idnits 2.17.1 draft-perreault-sunset4-cgn-mib-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 9, 2012) is 4301 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6333' is mentioned on line 171, but not defined == Missing Reference: 'RFC4787' is mentioned on line 339, but not defined == Missing Reference: 'I-D.ietf-behave-lsn-requiremnents' is mentioned on line 343, but not defined == Outdated reference: A later version (-10) exists of draft-ietf-behave-lsn-requirements-07 == Outdated reference: A later version (-11) exists of draft-ietf-behave-nat-mib-01 Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Perreault 3 Internet-Draft Viagenie 4 Intended status: Standards Track T. Tsou 5 Expires: January 10, 2013 Huawei Technologies (USA) 6 S. Sivakumar 7 Cisco Systems 8 July 9, 2012 10 Managed Objects for Carrier Grade NAT (CGN) 11 draft-perreault-sunset4-cgn-mib-00 13 Abstract 15 This memo defines a portion of the Management Information Base (MIB) 16 that may be used for monitoring of a device capable of Carrier Grade 17 NAT function. 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on January 10, 2013. 36 Copyright Notice 38 Copyright (c) 2012 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 9 58 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9 59 7. Normative References . . . . . . . . . . . . . . . . . . . . . 9 60 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 62 1. Introduction 64 [I-D.ietf-behave-nat-mib] defines objects for managing network 65 address translators (NATs). This document builds on top of it, 66 defining objects specifically for Carrier Grade NATs (CGN). 68 2. Terminology 70 The "CGN" term is defined in [I-D.ietf-behave-lsn-requirements]. 72 3. Overview 74 New features in this module are as follows: 76 Per-subscriber counters, limits, and notifications: Carrier-Grade 77 NATs operate with a notion of "subscriber", to which are 78 associated a set of counters, limits, and notifications. The 79 subscriber identifier may not necessarily be an internal address, 80 as in the case of DS-Lite, where the identifier is the IPv6 81 address of the tunnel endpoint and the internal addresses are the 82 same for each subscriber. 84 4. Definitions 86 The following objects are added to the MIB module defined in 87 [I-D.ietf-behave-nat-mib]. 89 -- notifications 91 newNatNotifSubscriberMappings NOTIFICATION-TYPE 92 OBJECTS { newNatSubscriberCntMappings } 93 STATUS current 94 DESCRIPTION 95 "This notification is generated when newNatSubscriberCntMappings 96 exceeds the value of newNatSubscriberMapNotifyThresh, unless 97 newNatSubscriberMapNotifyThresh is zero.." 98 ::= { newNatNotifications 5 } 100 -- limits 102 newNatLimitSubscribers OBJECT-TYPE 103 SYNTAX Unsigned32 104 MAX-ACCESS read-write 105 STATUS current 106 DESCRIPTION 107 "Global limit on the number of subscribers with active mappings. 108 Zero means unlimited." 109 ::= { newNatLimits 6 } 111 -- subscribers 113 newNatSubscribers OBJECT IDENTIFIER ::= { newNatObjects 5 } 115 newNatSubscribersTable OBJECT-TYPE 116 SYNTAX SEQUENCE OF NewNatSubscribersTableEntry 117 MAX-ACCESS not-accessible 118 STATUS current 119 DESCRIPTION 120 "Table of CGN subscribers." 121 ::= { newNatSubscribers 1 } 123 newNatSubscribersTableEntry OBJECT-TYPE 124 SYNTAX NewNatSubscribersTableEntry 125 MAX-ACCESS not-accessible 126 STATUS current 127 DESCRIPTION 128 "Each entry describes a single CGN subscriber." 