TOC 
PANA Working GroupV. Fajardo, Ed.
Internet-DraftTARI
Intended status: Standards TrackOctober 23, 2008
Expires: April 26, 2009 


PANA (Protocol for Carrying Authentication for Network Access) Base Protocol MIB
draft-fajardo-pana-pana-mib-00

Status of This Memo

By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on April 26, 2009.

Abstract

This document defines the Management Information Base (MIB) module which defines a minimum set of objects that can be used to manage an implementation of the PANA Base Protocol [RFC5191] (Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” May 2008.).



Table of Contents

1.  The Internet-Standard Management Framework
2.  Conventions
3.  Overview
4.  PANA Base Protocol MIB Definitions
5.  Security Considerations
6.  IANA Considerations
7.  Contributors
8.  References
    8.1.  Normative References
    8.2.  Informative References




 TOC 

1.  The Internet-Standard Management Framework

For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410] (Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” December 2002.).

Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” April 1999.), STD 58, RFC 2579 [RFC2579] (McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” April 1999.) and STD 58, RFC 2580 [RFC2580] (McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” April 1999.).



 TOC 

2.  Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).



 TOC 

3.  Overview

The PANA Base Protocol [RFC5191] (Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” May 2008.) is structured for network access authentication where authenticating peers are typically in a many-to-one relationship; multiple end-users (PaC) and an authentication server (PAA). Therefore the PANA protocols operating parameters naturally segments to parameters that are common to both PaC and PAA and parameters specific only to either PaC and PAA.

The MIB objects described in this document follows the same pattern. As of this writing, there are not explicit dependecies between this document and other MIB modules.



 TOC 

4.  PANA Base Protocol MIB Definitions


   PANA-MIB DEFINITIONS ::= BEGIN

   IMPORTS
       MODULE-IDENTITY, OBJECT-TYPE,
       Unsigned32 FROM SNMPv2-SMI, Counter32 FROM SNMPv2-SMI
       MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
       InetAddressType, InetAddress FROM INET-ADDRESS-MIB;

   panaMIB MODULE-IDENTITY
         LAST-UPDATED "200810220000Z"
         ORGANIZATION "IETF PANA Working Group."
         CONTACT-INFO
             "Victor Fajardo
              Toshiba America Research Inc.
              1322 Crossman Avenue
              One Telcordia Drive, Piscataway, NJ 08854
              USA
              Phone: +1 (908) 421-1845
              Email: vfajardo@tari.toshiba.com"
          REVISION "200810221502Z"
          DESCRIPTION
              "The MIB module to for the PANA base protocol, RFC5191."
          ::= { mib-2 YY }

   -- RFC Ed.: Replace YY with suitable number from IANA if this goes
   --          into standards track

   -- Major sections of this MIB.
   -- The PANA base protocol MIB can be sub-divided into three(3)
   -- types of Objects: Objects common to all PANA entities, Objects
   -- specific to the PaC and Objects specific to the PAA

   panaBaseProtoMIB             OBJECT ::=
                                        { panaMIB 1 }
   panaEntityObject             OBJECT IDENTIFIER ::=
                                        { panaBaseProtoMIB 1 }
   panaEntityTraps              OBJECT IDENTIFIER ::=
                                        { panaBaseProtoMIB 2 }
   panaPaCObject                OBJECT IDENTIFIER ::=
                                        { panaBaseProtoMIB 3 }
   panaPaaObject                OBJECT IDENTIFIER ::=
                                        { panaBaseProtoMIB 4 }


   panaRetransmissionParam      OBJECT IDENTIFIER ::=
                                        { panaEntityObject 1 }

   panaInitialRetryTimeout      OBJECT-TYPE
          SYNTAX       Unsigned32 (1..4294967295)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Base value of the re-transmission timeout
                in seconds for the initial retransmission."
          DEFVAL { 5 }
          ::= { panaRetransmissionParam 1 }

