Re: [netlmm] AD review of draft-ietf-netlmm-pmipv6-mib

["Glenn M. Keeni" <glenn@cysols.com>]

Jari,
    Thanks for the review. The new draft with the fixes is underway.
A few clarifications before that-
> - at times the document was unclear about where a particular piece 
>of MIB information is held (at the MAG vs. LMA)
In the MIB design section there is text like
<Quote>
The PMIPV6-MIB is composed of the following groups of
definitions:
    - pmip6Core: a generic group containing objects that are
      common to all the Proxy Mobile IPv6 entities.
    - pmip6Mag: this group models the mobile access gateway
      service.
    - pmip6Lma: this group models the local mobility anchor
      service.
</Quote>
That would imply that the all tables with prefix pmip6Mag
(e.g. pmip6MagProxyCOATable) model a MAG service and as such
would be held in the MAG.
Is it necessary to explicitly specify the above?
> - in several places the document needs to be more explicit
> - some IP address issues
The way network addresses are defined in MIBs ( after IPv6
came into being) is that they will always be in pairs - a
type object [XXXX-AddressType] followed by the address object
[XXXX-Address]. In the case of this MIB the type will always
be IPV6.  This is stated in the Compliance section
e.g.
<QUOTE>
      pmip6CoreCompliance MODULE-COMPLIANCE
           STATUS  current
           DESCRIPTION
               "The compliance statement for SNMP entities
                which implement the PMIPV6-MIB.
                There are a number of INDEX objects that cannot be
                represented in the form of OBJECT clauses in
                SMIv2, but for which there are compliance
                requirements, expressed in OBJECT clause form in
                this
                description:
                -- OBJECT      pmip6BindingHomeAddressType
                -- SYNTAX      InetAddressType { ipv6(2) }
                -- DESCRIPTION
                --   This MIB module requires support for global
                --   ipv6 addresses for the pmip6BindingHomeAddress
                --   object.
                --
</QUOTE>
> - not sure I understood the OID limit issue
OK. Let me try.  The InetAddress allows strings of
length 0-255 octets. The maximum length of an index is 128 octets.
So, inappropriate use InetAddress types in the index would lead to
problems. Thus the warning is added to the description clauses. But,
if the address type is IPv6 then we have only 16 octets, and it will
not really be a problem.
Does that make sense?