129 INDEX { newNatSubscriberIdentifierType, 130 newNatSubscriberIdentifier } 131 ::= { newNatSubscribersTable 1 } 133 NewNatSubscribersTableEntry ::= 134 SEQUENCE { 135 newNatSubscriberIdentifierType InetAddressType, 136 newNatSubscriberIdentifier InetAddress, 137 newNatSubscriberIntPrefixType InetAddressType, 138 newNatSubscriberIntPrefix InetAddress, 139 newNatSubscriberIntPrefixLength InetAddressPrefixLength, 140 newNatSubscriberPool NatPoolIndex, 141 newNatSubscriberCntTranslates Counter64, 142 newNatSubscriberCntOOP Counter64, 143 newNatSubscriberCntResource Counter64, 144 newNatSubscriberCntStateMismatch Counter64, 145 newNatSubscriberCntQuota Counter64, 146 newNatSubscriberCntMappings Gauge32, 147 newNatSubscriberCntMapCreations Counter64, 148 newNatSubscriberCntMapRemovals Counter64, 149 newNatSubscriberLimitMappings Unsigned32, 150 newNatSubscriberMapNotifyThresh Unsigned32 151 } 153 newNatSubscriberIdentifierType OBJECT-TYPE 154 SYNTAX InetAddressType 155 MAX-ACCESS not-accessible 156 STATUS current 157 DESCRIPTION 158 "Address type of the subscriber identifier." 159 ::= { newNatSubscribersTableEntry 1 } 161 newNatSubscriberIdentifier OBJECT-TYPE 162 SYNTAX InetAddress (SIZE (4|16)) 163 MAX-ACCESS not-accessible 164 STATUS current 165 DESCRIPTION 166 "Address used for uniquely identifying the subscriber. 168 In traditional NAT, this is the internal address assigned to 169 the CPE. In case an address range is assigned to a subscriber, 170 the first address in the range is used as identifier. For 171 tunnelled connectivity (e.g., DS-Lite [RFC6333]), the outer 172 address is used as identifier (i.e., the IPv6 address in the 173 case of DS-Lite)." 174 ::= { newNatSubscribersTableEntry 2 } 176 newNatSubscriberIntPrefixType OBJECT-TYPE 177 SYNTAX InetAddressType 178 MAX-ACCESS read-only 179 STATUS current 180 DESCRIPTION 181 "Subscriber's internal prefix type." 182 ::= { newNatSubscribersTableEntry 3 } 184 newNatSubscriberIntPrefix OBJECT-TYPE 185 SYNTAX InetAddress 186 MAX-ACCESS read-only 187 STATUS current 188 DESCRIPTION 189 "Prefix assigned to a subscriber's CPE." 190 ::= { newNatSubscribersTableEntry 4 } 192 newNatSubscriberIntPrefixLength OBJECT-TYPE 193 SYNTAX InetAddressPrefixLength 194 MAX-ACCESS read-only 195 STATUS current 196 DESCRIPTION 197 "Length of the prefix assigned to a subscriber's CPE, in bits. 198 In case a single address is assigned, this will be 32 for IPv4 199 and 128 for IPv6." 200 ::= { newNatSubscribersTableEntry 5 } 202 newNatSubscriberPool OBJECT-TYPE 203 SYNTAX NatPoolIndex 204 MAX-ACCESS read-only 205 STATUS current 206 DESCRIPTION 207 "External address pool to which this subscriber belongs." 208 ::= { newNatSubscribersTableEntry 6 } 210 newNatSubscriberCntTranslates OBJECT-TYPE 211 SYNTAX Counter64 212 MAX-ACCESS read-only 213 STATUS current 214 DESCRIPTION 215 "The number of packets received from or sent to this subscriber 216 and to which NAT has been applied." 217 ::= { newNatSubscribersTableEntry 7 } 219 newNatSubscriberCntOOP OBJECT-TYPE 220 SYNTAX Counter64 221 MAX-ACCESS read-only 222 STATUS current 223 DESCRIPTION 224 "The number of packets received from this subscriber to which 225 NAT could not be applied because no external port was 226 available, excluding quota limitations." 227 ::= { newNatSubscribersTableEntry 8 } 229 newNatSubscriberCntResource OBJECT-TYPE 230 SYNTAX Counter64 231 MAX-ACCESS read-only 232 STATUS current 233 DESCRIPTION 234 "The number of packets received from this subscriber to which 235 NAT could not be applied because of resource constraints 236 (excluding out-of-ports condition)." 237 ::= { newNatSubscribersTableEntry 9 } 239 newNatSubscriberCntStateMismatch OBJECT-TYPE 240 SYNTAX Counter64 241 MAX-ACCESS read-only 242 STATUS current 243 DESCRIPTION 244 "The number of packets received from or destined to this 245 subscriber to which NAT could not be applied because of mapping 246 state mismatch. For example, a TCP packet that matches an 247 existing mapping but is dropped because its flags are 248 incompatible with the current state of the mapping would cause 249 this counter to be incremented." 251 ::= { newNatSubscribersTableEntry 10 } 253 newNatSubscriberCntQuota OBJECT-TYPE 254 SYNTAX Counter64 255 MAX-ACCESS read-only 256 STATUS current 257 DESCRIPTION 258 "The number of packets received from or destined to this 259 subscriber to which NAT could not be applied because of quota 260 limitations. Quotas include absolute limits as well as limits 261 on the rate of allocation." 