idnits 2.17.1 draft-ietf-ipv6-rfc2012-update-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There is 1 instance of lines with control characters in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 617: '...e been obsoleted. It MUST not be used....' RFC 2119 keyword, line 1263: '...It is RECOMMENDED that implementers co...' RFC 2119 keyword, line 1269: '... Instead, it is RECOMMENDED to deploy...' -- The abstract seems to indicate that this document obsoletes RFC2012, but the header doesn't have an 'Obsoletes:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, -- which has since been obsoleted. It MUST not be used. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 2004) is 7374 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC793' is defined on line 1166, but no explicit reference was found in the text == Unused Reference: 'RFC3291' is defined on line 1189, but no explicit reference was found in the text == Unused Reference: 'RFC3418' is defined on line 1193, but no explicit reference was found in the text == Unused Reference: 'RFC2452' is defined on line 1207, but no explicit reference was found in the text == Unused Reference: 'RFC2988' is defined on line 1210, but no explicit reference was found in the text == Unused Reference: 'VANJ' is defined on line 1217, but no explicit reference was found in the text ** Obsolete normative reference: RFC 793 (Obsoleted by RFC 9293) ** Obsolete normative reference: RFC 3291 (Obsoleted by RFC 4001) -- Obsolete informational reference (is this intentional?): RFC 2012 (Obsoleted by RFC 4022) -- Obsolete informational reference (is this intentional?): RFC 2452 (Obsoleted by RFC 4022, RFC 8096) -- Obsolete informational reference (is this intentional?): RFC 2988 (Obsoleted by RFC 6298) Summary: 6 errors (**), 0 flaws (~~), 9 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Rajiv Raghunarayan, Editor 2 INTERNET-DRAFT Cisco Systems 3 Expires: August 2004 February 2004 5 Management Information Base 6 for the Transmission Control Protocol (TCP) 7 draft-ietf-ipv6-rfc2012-update-06.txt 9 Status of this Document 11 This document is an Internet-Draft and is in full conformance with all 12 provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering Task 15 Force (IETF), its areas, and its working groups. Note that other 16 groups may also distribute working documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents at any 20 time. It is inappropriate to use Internet-Drafts as reference material 21 or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 This document is a product of the IPv6 MIB Revision Design Team. 30 Comments should be addressed to the editor/authors or the mailing 31 list at ipv6@ietf.org. 33 Copyright Notice 35 Copyright (C) The Internet Society (2004). All Rights Reserved. 37 Abstract 39 This memo defines a portion of the Management Information Base (MIB) 40 for use with network management protocols in the Internet community. 41 In particular, it describes managed objects used for implementations 42 of the Transmission Control Protocol (TCP) in an IP version 43 independent manner. This memo obsoletes RFCs 2012 and 2452. 45 Table of Contents 47 1. The Internet-Standard Management Framework . . . . . . . . . . 6 48 2. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 49 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 8 50 4. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . 26 51 5. Normative References. . . . . . . . . . . . . . . . . . . . . . 26 52 6. Informative References. . . . . . . . . . . . . . . . . . . . . 26 53 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 27 54 8. Intellectual Property . . . . . . . . . . . . . . . . . . . . . 28 55 9. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . 29 56 10. Authors. . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 57 11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 30 59 Revision History 61 [Note to RFC Editor: Please remove prior to publication] 63 Changes from draft-ietf-ipv6-rfc2012-update-05.txt: 65 4th February 2004 67 Added a new type 'rfc2988' to the tcpRtoAlgorithm list. 69 Modified the description of tcpRtoMin and tcpRtoMax to point 70 to RFC 2988 for more detailed information. 72 Added RFC 2988 and RFC 3418 to the list of references. 74 Updated the description of InetAddress objects - added a 75 pointer to the corresponding InetAddressType objects. 77 Updated tcpMIBCompliance2 to include unknown(0) as a value 78 to be supported for tcpListenerLocalAddressType. 80 Added an explicit reference to sysUpTime as a discontinuity 81 indicator to the counter objects in the mib. 83 Also updated the description of InetAddress objects used as 84 index elements to indicate the 128 octet limit. 86 Removed citations from within the mib. 88 Changes from draft-ietf-ipv6-rfc2012-update-04.txt: 90 25th November 2003 92 As per consensus, removed the SIZE(0..36) restriction from 93 InetAddress objects. This has been stated as a part of the 94 compliance. 96 Added an IPR section and a copyright statement to DESCRIPTION 97 clause in MODULE-IDENTITY. 99 Added an RFC Editor's note to change XXXX to RFC publication 100 number. 102 Updated contact addresses for Brian Haberman, Shawn Routhier 103 and Dave Thaler. 105 Shortened the author list on the front page to editor only. 107 Changes from draft-ietf-ipv6-rfc2012-update-03.txt: 109 14th September 2003 111 Some editorial changes - correcting some spellings, and added a 112 statement to indicate the deprecation of RFC 2012 and RFC 2542. 114 Changes from draft-ietf-ipv6-rfc2012-update-02.txt: 116 16th June 2003 118 Added tcpHCInSegs and tcpHCOutSegs back to the mib, in order to 119 have the 64-bit counters along with the 32-bit counters. 121 Changes from draft-ietf-ipv6-rfc2012-update-01.txt: 123 23rd February 2003 125 Changes in this version mainly concentrate on reducing this mib 126 to a bare minimum update of RFC 2012, enough to satisfy the 127 needs of IPv6. The actual modifications are listed below. 129 Scalars tcpHCInSegs and tcpHCOutSegs dropped. 