779 lines
29 KiB
Plaintext
779 lines
29 KiB
Plaintext
TIMETRA-RPKI-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
InetAddress, InetAddressPrefixLength,
|
|
InetAddressType,
|
|
InetAutonomousSystemNumber
|
|
FROM INET-ADDRESS-MIB
|
|
MODULE-COMPLIANCE, NOTIFICATION-GROUP,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
MODULE-IDENTITY, NOTIFICATION-TYPE,
|
|
OBJECT-TYPE, Unsigned32
|
|
FROM SNMPv2-SMI
|
|
DisplayString, RowStatus, TimeStamp,
|
|
TruthValue
|
|
FROM SNMPv2-TC
|
|
timetraSRMIBModules, tmnxSRConfs,
|
|
tmnxSRNotifyPrefix, tmnxSRObjs
|
|
FROM TIMETRA-GLOBAL-MIB
|
|
BgpConnectRetryTime, BgpHoldTime,
|
|
TmnxAdminState, TmnxVRtrID
|
|
FROM TIMETRA-TC-MIB
|
|
vRtrID
|
|
FROM TIMETRA-VRTR-MIB
|
|
;
|
|
|
|
timetraRpkiOriginValidMIBModule MODULE-IDENTITY
|
|
LAST-UPDATED "201403100000Z"
|
|
ORGANIZATION "Nokia"
|
|
CONTACT-INFO
|
|
"Nokia 7xxx Support
|
|
Web: http://www.nokia.com"
|
|
DESCRIPTION
|
|
"This document is the SNMP MIB module for the Nokia SROS implementation
|
|
of origin validation for rpki session.
|
|
|
|
Copyright 2003-2018 Nokia. All rights reserved. Reproduction of this
|
|
document is authorized on the condition that the foregoing copyright
|
|
notice is included.
|
|
|
|
This SNMP MIB module (Specification) embodies Nokia's proprietary
|
|
intellectual property. Nokia retains all title and ownership in the
|
|
Specification, including any revisions.
|
|
|
|
Nokia grants all interested parties a non-exclusive license to use and
|
|
distribute an unmodified copy of this Specification in connection with
|
|
management of Nokia products, and without fee, provided this copyright
|
|
notice and license appear on all copies.
|
|
|
|
This Specification is supplied 'as is', and Nokia makes no warranty,
|
|
either express or implied, as to the use, operation, condition, or
|
|
performance of the Specification."
|
|
|
|
REVISION "201403100000Z"
|
|
DESCRIPTION
|
|
"Rev 0.1 10 March 2014 00:00
|
|
Initial version of the TIMETRA-RPKI-MIB."
|
|
|
|
::= { timetraSRMIBModules 96 }
|
|
|
|
tmnxRpkiObjs OBJECT IDENTIFIER ::= { tmnxSRObjs 96 }
|
|
|
|
vRtrRpkiSessInstanceTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF VRtrRpkiSessInstanceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vRtrRpkiSessInstanceTable consists of information about each running
|
|
instance of Rpki-Session."
|
|
::= { tmnxRpkiObjs 1 }
|
|
|
|
vRtrRpkiSessInstanceEntry OBJECT-TYPE
|
|
SYNTAX VRtrRpkiSessInstanceEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the vRtrRpkiSessInstanceTable. Each entry
|
|
represents an instance of Rpki-Session running on the virtual router."
