not-accessible
685: STATUS current
686: DESCRIPTION
687: "An entry in this table is created by an LSR for every route
688: present configured (either dynamically or statically) within
689: the context of a specific VRF capable of supporting MPLS/BGP
690: VPN. The indexing provides an ordering of VRFs per-VPN
691: interface.
692:
693: Implementors need to be aware that if the value of
694: the mplsL3VpnVrfName (an OID) has more
695: that 111 sub-identifiers, then OIDs of column
696: instances in this table will have more than 128
697: sub-identifiers and cannot be accessed using SNMPv1,
698: SNMPv2c, or SNMPv3."
699: INDEX { mplsL3VpnVrfName,
700: mplsL3VpnVrfRteInetCidrDestType,
701: mplsL3VpnVrfRteInetCidrDest,
702: mplsL3VpnVrfRteInetCidrPfxLen,
703: mplsL3VpnVrfRteInetCidrPolicy,
704: mplsL3VpnVrfRteInetCidrNHopType,
705: mplsL3VpnVrfRteInetCidrNextHop
706: }
707: ::= { mplsL3VpnVrfRteTable 1 }
708:
709: MplsL3VpnVrfRteEntry ::= SEQUENCE {
710: mplsL3VpnVrfRteInetCidrDestType InetAddressType,
711: mplsL3VpnVrfRteInetCidrDest InetAddress,
712: mplsL3VpnVrfRteInetCidrPfxLen InetAddressPrefixLength,
713: mplsL3VpnVrfRteInetCidrPolicy OBJECT IDENTIFIER,
714: mplsL3VpnVrfRteInetCidrNHopType InetAddressType,
715: mplsL3VpnVrfRteInetCidrNextHop InetAddress,
716: mplsL3VpnVrfRteInetCidrIfIndex InterfaceIndex,
717: mplsL3VpnVrfRteInetCidrType INTEGER,
718: mplsL3VpnVrfRteInetCidrProto IANAipRouteProtocol,
719: mplsL3VpnVrfRteInetCidrAge Gauge32,
720: mplsL3VpnVrfRteInetCidrNextHopAS InetAutonomousSystemNumber,
721: mplsL3VpnVrfRteInetCidrMetric1 Integer32,
722: mplsL3VpnVrfRteInetCidrMetric2 Integer32,
723: mplsL3VpnVrfRteInetCidrMetric3 Integer32,
724: mplsL3VpnVrfRteInetCidrMetric4 Integer32,
725: mplsL3VpnVrfRteInetCidrMetric5 Integer32,
726: mplsL3VpnVrfRteXCPointer MplsIndexType,
727: mplsL3VpnVrfRteInetCidrStatus RowStatus
728: }
729:
730: mplsL3VpnVrfRteInetCidrDestType OBJECT-TYPE
731: SYNTAX InetAddressType
732: MAX-ACCESS not-accessible
733: STATUS current
734: DESCRIPTION
735: "The type of the mplsL3VpnVrfRteInetCidrDest address, as defined
736: in the InetAddress MIB.
737:
738: Only those address types that may appear in an actual
739: routing table are allowed as values of this object."
740: REFERENCE "RFC 3291"
741: ::= { mplsL3VpnVrfRteEntry 1 }
742:
743: mplsL3VpnVrfRteInetCidrDest OBJECT-TYPE
744: SYNTAX InetAddress
745: MAX-ACCESS not-accessible
746: STATUS current
747: DESCRIPTION
748: "The destination IP address of this route.
749:
750: The type of this address is determined by the value of
751: the mplsL3VpnVrfRteInetCidrDestType object.
752:
753: The values for the index objects mplsL3VpnVrfRteInetCidrDest and
754: mplsL3VpnVrfRteInetCidrPfxLen must be consistent. When the value
755: of mplsL3VpnVrfRteInetCidrDest is x, then the bitwise logical-AND
756: of x with the value of the mask formed from the
757: corresponding index object mplsL3VpnVrfRteInetCidrPfxLen MUST be
758: equal to x. If not, then the index pair is not
759: consistent and an inconsistentName error must be
760: returned on SET or CREATE requests."