>>    Pmip6MNIdentifier  ::=  TEXTUAL-CONVENTION
>>        STATUS  current
>>        DESCRIPTION
>>            "The identity of a mobile node in the Proxy Mobile IPv6
>>             domain. This is the stable identifier of a mobile node
>>             that the mobility entities in a Proxy Mobile IPv6 domain
>>             can always acquire and use it for predictably identifying
>>             a mobile node. This is typically an identifier such as
>>             Network Access Identifier (NAI) [RFC4282 <http://tools.ietf.org/html/rfc4282>] or other
>>             identifier such as a Media Access Control (MAC) address.
>>            "
>>        REFERENCE
>>            "RFC 5213 <http://tools.ietf.org/html/rfc5213>: Section 2.2 <http://tools.ietf.org/html/draft-ietf-netlmm-pmipv6-mib-02#section-2.2>"
>>        SYNTAX  OCTET STRING (SIZE (0..255))
>>
>>   
> This description should be more accurate about the encoding of the identifier. 
> Do you mean that its the same encoding as in RFC 4283? Are there other 
> alternatives than NAIs? Please be more precise. Section 2.2 is not a very good 
> reference in this sense, because it too lacks specificity.
I am lost here. I have followed the definition of the "Mobile Node
Identifier (MN-Identifier)" from RFC5213 section 2.2. ditto. Please
give me a pointer here.
> 
>>    Pmip6MNLlIdentifier ::=  TEXTUAL-CONVENTION
>>        STATUS  current
>>        DESCRIPTION
>>            "An identifier that identifies the attached interface of a
>>             mobile node.  For those interfaces that have a link-layer
>>             identifier, this identifier can be based on that.  The
>>             link-layer identifier in some cases is generated by the
>>             mobile node and conveyed to the mobile access gateway.  This
>>             identifier of the attached interface must be stable as seen
>>             by any of the mobile access gateways in a given Proxy Mobile
>>             IPv6 domain.  In some other cases, there might not be any
>>             link-layer identifier associated with the mobile node's
>>             interface. An identifier value of ALL_ZERO is not considered
>>             a valid identifier and cannot be used as an interface
>>             identifier.
>>            "
>>        REFERENCE
>>            "RFC 5213 <http://tools.ietf.org/html/rfc5213>: Section 2.2 <http://tools.ietf.org/html/draft-ietf-netlmm-pmipv6-mib-02#section-2.2>"
>>        SYNTAX  OCTET STRING (SIZE (0..255))
>>   
> As above, what is the encoding? Should the reference be Section 8.6 instead?
Same as above. I have followed the definition of  "Mobile Node
Link-layer Identifier (MN-LL-Identifier)" from RFC5213 section 2.2.
ditto. Please give me a pointer here.
> 
>>    Pmip6MNIndex ::= TEXTUAL-CONVENTION
>>        DISPLAY-HINT "d"
>>        STATUS       current
>>        DESCRIPTION
>>            "A unique integer value, greater than zero, assigned to each
>>             mobile node in a PMIPv6-Domain by the management system.
>>             It is recommended that values are assigned contiguously
>>             starting from 1.  The value for each mobile node must remain
>>             constant at least from one re-initialization of the entity's
>>             network management system to the next re-initialization.
>>            "
>>        SYNTAX       Integer32 (1..2147483647)
>> 
> Due to roaming, there is an infinite number of potential visited mobile nodes. 
> Are these indexes for the *current* mobile nodes, i.e., those currently attached 
> to the domain? Or something else? Please specify.
Yes. It will be current mobile nodes. The description will be fixed.
> 
>>    Pmip6PBUAccessTechnologyType ::=  TEXTUAL-CONVENTION
>>        STATUS  current
>>        DESCRIPTION
>>            "This specifies the access technology which connects the
>>             mobile node to the access link on the mobile access gateway.
>>            "
>>        REFERENCE
>>            "RFC 5213 <http://tools.ietf.org/html/rfc5213>: Section 8.5 <http://tools.ietf.org/html/draft-ietf-netlmm-pmipv6-mib-02#section-8.5>"
>>        SYNTAX INTEGER
>>        {
>>                  reserved               (0),
>>                  logicalNetworkInterface(1),
>>                  pointToPointInterface  (2),
>>                  ethernet               (3),
>>                  wirelessLan            (4),
>>                  wimax                  (5)
>>        }
>>   
> 
> Perhaps you should explicitly state that the namespace from RFC 5213 should be used: 
> http://www.iana.org/assignments/mobility-parameters/mobility-parameters.txt 
> note the 3GPP etc items that do not appear in your list above...
We will add
     6    3GPP GERAN        (6)
     7    3GPP UTRAN        (7)
     8    3GPP E-UTRAN      (8)
     9    3GPP2 eHRPD       (9)
     10   3GPP2 HRPD        (10)
     11   3GPP2 1xRTT       (11)
     12   3GPP2 UMB         (12)
to the list. And provide reference to
http://www.iana.org/assignments/mobility-parameters/mobility-parameters.txt