   panaMaxRetryCount            OBJECT-TYPE
          SYNTAX       Unsigned32 (0..4294967295)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Maximum retransmission count. Specifies an
                upper bound on the number of times a sender
                may retransmit a message."
          DEFVAL { 3 }
          ::= { panaRetransmissionParam 2 }

   panaMaxRetryTime            OBJECT-TYPE
          SYNTAX       Unsigned32 (0..4294967295)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Maximum retransmission time in seconds. Specifies an
                an upper bound on the value of retry timeout.  It has
                a value of 0 there is no upper limit on the value
                of retry timeout."
          DEFVAL { 10 }
          ::= { panaRetransmissionParam 3 }

   panaMaxDuration            OBJECT-TYPE
          SYNTAX       Unsigned32 (0..4294967295)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Maximum retransmission duration in seconds. Specifies
                an upper bound on the length of time a sender may
                retransmit a message."
          DEFVAL { 120 }
          ::= { panaRetransmissionParam 4 }

   panaSessionLifetime          OBJECT-TYPE
          SYNTAX       Unsigned32 (1..4294967295)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Specifies the lifetime of the PANA session in seconds.
                This indicates how long till a re-authentication or
                disconnection occurs after a user successfully
                authenticates. This should be set to a minimum value
                that is greater than panaReAuthentionAllowance when
                re-authentication is enabled."
          DEFVAL { 360 }
          ::= { panaEntityObject 2 }

   panaPingInterval             OBJECT-TYPE
          SYNTAX       Unsigned32 (1..4294967295)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Indicates whether the interval between a PANA ping
                request. A value of 0 will disable sending of ping
                request otherwise a ping request message will be
                sent at this interval after successful authentication."
          DEFVAL { 5 }
          ::= { panaEntityObject 3 }

   panaReAuthenticate           OBJECT-TYPE
          SYNTAX       Unsigned32 (0..1)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Indicates whether a PANA entity will attempt to
                re-authenticate with its peer just prior to the
                session lifetime expiring. A value of 1 indicates
                that re-authentication will be attempted otherwise
                re-authentication will not be attempted."
          DEFVAL { 1 }
          ::= { panaEntityObject 4 }

   panaReAuthentionAllowance    OBJECT-TYPE
          SYNTAX       Unsigned32 (0..255)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Indicates how many seconds before the session lifetime
                expires will a PANA entity start authentication. This
                value is meaningful only when panaReAuthenticate is
                set to 1."
          DEFVAL { 5 }
          ::= { panaEntityObject 5 }

   panaPaaAddressType           OBJECT-TYPE
          SYNTAX       InetAddressType
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "The type of internet address stored
                in panaPaaIpAddress."
          ::= { panaPaCObject 1 }

   panaPaaIpAddress             OBJECT-TYPE
          SYNTAX       InetAddress
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "The IP-Address of the PAA, which is of the
               type specified in panaPaaAddressType."
          ::= { panaPaCObject 2 }

   panaPacEapResponseTimeout    OBJECT-TYPE
          SYNTAX       Unsigned32 (1..255)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Number of seconds the EAP layer is allowed to send
                an EAP response before an EAP timeout event occurs."
          DEFVAL { 3 }
          ::= { panaPaCObject 3 }

   panaPacEapPiggyback          OBJECT-TYPE
          SYNTAX       Unsigned32 (0..1)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Controls wether EAP payload will be sent
                in the PANA-Auth-Answer message during auth phase.
                A value of 1 will allow for EAP payload to be sent
                in the answer message while a value of 0 will
                prevent it."
          DEFVAL { 1 }
          ::= { panaPaCObject 4 }

   panaPacEapPiggyback          OBJECT-TYPE
          SYNTAX       Unsigned32 (0..1)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Controls wether EAP payload will be sent
                in the PANA-Auth-Answer message during auth phase.
                A value of 1 will allow for EAP payload to be sent
                in the answer message while a value of 0 will
                prevent it."
          DEFVAL { 1 }
          ::= { panaPaCObject 4 }