|
|
INDEX {
|
|
vRtrID,
|
|
vRtrRpkiSessInstanceAddressType,
|
|
vRtrRpkiSessInstanceAddress
|
|
}
|
|
::= { vRtrRpkiSessInstanceTable 1 }
|
|
|
|
VRtrRpkiSessInstanceEntry ::= SEQUENCE
|
|
{
|
|
vRtrRpkiSessInstanceAddressType InetAddressType,
|
|
vRtrRpkiSessInstanceAddress InetAddress,
|
|
vRtrRpkiSessInstanceRowStatus RowStatus,
|
|
vRtrRpkiSessInstanceConnectRetry BgpConnectRetryTime,
|
|
vRtrRpkiSessInstanceDescription DisplayString,
|
|
vRtrRpkiSessInstanceHoldTime BgpHoldTime,
|
|
vRtrRpkiSessLocalAddressType InetAddressType,
|
|
vRtrRpkiSessLocalAddress InetAddress,
|
|
vRtrRpkiSessInstancePort Unsigned32,
|
|
vRtrRpkiSessInstanceRefreshTime Unsigned32,
|
|
vRtrRpkiSessInstanceAdminState TmnxAdminState,
|
|
vRtrRpkiSessInstanceStaleRoutTim Unsigned32,
|
|
vRtrRpkiSessInstanceSessionState INTEGER,
|
|
vRtrRpkiSessInstanceSessionFlaps Unsigned32,
|
|
vRtrRpkiSessInstanceUptime TimeStamp,
|
|
vRtrRpkiSessInstanceActIpv4Rec Unsigned32,
|
|
vRtrRpkiSessInstanceActIpv6Rec Unsigned32,
|
|
vRtrRpkiSessInstanceSerialId Unsigned32,
|
|
vRtrRpkiSessInstanceSessionId Unsigned32,
|
|
vRtrRpkiSessInstanceLastChange TimeStamp
|
|
}
|
|
|
|
vRtrRpkiSessInstanceAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceAddressType indicates the IP address
|
|
type of the RPKI session configuration.
|
|
|
|
vRtrRpkiSessInstanceAddressType supports InetAddressType values 'ipv4
|
|
(1)','ipv6 (2)' and 'ipv6z(4)'."
|
|
::= { vRtrRpkiSessInstanceEntry 1 }
|
|
|
|
vRtrRpkiSessInstanceAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (4|16|20))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceAddress indicates the IPv4,IPv6 or a
|
|
link local address of a local cache server."
|
|
::= { vRtrRpkiSessInstanceEntry 2 }
|
|
|
|
vRtrRpkiSessInstanceRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceRowStatus specifies the row status
|
|
for this RPKI instance for the virtual router. It is used to create
|
|
and delete row entries in this table."
|
|
::= { vRtrRpkiSessInstanceEntry 3 }
|
|
|
|
vRtrRpkiSessInstanceConnectRetry OBJECT-TYPE
|
|
SYNTAX BgpConnectRetryTime
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceConnectRetry specifies the value (in
|
|
seconds) for the RPKI Connect Retry timer."
|
|
REFERENCE
|
|
"BGP4-MIB.bgpPeerConnectRetryInterval"
|
|
DEFVAL { 120 }
|
|
::= { vRtrRpkiSessInstanceEntry 4 }
|
|
|
|
vRtrRpkiSessInstanceDescription OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..80))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceDescription specifies the textual
|
|
description of this RPKI instance."
|
|
DEFVAL { ''H }
|
|
::= { vRtrRpkiSessInstanceEntry 5 }
|
|
|
|
vRtrRpkiSessInstanceHoldTime OBJECT-TYPE
|
|
SYNTAX BgpHoldTime
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceHoldTime specifies the length of time
|
|
in seconds that the session is to be considered UP without any
|
|
indication that the cache server is alive and reachable.
|
|
|
|
The default value of vRtrRpkiSessInstanceHoldTime is 600 seconds and
|
|
must be set to a value at least 2 times the value of
|
|
vRtrRpkiSessInstanceRefreshTime.
|
|
|
|
When object vRtrRpkiSessInstanceHoldTime is set, object
|
|
vRtrRpkiSessInstanceRefreshTime needs to be set as well.
|
|
|
|
Reception of any PDU from the cache server resets the hold timer. When
|
|
the hold-time expires the session is considered to be DOWN and the
|
|
stale timer is started."
|
|
DEFVAL { 600 }
|
|
::= { vRtrRpkiSessInstanceEntry 6 }
|
|
|
|
vRtrRpkiSessLocalAddressType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessLocalAddressType specifies the type of
|
|
vRtrRpkiSessLocalAddress."