761: ::= { mplsL3VpnVrfRteEntry 2 }
762:
763: mplsL3VpnVrfRteInetCidrPfxLen OBJECT-TYPE
764: SYNTAX InetAddressPrefixLength (0..128)
765: MAX-ACCESS not-accessible
766: STATUS current
767: DESCRIPTION
768: "Indicates the number of leading one bits which form the
769: mask to be logical-ANDed with the destination address
770: before being compared to the value in the
771: mplsL3VpnVrfRteInetCidrDest field.
772:
773: The values for the index objects mplsL3VpnVrfRteInetCidrDest and
774: mplsL3VpnVrfRteInetCidrPfxLen must be consistent. When the value
775: of mplsL3VpnVrfRteInetCidrDest is x, then the bitwise logical-AND
776: of x with the value of the mask formed from the
777: corresponding index object mplsL3VpnVrfRteInetCidrPfxLen MUST be
778: equal to x. If not, then the index pair is not
779: consistent and an inconsistentName error must be
780: returned on SET or CREATE requests."
781: ::= { mplsL3VpnVrfRteEntry 3 }
782:
783: mplsL3VpnVrfRteInetCidrPolicy OBJECT-TYPE
783: minor error -
index element `mplsL3VpnVrfRteInetCidrPolicy' of row `mplsL3VpnVrfRteEntry' should but cannot have a size restriction
784: SYNTAX OBJECT IDENTIFIER
785: MAX-ACCESS not-accessible
786: STATUS current
787: DESCRIPTION
788: "This object is an opaque object without any defined
789: semantics. Its purpose is to serve as an additional
790: index which may delineate between multiple entries to
791: the same destination. The value { 0 0 } shall be used
792: as the default value for this object."
793: ::= { mplsL3VpnVrfRteEntry 4 }
794:
795: mplsL3VpnVrfRteInetCidrNHopType OBJECT-TYPE
796: SYNTAX InetAddressType
797: MAX-ACCESS not-accessible
798: STATUS current
799: DESCRIPTION
800: "The type of the mplsL3VpnVrfRteInetCidrNextHop address, as
801: defined in the InetAddress MIB.
802:
803: Value should be set to unknown(0) for non-remote
804: routes.
805:
806: Only those address types that may appear in an actual
807: routing table are allowed as values of this object."
808: REFERENCE "RFC 3291"
809: ::= { mplsL3VpnVrfRteEntry 5 }
810:
811: mplsL3VpnVrfRteInetCidrNextHop OBJECT-TYPE
812: SYNTAX InetAddress
813: MAX-ACCESS not-accessible
814: STATUS current
815: DESCRIPTION
816: "On remote routes, the address of the next system en
817: route. For non-remote routes, a zero length string.
818:
819: The type of this address is determined by the value of
820: the mplsL3VpnVrfRteInetCidrNHopType object."
821: ::= { mplsL3VpnVrfRteEntry 6 }
822:
823: mplsL3VpnVrfRteInetCidrIfIndex OBJECT-TYPE
824: SYNTAX InterfaceIndex
825: MAX-ACCESS read-create
826: STATUS current
827: DESCRIPTION
828: "The ifIndex value which identifies the local interface
829: through which the next hop of this route should be
830: reached. A value of 0 is valid and represents the
831: scenario where no interface is specified."
832: ::= { mplsL3VpnVrfRteEntry 7 }
833:
834: mplsL3VpnVrfRteInetCidrType OBJECT-TYPE
835: SYNTAX INTEGER {
836: other (1), -- not specified by this MIB
837: reject (2), -- route which discards traffic and
838: -- returns ICMP notification
839:
840: local (3), -- local interface
841:
842: remote (4), -- remote destination
843: blackhole(5) -- route which discards traffic
844: -- silently
845: }
846: MAX-ACCESS read-create
847: STATUS current
848: DESCRIPTION
849: "The type of route. Note that local(3) refers to a
850: route for which the next hop is the final destination;
851: remote(4)refers to a route for which the next hop is
852: not the final destination.