>>        pmip6MagProxyCOAState  OBJECT-TYPE
>>            SYNTAX      INTEGER {
>>                                   unknown(1),
>>                                   activated(2),
>>                                   tunneled(3)
>>                           }
>>            MAX-ACCESS  read-only
>>            STATUS      current
>>            DESCRIPTION
>>                "This object indicates the state of the Proxy-CoA:
>>                    unknown     -- The state of the Proxy-CoA
>>                                   cannot be determined.
>>                    activated   -- The Proxy-CoA is ready to establish
>>                                   tunnel
>>                    tunneled    -- The Proxy-CoA is used to set up the
>>                                   bi-directional tunnel.
>>                "
>>            ::= { pmip6MagProxyCOAEntry 3 }
>>   
> 
> Do we use activated or tunneled, if the system is otherwise up but the MAG has 
> no mobile nodes, and has not had to send a Proxy Binding Update yet?
Will be "activated". We will add some text to the Description.
> 
>>        pmip6MagHomeNetworkPrefixTable   OBJECT-TYPE
>>             SYNTAX      SEQUENCE OF PMip6MagHomeNetworkPrefixEntry
>>             MAX-ACCESS  not-accessible
>>             STATUS      current
>>             DESCRIPTION
>>                 "A table representing the Home Network Prefixes
>>                  assigned to the mobile node's connected interfaces.
>>                  This table shows the prefixes registered in the
>>                  binding update list entry.
>>                 "
>>             REFERENCE
>>                 "RFC 5213 <http://tools.ietf.org/html/rfc5213>: Section 2 <http://tools.ietf.org/html/draft-ietf-netlmm-pmipv6-mib-02#section-2>, 6.1, 6.2"
>>             ::= { pmip6MagConf 2 }
>>   
> 
> The description has been written as if there was just one mobile node and one 
> BUL entry. Please update the specification, I presume that you meant that this 
> table contains ALL prefixes of ALL mobile nodes for which there exists ANY BUL 
> in this MAG?
It is typo. Will fix it: mobile node's => mobile nodes'
> 
>>        pmip6MagHomeNetworkPrefixEntry OBJECT-TYPE
>>             SYNTAX      PMip6MagHomeNetworkPrefixEntry
>>             MAX-ACCESS  not-accessible
>>             STATUS      current
>>             DESCRIPTION
>>                 "An entry in the Home Network Prefixes table.
>>
>>                  Implementers need to be aware that if the total
>>                  number of octets in pmip6MagHomeNetworkPrefix
>>                  exceeds 114 then OIDs of column
>>                  instances in this row will have more than 128
>>                  sub-identifiers and cannot be accessed using
>>                  SNMPv1, SNMPv2c, or SNMPv3.
>>   
> 
> I do not understand this. The pmip6MagHomeNetworkPrefix is of type InetAddress, 
> so in this case its length would always be 16, no?
As explained above, InetAddress can be potentially 255 octets long-
thus the convention for MIBs using this object is to include the
warning. The Compliance says that support for IPv6 addresses is
required. In that case there will be no problems.
>>        pmip6MagHomeNetworkPrefixLifeTime   OBJECT-TYPE
>>             SYNTAX      Gauge32
>>             UNITS       "seconds"
>>             MAX-ACCESS  read-only
>>             STATUS      current
>>             DESCRIPTION
>>                 "The lifetime (in seconds) granted to the mobile
>>                  node for this registration.
>>                 "
>>             REFERENCE
>>                 "RFC 5213 <http://tools.ietf.org/html/rfc5213>: Section 6.2 <http://tools.ietf.org/html/draft-ietf-netlmm-pmipv6-mib-02#section-6.2>, 6.7"
>>             ::= { pmip6MagHomeNetworkPrefixEntry 4 }
>>
>>
>>   
> The lifetime in the PBA? The lifetime in the last RA sent out to the mobile 
> node? The remaining lifetime? Please specify...
> 
The Description will be fixed.