|
|
DEFVAL { unknown }
|
|
::= { vRtrRpkiSessInstanceEntry 7 }
|
|
|
|
vRtrRpkiSessLocalAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (0|4|16))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessLocalAddress specifies the address of the local
|
|
end of the Rpki session. In order for Rpki to function at least one
|
|
peer must be configured. This address is used to validate incoming
|
|
connections to the peer and to establish connections to the remote peer.
|
|
|
|
The default value of vRtrRpkiSessLocalAddress is the system IP
|
|
address."
|
|
DEFVAL { ''H }
|
|
::= { vRtrRpkiSessInstanceEntry 8 }
|
|
|
|
vRtrRpkiSessInstancePort OBJECT-TYPE
|
|
SYNTAX Unsigned32 (0..65535)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstancePort specifies the destination port
|
|
number to be used to connect the cache server. The default port number
|
|
is 323."
|
|
DEFVAL { 323 }
|
|
::= { vRtrRpkiSessInstanceEntry 9 }
|
|
|
|
vRtrRpkiSessInstanceRefreshTime OBJECT-TYPE
|
|
SYNTAX Unsigned32 (30..32767)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceRefreshTime triggers the sending of
|
|
periodic Serial Query PDUs for purposes of liveness detection.
|
|
|
|
The default value of vRtrRpkiSessInstanceRefreshTime is 300 seconds.
|
|
and is reset whenever a Reset Query or Serial Query PDU is sent to the
|
|
cache server. When the timer expires a new Serial Query PDU is sent
|
|
with the last known serial number.
|
|
|
|
When object vRtrRpkiSessInstanceRefreshTime is set, object
|
|
vRtrRpkiSessInstanceHoldTime needs to be set as well."
|
|
DEFVAL { 300 }
|
|
::= { vRtrRpkiSessInstanceEntry 10 }
|
|
|
|
vRtrRpkiSessInstanceAdminState OBJECT-TYPE
|
|
SYNTAX TmnxAdminState
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceAdminState specifies the
|
|
administrative state of Rpki session in this virtual router instance."
|
|
DEFVAL { outOfService }
|
|
::= { vRtrRpkiSessInstanceEntry 11 }
|
|
|
|
vRtrRpkiSessInstanceStaleRoutTim OBJECT-TYPE
|
|
SYNTAX Unsigned32 (60..3600)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceStaleRoutTim specifies the maximum
|
|
length of time that prefix origin records learned from the cache
|
|
server remain valid after the session with the cache server goes down.
|
|
|
|
The default value of vRtrRpkiSessInstanceStaleRoutTim is 3600 seconds
|
|
(1 hour). When the timer expires all remaining stale entries
|
|
associated with the session are deleted."
|
|
DEFVAL { 3600 }
|
|
::= { vRtrRpkiSessInstanceEntry 12 }
|
|
|
|
vRtrRpkiSessInstanceSessionState OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
idle (0),
|
|
connect (1),
|
|
established (2),
|
|
cleanup (3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceSessionState indicates the current
|
|
state of a particular session."
|
|
::= { vRtrRpkiSessInstanceEntry 13 }
|
|
|
|
vRtrRpkiSessInstanceSessionFlaps OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceSessionFlaps indicates the number of
|
|
times the session has transitioned from 'established' state to 'idle'
|
|
state."
|
|
::= { vRtrRpkiSessInstanceEntry 14 }
|
|
|
|
vRtrRpkiSessInstanceUptime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceUptime indicates the time since this
|
|
session is active."
|
|
::= { vRtrRpkiSessInstanceEntry 15 }
|
|
|
|
vRtrRpkiSessInstanceActIpv4Rec OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceActIpv4Rec indicates the number of
|
|
active, non-withdrawn IPv4 records."
|
|
::= { vRtrRpkiSessInstanceEntry 16 }
|
|
|
|
vRtrRpkiSessInstanceActIpv6Rec OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceActIpv6Rec indicates the number of
|
|
active, non-withdrawn IPv6 records."
|
|
::= { vRtrRpkiSessInstanceEntry 17 }
|
|
|
|
vRtrRpkiSessInstanceSerialId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceSerialId indicates the serial id
|
|
associated with this session."