853:
854: Routes which do not result in traffic forwarding or
855: rejection should not be displayed even if the
856: implementation keeps them stored internally.
857:
858: reject(2) refers to a route which, if matched, discards
859: the message as unreachable and returns a notification
860: (e.g. ICMP error) to the message sender. This is used
861: in some protocols as a means of correctly aggregating
862: routes.
863:
864: blackhole(5) refers to a route which, if matched,
865: discards the message silently."
866: ::= { mplsL3VpnVrfRteEntry 8 }
867:
868: mplsL3VpnVrfRteInetCidrProto OBJECT-TYPE
869: SYNTAX IANAipRouteProtocol
870: MAX-ACCESS read-only
871: STATUS current
872: DESCRIPTION
873: "The routing mechanism via which this route was learned.
874: Inclusion of values for gateway routing protocols is
875: not intended to imply that hosts should support those
876: protocols."
877: ::= { mplsL3VpnVrfRteEntry 9 }
878:
879: mplsL3VpnVrfRteInetCidrAge OBJECT-TYPE
880: SYNTAX Gauge32
881: MAX-ACCESS read-only
882: STATUS current
883: DESCRIPTION
884: "The number of seconds since this route was last updated
885: or otherwise determined to be correct. Note that no
886: semantics of 'too old' can be implied except through
887: knowledge of the routing protocol by which the route
888: was learned."
889: ::= { mplsL3VpnVrfRteEntry 10 }
890:
891: mplsL3VpnVrfRteInetCidrNextHopAS OBJECT-TYPE
892: SYNTAX InetAutonomousSystemNumber
893: MAX-ACCESS read-create
894: STATUS current
895: DESCRIPTION
896:
897:
898:
899: "The Autonomous System Number of the Next Hop. The
900: semantics of this object are determined by the routing-
901: protocol specified in the route's mplsL3VpnVrfRteInetCidrProto
902: value. When this object is unknown or not relevant its
903: value should be set to zero."
904: DEFVAL { 0 }
905: ::= { mplsL3VpnVrfRteEntry 11 }
906:
907: mplsL3VpnVrfRteInetCidrMetric1 OBJECT-TYPE
908: SYNTAX Integer32
909: MAX-ACCESS read-create
910: STATUS current
911: DESCRIPTION
912: "The primary routing metric for this route. The
913: semantics of this metric are determined by the routing-
914: protocol specified in the route's mplsL3VpnVrfRteInetCidrProto
915: value. If this metric is not used, its value should be
916: set to -1."
917: DEFVAL { -1 }
918: ::= { mplsL3VpnVrfRteEntry 12 }
919:
920: mplsL3VpnVrfRteInetCidrMetric2 OBJECT-TYPE
921: SYNTAX Integer32
922: MAX-ACCESS read-create
923: STATUS current
924: DESCRIPTION
925: "An alternate routing metric for this route. The
926: semantics of this metric are determined by the routing-
927: protocol specified in the route's mplsL3VpnVrfRteInetCidrProto
928: value. If this metric is not used, its value should be
929: set to -1."
930: DEFVAL { -1 }
931: ::= { mplsL3VpnVrfRteEntry 13 }
932:
933: mplsL3VpnVrfRteInetCidrMetric3 OBJECT-TYPE
934: SYNTAX Integer32
935: MAX-ACCESS read-create
936: STATUS current
937: DESCRIPTION
938: "An alternate routing metric for this route. The
939: semantics of this metric are determined by the routing-
940: protocol specified in the route's mplsL3VpnVrfRteInetCidrProto
941: value. If this metric is not used, its value should be
942: set to -1."