131 Objects dropped from the tcpConnectionTable include 132 tcpConnectionInSegs, tcpConnectionOutSegs, 133 tcpConnectionInOctets, tcpConnectionOutOctets, 134 tcpConnectionHCInSegs, tcpConnectionHCOutSegs, 135 tcpConnectionHCInOctets, tcpConnectionHCOutOctets, 136 tcpConnectionAge and tcpConnectionId. 138 Objects dropped from tcpListenerTable include 139 tcpListenerTimeOuts, tcpListenerEstablished and tcpListenerAge. 141 Updated compliance statements to reflect the aforementioned 142 changes. 144 Changes from draft-ietf-ipv6-rfc2012-update-00.txt: 146 4th November 2002 147 Replaced the tcpConnectionStartTime and tcpListenerStartTime 148 objects with tcpConnectionAge and tcpListenerAge respectively. 150 Added tcpConnectionRemAddressType as an auxiliary object into 151 the tcpConnectionTable. 153 Added new object, tcpConnectionId, to provide a link into the 154 TCP-ESTATS-MIB. 156 Included tcpConnectionAge and tcpConnectionProcess into the 157 tcpConnectionGroup. 159 Included tcpListenerAge and tcpListenerProcess into the 160 tcpListenerGroup. 162 tcpListenerGroup added to the mandatory list for compliance. 164 Changes from draft-ietf-ipngwg-rfc2012-update-01.txt: 166 27 June 2002 168 Replaced all occurrences of the term packets to segments, to be 169 consistent with the TCP specification. 171 Added limits to tcpRtoMin, tcpRtoMax and tcpMaxConn. 173 Added the scalar, tcpListenerTableLastChange. 175 Updated the description of tcpConnectionLocalAddress - removed 176 reference to 'listen' state. 178 Updated the description tcpConnection*Octets to explicitly 179 indicate whether the count includes the TCP header octets. 181 Updated the description of tcpConnectionStartTime and 182 tcpListenerStartTime - added clarifying text. 184 Renamed tcpConnectionProcessID to tcpConnectionProcess. 186 Updated the description of tcpListenerTable. 188 Updated the description of tcpListenerLocalAddressType to include 189 unknown (0) as a valid value. 191 Updated the description of tcpListenerLocalAddress - the value 192 ''h (zero-length octet-string) represents the case wherein an 193 application is will to accept connections for any IP interface 194 associated with the node. 196 Removed tcpListenerRemAddressType. 198 Removed tcpListenerHCConnectionsTimedOut and 199 tcpListenerHCConnectionsAccepted. Added them to open issues, to 200 be added iff deemed required after discussions. 202 Renamed tcpListenerConnectionsAccepted to tcpListenerEstablished 203 and tcpListenerConnectionsTimedOut to tcpListenerTimeOuts. 205 Renamed tcpListenerProcessID to tcpListenerProcess. 207 Updated compliance statement for the object tcpConnectionState - 208 support for the value 'deleteTCB (12)' deemed optional. 210 Added RFC 2790 and RFC 2287 to the References section. 212 Updated Contact-Info and Editor's address. 214 Added Authors section. 216 Changes from draft-ietf-ipngwg-rfc2012-update-00.txt: 218 14 November 2001 220 Added HC versions of connection counters. 222 Added Listener table, with counters for accepted and timed out 223 connection attempts. 225 Added tcp{Connection,Listener}ProcessID to index into SYSAPPL-MIB 226 or HOST-RESOURCES-MIB. 228 Removed tcpConnectionRemAddrType, it must be the same as 229 tcpConnectionLocalAddrType. 231 Changes from draft-ops-rfc2012-update-00.txt 233 12 Jul 2001 235 Turned into IPNG WG document 237 Added tcpCountersGroup for per-connection counters 239 Changes from first draft posted to v6mib mailing list: 241 23 Feb 2001 243 Made threshold for HC packet counters 1Mpps 245 Added copyright statements and table of contents 247 21 Feb 2001 -- Juergen's changes 248 Renamed tcpInetConn* to tcpConnection* 250 Updated Conformance info 252 Added missing tcpConnectionState and tcpConnState objects to 253 SEQUENCEs 255 6 Feb 2001 257 Removed v6-only objects. 259 Renamed inetTcp* to tcpInet* 261 Added SIZE restriction to InetAddress index objects. (36 = 262 32-byte addresses plus 4-byte scope, but it's just a strawman) 264 Used InetPortNumber TC from updated INET-ADDRESS-MIB 266 Updated compliance statements. 268 Added Keith to authors 270 Added open issues section. 272 Changes from RFC 2012 274 Deprecated tcpConnTable 276 Added tcpConnectionTable 278 1. The Internet-Standard Management Framework 280 For a detailed overview of the documents that describe the current 281 Internet-Standard Management Framework, please refer to section 7 of 282 RFC 3410 [RFC3410]. 284 Managed objects are accessed via a virtual information store, termed 285 the Management Information Base or MIB. MIB objects are generally 286 accessed through the Simple Network Management Protocol (SNMP). 287 Objects in the MIB are defined using the mechanisms defined in the 288 Structure of Management Information (SMI). This memo specifies a 289 MIB module that is compliant to the SMIv2, which is described in 290 STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, 291 RFC 2580 [RFC2580]. 293 2. Overview 295 The current TCP-MIB defined in this memo consists of two tables and 296 a group of scalars: 298 - The tcp group of scalars reports parameters and statistics of a 299 TCP protocol engine. 301 - The tcpConnectionTable provides access to status information for 302 all TCP connections handled by a TCP protocol engine. In addition 303 the table also reports identification of the operating system 304 level processes which handle the TCP connections. 306 - The tcpListenerTable provides access to information about all TCP 307 listening endpoints known by a TCP protocol engine. And similar 308 to the case of the connection table, the tcpListenerTable also 309 reports the identification of the operating system level 310 processes which handle this listening TCP endpoint. 312 2.1 Relationship to Other MIBs 314 This section discusses the relationship of this TCP-MIB module to 315 other MIB modules. 317 2.1.1 Relationship to RFC1213-MIB 319 TCP related MIB objects were originally defined as part of the 320 RFC1213-MIB defined in RFC 1213 [RFC1213]. The TCP related objects 321 of the RFC1213-MIB were later copied into a separate MIB module and 322 published in RFC 2012 [RFC2012] in SMIv2 format. 