Transcript .1AE Management Info Frank Chao [email protected] San Antonio 11/22/2004 .1AE Management Info SNMP CLI EAP Configuration APIs LMI (data structure) Event APIs Uncontrolled port .1af Common port .1AE Controlled port User controlled port.

.1AE Management Info
Frank Chao
[email protected]
San Antonio
11/22/2004
.1AE Management Info
SNMP
CLI
EAP
Configuration APIs
LMI (data
structure)
Event APIs
Uncontrolled
port
.1af
Common
port
.1AE
Controlled
port
User controlled
port
.1AE Management Info
• LMI (Layer Management Interface)
– Data Structure
– Accessed by .1AE, .1af, SNMP/MIB, EAP
– Containing .1AE and .1af configuration,
protocol states, and counter/diagnosis
information.
– .1AE uses LMI to control the MACsec packet
processing directly or through APIs.
– Change the data in LMI may cause actions in
SecY or KaY
.1AE Management Info
• MACsec Mgmt Information
– Multiple Control Flags to control MACsec status. (global objects)
(To have the transition of deployment smoothly.)
– Status of MACsec (macSecStatus)
– rxSecYSCCapability : number peer receiving SCs per
SecY can have.
• SecY Mgmt Information
– Table indexed by InterfaceIndex (IF-MIB).
– ValidateRxFrames : flag for validation process in
receiving. (10.5.3)
– ProtectTxFrames : flag for protection process in
transmitting.
– Current Cipher Suite. (10.5.4) (Row Pointer)
– adminPointToPointMAC, operPointToPointMAC (6.5)
.1AE Management Info
– RxReplayChk : flag for rx replay check.
(10.6.2)
– Tx SC : transmit SC informaiton.
– Rx SCs : receive SCs informaiton. (will be in
another table.)
– lastUnknownSC : an SCI information to record
last rx unknown SC (10.6.1) with time stamp.
.1AE Management Info
• Tx SC Mgmt Information
– scState : state of this transmit SC ? (rolled from
saState informaiton.)
– SCI : the SCI for the SC used by SecY for transmit.
(10.5)
– txEncodingSA : current SA number. (Integer) (10.5.1)
– txEncipheringSA : previous SA number. (Integer)
(10.5.4)
• Tx SA : (table with 4 entries)
–
–
–
–
Table indexed by InterfaceIndex and AN.
saState : state of this transmit SA.
saCmd : command executing in the SA.
txSAK : key for transmitting. (7.1, 10.5.1) (not in the
MIB.)
– txNextPN : next packet number (PN). (10.5.2)
.1AE Management Info
• Rx SCs Mgmt Information
– Table indexed by InterfaceIndex and SCI.
– scState : state of this receive SC ? (rolled
from saState).
– SCI : the SCI for the SC used by SecY for
receive. (10.5)
– rxCurrentSA : current using SA number in the
SC. (Integer) (10.6.1)
– lastUnknownSA : last un-resolved AN with
timestamp. (10.6.1)
.1AE Management Info
• Rx SA Mgmt Information
–
–
–
–
Table indexed by InterfaceIndex and SCI and AN.
saState : state of this receive SA.
saCmd : command excecuting in the SA.
rxSAK : key for receiving. (7.1, 10.6.1) (not in the
MIB.)
– rxLastPN : last received packet number (PN). (10.6.2)
– rxLastValidatedPN : last received validated PN.
(10.6.2)
.1AE Management Info
• Cipher Suites :
– Name : name of this cipher suite, could be MIB table
index.
– Description : information about the Cipher Suite.
– Confidentiality : flag indicate the cipher suite with
confidentiality ability.
– SecureDataLengthChange : a flag to indicate the
length of ciphered text is different from the length of
plain text.
– ICV length : the length of generated ICV.
.1AE Management Info
• SA Rx Counters :
– Table indexed by InterfaceIndex and SCI and AN
– InCntReinitTime : A timestamp for the counters’
discontinuity in this SA.
– OutCntStopTime : A timestamp for the counters’
discontinuity in this SA, stop time.
– InXcastPktsNotReceived (the name will be modified
to represent the real meaning.)
– InXcastPktsInvalid
– InXcastPktsReplayed
– InXcastPktsMisordered
.1AE Management Info
–
–
–
–
–
InXcastPktsOrdered
InXcastPktsEncrypted
InXcastPktsDecrypted
InXcastOctetsEncrypted (MSDU)
InXcastOctetsDecrypted (MSDU)
.1AE Management Info
• SC Rx counters :
– Indexed by InterfaceIndex and SCI
–
–
–
–
–
–
–
–
–
InXcastPktsNotReceived
InXcastPktsInvalid
InXcastPktsReplayed
InXcastPktsMisordered
InXcastPktsOrdered
InXcastPktsEncrypted
InXcastPktsDecrypted
InXcastOctetsEncrypted (MSDU)
InXcastOctetsDecrypted (MSDU)
.1AE Management Info
• SecY Rx Counters :
– Table Indexed by InterfaceIndex
–
–
–
–
–
–
–
–
–
–
–
–
–
–
InXcastPktsNoTag
InXcastPktsBadTag
InXcastPktsUnknownSCI
InXcastPktsUntagged
InXcastPktsUnchecked
InXcastPktsNotReceived
InXcastPktsInvalid
InXcastPktsReplayed
InXcastPktsMisordered
InXcastPktsOrdered
InXcastPktsEncrypted
InXcastPktsDecrypted
InXcastOctetsEncrypted (MSDU)
InXcastOctetsDecrypted (MSDU)
.1AE Management Info
• SA Tx counters :
– Table indexed by InterfaceIndex and AN
– OutCntReinitTime : A timestamp for the counters’
discontinuity in this SA, re-initialization time.
– OutCntStopTime : A timestamp for the counters’ discontinuity
in this SA, stop time.
–
–
–
–
–
–
OutPktsPnExhausted
OutPktsToolong
OutXcastPktsProtected
OutXcastPktsUntagged
OutXcastPktsEncrypted
OutXcastOctetsEncrypted (MSDU)
.1AE Management Info
• SecY Tx Counters :
– Table indexed by InterfaceIndex
– OutPktsPnExhausted
– OutPktsToolong
– OutXcastPktsProtected
– OutXcastPktsUntagged
– OutXcastPktsEncrypted
– OutXcastOctetsEncrypted (MSDU)
.1AE Management Info
•
RFC2863 : Interface MIB counters
ifInOctets
Counter32,
ifInUcastPkts
Counter32,
ifInDiscards
Counter32,
ifInErrors
Counter32,
ifInUnknownProtos
Counter32,
ifOutOctets
Counter32,
ifOutUcastPkts
Counter32,
ifOutDiscards
Counter32,
ifOutErrors
Counter32,
ifInMulticastPkts
Counter32,
ifInBroadcastPkts
Counter32,
ifOutMulticastPkts
Counter32,
ifOutBroadcastPkts
Counter32,
ifHCInOctets
Counter64,
ifHCInUcastPkts
Counter64,
ifHCInMulticastPkts Counter64,
ifHCInBroadcastPkts Counter64,
ifHCOutOctets
Counter64,
ifHCOutUcastPkts
Counter64,
ifHCOutMulticastPkts Counter64,
ifHCOutBroadcastPkts Counter64
.1AE Management Info
• MIB Design
– Will follow the MIB-REVIEW-GUIDELINES,
http://www.ietf.org/internet-drafts/draft-ietfops-mib-review-guidelines-03.txt, valid to Dec.
2004.
– SNMPv3 access only ?