|
|
::= { vRtrRpkiSessInstanceEntry 18 }
|
|
|
|
vRtrRpkiSessInstanceSessionId OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceSessionId indicates the session id of
|
|
this session."
|
|
::= { vRtrRpkiSessInstanceEntry 19 }
|
|
|
|
vRtrRpkiSessInstanceLastChange OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrRpkiSessInstanceLastChange indicates the sysUpTime
|
|
when this row was last modified."
|
|
::= { vRtrRpkiSessInstanceEntry 20 }
|
|
|
|
vRtrOriginValStaticTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF VRtrOriginValStaticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vRtrOriginValStaticTable consists of information about static-entry
|
|
under origin-validation. A static-entry can express validity or
|
|
invalidity information about an entry."
|
|
::= { tmnxRpkiObjs 2 }
|
|
|
|
vRtrOriginValStaticEntry OBJECT-TYPE
|
|
SYNTAX VRtrOriginValStaticEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the vRtrOriginValStaticTable.Each entry
|
|
represents a static-entry about the AS numbers that are authorized to
|
|
originate routes for different prefixes."
|
|
INDEX {
|
|
vRtrID,
|
|
vRtrOrigValStaticIpPrefixType,
|
|
vRtrOrigValStaticIpPrefix,
|
|
vRtrOrigValStaticMinPrefixLen,
|
|
vRtrOrigValStaticMaxPrefixLen,
|
|
vRtrOrigValStaticAS4Byte
|
|
}
|
|
::= { vRtrOriginValStaticTable 1 }
|
|
|
|
VRtrOriginValStaticEntry ::= SEQUENCE
|
|
{
|
|
vRtrOrigValStaticIpPrefixType InetAddressType,
|
|
vRtrOrigValStaticIpPrefix InetAddress,
|
|
vRtrOrigValStaticMinPrefixLen InetAddressPrefixLength,
|
|
vRtrOrigValStaticMaxPrefixLen InetAddressPrefixLength,
|
|
vRtrOrigValStaticAS4Byte InetAutonomousSystemNumber,
|
|
vRtrOrigValStaticRowStatus RowStatus,
|
|
vRtrOrigValStaticASValidity TruthValue
|
|
}
|
|
|
|
vRtrOrigValStaticIpPrefixType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValStaticIpPrefixType specifies the address type
|
|
of vRtrOrigValStaticIpPrefix address."
|
|
::= { vRtrOriginValStaticEntry 1 }
|
|
|
|
vRtrOrigValStaticIpPrefix OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (0|4|16))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValStaticIpPrefix specifies the IP address prefix
|
|
to match for the origin validation."
|
|
DEFVAL { ''H }
|
|
::= { vRtrOriginValStaticEntry 2 }
|
|
|
|
vRtrOrigValStaticMinPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength (0..128)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValStaticMinPrefixLen specifies the min value of
|
|
the prefix length for vRtrOrigValStaticIpPrefix, to match for the
|
|
aggregation."
|
|
DEFVAL { 0 }
|
|
::= { vRtrOriginValStaticEntry 3 }
|
|
|
|
vRtrOrigValStaticMaxPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength (0..128)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValStaticMaxPrefixLen specifies the max value of
|
|
the prefix length for vRtrOrigValStaticIpPrefix, to match for the
|
|
aggregation."
|
|
DEFVAL { 0 }
|
|
::= { vRtrOriginValStaticEntry 4 }
|
|
|
|
vRtrOrigValStaticAS4Byte OBJECT-TYPE
|
|
SYNTAX InetAutonomousSystemNumber
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValStaticAS4Byte specifies the autonomous system
|
|
number to be advertised to this peer."
|
|
DEFVAL { 0 }
|
|
::= { vRtrOriginValStaticEntry 5 }
|
|
|
|
vRtrOrigValStaticRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValStaticRowStatus specifies the row status for
|
|
this static entry instance for the virtual router. It is used to
|
|
create and delete row entries in this table."
|
|
::= { vRtrOriginValStaticEntry 6 }
|
|
|
|
vRtrOrigValStaticASValidity OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValStaticASValidity specifies whether the route
|
|
entry corresponding to the autonomous number is valid (true) or
|
|
invalid (false)."