943: DEFVAL { -1 }
944: ::= { mplsL3VpnVrfRteEntry 14 }
945:
946: mplsL3VpnVrfRteInetCidrMetric4 OBJECT-TYPE
947: SYNTAX Integer32
948: MAX-ACCESS read-create
949: STATUS current
950: DESCRIPTION
951: "An alternate routing metric for this route. The
952: semantics of this metric are determined by the routing-
953:
954:
955: protocol specified in the route's mplsL3VpnVrfRteInetCidrProto
956: value. If this metric is not used, its value should be
957: set to -1."
958: DEFVAL { -1 }
959: ::= { mplsL3VpnVrfRteEntry 15 }
960:
961: mplsL3VpnVrfRteInetCidrMetric5 OBJECT-TYPE
962: SYNTAX Integer32
963: MAX-ACCESS read-create
964: STATUS current
965: DESCRIPTION
966: "An alternate routing metric for this route. The
967: semantics of this metric are determined by the routing-
968: protocol specified in the route's mplsL3VpnVrfRteInetCidrProto
969: value. If this metric is not used, its value should be
970: set to -1."
971: DEFVAL { -1 }
972: ::= { mplsL3VpnVrfRteEntry 16 }
973:
974: mplsL3VpnVrfRteXCPointer OBJECT-TYPE
975: SYNTAX MplsIndexType
976: MAX-ACCESS read-create
977: STATUS current
978: DESCRIPTION
979: "Index into mplsXCTable which identifies which cross-
980: connect entry is associated with this VRF route entry
981: by containing the mplsXCIndex of that cross-connect entry.
982: The string containing the single octet 0x00 indicates that
983: a label stack is not associated with this route entry. This
984: can be the case because the label bindings have not yet
985: been established, or because some change in the agent has
986: removed them.
987:
988: When the label stack associated with this VRF route is created
989: by the agent, it MUST establish the associated cross-connect
990: entry in the mplsXCTable and then set that index to the value
991: of this object. Changes to the cross-connect object in the
992: mplsXCTable MUST automatically be be reflected the value of
993: this object. If this object represents a static routing entry,
994: then the manager must ensure that this entry is also maintained
995: consistently in the corresponding mplsXCTable as well."
996: ::= { mplsL3VpnVrfRteEntry 17 }
997:
998: mplsL3VpnVrfRteInetCidrStatus OBJECT-TYPE
999: SYNTAX RowStatus
1000: MAX-ACCESS read-create
1001: STATUS current
1002: DESCRIPTION
1003: "The row status variable, used according to row
1004: installation and removal conventions.
1005:
1006: A row entry cannot be modified when the status is
1007: marked as active(1)."
1008: ::= { mplsL3VpnVrfRteEntry 18 }
1009:
1010:
1011: -- MPLS L3VPN Notifications
1012:
1013: mplsVrfIfUp NOTIFICATION-TYPE
1014: OBJECTS { mplsL3VpnIfConfRowStatus,
1015: mplsL3VpnVrfOperStatus
1016: }
1017: STATUS current
1018: DESCRIPTION
1019: "This notification is generated when:
1020: a. The ifOperStatus of an interface associated with a VRF
1021: changes to the up(1) state.
1022: b. When an interface with ifOperStatus = up(1) is
1023: associated with a VRF."
1024: ::= { mplsL3VpnNotifications 1 }
1025:
1026: mplsVrfIfDown NOTIFICATION-TYPE
1027: OBJECTS { mplsL3VpnIfConfRowStatus,
1028: mplsL3VpnVrfOperStatus
1029: }
1030: STATUS current
1031: DESCRIPTION
1032: "This notification is generated when:
1033: a. The ifOperStatus of an interface associated with a VRF
1034: changes to the down(1) state.
1035: b. When an interface with ifOperStatus = up(1) state is
1036: disassociated with a VRF."