324 The previous versions of the TCP-MIB both defined the tcpConnTable, 325 which has been deprecated for basically two reasons: 327 (1) The tcpConnTable only supports IPv4. 329 The current approach in the IETF is to write IP version neutral 330 MIBs rather than having different definitions for various 331 version of IP. This reduces the amount of overhead when new 332 objects are introduced since there is only one place to add 333 them. Hence, the approach taken in RFC 2452 of having separate 334 tables is not continued. 336 (2) The tcpConnTable mixes listening endpoints with connections. 338 It turns out that connections tend to have a different behaviour 339 and management access pattern compared to listening endpoints. 340 Splitting the original tcpConnTable into two tables thus allows 341 for the addition of specific status and statistics objects for 342 listening endpoints and connections. 344 2.1.2 Relationship to IPV6-TCP-MIB 346 The IPV6-TCP-MIB defined in RFC 2452 has been moved to Historic 347 since the approach of having separate IP version specific tables is 348 not followed anymore. Implementation of RFC 2452 is thus not 349 suggested anymore. 351 2.1.3 Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB 353 The tcpConnectionTable and the tcpListenerTable report the 354 identification of the operating system level process which handles 355 a connection or a listening endpoint. The value is reported as an 356 Unsigned32 which is expected to be the same as the hrSWRunIndex of 357 the HOST-RESOURCES-MIB [RFC2790] (if the value is smaller than 358 2147483647) or the sysApplElmtRunIndex of the SYSAPPL-MIB [RFC2287]. 359 This allows managment applications to identify the TCP connections 360 that belong to an operating system level process which has proven 361 to be valuable in operational environments. 363 3. Definitions 365 TCP-MIB DEFINITIONS ::= BEGIN 367 IMPORTS 368 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, 369 Gauge32, Counter32, Counter64, IpAddress, mib-2 370 FROM SNMPv2-SMI 371 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 372 InetAddress, InetAddressType, 373 InetPortNumber FROM INET-ADDRESS-MIB; 375 tcpMIB MODULE-IDENTITY 376 LAST-UPDATED "200402040000Z" 377 ORGANIZATION 378 "IETF IPv6 MIB Revision Team 379 http://www.ietf.org/html.charters/ipv6-charter.html" 380 CONTACT-INFO 381 "Rajiv Raghunarayan (editor) 383 Cisco Systems Inc. 384 170 West Tasman Drive 385 San Jose, CA 95134 387 Phone: +1 408 853 9612 388 Email: 390 Send comments to " 391 -- RFC Ed: please verify mailing list address at publication 392 -- and delete this note 393 DESCRIPTION 394 "The MIB module for managing TCP implementations. 396 Copyright (C) The Internet Society (2004). This version 397 of this MIB module is a part of RFC xxxx; see the RFC 398 itself for full legal notices." 399 -- RFC Ed : replace xxxx with actual RFC number & remove note 400 REVISION "200402040000Z" 401 DESCRIPTION 402 "IP version neutral revision, published as RFC XXXX." 403 -- RFC Ed : replace xxxx with actual RFC number & remove note 405 REVISION "9411010000Z" 406 DESCRIPTION 407 "Initial SMIv2 version, published as RFC 2012." 408 REVISION "9103310000Z" 409 DESCRIPTION 410 "The initial revision of this MIB module was part of 411 MIB-II." 412 ::= { mib-2 49 } 414 -- the TCP base variables group 416 tcp OBJECT IDENTIFIER ::= { mib-2 6 } 418 -- Scalars 420 tcpRtoAlgorithm OBJECT-TYPE 421 SYNTAX INTEGER { 422 other(1), -- none of the following 423 constant(2), -- a constant rto 424 rsre(3), -- MIL-STD-1778, Appendix B 425 vanj(4), -- Van Jacobson's algorithm 426 rfc2988(5) -- RFC 2988 427 } 428 MAX-ACCESS read-only 429 STATUS current 430 DESCRIPTION 431 "The algorithm used to determine the timeout value used for 432 retransmitting unacknowledged octets." 433 ::= { tcp 1 } 435 tcpRtoMin OBJECT-TYPE 436 SYNTAX Integer32 (0..2147483647) 437 UNITS "milliseconds" 438 MAX-ACCESS read-only 439 STATUS current 440 DESCRIPTION 441 "The minimum value permitted by a TCP implementation for 442 the retransmission timeout, measured in milliseconds. 443 More refined semantics for objects of this type depend 444 upon the algorithm used to determine the retransmission 445 timeout; in particular, the IETF standard algorithm 446 rfc2988(5) provides a minimum value." 447 ::= { tcp 2 } 449 tcpRtoMax OBJECT-TYPE 450 SYNTAX Integer32 (0..2147483647) 451 UNITS "milliseconds" 452 MAX-ACCESS read-only 453 STATUS current 454 DESCRIPTION 455 "The maximum value permitted by a TCP implementation for 456 the retransmission timeout, measured in milliseconds. 457 More refined semantics for objects of this type depend 458 upon the algorithm used to determine the retransmission 459 timeout; in particular, the IETF standard algorithm 460 rfc2988(5) provides an upper bound (as part of an 461 adaptive backoff algorithm)." 462 ::= { tcp 3 } 464 tcpMaxConn OBJECT-TYPE 465 SYNTAX Integer32 (-1 | 0..2147483647) 466 MAX-ACCESS read-only 467 STATUS current 468 DESCRIPTION 469 "The limit on the total number of TCP connections the entity 470 can support. In entities where the maximum number of 471 connections is dynamic, this object should contain the 472 value -1." 473 ::= { tcp 4 } 475 tcpActiveOpens OBJECT-TYPE 476 SYNTAX Counter32 477 MAX-ACCESS read-only 478 STATUS current 479 DESCRIPTION 480 "The number of times TCP connections have made a direct 481 transition to the SYN-SENT state from the CLOSED state. 483 Discontinuities in the value of this counter can occur 484 at re-initialization of the management system, and at 485 other times as indicated by discontinuities the value 486 of sysUpTime." 487 ::= { tcp 5 } 489 tcpPassiveOpens OBJECT-TYPE 490 SYNTAX Counter32 491 MAX-ACCESS read-only 492 STATUS current 493 DESCRIPTION 494 "The number of times TCP connections have made a direct 495 transition to the SYN-RCVD state from the LISTEN state. 497 Discontinuities in the value of this counter can occur 498 at re-initialization of the management system, and at 499 other times as indicated by discontinuities the value 500 of sysUpTime." 