RPKI-ROUTER-MIB

Imported modules

SNMPv2-SMI	INET-ADDRESS-MIB	SNMPv2-TC
SNMPv2-CONF	SYSAPPL-MIB

Imported symbols

MODULE-IDENTITY	OBJECT-TYPE	NOTIFICATION-TYPE
Integer32	Unsigned32	mib-2
Gauge32	Counter32	InetAddressType
InetAddress	InetPortNumber	InetAddressPrefixLength
InetAutonomousSystemNumber	TEXTUAL-CONVENTION	TimeStamp
MODULE-COMPLIANCE	OBJECT-GROUP	NOTIFICATION-GROUP
LongUtf8String

Defined Types

RpkiRtrConnectionType
The connection type used between a router (as a client) and a cache server. The following types have been defined in RFC 6810: ssh(1) - Section 7.1; see also RFC 4252. tls(2) - Section 7.2; see also RFC 5246. tcpMD5(3) - Section 7.3; see also RFC 2385. tcpAO(4) - Section 7.4; see also RFC 5925. tcp(5) - Section 7. ipsec(6) - Section 7; see also RFC 4301. other(7) - none of the above.
TEXTUAL-CONVENTION
	INTEGER	ssh(1), tls(2), tcpMD5(3), tcpAO(4), tcp(5), ipsec(6), other(7)

RpkiRtrCacheServerTableEntry
SEQUENCE
	rpkiRtrCacheServerRemoteAddressType	InetAddressType
	rpkiRtrCacheServerRemoteAddress	InetAddress
	rpkiRtrCacheServerRemotePort	InetPortNumber
	rpkiRtrCacheServerLocalAddressType	InetAddressType
	rpkiRtrCacheServerLocalAddress	InetAddress
	rpkiRtrCacheServerLocalPort	InetPortNumber
	rpkiRtrCacheServerPreference	Unsigned32
	rpkiRtrCacheServerConnectionType	RpkiRtrConnectionType
	rpkiRtrCacheServerConnectionStatus	INTEGER
	rpkiRtrCacheServerDescription	LongUtf8String
	rpkiRtrCacheServerMsgsReceived	Counter32
	rpkiRtrCacheServerMsgsSent	Counter32
	rpkiRtrCacheServerV4ActiveRecords	Gauge32
	rpkiRtrCacheServerV4Announcements	Counter32
	rpkiRtrCacheServerV4Withdrawals	Counter32
	rpkiRtrCacheServerV6ActiveRecords	Gauge32
	rpkiRtrCacheServerV6Announcements	Counter32
	rpkiRtrCacheServerV6Withdrawals	Counter32
	rpkiRtrCacheServerLatestSerial	Unsigned32
	rpkiRtrCacheServerSessionID	Unsigned32
	rpkiRtrCacheServerRefreshTimer	Unsigned32
	rpkiRtrCacheServerTimeToRefresh	Integer32
	rpkiRtrCacheServerId	Unsigned32

RpkiRtrCacheServerErrorsTableEntry
SEQUENCE
	rpkiRtrCacheServerErrorsCorruptData	Counter32
	rpkiRtrCacheServerErrorsInternalError	Counter32
	rpkiRtrCacheServerErrorsNoData	Counter32
	rpkiRtrCacheServerErrorsInvalidRequest	Counter32
	rpkiRtrCacheServerErrorsUnsupportedVersion	Counter32
	rpkiRtrCacheServerErrorsUnsupportedPdu	Counter32
	rpkiRtrCacheServerErrorsWithdrawalUnknown	Counter32
	rpkiRtrCacheServerErrorsDuplicateAnnounce	Counter32

RpkiRtrPrefixOriginTableEntry
SEQUENCE
	rpkiRtrPrefixOriginAddressType	InetAddressType
	rpkiRtrPrefixOriginAddress	InetAddress
	rpkiRtrPrefixOriginMinLength	InetAddressPrefixLength
	rpkiRtrPrefixOriginMaxLength	InetAddressPrefixLength
	rpkiRtrPrefixOriginASN	InetAutonomousSystemNumber
	rpkiRtrPrefixOriginCacheServerId	Unsigned32