1037: ::= { mplsL3VpnNotifications 2 }
1038:
1039: mplsNumVrfRouteMidThreshExceeded NOTIFICATION-TYPE
1040: OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes,
1041: mplsL3VpnVrfConfMidRteThres
1042: }
1043: STATUS current
1044: DESCRIPTION
1045: "This notification is generated when the number of routes
1046: contained by the specified VRF exceeds the value indicated by
1047: mplsL3VpnVrfMidRouteThreshold. A single notification MUST be
1048: generated when this threshold is exceeded, and no other
1049: notifications of this type should be issued until the value
1050: of mplsL3VpnVrfPerfCurrNumRoutes has fallen below that of
1051: mplsL3VpnVrfConfMidRteThres."
1052: ::= { mplsL3VpnNotifications 3 }
1053:
1054: mplsNumVrfRouteMaxThreshExceeded NOTIFICATION-TYPE
1055: OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes,
1056: mplsL3VpnVrfConfHighRteThresh
1057: }
1058: STATUS current
1059: DESCRIPTION
1060: "This notification is generated when the number of routes
1061: contained by the specified VRF exceeds or attempts to exceed
1062: the maximum allowed value as indicated by
1063: mplsL3VpnVrfMaxRouteThreshold. In cases where
1064: mplsL3VpnVrfConfHighRteThresh is set to the same value
1065: as mplsL3VpnVrfConfMaxRoutes, mplsL3VpnVrfConfHighRteThresh
1066: need not be exceeded; rather, just reached for this notification
1067: to be issued.
1068: Note that mplsL3VpnVrfConfRteMxThrshTime denotes the interval
1069: at which the this notification will be re-issued after the
1070: maximum value has been exceeded (or reached if
1071: mplsL3VpnVrfConfMaxRoutes and mplsL3VpnVrfConfHighRteThresh are
1072: equal) and the initial notification has been issued. This value
1073: is intended to prevent continuous generation of notifications by
1074: an agent in the event that routes are continually added to a VRF
1075: after it has reached its maximum value. The default value is 0
1076: minutes. If this value is set to 0, the agent should only issue
1077: a single notification at the time that the maximum threshold has
1078: been reached, and should not issue any more notifications until
1079: the value of routes has fallen below the configured threshold
1080: value."
1081: ::= { mplsL3VpnNotifications 4 }
1082:
1083: mplsNumVrfSecIllglLblThrshExcd NOTIFICATION-TYPE
1084: OBJECTS { mplsL3VpnVrfSecIllegalLblVltns }
1085: STATUS current
1086: DESCRIPTION
1087: "This notification is generated when the number of illegal
1088: label violations on a VRF as indicated by
1089: mplsL3VpnVrfSecIllegalLblVltns has exceeded
1090: mplsL3VpnVrfSecIllLblRcvThrsh. The threshold is not
1091: included in the varbind here because the value of
1092: mplsL3VpnVrfSecIllegalLblVltns should be one greater than
1093: the threshold at the time this notification is issued."
1094: ::= { mplsL3VpnNotifications 5 }
1095:
1096: mplsNumVrfRouteMaxThreshCleared NOTIFICATION-TYPE
1097: OBJECTS { mplsL3VpnVrfPerfCurrNumRoutes,
1098: mplsL3VpnVrfConfHighRteThresh
1099: }
1100: STATUS current
1101: DESCRIPTION
1102: "This notification is generated only after the number of routes
1103: contained by the specified VRF exceeds or attempts to exceed
1104: the maximum allowed value as indicated by
1105: mplsVrfMaxRouteThreshold, and then falls below this value. The
1106: emission of this notification informs the operator that the
1107: error condition has been cleared without the operator having to
1108: query the device.
1109:
1110: Note that mplsL3VpnVrfConfRteMxThrshTime denotes the interval at
1111: which the the mplsNumVrfRouteMaxThreshExceeded notification will
1112: be re-issued after the maximum value has been exceeded (or reached
1113: if mplsL3VpnVrfConfMaxRoutes and mplsL3VpnVrfConfHighRteThresh
1114: are equal) and the initial notification has been issued. Therefore,
1115: the generation of this notification should also be emitted with
1116: this same frequency (assuming that the error condition is
1117: cleared). Specifically, if the error condition is reached and
1118: cleared several times during the period of time specified in
1119: mplsL3VpnVrfConfRteMxThrshTime, only a single notification will
1120: be issued to indicate the first instance of the error condition
1121: as well as the first time the error condition is cleared.