501 ::= { tcp 6 } 503 tcpAttemptFails OBJECT-TYPE 504 SYNTAX Counter32 505 MAX-ACCESS read-only 506 STATUS current 507 DESCRIPTION 508 "The number of times TCP connections have made a direct 509 transition to the CLOSED state from either the SYN-SENT 510 state or the SYN-RCVD state, plus the number of times TCP 511 connections have made a direct transition to the LISTEN 512 state from the SYN-RCVD state. 514 Discontinuities in the value of this counter can occur 515 at re-initialization of the management system, and at 516 other times as indicated by discontinuities the value 517 of sysUpTime." 518 ::= { tcp 7 } 520 tcpEstabResets OBJECT-TYPE 521 SYNTAX Counter32 522 MAX-ACCESS read-only 523 STATUS current 524 DESCRIPTION 525 "The number of times TCP connections have made a direct 526 transition to the CLOSED state from either the ESTABLISHED 527 state or the CLOSE-WAIT state. 529 Discontinuities in the value of this counter can occur 530 at re-initialization of the management system, and at 531 other times as indicated by discontinuities the value 532 of sysUpTime." 533 ::= { tcp 8 } 535 tcpCurrEstab OBJECT-TYPE 536 SYNTAX Gauge32 537 MAX-ACCESS read-only 538 STATUS current 539 DESCRIPTION 540 "The number of TCP connections for which the current state 541 is either ESTABLISHED or CLOSE-WAIT." 542 ::= { tcp 9 } 544 tcpInSegs OBJECT-TYPE 545 SYNTAX Counter32 546 MAX-ACCESS read-only 547 STATUS current 548 DESCRIPTION 549 "The total number of segments received, including those 550 received in error. This count includes segments received 551 on currently established connections. 553 Discontinuities in the value of this counter can occur 554 at re-initialization of the management system, and at 555 other times as indicated by discontinuities the value 556 of sysUpTime." 557 ::= { tcp 10 } 559 tcpOutSegs OBJECT-TYPE 560 SYNTAX Counter32 561 MAX-ACCESS read-only 562 STATUS current 563 DESCRIPTION 564 "The total number of segments sent, including those on 565 current connections but excluding those containing only 566 retransmitted octets. 568 Discontinuities in the value of this counter can occur 569 at re-initialization of the management system, and at 570 other times as indicated by discontinuities the value 571 of sysUpTime." 572 ::= { tcp 11 } 574 tcpRetransSegs OBJECT-TYPE 575 SYNTAX Counter32 576 MAX-ACCESS read-only 577 STATUS current 578 DESCRIPTION 579 "The total number of segments retransmitted - that is, the 580 number of TCP segments transmitted containing one or more 581 previously transmitted octets. 583 Discontinuities in the value of this counter can occur 584 at re-initialization of the management system, and at 585 other times as indicated by discontinuities the value 586 of sysUpTime." 587 ::= { tcp 12 } 589 tcpInErrs OBJECT-TYPE 590 SYNTAX Counter32 591 MAX-ACCESS read-only 592 STATUS current 593 DESCRIPTION 594 "The total number of segments received in error (e.g., bad 595 TCP checksums). 597 Discontinuities in the value of this counter can occur 598 at re-initialization of the management system, and at 599 other times as indicated by discontinuities the value 600 of sysUpTime." 601 ::= { tcp 14 } 603 tcpOutRsts OBJECT-TYPE 604 SYNTAX Counter32 605 MAX-ACCESS read-only 606 STATUS current 607 DESCRIPTION 608 "The number of TCP segments sent containing the RST flag. 610 Discontinuities in the value of this counter can occur 611 at re-initialization of the management system, and at 612 other times as indicated by discontinuities the value 613 of sysUpTime." 614 ::= { tcp 15 } 616 -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, 617 -- which has since been obsoleted. It MUST not be used. 619 tcpHCInSegs OBJECT-TYPE 620 SYNTAX Counter64 621 MAX-ACCESS read-only 622 STATUS current 623 DESCRIPTION 624 "The total number of segments received, including those 625 received in error. This count includes segments received 626 on currently established connections. This object is 627 the 64-bit equivalent of tcpInSegs. 629 Discontinuities in the value of this counter can occur 630 at re-initialization of the management system, and at 631 other times as indicated by discontinuities the value 632 of sysUpTime." 633 ::= { tcp 17 } 635 tcpHCOutSegs OBJECT-TYPE 636 SYNTAX Counter64 637 MAX-ACCESS read-only 638 STATUS current 639 DESCRIPTION 640 "The total number of segments sent, including those on 641 current connections but excluding those containing only 642 retransmitted octets. This object is the 64-bit 643 equivalent of tcpOutSegs. 645 Discontinuities in the value of this counter can occur 646 at re-initialization of the management system, and at 647 other times as indicated by discontinuities the value 648 of sysUpTime." 649 ::= { tcp 18 } 651 -- The TCP Connection table 653 tcpConnectionTable OBJECT-TYPE 654 SYNTAX SEQUENCE OF TcpConnectionEntry 655 MAX-ACCESS not-accessible 656 STATUS current 657 DESCRIPTION 658 "A table containing information about existing TCP 659 connections. Note that unlike earlier TCP MIBs, there 660 is a separate table for connections in the LISTEN state." 661 ::= { tcp 19 } 663 tcpConnectionEntry OBJECT-TYPE 664 SYNTAX TcpConnectionEntry 665 MAX-ACCESS not-accessible 666 STATUS current 667 DESCRIPTION 668 "A conceptual row of the tcpConnectionTable containing 669 information about a particular current TCP connection. 670 Each row of this table is transient, in that it ceases to 671 exist when (or soon after) the connection makes the 672 transition to the CLOSED state." 673 INDEX { tcpConnectionLocalAddressType, 674 tcpConnectionLocalAddress, 675 tcpConnectionLocalPort, 676 tcpConnectionRemAddressType, 677 tcpConnectionRemAddress, 678 tcpConnectionRemPort } 679 ::= { tcpConnectionTable 1 } 681 TcpConnectionEntry ::= SEQUENCE { 682 tcpConnectionLocalAddressType InetAddressType, 683 tcpConnectionLocalAddress InetAddress, 684 tcpConnectionLocalPort InetPortNumber, 685 tcpConnectionRemAddressType InetAddressType, 686 tcpConnectionRemAddress InetAddress, 687 tcpConnectionRemPort InetPortNumber, 688 tcpConnectionState INTEGER, 689 tcpConnectionProcess Unsigned32 690 } 692 tcpConnectionLocalAddressType OBJECT-TYPE 693 SYNTAX InetAddressType 694 MAX-ACCESS not-accessible 695 STATUS current 696 DESCRIPTION 697 "The address type of tcpConnectionLocalAddress." 