   panaPaaAnnounceLifetime      OBJECT-TYPE
          SYNTAX       Unsigned32 (0..1)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Indicates whether the PAA will carry the
                session lifetime AVP in the PANA-Bind-Rquest
                message. A value of 1 will allow for the session
                lifetime to be send in the PANA-Bind-Request
                while a value of 0 will prevent it."
          DEFVAL { 1 }
          ::= { panaPaaObject 2 }

   panaPaaIpReconfiguration     OBJECT-TYPE
          SYNTAX       Unsigned32 (0..1)
          MAX-ACCESS   read-write
          STATUS       current
          DESCRIPTION
               "Indicates whether the PAA will set the IP
                reconfiguration flag in the PAR to let the
                PaC know that it should re-configure its
                IP address after successful authentication.
                A value of 1 will set the re-configure bit
                (i-bit) in the PANA-Bind-Answer while a
                value of 0 will un-set it."
          DEFVAL { 1 }
          ::= { panaPaaObject 3 }

   panaPaaAuthAttempts          OBJECT-TYPE
          SYNTAX       Counter32 (0..4294967295)
          MAX-ACCESS   read-only
          STATUS       current
          DESCRIPTION
               "Indicates the total number of authentication
                attempts made on this PAA regardless of success
                or failure. Note that this is separate
                re-authentication attempts."
          ::= { panaPaaObject 4 }

   panaPaaSuccessfulAuth        OBJECT-TYPE
          SYNTAX       Counter32 (0..4294967295)
          MAX-ACCESS   read-only
          STATUS       current
          DESCRIPTION
               "Indicates the total number of successful
                authentication that this PAA has processed."
          ::= { panaPaaObject 5 }

   panaPaaReAuthAttempts        OBJECT-TYPE
          SYNTAX       Counter32 (0..4294967295)
          MAX-ACCESS   read-only
          STATUS       current
          DESCRIPTION
               "Indicates the total number of re-authentication
                attempts made on this PAA regardless of success
                or failure. Note that this is separate authentication
                attempts."
          ::= { panaPaaObject 6 }

   panaPaaSuccessfulReAuth      OBJECT-TYPE
          SYNTAX       Counter32 (0..4294967295)
          MAX-ACCESS   read-only
          STATUS       current
          DESCRIPTION
               "Indicates the total number of successful
                re-authentication that this PAA has processed."
          ::= { panaPaaObject 7 }

   END



 TOC 

5.  Security Considerations

TBD



 TOC 

6.  IANA Considerations

IANA is requested to assign an OID under mib-2.



 TOC 

7.  Contributors

TBD



 TOC 

8.  References



 TOC 

8.1. Normative References

[RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A. Yegin, “Protocol for Carrying Authentication for Network Access (PANA),” RFC 5191, May 2008 (TXT).
[RFC2119] Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” BCP 14, RFC 2119, March 1997 (TXT, HTML, XML).
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Structure of Management Information Version 2 (SMIv2),” STD 58, RFC 2578, April 1999 (TXT).
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., “Textual Conventions for SMIv2,” STD 58, RFC 2579, April 1999 (TXT).
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, “Conformance Statements for SMIv2,” STD 58, RFC 2580, April 1999 (TXT).


 TOC 

8.2. Informative References

[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, “Introduction and Applicability Statements for Internet-Standard Management Framework,” RFC 3410, December 2002 (TXT).


 TOC 

Author's Address

  Victor Fajardo (editor)
  Toshiba America Research, Inc.
  1 Telcordia Drive
  Piscataway, NJ 08854
  USA
Phone:  +1 732 699 5368
EMail:  vfajardo@tari.toshiba.com


 TOC 

Full Copyright Statement

Intellectual Property