Defined Values

rpkiRtrMIB		1.3.6.1.2.1.218
This MIB module contains management objects to support monitoring of the Resource Public Key Infrastructure (RPKI) protocol on routers. Copyright (c) 2013 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this MIB module is part of RFC 6945; see the RFC itself for full legal notices.
MODULE-IDENTITY

rpkiRtrNotifications		1.3.6.1.2.1.218.0
OBJECT IDENTIFIER

rpkiRtrObjects		1.3.6.1.2.1.218.1
OBJECT IDENTIFIER

rpkiRtrConformance		1.3.6.1.2.1.218.2
OBJECT IDENTIFIER

rpkiRtrDiscontinuityTimer		1.3.6.1.2.1.218.1.1
This timer represents the timestamp (value of sysUpTime) at which time any of the Counter32 objects in this MIB module encountered a discontinuity. For objects that use rpkiRtrDiscontinuityTimer to indicate discontinuity, only values received since the time indicated by rpkiRtrDiscontinuityTimer are comparable to each other. A manager should take the possibility of rollover into account when calculating difference values. In principle, that should only happen if the SNMP agent or the instrumentation for this MIB module starts or restarts.
Status: current	Access: read-only
OBJECT-TYPE
	TimeStamp

rpkiRtrCacheServerTable		1.3.6.1.2.1.218.1.2
This table lists the RPKI cache servers known to this router/system.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		RpkiRtrCacheServerTableEntry

rpkiRtrCacheServerTableEntry		1.3.6.1.2.1.218.1.2.1
An entry in the rpkiRtrCacheServerTable. It holds management attributes associated with one connection to a RPKI cache server. Implementers should be aware that if the rpkiRtrCacheServerRemoteAddress object exceeds 114 octets, the index values will exceed the 128 sub-identifier limit and cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3.
Status: current	Access: not-accessible
OBJECT-TYPE
	RpkiRtrCacheServerTableEntry

rpkiRtrCacheServerRemoteAddressType		1.3.6.1.2.1.218.1.2.1.1
The network address type of the connection to this RPKI cache server. Note: Only IPv4, IPv6, and DNS support are required for read-only compliance with RFC 6945.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetAddressType

rpkiRtrCacheServerRemoteAddress		1.3.6.1.2.1.218.1.2.1.2
The remote network address for this connection to this RPKI cache server. The format of the address is defined by the value of the corresponding instance of rpkiRtrCacheServerRemoteAddressType. This object matches the address type used within the local router configuration. If the address is of type dns (fqdn), then the router will resolve it at the time it connects to the cache server.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetAddress

rpkiRtrCacheServerRemotePort		1.3.6.1.2.1.218.1.2.1.3
The remote port number for this connection to this RPKI cache server.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetPortNumber	1..65535

rpkiRtrCacheServerLocalAddressType		1.3.6.1.2.1.218.1.2.1.4
The network address type of the connection to this RPKI cache server. Note: Only IPv4, IPv6, and DNS support are required for read-only compliance with RFC 6945.
Status: current	Access: read-only
OBJECT-TYPE
	InetAddressType

rpkiRtrCacheServerLocalAddress		1.3.6.1.2.1.218.1.2.1.5
The local network address for this connection to this RPKI cache server. The format of the address is defined by the value of the corresponding instance of rpkiRtrCacheServerLocalAddressType. This object matches the address type used within the local router configuration. If the address is of type dns (fqdn), then the router will resolve it at the time it connects to the cache server.
Status: current	Access: read-only
OBJECT-TYPE
	InetAddress

rpkiRtrCacheServerLocalPort		1.3.6.1.2.1.218.1.2.1.6
The local port number for this connection to this RPKI cache server.
Status: current	Access: read-only
OBJECT-TYPE
	InetPortNumber	1..65535

