One document matched: draft-ietf-dime-diameter-base-protocol-mib-04.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- edited with XMLSPY v2004 rel. 3 U (http://www.xmlspy.com) by Glen Zorn (Cisco Systems) -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc3410 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3410.xml'>
<!ENTITY rfc2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc2578 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2578.xml'>
<!ENTITY rfc2579 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2579.xml'>
<!ENTITY rfc2580 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2580.xml'>
<!ENTITY rfc3414 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3414.xml'>
<!ENTITY rfc3415 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3415.xml'>
<!ENTITY rfc3588 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3588.xml'>
<!ENTITY rfc4001 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4001.xml'>
<!ENTITY rfc3411 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3411.xml'>
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="compact" ?>
<rfc category="std" ipr="pre5378Trust200902" docName="draft-ietf-dime-diameter-base-protocol-mib-04.txt">
<front>
<title>Diameter Base Protocol MIB</title>
<author fullname="Glen Zorn" initials="G.W." surname="Zorn">
<organization>Network Zen</organization>
<address>
<postal>
<street>1463 East Republican Street, #358</street>
<city>Seattle</city>
<region>WA</region>
<code>98112</code>
<country>USA</country>
</postal>
<email>gwz@net-zen.net</email>
</address>
</author>
<author initials="S." surname="Comerica" fullname="Subash Comerica">
<organization>Cisco Systems</organization>
<address>
<postal>
<street>Global Development Centre, Prestige Waterford</street>
<street>No. 9 Brunton Road</street>
<street>BGL3/MZ/</street>
<city>Bangalore</city>
<region>Karnataka</region>
<code>560025</code>
<country>India</country>
</postal>
<phone>+91 80 4103 6427</phone>
<email>subashtc@cisco.com</email>
</address>
</author>
<date year="2010"/>
<keyword>AAA</keyword>
<keyword>Diameter</keyword>
<keyword>SNMP</keyword>
<keyword>MIB</keyword>
<abstract>
<t>
Along with providing support for certain basic authentication, authorization and accounting functions,
the Diameter protocol is designed to provide a framework for AAA applications.
<vspace blankLines="1"/>
This document defines the Management Information Base (MIB) module which
describes the minimum set of objects needed to manage an
implementation of the Diameter protocol.
</t>
</abstract>
</front>
<!-- -->
<middle>
<section title="The Internet-Standard Management Framework">
<t>
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 <xref target="RFC3410"/>.
<vspace blankLines="1"/>
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58
(<xref target="RFC2578"/>, <xref target="RFC2579"/>, <xref target="RFC2580"/>).
In particular, it describes managed objects used for managing the
base Diameter protocol <xref target="RFC3588"/>.
</t>
</section>
<section title="Requirements Language">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 <xref target="RFC2119"/>.
</t>
</section>
<section title="Overview">
<t>
This MIB defines objects supporting the management of the Diameter base
protocol as defined in RFC 3588 <xref target="RFC3588"/>.
Objects related to Diameter applications are defined in separate documents.
</t>
</section>
<section title="Diameter Base Protocol MIB Definitions">
<?rfc include="base-mib-artwork-04"?>
</section>
<section title="IANA Considerations">
<t>
The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
<figure suppress-title="true" align="center"><artwork>
Descriptor OBJECT IDENTIFIER value
----------------------- -----------------------
diameterBaseProtocolMIB { mib-2 XXX }
</artwork></figure>
<list style="hanging">
<t hangText="Editor's Note (to be removed prior to publication)">
The IANA is requested to assign a value for "XXX" under the 'mib-2' subtree
and to record the assignment in the SMI Numbers registry.
When the assignment has been made, the RFC Editor is asked to replace
"XXX" (here and in the MIB module) with the assigned value and to
remove this note.
</t>
</list>
</t>
</section>
<section title="Security Considerations">
<t>
There are managed objects defined in this MIB that have a MAX-ACCESS
clause of read-write and/or read-create. Such objects may be considered
sensitive or vulnerable in some network environments. The support for SET
operations in a non-secure environment without proper protection can have
a negative effect on network operations.
<vspace blankLines="1"/>
There are several of managed objects in this MIB that may contain
sensitive information. These are:
<list style="symbols">
<t>diameterHostAddress</t>
<t>diameterPeerServerAddress</t>
<t>diameterPeerIpAddress</t>
</list>
These can be used to determine the address of the Diameter
host, and/or peers with which the host is communicating.
This information could be useful in impersonating the
host or peer.
<vspace blankLines="1"/>
It is important to control GET access to these objects and
possibly to even encrypt the values of these object when sending them
over the network via SNMP. Not all versions of SNMP provide features
for such a secure environment.
<vspace blankLines="1"/>
SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPSec), there is no control as
to who on the secure network is allowed to access and GET (read) the
objects in this MIB.
<vspace blankLines="1"/>
It is recommended that the implementers consider the security
features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model <xref target="RFC3414"/>
and the View-based Access Control Model <xref target="RFC3415"/>
is recommended.
<vspace blankLines="1"/>
It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those principals
(users) that have legitimate rights to indeed GET or SET
(change/create/delete) them.
</t>
</section>
<section title="Contributors">
<t>
This document is based upon and derived from work done by Jay Koehler, Mark Eklund and Hai Li.
</t>
</section>
<section title="Acknowledgements">
<t>
Thanks to David Battle for his participation and suggestions in designing the table structures;
Kevin Lingle, Sumanth Mithra, Tolga Asveren, Tina Tsou, Mark Jones, John Loughney and Biswaranjan Panda
for reviewing the MIB and making invaluable suggestions; and Greg Weber
for his help in representing the MIB at IETF meetings.
</t>
</section>
</middle>
<back>
<references title="Normative References">
&rfc2578;
&rfc2579;
&rfc2580;
&rfc3588;
&rfc2119;
&rfc4001;
&rfc3411;
</references>
<references title="Informative References">
&rfc3410;
&rfc3414;
&rfc3415;
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 18:34:54 |