>>        pmip6MagBLTable OBJECT-TYPE
>>            SYNTAX      SEQUENCE OF Pmip6MagBLEntry
>>            MAX-ACCESS  not-accessible
>>            STATUS      current
>>            DESCRIPTION
>>                "This table corresponds to the Binding Update List(BL)
>>   
> Is there a particular reason to drop the U from the abbreviation?
Not really. The same convention as in MIPv6 MIB is followed.
> 
>>         pmip6MagBLTimeRecentlyAccepted OBJECT-TYPE
>>            SYNTAX      DateAndTime
>>            MAX-ACCESS  read-only
>>            STATUS      current
>>            DESCRIPTION
>>                "The 64-bit timestamp value of the most recently
>>                 accepted Proxy Binding Update message sent for this
>>                 mobile node.  This is the time-of-day on the mobile
>>                 access gateway, when the proxy binding acknowledgement
>>                 message with the Status field set to 0
>>                 was received.  If the Timestamp option is not present
>>                 in the Proxy Binding Update message (i.e., when the
>>                 sequence number based scheme is in use), the value MUST
>>                 be set to ALL_ZERO.
>>                "
>>            REFERENCE
>>                "RFC 5213 <http://tools.ietf.org/html/rfc5213>: Section 5.1 <http://tools.ietf.org/html/draft-ietf-netlmm-pmipv6-mib-02#section-5.1>, 8.1"
>>            ::= { pmip6MagBLEntry 9 }
>>   
> 
> I'm curious why the last timestamp is in this table, but the last sequence 
> number is not. Sequence numbers and timestamps are equal alternatives in RFC 5213.
The idea was that the Timestamp may be of interest (it is more than
 just a number - tells us when the sessions was started etc.). The
sequence number is of much less interest.
Do we want to have the Sequence number ?
> 
> (Same issue in pmip6Binding table)
> 
>>        pmip6BindingPBUFlag OBJECT-TYPE
>>            SYNTAX      TruthValue
>>            MAX-ACCESS  read-only
>>            STATUS      current
>>            DESCRIPTION
>>                "true(1) if the local mobility anchor accepted the
>>                 binding update with Proxy Registration Flag from a
>>                 mobile access gateway.
>>                 false(0) implies that the binding cache is from a
>>                 mobile node.
>>                "
>>            REFERENCE
>>                "RFC 5213 <http://tools.ietf.org/html/rfc5213>: Section 5.1 <http://tools.ietf.org/html/draft-ietf-netlmm-pmipv6-mib-02#section-5.1>, 8.1"
>>            ::= { pmip6BindingCacheEntry 1 }
>>   
> 
> Please specify what is expected to happen for Flag=0 entries otherwise. Do they 
> even show up in this table, and if they do, how do the values in the entries get 
> filled? Or would a client Mobile IP host simply lead to the creation of another 
> entry in a Mobile IPv6 MIB table, not here?
This table AUGMENTS the "Mobile IPv6 MIB" table. So effectively all
Binding cache entries will be there. But, the augmented part will have
information only for FLAG=1 entries. In that sense a Flag=0 will not
appear in this part of the table.

> 
>>    sensitivity/vulnerability:
>>       nemoStatus: The value of this object is used to enable or disable
>>          the PMIPv6 functionality on a PMIPv6 entity. Access to this MO
>>          may be abused to disrupt the communication that depends on
>>   
> 
> This is the first time that nemoStatus appears in the document.
Typo - fixed.
> 
> When using http://www.ibr.cs.tu-bs.de/bin/smitools.cgi I got these errors:
> 
>> mibs/PMIPV6-MIB:88: [2] {bad-identifier-case} `YYY' should start with a lower case letter
>> mibs/PMIPV6-MIB:88: [2] {object-identifier-not-prefix} Object identifier element `YYY' name only allowed as first element
>> mibs/PMIPV6-MIB:407: [5] {index-exceeds-too-large} warning: index of row `pmip6MagProxyCOAEntry' can exceed OID size limit by 136 subidentifier(s)
>> mibs/PMIPV6-MIB:537: [5] {index-exceeds-too-large} warning: index of row `pmip6MagHomeNetworkPrefixEntry' can exceed OID size limit by 648 subidentifier(s)
>> mibs/PMIPV6-MIB:1462: [5] {index-exceeds-too-large} warning: index of row `pmip6LmaLMAAEntry' can exceed OID size limit by 136 subidentifier(s)
>> mibs/PMIPV6-MIB:1640: [5] {index-exceeds-too-large} warning: index of row `pmip6LmaHomeNetworkPrefixEntry' can exceed OID size limit by 648 subidentifier(s)
>> mibs/PMIPV6-MIB:145: [5] {type-without-format} warning: type `Pmip6MNIdentifier' has no format specification
>> mibs/PMIPV6-MIB:160: [5] {type-without-format} warning: type `Pmip6MNLlIdentifier' has no format specification
>>   
> 
> At least some of these seem real problems. Please fix.
The new compiler now flags a warning if the DISPLAY-HINT
for the TEXTUAL CONVENTIONS are not given. This will be fixed.

Thanks.

Glenn