698 ::= { tcpConnectionEntry 1 } 700 tcpConnectionLocalAddress OBJECT-TYPE 701 SYNTAX InetAddress 702 MAX-ACCESS not-accessible 703 STATUS current 704 DESCRIPTION 705 "The local IP address for this TCP connection. The type 706 of this address is determined by the value of 707 tcpConnectionLocalAddressType. 709 As this object is used in the index for the 710 tcpConnectionTable, implementors of this table should be 711 careful not to create entries that would result in OIDs 712 with more than 128 subidentifiers; else the information 713 cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." 714 ::= { tcpConnectionEntry 2 } 716 tcpConnectionLocalPort OBJECT-TYPE 717 SYNTAX InetPortNumber 718 MAX-ACCESS not-accessible 719 STATUS current 720 DESCRIPTION 721 "The local port number for this TCP connection." 722 ::= { tcpConnectionEntry 3 } 724 tcpConnectionRemAddressType OBJECT-TYPE 725 SYNTAX InetAddressType 726 MAX-ACCESS not-accessible 727 STATUS current 728 DESCRIPTION 729 "The address type of tcpConnectionRemAddress." 730 ::= { tcpConnectionEntry 4 } 732 tcpConnectionRemAddress OBJECT-TYPE 733 SYNTAX InetAddress 734 MAX-ACCESS not-accessible 735 STATUS current 736 DESCRIPTION 737 "The remote IP address for this TCP connection. The type 738 of this address is determined by the value of 739 tcpConnectionRemAddressType. 741 As this object is used in the index for the 742 tcpConnectionTable, implementors of this table should be 743 careful not to create entries that would result in OIDs 744 with more than 128 subidentifiers; else the information 745 cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." 746 ::= { tcpConnectionEntry 5 } 748 tcpConnectionRemPort OBJECT-TYPE 749 SYNTAX InetPortNumber 750 MAX-ACCESS not-accessible 751 STATUS current 752 DESCRIPTION 753 "The remote port number for this TCP connection." 754 ::= { tcpConnectionEntry 6 } 756 tcpConnectionState OBJECT-TYPE 757 SYNTAX INTEGER { 758 closed(1), 759 listen(2), 760 synSent(3), 761 synReceived(4), 762 established(5), 763 finWait1(6), 764 finWait2(7), 765 closeWait(8), 766 lastAck(9), 767 closing(10), 768 timeWait(11), 769 deleteTCB(12) 770 } 771 MAX-ACCESS read-write 772 STATUS current 773 DESCRIPTION 774 "The state of this TCP connection. 776 The value listen(2) is included only for parallelism to the 777 old tcpConnTable, and should not be used. A connection in 778 LISTEN state should be present in the tcpListenerTable. 780 The only value which may be set by a management station is 781 deleteTCB(12). Accordingly, it is appropriate for an agent 782 to return a `badValue' response if a management station 783 attempts to set this object to any other value. 785 If a management station sets this object to the value 786 deleteTCB(12), then this has the effect of deleting the TCB 787 (as defined in RFC 793) of the corresponding connection on 788 the managed node, resulting in immediate termination of the 789 connection. 791 As an implementation-specific option, a RST segment may be 792 sent from the managed node to the other TCP endpoint (note 793 however that RST segments are not sent reliably)." 794 ::= { tcpConnectionEntry 7 } 796 tcpConnectionProcess OBJECT-TYPE 797 SYNTAX Unsigned32 798 MAX-ACCESS read-only 799 STATUS current 800 DESCRIPTION 801 "The system's process ID for the process associated with 802 this connection, or zero if there is no such process. This 803 value is expected to be the same as HOST-RESOURCES-MIB:: 804 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 805 row in the appropriate tables." 806 ::= { tcpConnectionEntry 8 } 808 -- The TCP Listener table 810 tcpListenerTable OBJECT-TYPE 811 SYNTAX SEQUENCE OF TcpListenerEntry 812 MAX-ACCESS not-accessible 813 STATUS current 814 DESCRIPTION 815 "A table containing information about TCP listeners. A 816 listening application can be represented in three 817 possible ways: 819 1. An application that is willing to accept both IPv4 and 820 IPv6 datagrams is represented by 821 tcpListenerLocalAddressType of unknown (0) and 822 tcpListenerLocalAddress of ''h (a zero-length 823 octet-string). 825 2. An application which is willing to accept only IPv4 or 826 IPv6 datagrams is represented by a 827 tcpListenerLocalAddressType of the appropriate address 828 type and tcpListenerLocalAddress of ''h (a zero-length 829 octet-string). 831 3. An application which is a listening for data destined 832 only to a specific IP address, but from any remote 833 system, is represented by a tcpListenerLocalAddressType 834 of an appropriate address type, with 835 tcpListenerLocalAddress the specific local address. 837 NOTE: The address type in this table represents the 838 address type used for the communication, irrespective 839 of the higher-layer abstraction. For example, an 840 application using IPv6 'sockets' to communicate via 841 IPv4 between ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would 842 use InetAddressType ipv4(1))." 843 ::= { tcp 20 } 845 tcpListenerEntry OBJECT-TYPE 846 SYNTAX TcpListenerEntry 847 MAX-ACCESS not-accessible 848 STATUS current 849 DESCRIPTION 850 "A conceptual row of the tcpListenerTable containing 851 information about a particular TCP listener." 852 INDEX { tcpListenerLocalAddressType, 853 tcpListenerLocalAddress, 854 tcpListenerLocalPort } 855 ::= { tcpListenerTable 1 } 857 TcpListenerEntry ::= SEQUENCE { 858 tcpListenerLocalAddressType InetAddressType, 859 tcpListenerLocalAddress InetAddress, 860 tcpListenerLocalPort InetPortNumber, 861 tcpListenerProcess Unsigned32 862 } 864 tcpListenerLocalAddressType OBJECT-TYPE 865 SYNTAX InetAddressType 866 MAX-ACCESS not-accessible 867 STATUS current 868 DESCRIPTION 869 "The address type of tcpListenerLocalAddress. The value 870 should be unknown (0) if connection initiation to all 871 local IP addresses are accepted." 