|
|
DEFVAL { true }
|
|
::= { vRtrOriginValStaticEntry 7 }
|
|
|
|
vRtrOriginValRouteTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF VRtrOriginValRouteEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"vRtrOriginValRouteTable consists of information about the route
|
|
database which includes both static and dynamic route information
|
|
under origin-validation rpki."
|
|
::= { tmnxRpkiObjs 3 }
|
|
|
|
vRtrOriginValRouteEntry OBJECT-TYPE
|
|
SYNTAX VRtrOriginValRouteEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the vRtrOriginValRouteTable. Each entry
|
|
represents the AS numbers that are authorized to originate routes for
|
|
different prefixes. Entries cannot be created or deleted via a SNMP
|
|
SET operation."
|
|
INDEX {
|
|
vRtrID,
|
|
vRtrOrigValRouteIpPrefixType,
|
|
vRtrOrigValRouteIpPrefix,
|
|
vRtrOrigValRouteMinPrefixLen,
|
|
vRtrOrigValRouteMaxPrefixLen,
|
|
vRtrOrigValRouteAS4Byte,
|
|
vRtrOrigValRouteType,
|
|
vRtrOrigValRouteRpkiVrId,
|
|
vRtrOrigValRouteRpkiAddrType,
|
|
vRtrOrigValRouteRpkiAddress
|
|
}
|
|
::= { vRtrOriginValRouteTable 1 }
|
|
|
|
VRtrOriginValRouteEntry ::= SEQUENCE
|
|
{
|
|
vRtrOrigValRouteIpPrefixType InetAddressType,
|
|
vRtrOrigValRouteIpPrefix InetAddress,
|
|
vRtrOrigValRouteMinPrefixLen InetAddressPrefixLength,
|
|
vRtrOrigValRouteMaxPrefixLen InetAddressPrefixLength,
|
|
vRtrOrigValRouteAS4Byte InetAutonomousSystemNumber,
|
|
vRtrOrigValRouteType INTEGER,
|
|
vRtrOrigValRouteRpkiVrId TmnxVRtrID,
|
|
vRtrOrigValRouteRpkiAddrType InetAddressType,
|
|
vRtrOrigValRouteRpkiAddress InetAddress,
|
|
vRtrOrigValASRouteValidity TruthValue
|
|
}
|
|
|
|
vRtrOrigValRouteIpPrefixType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteIpPrefixType specify the address type of
|
|
vRtrOrigValRouteIpPrefix address."
|
|
::= { vRtrOriginValRouteEntry 1 }
|
|
|
|
vRtrOrigValRouteIpPrefix OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (4|16))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteIpPrefix specify the IP address prefix to
|
|
match for the origin validation."
|
|
::= { vRtrOriginValRouteEntry 2 }
|
|
|
|
vRtrOrigValRouteMinPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength (0..128)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteMinPrefixLen specify the min value of the
|
|
prefix length for vRtrOrigValRouteIpPrefix, to match for the
|
|
aggregation."
|
|
::= { vRtrOriginValRouteEntry 3 }
|
|
|
|
vRtrOrigValRouteMaxPrefixLen OBJECT-TYPE
|
|
SYNTAX InetAddressPrefixLength (0..128)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteMaxPrefixLen specify the max value of the
|
|
prefix length for vRtrOrigValRouteIpPrefix, to match for the
|
|
aggregation."
|
|
::= { vRtrOriginValRouteEntry 4 }
|
|
|
|
vRtrOrigValRouteAS4Byte OBJECT-TYPE
|
|
SYNTAX InetAutonomousSystemNumber
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteAS4Byte specify the autonomous system
|
|
number to be advertised to this peer."
|
|
::= { vRtrOriginValRouteEntry 5 }
|
|
|
|
vRtrOrigValRouteType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
static (1),
|
|
dynamic (2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The vRtrOrigValRouteType is an enumerated value that specifies whether
|
|
type of the route entry is static or dynamic."