262 ::= { newNatSubscribersTableEntry 11 } 264 newNatSubscriberCntMappings OBJECT-TYPE 265 SYNTAX Gauge32 266 MAX-ACCESS read-only 267 STATUS current 268 DESCRIPTION 269 "Number of currently active mappings created by or for this 270 subscriber. 272 Equal to newNatSubscriberCntMapRemovals - 273 newNatSubscriberCntMapCreations." 274 ::= { newNatSubscribersTableEntry 12 } 276 newNatSubscriberCntMapCreations OBJECT-TYPE 277 SYNTAX Counter64 278 MAX-ACCESS read-only 279 STATUS current 280 DESCRIPTION 281 "Number of mappings created by or for this subscriber." 282 ::= { newNatSubscribersTableEntry 13 } 284 newNatSubscriberCntMapRemovals OBJECT-TYPE 285 SYNTAX Counter64 286 MAX-ACCESS read-only 287 STATUS current 288 DESCRIPTION 289 "Number of mappings removed by or for this subscriber." 290 ::= { newNatSubscribersTableEntry 14 } 292 newNatSubscriberLimitMappings OBJECT-TYPE 293 SYNTAX Unsigned32 294 MAX-ACCESS read-write 295 STATUS current 296 DESCRIPTION 297 "Limit on the number of active mappings created by or for this 298 subscriber. Zero means unlimited." 300 ::= { newNatSubscribersTableEntry 15 } 302 newNatSubscriberMapNotifyThresh OBJECT-TYPE 303 SYNTAX Unsigned32 304 MAX-ACCESS read-write 305 STATUS current 306 DESCRIPTION 307 "See newNatNotifSubscriberMappings." 308 ::= { newNatSubscribersTableEntry 16 } 310 -- conformance groups 312 newNatGroupSubscriberObjects OBJECT-GROUP 313 OBJECTS { newNatSubscriberIntPrefixType, 314 newNatSubscriberIntPrefix, 315 newNatSubscriberIntPrefixLength, 316 newNatSubscriberPool, 317 newNatSubscriberCntTranslates, 318 newNatSubscriberCntOOP, 319 newNatSubscriberCntResource, 320 newNatSubscriberCntStateMismatch, 321 newNatSubscriberCntQuota, 322 newNatSubscriberCntMappings, 323 newNatSubscriberCntMapCreations, 324 newNatSubscriberCntMapRemovals, 325 newNatSubscriberLimitMappings, 326 newNatSubscriberMapNotifyThresh, 327 newNatLimitSubscribers } 328 STATUS current 329 DESCRIPTION 330 "Per-subscriber counters, limits, and thresholds." 331 ::= { newNatGroups 4 } 333 -- compliance statements 335 newNatCGNCompliance MODULE-COMPLIANCE 336 STATUS current 337 DESCRIPTION 338 "NATs that have 'Paired IP address pooling' and 'Receive 339 Fragments Out of Order' behavior [RFC4787] and implement the 340 objects in this group can claim this level of compliance. 342 This level of compliance is to be expected of a CGN compliant 343 with [I-D.ietf-behave-lsn-requiremnents]." 344 MODULE -- this module 345 MANDATORY-GROUPS { newNatGroupBasicObjects, 346 newNatGroupBasicNotifications, 347 newNatGroupAddrMapObjects, 348 newNatGroupAddrMapNotifications, 349 newNatGroupFragmentObjects, 350 newNatGroupSubscriberObjects, 351 newNatGroupSubscriberNotifs } 352 ::= { newNatCompliance 4 } 354 5. Security Considerations 356 TBD 358 6. IANA Considerations 360 TBD 362 7. Normative References 364 [I-D.ietf-behave-lsn-requirements] 365 Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A., 366 and H. Ashida, "Common requirements for Carrier Grade NATs 367 (CGNs)", draft-ietf-behave-lsn-requirements-07 (work in 368 progress), June 2012. 370 [I-D.ietf-behave-nat-mib] 371 Perreault, S., Tsou, T., and S. Sivakumar, "Additional 372 Managed Objects for Network Address Translators (NAT)", 373 draft-ietf-behave-nat-mib-01 (work in progress), 374 June 2012. 376 Authors' Addresses 378 Simon Perreault 379 Viagenie 380 246 Aberdeen 381 Quebec, QC G1R 2E1 382 Canada 384 Phone: +1 418 656 9254 385 Email: simon.perreault@viagenie.ca 386 URI: http://viagenie.ca 387 Tina Tsou 388 Huawei Technologies (USA) 389 2330 Central Expressway 390 Santa Clara, CA 95050 391 USA 393 Phone: +1 408 330 4424 394 Email: tina.tsou.zouting@huawei.com 396 Senthil Sivakumar 397 Cisco Systems 398 7100-8 Kit Creek Road 399 Research Triangle Park, North Carolina 27709 400 USA 402 Phone: +1 919 392 5158 403 Email: ssenthil@cisco.com