872 ::= { tcpListenerEntry 1 } 874 tcpListenerLocalAddress OBJECT-TYPE 875 SYNTAX InetAddress 876 MAX-ACCESS not-accessible 877 STATUS current 878 DESCRIPTION 879 "The local IP address for this TCP connection. In the case 880 of a listener which is willing to accept connections for 881 any IP interface associated with the node, a value of ''h 882 (zero-length octet-string) is used. The type of this 883 address is determined by the value of 884 tcpListenerLocalAddressType. 886 As this object is used in the index for the 887 tcpListenerTable, implementors of this table should be 888 careful not to create entries that would result in OIDs 889 with more than 128 subidentifiers; else the information 890 cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." 891 ::= { tcpListenerEntry 2 } 893 tcpListenerLocalPort OBJECT-TYPE 894 SYNTAX InetPortNumber 895 MAX-ACCESS not-accessible 896 STATUS current 897 DESCRIPTION 898 "The local port number for this TCP connection." 899 ::= { tcpListenerEntry 3 } 901 tcpListenerProcess OBJECT-TYPE 902 SYNTAX Unsigned32 903 MAX-ACCESS read-only 904 STATUS current 905 DESCRIPTION 906 "The system's process ID for the process associated with 907 this listener, or zero if there is no such process. This 908 value is expected to be the same as HOST-RESOURCES-MIB:: 909 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 910 row in the appropriate tables." 911 ::= { tcpListenerEntry 4 } 913 -- The deprecated TCP Connection table 915 tcpConnTable OBJECT-TYPE 916 SYNTAX SEQUENCE OF TcpConnEntry 917 MAX-ACCESS not-accessible 918 STATUS deprecated 919 DESCRIPTION 920 "A table containing information about existing IPv4-specific 921 TCP connections or listeners. This table has been 922 deprecated in favor of the version neutral 923 tcpConnectionTable." 924 ::= { tcp 13 } 926 tcpConnEntry OBJECT-TYPE 927 SYNTAX TcpConnEntry 928 MAX-ACCESS not-accessible 929 STATUS deprecated 930 DESCRIPTION 931 "A conceptual row of the tcpConnTable containing information 932 about a particular current IPv4 TCP connection. Each row 933 of this table is transient, in that it ceases to exist when 934 (or soon after) the connection makes the transition to the 935 CLOSED state." 936 INDEX { tcpConnLocalAddress, 937 tcpConnLocalPort, 938 tcpConnRemAddress, 939 tcpConnRemPort } 940 ::= { tcpConnTable 1 } 942 TcpConnEntry ::= SEQUENCE { 943 tcpConnState INTEGER, 944 tcpConnLocalAddress IpAddress, 945 tcpConnLocalPort Integer32, 946 tcpConnRemAddress IpAddress, 947 tcpConnRemPort Integer32 948 } 950 tcpConnState OBJECT-TYPE 951 SYNTAX INTEGER { 952 closed(1), 953 listen(2), 954 synSent(3), 955 synReceived(4), 956 established(5), 957 finWait1(6), 958 finWait2(7), 959 closeWait(8), 960 lastAck(9), 961 closing(10), 962 timeWait(11), 963 deleteTCB(12) 964 } 965 MAX-ACCESS read-write 966 STATUS deprecated 967 DESCRIPTION 968 "The state of this TCP connection. 970 The only value which may be set by a management station is 971 deleteTCB(12). Accordingly, it is appropriate for an agent 972 to return a `badValue' response if a management station 973 attempts to set this object to any other value. 975 If a management station sets this object to the value 976 deleteTCB(12), then this has the effect of deleting the TCB 977 (as defined in RFC 793) of the corresponding connection on 978 the managed node, resulting in immediate termination of the 979 connection. 981 As an implementation-specific option, a RST segment may be 982 sent from the managed node to the other TCP endpoint (note 983 however that RST segments are not sent reliably)." 984 ::= { tcpConnEntry 1 } 986 tcpConnLocalAddress OBJECT-TYPE 987 SYNTAX IpAddress 988 MAX-ACCESS read-only 989 STATUS deprecated 990 DESCRIPTION 991 "The local IP address for this TCP connection. In the case 992 of a connection in the listen state which is willing to 993 accept connections for any IP interface associated with the 994 node, the value 0.0.0.0 is used." 995 ::= { tcpConnEntry 2 } 997 tcpConnLocalPort OBJECT-TYPE 998 SYNTAX Integer32 (0..65535) 999 MAX-ACCESS read-only 1000 STATUS deprecated 1001 DESCRIPTION 1002 "The local port number for this TCP connection." 1003 ::= { tcpConnEntry 3 } 1005 tcpConnRemAddress OBJECT-TYPE 1006 SYNTAX IpAddress 1007 MAX-ACCESS read-only 1008 STATUS deprecated 1009 DESCRIPTION 1010 "The remote IP address for this TCP connection." 1011 ::= { tcpConnEntry 4 } 1013 tcpConnRemPort OBJECT-TYPE 1014 SYNTAX Integer32 (0..65535) 1015 MAX-ACCESS read-only 1016 STATUS deprecated 1017 DESCRIPTION 1018 "The remote port number for this TCP connection." 1019 ::= { tcpConnEntry 5 } 1021 -- conformance information 1023 tcpMIBConformance OBJECT IDENTIFIER ::= { tcpMIB 2 } 1025 tcpMIBCompliances OBJECT IDENTIFIER ::= { tcpMIBConformance 1 } 1026 tcpMIBGroups OBJECT IDENTIFIER ::= { tcpMIBConformance 2 } 1028 -- compliance statements 1030 tcpMIBCompliance2 MODULE-COMPLIANCE 1031 STATUS current 1032 DESCRIPTION 1033 "The compliance statement for systems which implement TCP. 1035 There are a number of INDEX objects that cannot be 1036 represented in the form of OBJECT clauses in SMIv2, but 1037 for which we have the following compliance requirements, 1038 expressed in OBJECT clause form in this description 1039 clause: 1041 -- OBJECT tcpConnectionLocalAddressType 1042 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 1043 -- DESCRIPTION 1044 -- This MIB requires support for only global IPv4 1045 -- and IPv6 address types. 1046 -- 1047 -- OBJECT tcpConnectionRemAddressType 1048 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 1049 -- DESCRIPTION 1050 -- This MIB requires support for only global IPv4 1051 -- and IPv6 address types. 1052 -- 1053 -- OBJECT tcpListenerLocalAddressType 1054 -- SYNTAX InetAddressType { unknown(0), ipv4(1), 1055 -- ipv6(2) } 1056 -- DESCRIPTION 1057 -- This MIB requires support for only global IPv4 1058 -- and IPv6 address types. The type unknown also 1059 -- needs to be supported to identify a special 1060 -- case in the listener table - a listen using 1061 -- both IPv4 and IPv6 addresses on the device. 