1122: This behavior is intended to prevent continuous generation of
1123: notifications by an agent in the event that routes are continually
1124: added and removed to/from a VRF after it has reached its maximum
1125: value. The default value is 0. If this value is set to 0,
1126: the agent should issue a notification whenever the maximum
1127: threshold has been cleared."
1128: ::= { mplsL3VpnNotifications 6 }
1129:
1130: -- Conformance Statement
1131: mplsL3VpnGroups
1132: OBJECT IDENTIFIER ::= { mplsL3VpnConformance 1 }
1133: mplsL3VpnCompliances
1134: OBJECT IDENTIFIER ::= { mplsL3VpnConformance 2 }
1135:
1136: -- Module Compliance
1137: mplsL3VpnModuleCompliance MODULE-COMPLIANCE
1138: STATUS current
1139: DESCRIPTION
1140: "Compliance statement for agents that support the
1141: MPLS VPN MIB."
1142: MODULE -- this module
1143: -- The mandatory groups have to be implemented
1144: -- by all LSRs supporting MPLS L3VPNs. However,
1145: -- they may all be supported
1146: -- as read-only objects in the case where manual
1147: -- configuration is unsupported.
1148: MANDATORY-GROUPS { mplsL3VpnScalarGroup,
1149: mplsL3VpnVrfGroup,
1150: mplsL3VpnIfGroup,
1151: mplsL3VpnPerfGroup,
1152: mplsL3VpnVrfRteGroup,
1153: mplsL3VpnVrfRTGroup,
1154: mplsL3VpnSecGroup,
1155: mplsL3VpnNotificationGroup
1156: }
1157: ::= { mplsL3VpnCompliances 1 }
1158: -- Units of conformance.
1159: mplsL3VpnScalarGroup OBJECT-GROUP
1160: OBJECTS { mplsL3VpnConfiguredVrfs,
1161: mplsL3VpnActiveVrfs,
1162: mplsL3VpnConnectedInterfaces,
1163: mplsL3VpnNotificationEnable,
1164: mplsL3VpnVrfConfMaxPossRts,
1165: mplsL3VpnVrfConfRteMxThrshTime
1166: }
1167: STATUS current
1168: DESCRIPTION
1169: "Collection of scalar objects required for MPLS VPN
1170: management."
1171: ::= { mplsL3VpnGroups 1 }
1172: mplsL3VpnVrfGroup OBJECT-GROUP
1173: OBJECTS { mplsL3VpnVrfVpnId,
1174: mplsL3VpnVrfDescription,
1175: mplsL3VpnVrfRD,
1176: mplsL3VpnVrfCreationTime,
1177: mplsL3VpnVrfOperStatus,
1178: mplsL3VpnVrfActiveInterfaces,
1179: mplsL3VpnVrfAssociatedInterfaces,
1180: mplsL3VpnVrfConfMidRteThres,
1181: mplsL3VpnVrfConfHighRteThresh,
1182: mplsL3VpnVrfConfMaxRoutes,
1183: mplsL3VpnVrfConfLastChanged,
1184: mplsL3VpnVrfConfRowStatus,
1185: mplsL3VpnVrfConfStorageType
1186: }
1187: STATUS current
1188: DESCRIPTION
1189: "Collection of objects needed for MPLS VPN VRF
1190: management."
1191: ::= { mplsL3VpnGroups 2 }
1192: mplsL3VpnIfGroup OBJECT-GROUP
1193: OBJECTS { mplsL3VpnIfVpnClassification,
1194: mplsL3VpnIfVpnRouteDistProtocol,
1195: mplsL3VpnIfConfStorageType,
1196: mplsL3VpnIfConfRowStatus
1197: }
1198: STATUS current
1199: DESCRIPTION
1200: "Collection of objects needed for MPLS VPN interface
1201: management."