|
|
::= { vRtrOriginValRouteEntry 6 }
|
|
|
|
vRtrOrigValRouteRpkiVrId OBJECT-TYPE
|
|
SYNTAX TmnxVRtrID
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteRpkiVrId specify if the type of the Rpki
|
|
Session is base or management."
|
|
::= { vRtrOriginValRouteEntry 7 }
|
|
|
|
vRtrOrigValRouteRpkiAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteRpkiAddrType specify the type of
|
|
vRtrRpkiSessLocalAddress."
|
|
::= { vRtrOriginValRouteEntry 8 }
|
|
|
|
vRtrOrigValRouteRpkiAddress OBJECT-TYPE
|
|
SYNTAX InetAddress (SIZE (4|16|20))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValRouteRpkiAddress specify the address of the
|
|
local end of the Rpki session. In order for Rpki to function at least
|
|
one peer must be configured. This address is used to validate incoming
|
|
connections to the peer and to establish connections to the remote peer.
|
|
|
|
When the value of vRtrOrigValRouteType is static the value of
|
|
vRtrOrigValRouteRpkiAddress is null."
|
|
::= { vRtrOriginValRouteEntry 9 }
|
|
|
|
vRtrOrigValASRouteValidity OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of vRtrOrigValASRouteValidity indicates whether the route
|
|
entry corresponding to the autonomous number is valid (true) or
|
|
invalid (false) if the route is static. Default value for this object
|
|
is valid(true)."
|
|
::= { vRtrOriginValRouteEntry 10 }
|
|
|
|
tmnxRpkiNotificationObjs OBJECT IDENTIFIER ::= { tmnxRpkiObjs 4 }
|
|
|
|
tmnxRpkiPeerAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of tmnxRpkiPeerAddrType indicates the type of address for
|
|
the BGP peer represented by tmnxRpkiPeerAddr."
|
|
::= { tmnxRpkiNotificationObjs 1 }
|
|
|
|
tmnxRpkiPeerAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of tmnxRpkiPeerAddr indicates the address for the Rpki peer."
|
|
::= { tmnxRpkiNotificationObjs 2 }
|
|
|
|
tmnxRpkiErrorType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
holdTimerExpired (1),
|
|
tcpConnectionFailure (2),
|
|
sessionIdMismatch (3),
|
|
fatalErrorCode (4),
|
|
sessionEstablished (5)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of tmnxRpkiErrorType indicates the type of the error message
|
|
seen on the Rpki session."
|
|
::= { tmnxRpkiNotificationObjs 3 }
|
|
|
|
tmnxRpkiTrapStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
up (1),
|
|
down (2)
|
|
}
|
|
MAX-ACCESS accessible-for-notify
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The value of tmnxRpkiTrapStatus indicates the state of the trap."
|
|
::= { tmnxRpkiNotificationObjs 4 }
|
|
|
|
tmnxRpkiConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 96 }
|
|
|
|
tmnxRpkiCompliances OBJECT IDENTIFIER ::= { tmnxRpkiConformance 1 }
|
|
|
|
tmnxOriginValidV12v0Compliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for management of origin validation instances
|
|
on Nokia SROS series systems release R12.0."
|
|
MODULE
|
|
MANDATORY-GROUPS {
|
|
tmnxRpkiOriginValidGroup,
|
|
tmnxRpkiNotificationGroup
|
|
}
|
|
::= { tmnxRpkiCompliances 1 }
|
|
|
|
tmnxRpkiGroups OBJECT IDENTIFIER ::= { tmnxRpkiConformance 2 }
|
|
|
|
tmnxRpkiOriginValidGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
vRtrRpkiSessInstanceRowStatus,
|
|
vRtrRpkiSessInstanceConnectRetry,
|
|
vRtrRpkiSessInstanceDescription,
|
|
vRtrRpkiSessInstanceHoldTime,
|
|
vRtrRpkiSessLocalAddressType,
|
|
vRtrRpkiSessLocalAddress,
|
|
vRtrRpkiSessInstancePort,
|
|
vRtrRpkiSessInstanceRefreshTime,
|
|
vRtrRpkiSessInstanceAdminState,
|
|
vRtrRpkiSessInstanceStaleRoutTim,
|
|
vRtrRpkiSessInstanceSessionState,
|
|
vRtrRpkiSessInstanceSessionFlaps,
|
|
vRtrRpkiSessInstanceUptime,
|
|
vRtrRpkiSessInstanceActIpv4Rec,
|
|
vRtrRpkiSessInstanceActIpv6Rec,
|
|
vRtrOrigValStaticRowStatus,
|
|
vRtrOrigValStaticASValidity,
|
|
vRtrOrigValASRouteValidity,
|
|
vRtrRpkiSessInstanceSerialId,
|
|
vRtrRpkiSessInstanceSessionId,
|
|
vRtrRpkiSessInstanceLastChange
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group of additional objects supporting the management of RPKI
|
|
session in version 12.0 of Nokia SROS series systems."