1062 -- 1063 " 1064 MODULE -- this module 1065 MANDATORY-GROUPS { tcpBaseGroup, tcpConnectionGroup, 1066 tcpListenerGroup } 1067 GROUP tcpHCGroup 1068 DESCRIPTION 1069 "This group is mandatory for those systems which are capable 1070 of receiving or transmitting more than 1 million TCP 1071 segments per second. 1 million segments per second will 1072 cause a Counter32 to wrap in just over an hour." 1073 OBJECT tcpConnectionState 1074 SYNTAX INTEGER { closed(1), listen(2), synSent(3), 1075 synReceived(4), established(5), 1076 finWait1(6), finWait2(7), closeWait(8), 1077 lastAck(9), closing(10), timeWait(11) } 1078 MIN-ACCESS read-only 1079 DESCRIPTION 1080 "Write access is not required, nor is support for the value 1081 deleteTCB (12)." 1082 ::= { tcpMIBCompliances 2 } 1084 tcpMIBCompliance MODULE-COMPLIANCE 1085 STATUS deprecated 1086 DESCRIPTION 1087 "The compliance statement for IPv4-only systems which 1088 implement TCP. In order to be IP version independent, this 1089 compliance statement is deprecated in favor of 1090 tcpMIBCompliance2. However, agents are still encouraged 1091 to implement these objects in order to interoperate with 1092 the deployed base of managers." 1093 MODULE -- this module 1094 MANDATORY-GROUPS { tcpGroup } 1095 OBJECT tcpConnState 1096 MIN-ACCESS read-only 1097 DESCRIPTION 1098 "Write access is not required." 1099 ::= { tcpMIBCompliances 1 } 1101 -- units of conformance 1103 tcpGroup OBJECT-GROUP 1104 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1105 tcpMaxConn, tcpActiveOpens, 1106 tcpPassiveOpens, tcpAttemptFails, 1107 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1108 tcpOutSegs, tcpRetransSegs, tcpConnState, 1109 tcpConnLocalAddress, tcpConnLocalPort, 1110 tcpConnRemAddress, tcpConnRemPort, 1111 tcpInErrs, tcpOutRsts } 1112 STATUS deprecated 1113 DESCRIPTION 1114 "The tcp group of objects providing for management of TCP 1115 entities." 1116 ::= { tcpMIBGroups 1 } 1118 tcpBaseGroup OBJECT-GROUP 1119 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1120 tcpMaxConn, tcpActiveOpens, 1121 tcpPassiveOpens, tcpAttemptFails, 1122 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1123 tcpOutSegs, tcpRetransSegs, 1124 tcpInErrs, tcpOutRsts } 1125 STATUS current 1126 DESCRIPTION 1127 "The group of counters common to TCP entities." 1128 ::= { tcpMIBGroups 2 } 1130 tcpConnectionGroup OBJECT-GROUP 1131 OBJECTS { tcpConnectionState, tcpConnectionProcess } 1132 STATUS current 1133 DESCRIPTION 1134 "The group provides general information about TCP 1135 connections." 1136 ::= { tcpMIBGroups 3 } 1138 tcpListenerGroup OBJECT-GROUP 1139 OBJECTS { tcpListenerProcess } 1140 STATUS current 1141 DESCRIPTION 1142 "This group has objects providing general information about 1143 TCP listeners." 1144 ::= { tcpMIBGroups 4 } 1146 tcpHCGroup OBJECT-GROUP 1147 OBJECTS { tcpHCInSegs, tcpHCOutSegs } 1148 STATUS current 1149 DESCRIPTION 1150 "The group of objects providing for counters of high speed 1151 TCP implementations." 1152 ::= { tcpMIBGroups 5 } 1154 END 1155 4. Acknowledgements 1157 This document contains a modified subset of RFC 1213 and updates RFC 1158 2012 and RFC 2452. Acknowledgements are therefore due to the authors 1159 and editors of these documents for their excellent work. Several 1160 useful comments regarding usability and design were also received 1161 from Kristine Adamson. The authors would like to like all these 1162 people for their contribution to this effort. 1164 5. Normative References 1166 [RFC793] Postel, J., "Transmission Control Protocol - DARPA Internet 1167 Program Protocol Specification", STD 7, RFC 793, DARPA, 1168 September 1981. 1170 [RFC2287] Krupczak, C., Saperia, J., "Definitions of System-Level 1171 Managed Objects for Applications", RFC 2287, February 1998. 1173 [RFC2790] Waldbusser, S., Grillo, P., "Host Resources MIB", RFC 2790, 1174 March 2000. 1176 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1177 Rose, M. and S. Waldbusser, "Structure of Management 1178 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1179 1999. 1181 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1182 Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2", 1183 STD 58, RFC 2579, April 1999. 1185 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1186 Rose, M. and S. Waldbusser, "Conformance Statements for 1187 SMIv2", STD 58, RFC 2580, April 1999. 1189 [RFC3291] Daniele, M., Haberman, B., Routhier, S., and Schoenwaelder, 1190 J., "Textual Conventions for Internet Network Addresses", 1191 RFC 3291, May 2002. 1193 [RFC3418] Presuhn, R., "Management Information Base (MIB) for the 1194 Simple Network Management Protocol (SNMP)", RFC 3418, 1195 December 2002. 1197 6. Informative References 1199 [RFC1213] Rose, M. and K. McCloghrie, "Management Information Base 1200 for Network Management of TCP/IP-based internets", RFC 1213, 1201 March 1991. 1203 [RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the 1204 Transmission Control Protocol using SMIv2", RFC 2012, 1205 November 1996. 1207 [RFC2452] Daniele, M., "IP Version 6 Management Information Base for 1208 the Transmission Control Protocol", RFC 2452, December 1998. 1210 [RFC2988] Paxson, V., Allman, M., "Computing TCP's Retransmission 1211 Timer", RFC2988, November 2000. 1213 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 1214 "Introduction and Applicability Statements for Internet- 1215 Standard Management Framework", RFC 3410, December 2002. 1217 [VANJ] Jacobson, V., "Congestion Avoidance and Control", SIGCOMM 1218 1988, Stanford, California. 1220 7. Security Considerations 1222 There are management objects defined in this MIB that have a 1223 MAX-ACCESS clause of read-write. Such objects may be considered 1224 sensitive or vulnerable in some network environments. The support 1225 for SET operations in a non-secure environment without proper 1226 protection can have a negative effect on network operations. 1227 These are the tables and objects and their sensitivity/vulnerability: 1229 o The tcpConnectionState and tcpConnState objects have a MAX-ACCESS 1230 clause of read-write, which allows termination of an arbitrary 1231 connection. Unauthorized access could cause a denial of service. 