802.12 Rptr MIB Draft-- issues
John Flick <johnf@hprnljf.rose.hp.com> Fri, 14 February 1997 01:25 UTC
Received: from cnri by ietf.org id aa19663; 13 Feb 97 20:25 EST
Received: from palrel1.hp.com by CNRI.Reston.VA.US id aa16390; 13 Feb 97 20:25 EST
Received: from hprnd.rose.hp.com (daemon@hprnd.rose.hp.com [15.29.43.139]) by palrel1.hp.com with ESMTP (8.7.5/8.7.3) id RAA22105; Thu, 13 Feb 1997 17:06:06 -0800 (PST)
Received: from hprnljf.rose.hp.com by hprnd.rose.hp.com with ESMTP (1.37.109.18/15.5+ECS 3.3) id AA190282352; Thu, 13 Feb 1997 17:05:52 -0800
Received: from localhost (johnf@localhost [127.0.0.1]) by hprnljf.rose.hp.com with SMTP (8.7.5/8.7.3) id RAA10867 for <vgmib@hprnd.rose.hp.com>; Thu, 13 Feb 1997 17:05:50 -0800 (PST)
Message-Id: <199702140105.RAA10867@hprnljf.rose.hp.com>
X-Authentication-Warning: hprnljf.rose.hp.com: Host johnf@localhost [127.0.0.1] didn't use HELO protocol
To: vgmib@hprnd.rose.hp.com
Subject: 802.12 Rptr MIB Draft-- issues
Date: Thu, 13 Feb 1997 17:05:50 -0800
From: John Flick <johnf@hprnljf.rose.hp.com>
Hi, Since we still have not heard back from the area directorate on the review of <draft-ietf-vgmib-repeater-dev-02.txt>, and that draft has now expired, I have gone ahead and started updating the draft to respond to Karen's comments on December 6. We can't exactly argue that rolling the draft will slow down the directorate's review if the directorate isn't reviewing. Here is a summary of the changes I have made. Please review this and get back to me with any issues ASAP. I would like to submit this on Monday, February 17. Also, I want to be very clear that I want this to be the FINAL DRAFT. PLEASE review it now, or forever hold your peace. John =================================================================== >A> > In Section 3.2 Master Mode and Slave Mode, I suggest that both >occurrences of the phrase "switch ports" be modified to "switch or other >device ports." Done. >B> > In the Allowed Configuration Field descriptive portion of Section 3. >3 IEEE 802.12 Training Frames, I suggest two changes. > > First, in the description of when the C-bit is set to 1, I propose >that the phrasing be changed to > "The requested configuration is not compatible with the network > and/or the attached port." > ^^^^^^^^^^^^^^^^^^^^^^^^ Done. > Second, in the final paragraph I propose changing the word 'received' >in the phrase "24 consecutive training frames be received" to 'exchanged'. >The latter term applies equally to both sides of the training link, and the >former implies a single side of the link but does not define which one is >referred to. Done. >C> > In Section 3.5.2 Relationship to the 802.3 Repeater MIB, should the >second paragraph's reference to "an existing standards-track MIB module" be >updated to "an existing standard MIB module"? No change. The term "standards-track" is correct. >D> > In Section 3.6 Mapping of IEEE 802.12 Management Objects, the Port >subsection .aMediaType is denoted as not yet mapped. Do we now have a >mapping for this? Can we use the IEEE 802.12 Interfaces MIB media types? No change. >E> > In the Section 4 definition of vgRptrGroupCablesBundled, incorrectly >states that frames are NEVER buffered for Promiscuous or Cascaded ports, >even when the attribute is set to someCablesBundled. > > The 802.12 standard requires that GROUP-ADDRESSED frames be buffered >for ALL links when someCablesBundled is true, and that NO frames be buffered >for any links when the attribute is set to noCablesBundled. The vgRptrGroupCablesBundled DESCRIPTION has been rewritten as follows: "This object is used to indicate whether there are any four-pair UTP links connected to this group that are contained in a cable bundle with multiple four-pair groups (e.g. a 25-pair bundle). Bundled cable may only be used for repeater-to-end node links where the end node is not in promiscuous mode. When a broadcast or multicast packet is received from a port on this group that is not a promiscuous or cascaded port, the packet will be buffered completely before being repeated if this object is set to 'someCablesBundled(1)'. When this object is equal to 'noCablesBundled(2)', all packets received from ports on this group will be repeated as the frame is being received. Note that the value 'someCablesBundled(1)' will work in the vast majority of all installations, regardless of whether or not any cables are physically in a bundle, since packets received from promiscuous and cascaded ports automatically avoid the store and forward. The main situation in which 'noCablesBundled(2)' is beneficial is when there is a large amount of multicast traffic and the cables are not in a bundle. The value of this object should be preserved across repeater resets and power failures." >F> > The Section 4 counter definitions of > vgRptrPortL32ReadableOctets > vgRptrPortL32UnreadableOctets > vgRptrPortL32HighPriorityOctets > vgRptrPortL32NormalPriorityOctets > > state "Note that this counter will roll over very quickly." >I believe this phrasing should say 'can' rather than 'will.' Done. >G> > In the Section 4 definition of vgRptrPortMulticastFrames, I believe >the word 'the' is missing from the fourth sentence. "Note that when value >of" is probably meant to be "Note that when THE value of". Done. >H> > > In the Section 4 definition of vgRptrRptrDetectedDupAddress, the >description of how this object applies to the cascade port should note that >this bit may also be set if vgRptrMgrDetectedDupAddress was set to True on >the other (master) end of the training link. The vgRptrGroupCablesBundled DESCRIPTION now reads: "This object is used to indicate that the repeater detected an error-free training frame on this port with a non-null source MAC address which matches the value of vgRptrAddrLastTrainedAddress of another active port in the same repeater. This is reset to 'false' when an error-free training frame is received with a non-null source MAC address which does not match vgRptrAddrLastTrainedAddress of another port which is active in the same repeater. For the cascade port, this object will be 'true' if the 'D' bit in the most recently received error-free training response frame was set, indicating the device at the other end of the link believes that this repeater's cascade port is using a duplicate address. This may be because the device at the other end of the link detected a duplicate address itself, or, if the other device is also a repeater, it could be because vgRptrDetectedDupAddress was set to 'true' on the port that this repeater's cascade port is connected to." > As a side note, I might recommend changing the object's name just >because it presently looks like a stutter. Could we deviate enough from the >IEEE naming to call it something like, "vgRptrHardwareDetectedDupAddress" or >"vgRptrLinkDetectedDupAddress"? No change. In addition to Karen's comments, the following updates were made: 1. Updated MODULE IDENTITY: vgRptrMIB MODULE-IDENTITY LAST-UPDATED "9702132246Z" -- February 13, 1997 ORGANIZATION "IETF 100VG-AnyLAN Working Group" CONTACT-INFO "WG E-mail: vgmib@hprnd.rose.hp.com Chair: Jeffrey Johnson Postal: cisco Systems, Inc. 170 W.Tasman Drive San Jose, CA 94015 Tel: +1 408 526 7789 E-mail: jjohnson@cisco.com Editor: John Flick Postal: Hewlett Packard Company 8000 Foothills Blvd. M/S 5556 Roseville, CA 95747-5556 Tel: +1 916 785 4018 Fax: +1 916 785 3583 E-mail: johnf@hprnd.rose.hp.com" DESCRIPTION "This MIB module describes objects for managing IEEE 802.12 repeaters." ::= { experimental 64 } -- NOTE TO RFC EDITOR: When this document is published as -- an RFC, change '{ experimental 64 }' to '{ mib-2 XX }', -- where XX is assigned by IANA, and delete this comment. 2. Added NOTIFICATION-GROUP: vgRptrNotificationsGroup NOTIFICATION-GROUP NOTIFICATIONS { vgRptrHealth, vgRptrResetEvent } STATUS current DESCRIPTION "A collection of notifications used to indicate 802.12 repeater general status changes." ::= { vgRptrGroups 4 } 3. Updated MODULE-COMPLIANCE: vgRptrCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for managed 802.12 repeaters." MODULE -- this module MANDATORY-GROUPS { vgRptrConfigGroup, vgRptrNotificationsGroup } GROUP vgRptrStatsGroup DESCRIPTION "Implementation of this optional group is recommended for systems which have the instrumentation to do performance monitoring." GROUP vgRptrAddrGroup DESCRIPTION "Implementation of this optional group is recommended for all systems which have the necessary instrumentation to track the last trained MAC address attached to a repeater port." MODULE SNMP-REPEATER-MIB GROUP snmpRptrGrpRptrAddrSearch DESCRIPTION "Implementation of this group is recommended for systems which have the necessary instrumentation to search all incoming data streams for a particular source MAC address." ::= { vgRptrCompliances 1 } END 4. Updated references for 802.3 Repeater MIB and Patent Grant document: [7] de Graaf, K., D. Romascanu, D. McMaster, and K. McCloghrie, "Definitions of Managed Objects for IEEE 802.3 Repeater Devices", RFC 2108, 3Com Corporation, Madge Networks (Israel) Ltd., Cisco Systems, Inc., February, 1997. [8] McAnally, G., Gilbert, D., and J. Flick, "Conditional Grant of Rights to Specific Hewlett-Packard Patents In Conjunction With the Internet Engineering Task Force's Internet-Standard Network Management Framework", RFC 1988, August 1996. 5. Expanded Security Considerations: 7. Security Considerations Certain management information defined in this MIB may be considered sensitive in some network environments. Therefore, authentication of received SNMP requests and controlled access to management information should be employed in such environments. The method for this authentication is a function of the SNMP Administrative Framework, and has not been expanded by this MIB. Several objects in the vgRptrConfigGroup allow write access. Setting these objects can have a serious effect on the operation of the network, including modifying the framing type of the network, resetting the repeater, enabling and disabling individual ports, and modifying the allowed capabilities of end stations attached to each port. It is recommended that implementers seriously consider whether set operations should be allowed without providing, at a minimum, authentication of request origin. One particular object in this MIB, vgRptrPortAllowedTrainType, is considered significant for providing operational security in an 802.12 network. It is recommended that network administrators configure this object to the 'allowEndNodesOnly' value on all ports except ports which the administrator knows are attached to cascaded repeaters or devices which require promiscuous receive capability (bridges, switches, RMON probes, etc.). This will prevent unauthorized users from extending the network (by attaching cascaded repeaters or bridges) without the administrator's knowledge, and will prevent unauthorized end nodes from listening promiscuously to network traffic.
- 802.12 Rptr MIB Draft-- issues Karen Kimball
- Re: 802.12 Rptr MIB Draft-- issues John Flick
- Re: 802.12 Rptr MIB Draft-- issues Karen Kimball
- Re: 802.12 Rptr MIB Draft-- issues John Flick
- 802.12 Rptr MIB Draft-- issues John Flick