1 / 17

Frank Chao fchao@cisco.com San Antonio 11/22/2004

Frank Chao fchao@cisco.com San Antonio 11/22/2004. .1AE Management Info. .1AE Management Info. SNMP. CLI. EAP. Configuration APIs. LMI (data structure). Event APIs. Uncontrolled port. .1af. Common port. .1AE. User controlled port. Controlled port. .1AE Management Info.

sumana
Download Presentation

Frank Chao fchao@cisco.com San Antonio 11/22/2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Frank Chaofchao@cisco.comSan Antonio11/22/2004 .1AE Management Info

  2. .1AE Management Info SNMP CLI EAP Configuration APIs LMI (data structure) Event APIs Uncontrolled port .1af Common port .1AE User controlled port Controlled port

  3. .1AE Management Info • LMI (Layer Management Interface) • Data Structure • Accessed by .1AE, .1af, SNMP/MIB, EAP • Containing .1AE and .1af configuration, protocol states, and counter/diagnosis information. • .1AE uses LMI to control the MACsec packet processing directly or through APIs. • Change the data in LMI may cause actions in SecY or KaY

  4. .1AE Management Info • MACsec Mgmt Information • Multiple Control Flags to control MACsec status. (global objects) (To have the transition of deployment smoothly.) • Status of MACsec (macSecStatus) • rxSecYSCCapability : number peer receiving SCs per SecY can have. • SecY Mgmt Information • Table indexed by InterfaceIndex (IF-MIB). • ValidateRxFrames : flag for validation process in receiving. (10.5.3) • ProtectTxFrames : flag for protection process in transmitting. • Current Cipher Suite. (10.5.4) (Row Pointer) • adminPointToPointMAC, operPointToPointMAC (6.5)

  5. .1AE Management Info • RxReplayChk : flag for rx replay check. (10.6.2) • Tx SC : transmit SC informaiton. • Rx SCs : receive SCs informaiton. (will be in another table.) • lastUnknownSC : an SCI information to record last rx unknown SC (10.6.1) with time stamp.

  6. .1AE Management Info • Tx SC Mgmt Information • scState : state of this transmit SC ? (rolled from saState informaiton.) • SCI : the SCI for the SC used by SecY for transmit. (10.5) • txEncodingSA : current SA number. (Integer) (10.5.1) • txEncipheringSA : previous SA number. (Integer) (10.5.4) • Tx SA : (table with 4 entries) • Table indexed by InterfaceIndex and AN. • saState : state of this transmit SA. • saCmd : command executing in the SA. • txSAK : key for transmitting. (7.1, 10.5.1) (not in the MIB.) • txNextPN : next packet number (PN). (10.5.2)

  7. .1AE Management Info • Rx SCs Mgmt Information • Table indexed by InterfaceIndex and SCI. • scState : state of this receive SC ? (rolled from saState). • SCI : the SCI for the SC used by SecY for receive. (10.5) • rxCurrentSA : current using SA number in the SC. (Integer) (10.6.1) • lastUnknownSA : last un-resolved AN with timestamp. (10.6.1)

  8. .1AE Management Info • Rx SA Mgmt Information • Table indexed by InterfaceIndex and SCI and AN. • saState : state of this receive SA. • saCmd : command excecuting in the SA. • rxSAK : key for receiving. (7.1, 10.6.1) (not in the MIB.) • rxLastPN : last received packet number (PN). (10.6.2) • rxLastValidatedPN : last received validated PN. (10.6.2)

  9. .1AE Management Info • Cipher Suites : • Name : name of this cipher suite, could be MIB table index. • Description : information about the Cipher Suite. • Confidentiality : flag indicate the cipher suite with confidentiality ability. • SecureDataLengthChange : a flag to indicate the length of ciphered text is different from the length of plain text. • ICV length : the length of generated ICV.

  10. .1AE Management Info • SA Rx Counters : • Table indexed by InterfaceIndex and SCI and AN • InCntReinitTime : A timestamp for the counters’ discontinuity in this SA. • OutCntStopTime : A timestamp for the counters’ discontinuity in this SA, stop time. • InXcastPktsNotReceived (the name will be modified to represent the real meaning.) • InXcastPktsInvalid • InXcastPktsReplayed • InXcastPktsMisordered

  11. .1AE Management Info • InXcastPktsOrdered • InXcastPktsEncrypted • InXcastPktsDecrypted • InXcastOctetsEncrypted (MSDU) • InXcastOctetsDecrypted (MSDU)

  12. .1AE Management Info • SC Rx counters : • Indexed by InterfaceIndex and SCI • InXcastPktsNotReceived • InXcastPktsInvalid • InXcastPktsReplayed • InXcastPktsMisordered • InXcastPktsOrdered • InXcastPktsEncrypted • InXcastPktsDecrypted • InXcastOctetsEncrypted (MSDU) • InXcastOctetsDecrypted (MSDU)

  13. .1AE Management Info • SecY Rx Counters : • Table Indexed by InterfaceIndex • InXcastPktsNoTag • InXcastPktsBadTag • InXcastPktsUnknownSCI • InXcastPktsUntagged • InXcastPktsUnchecked • InXcastPktsNotReceived • InXcastPktsInvalid • InXcastPktsReplayed • InXcastPktsMisordered • InXcastPktsOrdered • InXcastPktsEncrypted • InXcastPktsDecrypted • InXcastOctetsEncrypted (MSDU) • InXcastOctetsDecrypted (MSDU)

  14. .1AE Management Info • SA Tx counters : • Table indexed by InterfaceIndex and AN • OutCntReinitTime : A timestamp for the counters’ discontinuity in this SA, re-initialization time. • OutCntStopTime : A timestamp for the counters’ discontinuity in this SA, stop time. • OutPktsPnExhausted • OutPktsToolong • OutXcastPktsProtected • OutXcastPktsUntagged • OutXcastPktsEncrypted • OutXcastOctetsEncrypted (MSDU)

  15. .1AE Management Info • SecY Tx Counters : • Table indexed by InterfaceIndex • OutPktsPnExhausted • OutPktsToolong • OutXcastPktsProtected • OutXcastPktsUntagged • OutXcastPktsEncrypted • OutXcastOctetsEncrypted (MSDU)

  16. .1AE Management Info • RFC2863 : Interface MIB counters ifInOctets              Counter32,         ifInUcastPkts           Counter32,         ifInDiscards            Counter32,         ifInErrors              Counter32,         ifInUnknownProtos       Counter32,         ifOutOctets             Counter32,         ifOutUcastPkts          Counter32,         ifOutDiscards           Counter32,         ifOutErrors             Counter32,         ifInMulticastPkts       Counter32,         ifInBroadcastPkts       Counter32,         ifOutMulticastPkts      Counter32,         ifOutBroadcastPkts      Counter32,         ifHCInOctets            Counter64,         ifHCInUcastPkts         Counter64,         ifHCInMulticastPkts     Counter64,         ifHCInBroadcastPkts     Counter64,         ifHCOutOctets           Counter64,         ifHCOutUcastPkts        Counter64,         ifHCOutMulticastPkts    Counter64,         ifHCOutBroadcastPkts    Counter64

  17. .1AE Management Info • MIB Design • Will follow the MIB-REVIEW-GUIDELINES, http://www.ietf.org/internet-drafts/draft-ietf-ops-mib-review-guidelines-03.txt, valid to Dec. 2004. • SNMPv3 access only ?

More Related