|
|
::= { tmnxRpkiGroups 1 }
|
|
|
|
tmnxRpkiNotifyObjsGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
tmnxRpkiErrorType,
|
|
tmnxRpkiPeerAddr,
|
|
tmnxRpkiPeerAddrType,
|
|
tmnxRpkiTrapStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group of objects supporting extended MPLS notifications on Nokia
|
|
SROS series systems."
|
|
::= { tmnxRpkiGroups 2 }
|
|
|
|
tmnxRpkiNotificationGroup NOTIFICATION-GROUP
|
|
NOTIFICATIONS {
|
|
tmnxRpkiNotifySession,
|
|
tmnxRpkiStaleTimerExpiry
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The group of notifications supporting the RPKI feature on Nokia SROS
|
|
series systems 12.0 Release."
|
|
::= { tmnxRpkiGroups 3 }
|
|
|
|
tmnxRpkiNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 96 }
|
|
|
|
tmnxRpkiNotifications OBJECT IDENTIFIER ::= { tmnxRpkiNotifyPrefix 0 }
|
|
|
|
tmnxRpkiNotifySession NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
tmnxRpkiPeerAddrType,
|
|
tmnxRpkiPeerAddr,
|
|
tmnxRpkiErrorType,
|
|
tmnxRpkiTrapStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"[CAUSE] A tmnxRpkiNotifySession notification is generated when a rpki
|
|
session either comes up or goes down. Possible reasons for this to
|
|
happen is listed below:
|
|
(a) a session goes down due to hold-timer expiry.
|
|
(b) a session goes down due to failure of the TCP connection.
|
|
(c) a session goes down due to session ID mismatch.
|
|
(d) a session goes down due to sent or received Error Report PDU
|
|
containing fatal error code
|
|
(e) a session comes up (established state)
|
|
|
|
[EFFECT] This may remove the routes learned from a particular
|
|
rpki server if session goes down. Or start learning routes
|
|
from a rpki session which was newly established.
|
|
|
|
[RECOVERY] There is no recovery required for this notification."
|
|
::= { tmnxRpkiNotifications 1 }
|
|
|
|
tmnxRpkiStaleTimerExpiry NOTIFICATION-TYPE
|
|
OBJECTS {
|
|
tmnxRpkiPeerAddrType,
|
|
tmnxRpkiPeerAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"[CAUSE] This notification is generated when a stale timer expires. The
|
|
stale timer expires due to the following reasons:
|
|
1) The peer goes down, and never comes up within the stale timer
|
|
interval
|
|
2) Peer goes down and comes back up and refreshes the databases. The
|
|
stale timer is expired to remove unrefreshed entries in the database.
|
|
3) The peer goes down and comes back again and again goes down before
|
|
refreshing any entries. Here again the stale timer is expired due to
|
|
unstable connection.
|
|
4) The RPKI server sends a Cache Reset in response to a Serial Query
|
|
instead of doing an incremental update.
|
|
[EFFECT] This may remove the routes learned from a particular
|
|
rpki server if session goes down. Or start learning routes
|
|
from a rpki session which was newly established.
|
|
|
|
[RECOVERY] There is no recovery required for this notification."
|
|
::= { tmnxRpkiNotifications 2 }
|
|
|
|
END
|