rpkiRtrCacheServerPreference		1.3.6.1.2.1.218.1.2.1.7
The routers' preference for this RPKI cache server. A lower value means more preferred. If two entries have the same preference, then the order is arbitrary. In two cases, the maximum value for an Unsigned32 object should be returned for this object: - If no order is specified in the RPKI-Router configuration. - If a preference value is configured that is larger than the max value for an Unsigned32 object.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

rpkiRtrCacheServerConnectionType		1.3.6.1.2.1.218.1.2.1.8
The connection type or transport security suite in use for this RPKI cache server.
Status: current	Access: read-only
OBJECT-TYPE
	RpkiRtrConnectionType

rpkiRtrCacheServerConnectionStatus		1.3.6.1.2.1.218.1.2.1.9
The connection status for this entry (connection to this RPKI cache server).
Status: current	Access: read-only
OBJECT-TYPE
	INTEGER	up(1), down(2)

rpkiRtrCacheServerDescription		1.3.6.1.2.1.218.1.2.1.10
Free form description/information for this connection to this RPKI cache server.
Status: current	Access: read-only
OBJECT-TYPE
	LongUtf8String

rpkiRtrCacheServerMsgsReceived		1.3.6.1.2.1.218.1.2.1.11
Number of messages received from this RPKI cache server via this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerMsgsSent		1.3.6.1.2.1.218.1.2.1.12
Number of messages sent to this RPKI cache server via this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerV4ActiveRecords		1.3.6.1.2.1.218.1.2.1.13
Number of active IPv4 records received from this RPKI cache server via this connection.
Status: current	Access: read-only
OBJECT-TYPE
	Gauge32

rpkiRtrCacheServerV4Announcements		1.3.6.1.2.1.218.1.2.1.14
The number of IPv4 records announced by the RPKI cache server via this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerV4Withdrawals		1.3.6.1.2.1.218.1.2.1.15
The number of IPv4 records withdrawn by the RPKI cache server via this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerV6ActiveRecords		1.3.6.1.2.1.218.1.2.1.16
Number of active IPv6 records received from this RPKI cache server via this connection.
Status: current	Access: read-only
OBJECT-TYPE
	Gauge32

rpkiRtrCacheServerV6Announcements		1.3.6.1.2.1.218.1.2.1.17
The number of IPv6 records announced by the RPKI cache server via this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerV6Withdrawals		1.3.6.1.2.1.218.1.2.1.18
The number of IPv6 records withdrawn by the RPKI cache server via this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerLatestSerial		1.3.6.1.2.1.218.1.2.1.19
The latest serial number of data received from this RPKI server on this connection. Note: this value wraps back to zero when it reaches its maximum value.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32

rpkiRtrCacheServerSessionID		1.3.6.1.2.1.218.1.2.1.20
The Session ID associated with the RPKI cache server at the other end of this connection.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32	0..65535

rpkiRtrCacheServerRefreshTimer		1.3.6.1.2.1.218.1.2.1.21
The number of seconds configured for the refresh timer for this connection to this RPKI cache server.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32	60..7200

rpkiRtrCacheServerTimeToRefresh		1.3.6.1.2.1.218.1.2.1.22
The number of seconds remaining before a new refresh is performed via a Serial Query to this cache server over this connection. A negative value means that the refresh time has passed this many seconds and the refresh has not yet been completed. It will stop decrementing at the maximum negative value. Upon a completed refresh (i.e., a successful and complete response to a Serial Query) the value of this attribute will be reinitialized with the value of the corresponding rpkiRtrCacheServerRefreshTimer attribute.
Status: current	Access: read-only
OBJECT-TYPE
	Integer32

rpkiRtrCacheServerId		1.3.6.1.2.1.218.1.2.1.23
The unique ID for this connection. An implementation must make sure this ID is unique within this table. It is this ID that can be used to find entries in the rpkiRtrPrefixOriginTable that were created by announcements received on this connection from this cache server.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32	1..4294967295