1202: ::= { mplsL3VpnGroups 3 }
1203: mplsL3VpnPerfGroup OBJECT-GROUP
1204: OBJECTS { mplsL3VpnVrfPerfRoutesAdded,
1205: mplsL3VpnVrfPerfRoutesDeleted,
1206: mplsL3VpnVrfPerfCurrNumRoutes
1207: }
1208: STATUS current
1209: DESCRIPTION
1210: "Collection of objects needed for MPLS VPN
1211: performance information."
1212: ::= { mplsL3VpnGroups 4 }
1213:
1214: mplsL3VpnSecGroup OBJECT-GROUP
1215: OBJECTS { mplsL3VpnVrfSecIllegalLblVltns,
1216: mplsL3VpnVrfSecIllLblRcvThrsh }
1217: STATUS current
1218: DESCRIPTION
1219: "Collection of objects needed for MPLS VPN
1220: security-related information."
1221: ::= { mplsL3VpnGroups 6 }
1222:
1223: mplsL3VpnVrfRteGroup OBJECT-GROUP
1224: OBJECTS {
1225: mplsL3VpnVrfRteInetCidrIfIndex,
1226: mplsL3VpnVrfRteInetCidrType,
1227: mplsL3VpnVrfRteInetCidrProto,
1228: mplsL3VpnVrfRteInetCidrAge,
1229: mplsL3VpnVrfRteInetCidrNextHopAS,
1230: mplsL3VpnVrfRteInetCidrMetric1,
1231: mplsL3VpnVrfRteInetCidrMetric2,
1232: mplsL3VpnVrfRteInetCidrMetric3,
1233: mplsL3VpnVrfRteInetCidrMetric4,
1234: mplsL3VpnVrfRteInetCidrMetric5,
1235: mplsL3VpnVrfRteXCPointer,
1236: mplsL3VpnVrfRteInetCidrStatus
1237: }
1238: STATUS current
1239: DESCRIPTION
1240: "Objects required for VRF route table management."
1241: ::= { mplsL3VpnGroups 7 }
1242:
1243: mplsL3VpnVrfRTGroup OBJECT-GROUP
1244: OBJECTS { mplsL3VpnVrfRTDescr,
1245: mplsL3VpnVrfRT,
1246: mplsL3VpnVrfRTRowStatus
1247: }
1248: STATUS current
1249: DESCRIPTION
1250: "Objects required for VRF route target management."
1251: ::= { mplsL3VpnGroups 8 }
1252:
1253: mplsL3VpnNotificationGroup NOTIFICATION-GROUP
1254: NOTIFICATIONS { mplsVrfIfUp,
1255: mplsVrfIfDown,
1256: mplsNumVrfRouteMidThreshExceeded,
1257: mplsNumVrfRouteMaxThreshExceeded,
1258: mplsNumVrfSecIllglLblThrshExcd,
1259: mplsNumVrfRouteMaxThreshCleared
1260: }
1261: STATUS current
1262: DESCRIPTION
1263: "Objects required for MPLS VPN notifications."
1264: ::= { mplsL3VpnGroups 9 }
1265: -- End of MPLS-VPN-MIB
1266: END
1266: warning -
warning: module name `MPLS-L3VPN-MIB-DRAFT-02' should match `*-MIB'
1267:
1268: --
1269: -- Copyright (C) The Internet Society (2004). All Rights Reserved.
1270: --
1271: -- This document and translations of it may be copied and furnished
1272: -- to others, and derivative works that comment on or otherwise
1273: -- explain it or assist in its implementation may be prepared,
1274: -- copied, published and distributed, in whole or in part, without
1275: -- restriction of any kind, provided that the above copyright notice
1276: -- and this paragraph are included on all such copies and derivative
1277: -- works. However, this document itself may not be modified in any
1278: -- way, such as by removing the copyright notice or references to the
1279: -- Internet Society or other Internet organizations, except as needed
1280: -- for the purpose of developing Internet standards in which case
1281: -- the procedures for copyrights defined in the Internet Standards
1282: -- process must be followed, or as required to translate it into
1283: -- languages other than English.