1233 Some of the readable objects in this MIB module (i.e., objects with a 1234 MAX-ACCESS other than not-accessible) may be considered sensitive or 1235 vulnerable in some network environments. It is thus important to 1236 control even GET and/or NOTIFY access to these objects and possibly 1237 to even encrypt the values of these objects when sending them over 1238 the network via SNMP. These are the tables and objects and their 1239 sensitivity/vulnerability: 1241 o The tcpConnectionTable and the tcpConnTable contain objects 1242 providing information on the active connections on the device, 1243 the status of these connections and the associated processes. 1244 This information may be used by an attacker to launch attacks 1245 against known/unknown weakness in certain protocols/applications. 1246 In addition, access to the connection table could also have 1247 privacy implications since it provide detailed information on 1248 active connections. 1250 o The tcpListenerTable and the tcpConnTable contain objects providing 1251 information on listeners on an entity. For e.g. the 1252 tcpListenerLocalPort and tcpConnLocalPort objects can be used 1253 to identify what ports are open on the machine and can thus what 1254 attacks are likely to succeed, without the attacker having to run a 1255 port scanner. 1257 SNMP versions prior to SNMPv3 did not include adequate security. 1258 Even if the network itself is secure (for example by using IPSec), 1259 even then, there is no control as to who on the secure network is 1260 allowed to access and GET/SET (read/change/create/delete) the objects 1261 in this MIB module. 1263 It is RECOMMENDED that implementers consider the security features as 1264 provided by the SNMPv3 framework (see [RFC3410], section 8), 1265 including full support for the SNMPv3 cryptographic mechanisms (for 1266 authentication and privacy). 1268 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1269 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1270 enable cryptographic security. It is then a customer/operator 1271 responsibility to ensure that the SNMP entity giving access to an 1272 instance of this MIB module is properly configured to give access to 1273 the objects only to those principals (users) that have legitimate 1274 rights to indeed GET or SET (change/create/delete) them. 1276 8. Intellectual Property 1278 The IETF takes no position regarding the validity or scope of any 1279 intellectual property or other rights that might be claimed to 1280 pertain to the implementation or use of the technology described in 1281 this document or the extent to which any license under such rights 1282 might or might not be available; neither does it represent that it 1283 has made any effort to identify any such rights. Information on 1284 the IETF's procedures with respect to rights in standards-track and 1285 standards-related documentation can be found in BCP-11. Copies of 1286 claims of rights made available for publication and any assurances 1287 of licenses to be made available, or the result of an attempt made 1288 to obtain a general license or permission for the use of such 1289 proprietary rights by implementors or users of this specification 1290 can be obtained from the IETF Secretariat. 1292 The IETF invites any interested party to bring to its attention any 1293 copyrights, patents or patent applications, or other proprietary 1294 rights which may cover technology that may be required to practice 1295 this standard. Please address the information to the IETF 1296 Executive Director. 1298 9. Editor's Address 1300 Rajiv Raghunarayan 1301 Cisco Systems Inc. 1302 170 West Tasman Drive 1303 San Jose, CA 95134 1304 USA 1306 Email: raraghun@cisco.com 1308 10. Authors 1310 This document is an output of the IPv6 MIB revision team, and 1311 contributors to earlier versions of this document include: 1313 Bill Fenner, AT&T Labs -- Research 1314 Email: fenner@research.att.com 1316 Brian Haberman 1317 Email: brian@innovationslab.net 1319 Shawn A. Routhier, Wind River 1320 Email: shawn.routhier@windriver.com 1322 Juergen Schoenwalder, TU Braunschweig 1323 Email: schoenw@ibr.cs.tu-bs.de 1325 Dave Thaler, Microsoft 1326 Email: dthaler@windows.microsoft.com 1328 This documents updates parts of the MIBs from several documents. RFC 1329 2012 has been the base document for these updations. RFC 2452 was 1330 the first document to define the managed objects for implementations 1331 of TCP over IPv6. 1333 RFC 2012: 1335 Keith McCloghrie, Cisco Systems (Editor) 1336 kzm@cisco.com 1338 RFC 2452: 1340 Mike Daniele, Compaq Computer Corporation 1341 daniele@zk3.dec.com 1342 11. Full Copyright Statement 1344 Copyright (C) The Internet Society (2004). All Rights Reserved. 1346 This document and translations of it may be copied and furnished to 1347 others, and derivative works that comment on or otherwise explain it or 1348 assist in its implementation may be prepared, copied, published and 1349 distributed, in whole or in part, without restriction of any kind, 1350 provided that the above copyright notice and this paragraph are 1351 included on all such copies and derivative works. However, this 1352 document itself may not be modified in any way, such as by removing the 1353 copyright notice or references to the Internet Society or other 1354 Internet organizations, except as needed for the purpose of developing 1355 Internet standards in which case the procedures for copyrights defined 1356 in the Internet Standards process must be followed, or as required to 1357 translate it into languages other than English. 1359 The limited permissions granted above are perpetual and will not be 1360 revoked by the Internet Society or its successors or assigns. 1362 This document and the information contained herein is provided on an 1363 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1364 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 1365 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL 1366 NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY 1367 OR FITNESS FOR A PARTICULAR PURPOSE.