rpkiRtrCacheServerErrorsTable		1.3.6.1.2.1.218.1.3
This table provides statistics on errors per RPKI peer connection. These can be used for debugging.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		RpkiRtrCacheServerErrorsTableEntry

rpkiRtrCacheServerErrorsTableEntry		1.3.6.1.2.1.218.1.3.1
An entry in the rpkiCacheServerErrorTable. It holds management objects associated with errors codes that were received on the specified connection to a specific cache server.
Status: current	Access: not-accessible
OBJECT-TYPE
	RpkiRtrCacheServerErrorsTableEntry

rpkiRtrCacheServerErrorsCorruptData		1.3.6.1.2.1.218.1.3.1.1
The number of 'Corrupt Data' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerErrorsInternalError		1.3.6.1.2.1.218.1.3.1.2
The number of 'Internal Error' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerErrorsNoData		1.3.6.1.2.1.218.1.3.1.3
The number of 'No Data Available' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerErrorsInvalidRequest		1.3.6.1.2.1.218.1.3.1.4
The number of 'Invalid Request' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerErrorsUnsupportedVersion		1.3.6.1.2.1.218.1.3.1.5
The number of 'Unsupported Protocol Version' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerErrorsUnsupportedPdu		1.3.6.1.2.1.218.1.3.1.6
The number of 'Unsupported PDU Type' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerErrorsWithdrawalUnknown		1.3.6.1.2.1.218.1.3.1.7
The number of 'Withdrawal of Unknown Record' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrCacheServerErrorsDuplicateAnnounce		1.3.6.1.2.1.218.1.3.1.8
The number of 'Duplicate Announcement Received' errors received from the RPKI cache server at the other end of this connection. Discontinuities are indicated by the value of rpkiRtrDiscontinuityTimer.
Status: current	Access: read-only
OBJECT-TYPE
	Counter32

rpkiRtrPrefixOriginTable		1.3.6.1.2.1.218.1.4
This table lists the prefixes that were announced by RPKI cache servers to this system. That is the prefixes and their Origin Autonomous System Number (ASN) as received by announcements via the RPKI-Router Protocol.
Status: current	Access: not-accessible
OBJECT-TYPE
	SEQUENCE OF
		RpkiRtrPrefixOriginTableEntry

rpkiRtrPrefixOriginTableEntry		1.3.6.1.2.1.218.1.4.1
An entry in the rpkiRtrPrefixOriginTable. This represents one announced prefix. If a cache server is removed from the local configuration, any table rows associated with that server (indicated by rpkiRtrPrefixOriginCacheServerId) are also removed from this table. Implementers should be aware that if the rpkiRtrPrefixOriginAddress object exceeds 111 octets, the index values will exceed the 128 sub-identifier limit and cannot be accessed using SNMPv1, SNMPv2c, or SNMPv3.
Status: current	Access: not-accessible
OBJECT-TYPE
	RpkiRtrPrefixOriginTableEntry

rpkiRtrPrefixOriginAddressType		1.3.6.1.2.1.218.1.4.1.1
The network address type for this prefix. Note: Only IPv4 and IPv6 support are required for read-only compliance with RFC 6945.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetAddressType

rpkiRtrPrefixOriginAddress		1.3.6.1.2.1.218.1.4.1.2
The network address for this prefix. The format of the address is defined by the value of the corresponding instance of rpkiRtrPrefixOriginAddressType.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetAddress

rpkiRtrPrefixOriginMinLength		1.3.6.1.2.1.218.1.4.1.3
The minimum prefix length allowed for this prefix.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetAddressPrefixLength

rpkiRtrPrefixOriginMaxLength		1.3.6.1.2.1.218.1.4.1.4
The maximum prefix length allowed for this prefix. Note, this value must be greater or equal to the value of rpkiRtrPrefixOriginMinLength.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetAddressPrefixLength

rpkiRtrPrefixOriginASN		1.3.6.1.2.1.218.1.4.1.5
The ASN that is authorized to announce the prefix or sub-prefixes covered by this entry.
Status: current	Access: not-accessible
OBJECT-TYPE
	InetAutonomousSystemNumber	0..4294967295

rpkiRtrPrefixOriginCacheServerId		1.3.6.1.2.1.218.1.4.1.6
The unique ID of the connection to the cache server from which this announcement was received. That connection is identified/found by a matching value in attribute rpkiRtrCacheServerId.
Status: current	Access: read-only
OBJECT-TYPE
	Unsigned32	1..4294967295

rpkiRtrCacheServerConnectionStateChange		1.3.6.1.2.1.218.0.1
This notification signals a change in the status of an rpkiRtrCacheServerConnection. The management agent MUST throttle the generation of consecutive rpkiRtrCacheServerConnectionStateChange notifications such that there is at least a 5 second gap between them. If more than one notification has occurred locally during that time, the most recent notification is sent at the end of the 5 second gap and the others are discarded.
Status: current	Access: read-only
NOTIFICATION-TYPE

rpkiRtrCacheServerConnectionToGoStale		1.3.6.1.2.1.218.0.2
This notification signals that an RPKI cache server connection is about to go stale. It is suggested that this notification is generated when the value of the rpkiRtrCacheServerTimeToRefresh attribute goes below 60 seconds. The SNMP agent MUST throttle the generation of consecutive rpkiRtrCacheServerConnectionToGoStale notifications such that there is at least a 5 second gap between them.
Status: current	Access: read-only
NOTIFICATION-TYPE

rpkiRtrCompliances		1.3.6.1.2.1.218.2.1
OBJECT IDENTIFIER

rpkiRtrGroups		1.3.6.1.2.1.218.2.2
OBJECT IDENTIFIER

rpkiRtrRFC6945ReadOnlyCompliance		1.3.6.1.2.1.218.2.1.1
The compliance statement for the rpkiRtrMIB module. There are only read-only objects in this MIB module, so the 'ReadOnly' in the name of this compliance statement is there only for clarity and truth in advertising. There are a number of INDEX objects that cannot be represented in the form of OBJECT clauses in SMIv2, but for which there are compliance requirements. Those requirements and similar requirements for related objects are expressed below, in pseudo-OBJECT clause form, in this description: -- OBJECT rpkiRtrCacheServerRemoteAddressType -- SYNTAX InetAddressType { ipv4(1), ipv6(2), dns(16) } -- DESCRIPTION -- The MIB requires support for the IPv4, IPv6, and DNS -- InetAddressTypes for this object. -- OBJECT rpkiRtrCacheServerLocalAddressType -- SYNTAX InetAddressType { ipv4(1), ipv6(2), dns(16) } -- DESCRIPTION -- The MIB requires support for the IPv4, IPv6, and DNS -- InetAddressTypes for this object. -- OBJECT rpkiRtrPrefixOriginAddressType -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } -- DESCRIPTION -- The MIB requires support for the IPv4, and IPv6 -- InetAddressTypes for this object.
Status: current	Access: read-only
MODULE-COMPLIANCE

rpkiRtrCacheServerGroup		1.3.6.1.2.1.218.2.2.1
The collection of objects to monitor the RPKI peer connections.
Status: current	Access: read-only
OBJECT-GROUP

rpkiRtrCacheServerErrorsGroup		1.3.6.1.2.1.218.2.2.2
The collection of objects that may help in debugging the communication between RPKI clients and cache servers.
Status: current	Access: read-only
OBJECT-GROUP

rpkiRtrPrefixOriginGroup		1.3.6.1.2.1.218.2.2.3
The collection of objects that represent the prefix(es) and their validated Origin ASes.
Status: current	Access: read-only
OBJECT-GROUP

rpkiRtrNotificationsGroup		1.3.6.1.2.1.218.2.2.4
The set of notifications to alert an NMS of change in connections to RPKI cache servers.
Status: current	Access: read-only
NOTIFICATION-GROUP