Download presentation
Presentation is loading. Please wait.
Published byKimberly Powell Modified over 8 years ago
1
Frank Chao fchao@cisco.com San Antonio 11/22/2004.1AE Management Info
2
Event APIs Configuration APIs SNMPCLIEAP.1af LMI (data structure) Common port Controlled port Uncontrolled port User controlled port.1AE.1AE Management Info
3
LMI (Layer Management Interface) –Data Structure –Accessed by.1AE,.1af, SNMP/MIB, EAP –Containing.1AE and.1af configuration, protocol states, and counter/diagnosis information. –.1AE uses LMI to control the MACsec packet processing directly or through APIs. –Change the data in LMI may cause actions in SecY or KaY
4
.1AE Management Info MACsec Mgmt Information –Multiple Control Flags to control MACsec status. (global objects) (To have the transition of deployment smoothly.) –Status of MACsec (macSecStatus) –rxSecYSCCapability : number peer receiving SCs per SecY can have. SecY Mgmt Information –Table indexed by InterfaceIndex (IF-MIB). –ValidateRxFrames : flag for validation process in receiving. (10.5.3) –ProtectTxFrames : flag for protection process in transmitting. –Current Cipher Suite. (10.5.4) (Row Pointer) –adminPointToPointMAC, operPointToPointMAC (6.5)
5
.1AE Management Info –RxReplayChk : flag for rx replay check. (10.6.2) –Tx SC : transmit SC informaiton. –Rx SCs : receive SCs informaiton. (will be in another table.) –lastUnknownSC : an SCI information to record last rx unknown SC (10.6.1) with time stamp.
6
.1AE Management Info Tx SC Mgmt Information –scState : state of this transmit SC ? (rolled from saState informaiton.) –SCI : the SCI for the SC used by SecY for transmit. (10.5) –txEncodingSA : current SA number. (Integer) (10.5.1) –txEncipheringSA : previous SA number. (Integer) (10.5.4) Tx SA : (table with 4 entries) –Table indexed by InterfaceIndex and AN. –saState : state of this transmit SA. –saCmd : command executing in the SA. –txSAK : key for transmitting. (7.1, 10.5.1) (not in the MIB.) –txNextPN : next packet number (PN). (10.5.2)
7
.1AE Management Info Rx SCs Mgmt Information –Table indexed by InterfaceIndex and SCI. –scState : state of this receive SC ? (rolled from saState). –SCI : the SCI for the SC used by SecY for receive. (10.5) –rxCurrentSA : current using SA number in the SC. (Integer) (10.6.1) –lastUnknownSA : last un-resolved AN with timestamp. (10.6.1)
8
.1AE Management Info Rx SA Mgmt Information –Table indexed by InterfaceIndex and SCI and AN. –saState : state of this receive SA. –saCmd : command excecuting in the SA. –rxSAK : key for receiving. (7.1, 10.6.1) (not in the MIB.) –rxLastPN : last received packet number (PN). (10.6.2) –rxLastValidatedPN : last received validated PN. (10.6.2)
9
.1AE Management Info Cipher Suites : –Name : name of this cipher suite, could be MIB table index. –Description : information about the Cipher Suite. –Confidentiality : flag indicate the cipher suite with confidentiality ability. –SecureDataLengthChange : a flag to indicate the length of ciphered text is different from the length of plain text. –ICV length : the length of generated ICV.
10
.1AE Management Info SA Rx Counters : –Table indexed by InterfaceIndex and SCI and AN –InCntReinitTime : A timestamp for the counters’ discontinuity in this SA. –OutCntStopTime : A timestamp for the counters’ discontinuity in this SA, stop time. –InXcastPktsNotReceived (the name will be modified to represent the real meaning.) –InXcastPktsInvalid –InXcastPktsReplayed –InXcastPktsMisordered
11
–InXcastPktsOrdered –InXcastPktsEncrypted –InXcastPktsDecrypted –InXcastOctetsEncrypted (MSDU) –InXcastOctetsDecrypted (MSDU).1AE Management Info
12
SC Rx counters : –Indexed by InterfaceIndex and SCI –InXcastPktsNotReceived –InXcastPktsInvalid –InXcastPktsReplayed –InXcastPktsMisordered –InXcastPktsOrdered –InXcastPktsEncrypted –InXcastPktsDecrypted –InXcastOctetsEncrypted (MSDU) –InXcastOctetsDecrypted (MSDU).1AE Management Info
13
SecY Rx Counters : –Table Indexed by InterfaceIndex –InXcastPktsNoTag –InXcastPktsBadTag –InXcastPktsUnknownSCI –InXcastPktsUntagged –InXcastPktsUnchecked –InXcastPktsNotReceived –InXcastPktsInvalid –InXcastPktsReplayed –InXcastPktsMisordered –InXcastPktsOrdered –InXcastPktsEncrypted –InXcastPktsDecrypted –InXcastOctetsEncrypted (MSDU) –InXcastOctetsDecrypted (MSDU).1AE Management Info
14
SA Tx counters : –Table indexed by InterfaceIndex and AN –OutCntReinitTime : A timestamp for the counters’ discontinuity in this SA, re-initialization time. –OutCntStopTime : A timestamp for the counters’ discontinuity in this SA, stop time. –OutPktsPnExhausted –OutPktsToolong –OutXcastPktsProtected –OutXcastPktsUntagged –OutXcastPktsEncrypted –OutXcastOctetsEncrypted (MSDU).1AE Management Info
15
SecY Tx Counters : –Table indexed by InterfaceIndex –OutPktsPnExhausted –OutPktsToolong –OutXcastPktsProtected –OutXcastPktsUntagged –OutXcastPktsEncrypted –OutXcastOctetsEncrypted (MSDU).1AE Management Info
16
RFC2863 : Interface MIB counters ifInOctets Counter32, ifInUcastPkts Counter32, ifInDiscards Counter32, ifInErrors Counter32, ifInUnknownProtos Counter32, ifOutOctets Counter32, ifOutUcastPkts Counter32, ifOutDiscards Counter32, ifOutErrors Counter32, ifInMulticastPkts Counter32, ifInBroadcastPkts Counter32, ifOutMulticastPkts Counter32, ifOutBroadcastPkts Counter32, ifHCInOctets Counter64, ifHCInUcastPkts Counter64, ifHCInMulticastPkts Counter64, ifHCInBroadcastPkts Counter64, ifHCOutOctets Counter64, ifHCOutUcastPkts Counter64, ifHCOutMulticastPkts Counter64, ifHCOutBroadcastPkts Counter64.1AE Management Info
17
MIB Design –Will follow the MIB-REVIEW-GUIDELINES, http://www.ietf.org/internet-drafts/draft-ietf- ops-mib-review-guidelines-03.txt, valid to Dec. 2004. http://www.ietf.org/internet-drafts/draft-ietf- ops-mib-review-guidelines-03.txt –SNMPv3 access only ?.1AE Management Info
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.