1284: --
1285: -- The limited permissions granted above are perpetual and will not
1286: -- be revoked by the Internet Society or its successors or assigns.
1287: -- This document and the information contained herein is provided on
1288: -- an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
1289: -- ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
1290: -- IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
1291: -- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
1292: -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
1293: --
1294: --
1295: -- 16.0 Security Considerations
1296: --
1297: -- It is clear that these MIB modules are potentially useful for
1298: -- monitoring of MPLS LSRs supporting L3 MPLS VPN. This
1299: -- MIB module can also be used for configuration of certain objects,
1300: -- and anything that can be configured can be incorrectly configured,
1301: -- with potentially disastrous results.
1302: --
1303: -- There are a number of management objects defined in this MIB module
1304: -- with a MAX-ACCESS clause of read-write and/or read-create. Such
1305: -- objects may be considered sensitive or vulnerable in some network
1306: -- environments. The support for SET operations in a non-secure
1307: -- environment without proper protection can have a negative effect on
1308: -- network operations. These are the tables and objects and their
1309: -- sensitivity/vulnerability:
1310: --
1311: -- o the mplsL3VpnVrfRouteTable, mplsL3VpnIfConfTable and
1312: -- mplsL3VpnVrfTable tables collectively
1313: -- contain objects which may be used to provision MPLS VRF
1314: -- interfaces and configuration. Unauthorized access to objects
1315: -- in these tables, could result in disruption of traffic on the
1316: -- network. This is especially true if these VRFs have been
1317: -- previously provisioned and are in use. The use of stronger
1318: -- mechanisms such as SNMPv3 security should be considered where
1319: -- possible. Specifically,
1320: -- SNMPv3 VACM and USM MUST be used with any v3 agent which
1321: -- implements this MIB module. Administrators should consider
1322: -- whether read access to these objects should be allowed,
1323: -- since read access may be undesirable under certain
1324: -- circumstances.
1325: --
1326: -- Some of the readable objects in this MIB module (i.e., objects with a
1327: -- MAX-ACCESS other than not-accessible) may be considered sensitive or
1328: -- vulnerable in some network environments. It is thus important to
1329: -- control even GET and/or NOTIFY access to these objects and possibly
1330: -- to even encrypt the values of these objects when sending them over
1331: -- the network via SNMP. These are the tables and objects and their
1332: -- sensitivity/vulnerability:
1333: --
1334: -- o the mplsL3VpnVrfTable, mplsL3VpnIfConfTable tables
1335: -- collectively show the VRF interfaces and
1336: -- associated VRF configurations as well as their linkages to other
1337: -- MPLS-related configuration and/or performanc statistics.
1338: -- Administrators not wishing to reveal this information should
1339: -- consider these objects sensitive/vulnerable and take
1340: -- precautions so they are not revealed.
1341: --
1342: -- SNMP versions prior to SNMPv3 did not include adequate security.
1343: -- Even if the network itself is secure (for example by using IPSec),
1344: -- even then, there is no control as to who on the secure network is
1345: -- allowed to access and GET/SET (read/change/create/delete) the objects
1346: -- in this MIB module.
1347: --
1348: -- It is RECOMMENDED that implementers consider the security features as
1349: -- provided by the SNMPv3 framework (see [RFC3410], section 8),
1350: -- including full support for the SNMPv3 cryptographic mechanisms (for
1351: -- authentication and privacy).
1352: --
1353: -- Further, deployment of SNMP versions prior to SNMPv3 is NOT
1354: -- RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
1355: -- enable cryptographic security. It is then a customer/operator
1356: -- responsibility to ensure that the SNMP entity giving access to an
1357: -- instance of this MIB module, is properly configured to give access
1358: -- to the objects only to those principals (users) that have legitimate
1359: -- rights to indeed GET or SET (change/create/delete) them.
1360: --
1361: