| < draft-perrault-behave-natv2-mib-03.txt | draft-perrault-behave-natv2-mib-05.txt > | |||
|---|---|---|---|---|
| Network Working Group S. Perreault | Network Working Group S. Perreault | |||
| Internet-Draft Jive Communications | Internet-Draft Jive Communications | |||
| Intended status: Standards Track T. Tsou | Intended status: Standards Track T. Tsou | |||
| Expires: September 25, 2015 Huawei Technologies | Expires: December 18, 2015 Huawei Technologies | |||
| S. Sivakumar | S. Sivakumar | |||
| Cisco Systems | Cisco Systems | |||
| T. Taylor | T. Taylor | |||
| PT Taylor Consulting | PT Taylor Consulting | |||
| March 24, 2015 | June 16, 2015 | |||
| Definitions of Managed Objects for Network Address Translators (NAT) | Definitions of Managed Objects for Network Address Translators (NAT) | |||
| draft-perrault-behave-natv2-mib-03 | draft-perrault-behave-natv2-mib-05 | |||
| Abstract | Abstract | |||
| This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
| for devices implementing the Network Address Translator (NAT) | for devices implementing the Network Address Translator (NAT) | |||
| function. The new MIB module defined in this document, NATV2-MIB, is | function. The new MIB module defined in this document, NATV2-MIB, is | |||
| intended to replace module NAT-MIB (RFC 4008). NATV2-MIB is not | intended to replace module NAT-MIB (RFC 4008). NATV2-MIB is not | |||
| backwards compatible with NAT-MIB, for reasons given in the text of | backwards compatible with NAT-MIB, for reasons given in the text of | |||
| this document. A companion document deprecates all objects in NAT- | this document. A companion document deprecates all objects in NAT- | |||
| MIB. NATV2-MIB can be used for monitoring of NAT instances on a | MIB. NATV2-MIB can be used for monitoring of NAT instances on a | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 25, 2015. | This Internet-Draft will expire on December 18, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 48 ¶ | skipping to change at page 2, line 48 ¶ | |||
| 3.3.7. The Address Pool Address Range Table: | 3.3.7. The Address Pool Address Range Table: | |||
| natv2PoolRangeTable . . . . . . . . . . . . . . . . . 16 | natv2PoolRangeTable . . . . . . . . . . . . . . . . . 16 | |||
| 3.3.8. The Address Map Table: natv2AddressMapTable . . . . . 16 | 3.3.8. The Address Map Table: natv2AddressMapTable . . . . . 16 | |||
| 3.3.9. The Port Map Table: natv2PortMapTable . . . . . . . . 17 | 3.3.9. The Port Map Table: natv2PortMapTable . . . . . . . . 17 | |||
| 3.4. Conformance: Three Application Scenarios . . . . . . . . 17 | 3.4. Conformance: Three Application Scenarios . . . . . . . . 17 | |||
| 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 5. Operational and Management Considerations . . . . . . . . . . 74 | 5. Operational and Management Considerations . . . . . . . . . . 74 | |||
| 5.1. Configuration Requirements . . . . . . . . . . . . . . . 74 | 5.1. Configuration Requirements . . . . . . . . . . . . . . . 74 | |||
| 5.2. Transition From and Coexistence With NAT-MIB [RFC 4008] 76 | 5.2. Transition From and Coexistence With NAT-MIB [RFC 4008] 76 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 78 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 78 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 81 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 81 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 81 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 81 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 81 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 82 | 8.2. Informative References . . . . . . . . . . . . . . . . . 82 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 83 | |||
| 1. The SNMP Management Framework | 1. The SNMP Management Framework | |||
| For a detailed overview of the documents that describe the current | For a detailed overview of the documents that describe the current | |||
| Internet-Standard Management Framework, please refer to section 7 of | Internet-Standard Management Framework, please refer to section 7 of | |||
| RFC 3410 [RFC3410]. | RFC 3410 [RFC3410]. | |||
| Managed objects are accessed via a virtual information store, termed | Managed objects are accessed via a virtual information store, termed | |||
| the Management Information Base or MIB. MIB objects are generally | the Management Information Base or MIB. MIB objects are generally | |||
| accessed through the Simple Network Management Protocol (SNMP). | accessed through the Simple Network Management Protocol (SNMP). | |||
| skipping to change at page 8, line 8 ¶ | skipping to change at page 8, line 8 ¶ | |||
| Threshold: natv2PoolThresholdUsageLow in natv2PoolTable. To allow | Threshold: natv2PoolThresholdUsageLow in natv2PoolTable. To allow | |||
| for a threshold of zero usage, disabling of the | for a threshold of zero usage, disabling of the | |||
| natv2NotificationPoolUsageLow is done by setting | natv2NotificationPoolUsageLow is done by setting | |||
| natv2PoolThresholdUsageLow to -1 rather than 0, in contrast to all | natv2PoolThresholdUsageLow to -1 rather than 0, in contrast to all | |||
| of the other notifications. | of the other notifications. | |||
| Objects returned: natv2PoolNotifiedPortMapEntries and | Objects returned: natv2PoolNotifiedPortMapEntries and | |||
| natv2PoolNotifiedPortMapProtocol in natv2PoolTable; | natv2PoolNotifiedPortMapProtocol in natv2PoolTable; | |||
| Rate control: natv2PoolNotificationInterval in | Rate control: natv2PoolNotificationInterval in natv2PoolTable. | |||
| natv2PoolTable (default 20 seconds between notifications for a | ||||
| given address pool). | ||||
| Notification: natv2NotificationPoolUsageHigh. Indicates that address | Notification: natv2NotificationPoolUsageHigh. Indicates that address | |||
| pool usage for the most-mapped protocol has risen to the threshold | pool usage for the most-mapped protocol has risen to the threshold | |||
| value or more. | value or more. | |||
| Compared value: natv2PoolNotifiedPortMapEntries as a percentage of | Compared value: natv2PoolNotifiedPortMapEntries as a percentage of | |||
| total available ports in the pool. | total available ports in the pool. | |||
| Threshold: natv2PoolThresholdUsageHigh in natv2PoolTable; | Threshold: natv2PoolThresholdUsageHigh in natv2PoolTable; | |||
| Objects returned: natv2PoolNotifiedPortMapEntries, | Objects returned: natv2PoolNotifiedPortMapEntries, | |||
| natv2PoolNotifiedPortMapProtocol in natv2PoolTable; | natv2PoolNotifiedPortMapProtocol in natv2PoolTable; | |||
| Rate control: natv2PoolNotificationInterval in | Rate control: natv2PoolNotificationInterval in natv2PoolTable. | |||
| natv2PoolTable (default 20 seconds between notifications for a | ||||
| given address pool). | ||||
| Notification: natv2NotificationInstanceAddressMapEntriesHigh. | Notification: natv2NotificationInstanceAddressMapEntriesHigh. | |||
| Indicates that the total number of entries in the address map table | Indicates that the total number of entries in the address map table | |||
| over the whole NAT instance equals or exceeds the threshold value. | over the whole NAT instance equals or exceeds the threshold value. | |||
| Compared value: natv2InstanceAddressMapEntries in | Compared value: natv2InstanceAddressMapEntries in | |||
| natv2InstanceTable; | natv2InstanceTable; | |||
| Threshold: natv2InstanceThresholdAddressMapEntriesHigh in | Threshold: natv2InstanceThresholdAddressMapEntriesHigh in | |||
| natv2InstanceTable; | natv2InstanceTable; | |||
| Objects returned: natv2InstanceAddressMapEntries, | Objects returned: natv2InstanceAddressMapEntries, | |||
| natv2InstanceAddressMapCreations in natv2InstanceTable; | natv2InstanceAddressMapCreations in natv2InstanceTable; | |||
| Rate control: natv2InstanceNotificationInterval in | Rate control: natv2InstanceNotificationInterval in | |||
| natv2InstanceTable (default 10 seconds between notifications for a | natv2InstanceTable. | |||
| given NAT instance). | ||||
| Notification: natv2NotificationInstancePortMapEntriesHigh. Indicates | Notification: natv2NotificationInstancePortMapEntriesHigh. Indicates | |||
| that the total number of entries in the port map table over the whole | that the total number of entries in the port map table over the whole | |||
| NAT instance equals or exceeds the threshold value. | NAT instance equals or exceeds the threshold value. | |||
| Compared value: natv2InstancePortMapEntries in natv2InstanceTable; | Compared value: natv2InstancePortMapEntries in natv2InstanceTable; | |||
| Threshold: natv2InstanceThresholdPortMapEntriesHigh in | Threshold: natv2InstanceThresholdPortMapEntriesHigh in | |||
| natv2InstanceTable; | natv2InstanceTable; | |||
| Objects returned: natv2InstancePortMapEntries, | Objects returned: natv2InstancePortMapEntries, | |||
| natv2InstancePortMapCreations in natv2InstanceTable; | natv2InstancePortMapCreations in natv2InstanceTable; | |||
| Rate control: natv2InstanceNotificationInterval in | Rate control: natv2InstanceNotificationInterval in | |||
| natv2InstanceTable (default 10 seconds between notifications for a | natv2InstanceTable. | |||
| given NAT instance). | ||||
| Notification: natv2NotificationSubscriberPortMapEntriesHigh. | Notification: natv2NotificationSubscriberPortMapEntriesHigh. | |||
| Indicates that the total number of entries in the port map table for | Indicates that the total number of entries in the port map table for | |||
| the given subscriber equals or exceeds the threshold value configured | the given subscriber equals or exceeds the threshold value configured | |||
| for that subscriber. | for that subscriber. | |||
| Compared value: natv2SubscriberPortMapEntries in | Compared value: natv2SubscriberPortMapEntries in | |||
| natv2SubscriberTable; | natv2SubscriberTable; | |||
| Threshold: natv2SubscriberThresholdPortMapEntriesHigh in | Threshold: natv2SubscriberThresholdPortMapEntriesHigh in | |||
| natv2SubscriberTable; | natv2SubscriberTable; | |||
| Objects returned: natv2SubscriberPortMapEntries, | Objects returned: natv2SubscriberPortMapEntries, | |||
| natv2SubscriberPortMapCreations in natv2SubscriberTable; | natv2SubscriberPortMapCreations in natv2SubscriberTable; | |||
| Rate control: natv2SubscriberNotificationInterval in | Rate control: natv2SubscriberNotificationInterval in | |||
| natv2SubscriberTable (default 60 seconds between notifications for | natv2SubscriberTable. | |||
| a given subscriber). | ||||
| 3.1.3. State Information | 3.1.3. State Information | |||
| State information provides a snapshot of the content and extent of | State information provides a snapshot of the content and extent of | |||
| the NAT mapping tables at a given moment of time. The address and | the NAT mapping tables at a given moment of time. The address and | |||
| port mapping tables are described in detail below. In addition to | port mapping tables are described in detail below. In addition to | |||
| these tables, two state variables are provided: current number of | these tables, two state variables are provided: current number of | |||
| entries in the address mapping table, and current number of entries | entries in the address mapping table, and current number of entries | |||
| in the port mapping table. With one exception, these are provided at | in the port mapping table. With one exception, these are provided at | |||
| four levels of granularity: per NAT instance, per protocol, per | four levels of granularity: per NAT instance, per protocol, per | |||
| skipping to change at page 15, line 47 ¶ | skipping to change at page 15, line 47 ¶ | |||
| The state and statistical information provided by this table consists | The state and statistical information provided by this table consists | |||
| of the per-pool items described in Section 3.1.3 and Section 3.1.4 | of the per-pool items described in Section 3.1.3 and Section 3.1.4 | |||
| respectively, plus two additional state objects described below. | respectively, plus two additional state objects described below. | |||
| natv2PoolTable provides the pool-specific object | natv2PoolTable provides the pool-specific object | |||
| natv2PoolDiscontinuityTime to indicate the time since which the | natv2PoolDiscontinuityTime to indicate the time since which the | |||
| statistical counters have accumulated continuously. | statistical counters have accumulated continuously. | |||
| Read-write objects to set high and low thresholds for pool usage | Read-write objects to set high and low thresholds for pool usage | |||
| notifications and for governing notification rate were identified in | notifications and for governing notification rate were identified in | |||
| Section 3.1.2. The default interval between notifications for a | Section 3.1.2. | |||
| given address pool is set to 20 seconds. | ||||
| Implementation note: the thresholds are defined in terms of | Implementation note: the thresholds are defined in terms of | |||
| percentage of available port utilization. The number of available | percentage of available port utilization. The number of available | |||
| ports in a pool is equal to (max port - min port + 1) (from the | ports in a pool is equal to (max port - min port + 1) (from the | |||
| natv2PoolTable configuration information) multiplied by the number | natv2PoolTable configuration information) multiplied by the number | |||
| of addresses provisioned in the pool (sum of number of addresses | of addresses provisioned in the pool (sum of number of addresses | |||
| provided by each natv2PoolRangeTable conceptual row relating to | provided by each natv2PoolRangeTable conceptual row relating to | |||
| that pool). At configuration time, the thresholds can be | that pool). At configuration time, the thresholds can be | |||
| recalculated in terms of total number of port map entries | recalculated in terms of total number of port map entries | |||
| corresponding to the configured percentage, so that runtime | corresponding to the configured percentage, so that runtime | |||
| skipping to change at page 18, line 47 ¶ | skipping to change at page 18, line 45 ¶ | |||
| InetAddressType, | InetAddressType, | |||
| InetAddress, | InetAddress, | |||
| InetAddressPrefixLength, | InetAddressPrefixLength, | |||
| InetPortNumber | InetPortNumber | |||
| FROM INET-ADDRESS-MIB; -- RFC 4001 | FROM INET-ADDRESS-MIB; -- RFC 4001 | |||
| natv2MIB MODULE-IDENTITY | natv2MIB MODULE-IDENTITY | |||
| LAST-UPDATED "201502170000Z" | LAST-UPDATED "201502170000Z" | |||
| -- RFC Ed.: set to publication date | -- RFC Ed.: set to publication date | |||
| ORGANIZATION | ORGANIZATION | |||
| "IETF Behavior Engineering for Hindrance Avoidance | "IETF Behavior Engineering for Hindrance | |||
| (BEHAVE) Working Group" | Avoidance (BEHAVE) Working Group" | |||
| CONTACT-INFO | CONTACT-INFO | |||
| "Working Group Email: behave@ietf.org | "Working Group Email: behave@ietf.org | |||
| Simon Perreault | Simon Perreault | |||
| Jive Communications | Jive Communications | |||
| Quebec, QC | Quebec, QC | |||
| Canada | Canada | |||
| Email: sperreault@jive.com | Email: sperreault@jive.com | |||
| Tina Tsou | Tina Tsou | |||
| Huawei Technologies | Huawei Technologies | |||
| Bantian, Longgang | Bantian, Longgang | |||
| skipping to change at page 20, line 6 ¶ | skipping to change at page 20, line 4 ¶ | |||
| REVISION "201502170000Z" | REVISION "201502170000Z" | |||
| -- RFC Ed.: set to publication date | -- RFC Ed.: set to publication date | |||
| DESCRIPTION | DESCRIPTION | |||
| "Complete rewrite, published as RFC yyyy. | "Complete rewrite, published as RFC yyyy. | |||
| Replaces former version published as RFC 4008." | Replaces former version published as RFC 4008." | |||
| -- RFC Ed.: replace yyyy with actual RFC number and set date" | -- RFC Ed.: replace yyyy with actual RFC number and set date" | |||
| ::= { mib-2 123 } | ::= { mib-2 123 } | |||
| -- temporary for compilation pending IANA assignment | -- temporary for compilation pending IANA assignment | |||
| -- textual conventions | -- textual conventions | |||
| ProtocolNumber ::= TEXTUAL-CONVENTION | ProtocolNumber ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A protocol number, from the 'protocol-numbers' IANA | "A protocol number, from the 'protocol-numbers' IANA | |||
| registry." | registry." | |||
| REFERENCE | REFERENCE | |||
| "IANA Protocol Numbers, | "IANA Protocol Numbers, | |||
| http://www.iana.org/assignments/protocol-numbers/protocol- | http://www.iana.org/assignments/protocol-numbers | |||
| numbers.xhtml#protocol-numbers-1" | /protocol-numbers.xhtml#protocol-numbers-1" | |||
| SYNTAX Unsigned32 (0..255) | SYNTAX Unsigned32 (0..255) | |||
| Natv2SubscriberIndex ::= TEXTUAL-CONVENTION | Natv2SubscriberIndex ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A unique value, greater than zero, for each subscriber | "A unique value, greater than zero, for each subscriber | |||
| in the managed system. The value for each | in the managed system. The value for each | |||
| subscriber MUST remain constant at least from one | subscriber MUST remain constant at least from one | |||
| update of the entity's natv2SubscriberDiscontinuityTime | update of the entity's natv2SubscriberDiscontinuityTime | |||
| skipping to change at page 22, line 32 ¶ | skipping to change at page 22, line 30 ¶ | |||
| natv2NotificationPoolUsageHigh NOTIFICATION-TYPE | natv2NotificationPoolUsageHigh NOTIFICATION-TYPE | |||
| OBJECTS { natv2PoolNotifiedPortMapEntries, | OBJECTS { natv2PoolNotifiedPortMapEntries, | |||
| natv2PoolNotifiedPortMapProtocol } | natv2PoolNotifiedPortMapProtocol } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "This notification is triggered when an address pool's usage | "This notification is triggered when an address pool's usage | |||
| becomes greater than or equal to the value of the | becomes greater than or equal to the value of the | |||
| natv2PoolThresholdUsageHigh object for that pool, unless | natv2PoolThresholdUsageHigh object for that pool, unless | |||
| the notification has been disabled by setting the value of | the notification has been disabled by setting the value of | |||
| the threshold to 0. It is reported subject to the rate | the threshold to -1. It is reported subject to the rate | |||
| limitation specified by natv2PortMapNotificationInterval. | limitation specified by natv2PortMapNotificationInterval. | |||
| Address pool usage is calculated as the percentage of the | Address pool usage is calculated as the percentage of the | |||
| total number of ports allocated to the address pool that are | total number of ports allocated to the address pool that are | |||
| already in use, for the most-mapped protocol at the time the | already in use, for the most-mapped protocol at the time the | |||
| notification is triggered. The two returned objects are | notification is triggered. The two returned objects are | |||
| members of natv2PoolTable indexed by the NAT instance and | members of natv2PoolTable indexed by the NAT instance and | |||
| pool indices for which the event is being reported. They | pool indices for which the event is being reported. They | |||
| give the number of port map entries using external addresses | give the number of port map entries using external addresses | |||
| configured on the pool for the most-mapped protocol and | configured on the pool for the most-mapped protocol and | |||
| skipping to change at page 23, line 4 ¶ | skipping to change at page 22, line 50 ¶ | |||
| configured on the pool for the most-mapped protocol and | configured on the pool for the most-mapped protocol and | |||
| identify that protocol at the time the notification was | identify that protocol at the time the notification was | |||
| triggered." | triggered." | |||
| REFERENCE | REFERENCE | |||
| "RFC yyyy Section 3.1.2 and Section 3.3.6." | "RFC yyyy Section 3.1.2 and Section 3.3.6." | |||
| ::= { natv2MIBNotifications 2 } | ::= { natv2MIBNotifications 2 } | |||
| natv2NotificationInstanceAddressMapEntriesHigh NOTIFICATION-TYPE | natv2NotificationInstanceAddressMapEntriesHigh NOTIFICATION-TYPE | |||
| OBJECTS { natv2InstanceAddressMapEntries, | OBJECTS { natv2InstanceAddressMapEntries, | |||
| natv2InstanceAddressMapCreations } | natv2InstanceAddressMapCreations } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "This notification is triggered when the value of | "This notification is triggered when the value of | |||
| natv2InstanceAddressMapEntries equals or exceeds the value | natv2InstanceAddressMapEntries equals or exceeds the value | |||
| of the natv2InstanceThresholdAddressMapEntriesHigh object | of the natv2InstanceThresholdAddressMapEntriesHigh object | |||
| for the NAT instance, unless disabled by setting that | for the NAT instance, unless disabled by setting that | |||
| threshold to 0. Reporting is subject to the rate limitation | threshold to -1. Reporting is subject to the rate limitation | |||
| given by natv2InstanceNotificationInterval. | given by natv2InstanceNotificationInterval. | |||
| natv2InstanceAddressMapEntries and | natv2InstanceAddressMapEntries and | |||
| natv2InstanceAddressMapCreations are members of table | natv2InstanceAddressMapCreations are members of table | |||
| natv2InstanceTable indexed by the identifier of the NAT | natv2InstanceTable indexed by the identifier of the NAT | |||
| instance for which the event is being reported. The values | instance for which the event is being reported. The values | |||
| reported are those observed at the moment the notification | reported are those observed at the moment the notification | |||
| was triggered." | was triggered." | |||
| REFERENCE | REFERENCE | |||
| "RFC yyyy Section 3.1.2." | "RFC yyyy Section 3.1.2." | |||
| ::= { natv2MIBNotifications 3 } | ::= { natv2MIBNotifications 3 } | |||
| natv2NotificationInstancePortMapEntriesHigh NOTIFICATION-TYPE | natv2NotificationInstancePortMapEntriesHigh NOTIFICATION-TYPE | |||
| OBJECTS { natv2InstancePortMapEntries, | OBJECTS { natv2InstancePortMapEntries, | |||
| natv2InstancePortMapCreations } | natv2InstancePortMapCreations } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "This notification is triggered when the value of | "This notification is triggered when the value of | |||
| natv2InstancePortMapEntries becomes greater than or equal to | natv2InstancePortMapEntries becomes greater than or equal | |||
| the value of natv2InstanceThresholdPortMapEntriesHigh, | to the value of natv2InstanceThresholdPortMapEntriesHigh, | |||
| unless disabled by setting that threshold to 0. Reporting is | unless disabled by setting that threshold to -1. Reporting | |||
| subject to the rate limitation given by | is subject to the rate limitation given by | |||
| natv2InstanceNotificationInterval. | natv2InstanceNotificationInterval. | |||
| natv2InstancePortMapEntries and | natv2InstancePortMapEntries and | |||
| natv2InstancePortMapCreations are members of table | natv2InstancePortMapCreations are members of table | |||
| natv2InstanceTable indexed by the identifier of the NAT | natv2InstanceTable indexed by the identifier of the NAT | |||
| instance for which the event is being reported. The values | instance for which the event is being reported. The values | |||
| reported are those observed at the moment the notification | reported are those observed at the moment the notification | |||
| was triggered." | was triggered." | |||
| ::= { natv2MIBNotifications 4 } | ::= { natv2MIBNotifications 4 } | |||
| natv2NotificationSubscriberPortMappingEntriesHigh | natv2NotificationSubscriberPortMappingEntriesHigh | |||
| NOTIFICATION-TYPE | NOTIFICATION-TYPE | |||
| OBJECTS { natv2SubscriberPortMapEntries, | OBJECTS { natv2SubscriberPortMapEntries, | |||
| natv2SubscriberPortMapCreations } | natv2SubscriberPortMapCreations } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "This notification is triggered when the value of | "This notification is triggered when the value of | |||
| natv2SubscriberPortMapEntries for an individual subscriber | natv2SubscriberPortMapEntries for an individual subscriber | |||
| becomes greater than or equal to the value of the | becomes greater than or equal to the value of the | |||
| natv2SubscriberThresholdPortMapEntriesHigh object for that | natv2SubscriberThresholdPortMapEntriesHigh object for that | |||
| subscriber, unless disabled by setting that threshold to 0. | subscriber, unless disabled by setting that threshold to -1. | |||
| Reporting is subject to the rate limitation given by | Reporting is subject to the rate limitation given by | |||
| natv2SubscriberNotificationInterval. | natv2SubscriberNotificationInterval. | |||
| natv2SubscriberPortMapEntries and | natv2SubscriberPortMapEntries and | |||
| natv2SubscriberPortMapCreations are members of table | natv2SubscriberPortMapCreations are members of table | |||
| natv2SubscriberTable indexed by the subscriber for | natv2SubscriberTable indexed by the subscriber for | |||
| which the event is being reported. The values | which the event is being reported. The values | |||
| reported are those observed at the moment the notification | reported are those observed at the moment the notification | |||
| was triggered." | was triggered." | |||
| ::= { natv2MIBNotifications 5 } | ::= { natv2MIBNotifications 5 } | |||
| skipping to change at page 25, line 17 ¶ | skipping to change at page 25, line 15 ¶ | |||
| natv2SubscriberPortMapEntries Unsigned32, | natv2SubscriberPortMapEntries Unsigned32, | |||
| -- Counters and last discontinuity time | -- Counters and last discontinuity time | |||
| natv2SubscriberTranslations Counter64, | natv2SubscriberTranslations Counter64, | |||
| natv2SubscriberAddressMapCreations Counter64, | natv2SubscriberAddressMapCreations Counter64, | |||
| natv2SubscriberPortMapCreations Counter64, | natv2SubscriberPortMapCreations Counter64, | |||
| natv2SubscriberAddressMapFailureDrops Counter64, | natv2SubscriberAddressMapFailureDrops Counter64, | |||
| natv2SubscriberPortMapFailureDrops Counter64, | natv2SubscriberPortMapFailureDrops Counter64, | |||
| natv2SubscriberDiscontinuityTime TimeStamp, | natv2SubscriberDiscontinuityTime TimeStamp, | |||
| -- Read-write controls | -- Read-write controls | |||
| natv2SubscriberLimitPortMapEntries Unsigned32, | natv2SubscriberLimitPortMapEntries Unsigned32, | |||
| -- Disable limit by setting to 0 (default) | -- Disable notifications by setting threshold to -1 | |||
| natv2SubscriberThresholdPortMapEntriesHigh Unsigned32, | natv2SubscriberThresholdPortMapEntriesHigh Integer32, | |||
| -- Disable notifications by setting threshold to 0 (default) | -- Disable limit by setting to 0 | |||
| natv2SubscriberNotificationInterval Unsigned32 | natv2SubscriberNotificationInterval Unsigned32 | |||
| -- Default is 60 seconds | ||||
| } | } | |||
| natv2SubscriberIndex OBJECT-TYPE | natv2SubscriberIndex OBJECT-TYPE | |||
| SYNTAX Natv2SubscriberIndex | SYNTAX Natv2SubscriberIndex | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A unique value, greater than zero, for each subscriber | "A unique value, greater than zero, for each subscriber | |||
| in the managed system. The value for each | in the managed system. The value for each | |||
| subscriber MUST remain constant at least from one | subscriber MUST remain constant at least from one | |||
| skipping to change at page 26, line 38 ¶ | skipping to change at page 26, line 35 ¶ | |||
| the outer packet header." | the outer packet header." | |||
| REFERENCE | REFERENCE | |||
| "DS-Lite: RFC 6333." | "DS-Lite: RFC 6333." | |||
| ::= { natv2SubscriberEntry 3 } | ::= { natv2SubscriberEntry 3 } | |||
| natv2SubscriberInternalPrefix OBJECT-TYPE | natv2SubscriberInternalPrefix OBJECT-TYPE | |||
| SYNTAX InetAddress | SYNTAX InetAddress | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Prefix assigned to a subscriber's CPE. Source addresses of | "Prefix assigned to a subscriber's CPE. The type of this | |||
| packets outgoing from the subscriber will be contained | prefix is given by natv2SubscriberInternalPrefixType. Source | |||
| within this prefix. In the case of DS-Lite access, | addresses of packets outgoing from the subscriber will be | |||
| the source address taken from the prefix will be | contained within this prefix. In the case of DS-Lite | |||
| access, the source address taken from the prefix will be | ||||
| that of the outer header." | that of the outer header." | |||
| REFERENCE | REFERENCE | |||
| "DS-Lite: RFC 6333." | "DS-Lite: RFC 6333." | |||
| ::= { natv2SubscriberEntry 4 } | ::= { natv2SubscriberEntry 4 } | |||
| natv2SubscriberInternalPrefixLength OBJECT-TYPE | natv2SubscriberInternalPrefixLength OBJECT-TYPE | |||
| SYNTAX InetAddressPrefixLength | SYNTAX InetAddressPrefixLength | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| skipping to change at page 31, line 6 ¶ | skipping to change at page 31, line 5 ¶ | |||
| SYNTAX Unsigned32 | SYNTAX Unsigned32 | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Limit on total number of port mappings active for this | "Limit on total number of port mappings active for this | |||
| subscriber (natv2SubscriberPortMapEntries). Once this limit | subscriber (natv2SubscriberPortMapEntries). Once this limit | |||
| is reached, packets that might have triggered new port | is reached, packets that might have triggered new port | |||
| mappings are dropped. The number of such packets dropped is | mappings are dropped. The number of such packets dropped is | |||
| counted in natv2InstancePortMapFailureDrops. | counted in natv2InstancePortMapFailureDrops. | |||
| Limit is disabled if set to zero (default)." | Limit is disabled if set to zero." | |||
| DEFVAL | DEFVAL | |||
| { 0 } | { 0 } | |||
| ::= { natv2SubscriberEntry 15 } | ::= { natv2SubscriberEntry 15 } | |||
| natv2SubscriberThresholdPortMapEntriesHigh OBJECT-TYPE | natv2SubscriberThresholdPortMapEntriesHigh OBJECT-TYPE | |||
| SYNTAX Unsigned32 | SYNTAX Integer32 | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Notification threshold for total number of port mappings | "Notification threshold for total number of port mappings | |||
| active for this subscriber. Whenever | active for this subscriber. Whenever | |||
| natv2SubscriberPortMapEntries is updated, if it equals or | natv2SubscriberPortMapEntries is updated, if it equals or | |||
| exceeds natv2SubscriberThresholdPortMapEntriesHigh, the | exceeds natv2SubscriberThresholdPortMapEntriesHigh, the | |||
| notification | notification | |||
| natv2NotificationSubscriberPortMappingEntriesHigh is | natv2NotificationSubscriberPortMappingEntriesHigh is | |||
| triggered, unless the notification is disabled by setting | triggered, unless the notification is disabled by setting | |||
| the threshold to 0. Reporting is subject to the minimum | the threshold to -1. Reporting is subject to the minimum | |||
| inter-notification interval given by | inter-notification interval given by | |||
| natv2SubscriberNotificationInterval. If multiple | natv2SubscriberNotificationInterval. If multiple | |||
| notifications are triggered during one interval, the agent | notifications are triggered during one interval, the agent | |||
| MUST report only the one containing the highest value of | MUST report only the one containing the highest value of | |||
| natv2SubscriberPortMapEntries and discard the others." | natv2SubscriberPortMapEntries and discard the others." | |||
| DEFVAL | DEFVAL | |||
| { 0 } | { -1 } | |||
| ::= { natv2SubscriberEntry 16 } | ::= { natv2SubscriberEntry 16 } | |||
| natv2SubscriberNotificationInterval OBJECT-TYPE | natv2SubscriberNotificationInterval OBJECT-TYPE | |||
| SYNTAX Unsigned32 (1..3600) | SYNTAX Unsigned32 (1..3600) | |||
| UNITS | UNITS | |||
| "Seconds" | "Seconds" | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Minimum number of seconds (default 60) between successive | "Minimum number of seconds between successive | |||
| reporting of notifications for this subscriber. Controls the | reporting of notifications for this subscriber. Controls the | |||
| reporting of | reporting of | |||
| natv2NotificationSubscriberPortMappingEntriesHigh." | natv2NotificationSubscriberPortMappingEntriesHigh." | |||
| DEFVAL | DEFVAL | |||
| { 60 } | { 60 } | |||
| ::= { natv2SubscriberEntry 17 } | ::= { natv2SubscriberEntry 17 } | |||
| -- Per-NAT-instance objects | -- Per-NAT-instance objects | |||
| natv2MIBInstanceObjects OBJECT IDENTIFIER ::= { natv2MIB 2 } | natv2MIBInstanceObjects OBJECT IDENTIFIER ::= { natv2MIB 2 } | |||
| -- Instance table | ||||
| -- Instance table | ||||
| natv2InstanceTable OBJECT-TYPE | natv2InstanceTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF Natv2InstanceEntry | SYNTAX SEQUENCE OF Natv2InstanceEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Table of NAT instances. As well as state and counter | "Table of NAT instances. As well as state and counter | |||
| objects, it provides the instance index, instance name, and | objects, it provides the instance index, instance name, and | |||
| the last discontinuity time object which is applicable to | the last discontinuity time object which is applicable to | |||
| the counters. It also contains writable thresholds for | the counters. It also contains writable thresholds for | |||
| reporting of notifications and limits on usage of resources | reporting of notifications and limits on usage of resources | |||
| skipping to change at page 33, line 40 ¶ | skipping to change at page 33, line 38 ¶ | |||
| natv2InstanceAddressMapCreations Counter64, | natv2InstanceAddressMapCreations Counter64, | |||
| natv2InstancePortMapCreations Counter64, | natv2InstancePortMapCreations Counter64, | |||
| natv2InstanceAddressMapEntryLimitDrops Counter64, | natv2InstanceAddressMapEntryLimitDrops Counter64, | |||
| natv2InstancePortMapEntryLimitDrops Counter64, | natv2InstancePortMapEntryLimitDrops Counter64, | |||
| natv2InstanceSubscriberActiveLimitDrops Counter64, | natv2InstanceSubscriberActiveLimitDrops Counter64, | |||
| natv2InstanceAddressMapFailureDrops Counter64, | natv2InstanceAddressMapFailureDrops Counter64, | |||
| natv2InstancePortMapFailureDrops Counter64, | natv2InstancePortMapFailureDrops Counter64, | |||
| natv2InstanceFragmentDrops Counter64, | natv2InstanceFragmentDrops Counter64, | |||
| natv2InstanceOtherResourceFailureDrops Counter64, | natv2InstanceOtherResourceFailureDrops Counter64, | |||
| natv2InstanceDiscontinuityTime TimeStamp, | natv2InstanceDiscontinuityTime TimeStamp, | |||
| -- Notification thresholds, disabled if set to 0 | -- Notification thresholds, disabled if set to -1 | |||
| natv2InstanceThresholdAddressMapEntriesHigh Unsigned32, | natv2InstanceThresholdAddressMapEntriesHigh Integer32, | |||
| natv2InstanceThresholdPortMapEntriesHigh Unsigned32, | natv2InstanceThresholdPortMapEntriesHigh Integer32, | |||
| natv2InstanceNotificationInterval Unsigned32, | natv2InstanceNotificationInterval Unsigned32, | |||
| -- Limits, disabled if set to 0 | -- Limits, disabled if set to 0 | |||
| natv2InstanceLimitAddressMapEntries Unsigned32, | natv2InstanceLimitAddressMapEntries Unsigned32, | |||
| natv2InstanceLimitPortMapEntries Unsigned32, | natv2InstanceLimitPortMapEntries Unsigned32, | |||
| natv2InstanceLimitPendingFragments Unsigned32, | natv2InstanceLimitPendingFragments Unsigned32, | |||
| natv2InstanceLimitSubscriberActives Unsigned32 | natv2InstanceLimitSubscriberActives Unsigned32 | |||
| } | } | |||
| natv2InstanceIndex OBJECT-TYPE | natv2InstanceIndex OBJECT-TYPE | |||
| SYNTAX Natv2InstanceIndex | SYNTAX Natv2InstanceIndex | |||
| skipping to change at page 43, line 14 ¶ | skipping to change at page 43, line 10 ¶ | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Snapshot of the value of the sysUpTime object at the | "Snapshot of the value of the sysUpTime object at the | |||
| beginning of the latest period of continuity of the | beginning of the latest period of continuity of the | |||
| statistical counters associated with this NAT instance." | statistical counters associated with this NAT instance." | |||
| ::= { natv2InstanceEntry 19 } | ::= { natv2InstanceEntry 19 } | |||
| -- Notification thresholds, disabled by setting to zero | -- Notification thresholds, disabled by setting to zero | |||
| natv2InstanceThresholdAddressMapEntriesHigh OBJECT-TYPE | natv2InstanceThresholdAddressMapEntriesHigh OBJECT-TYPE | |||
| SYNTAX Unsigned32 | SYNTAX Integer32 | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Notification threshold for total number of address map | "Notification threshold for total number of address map | |||
| entries held by this NAT instance. Whenever | entries held by this NAT instance. Whenever | |||
| natv2InstanceAddressMapEntries is updated, if it equals or | natv2InstanceAddressMapEntries is updated, if it equals or | |||
| exceeds natv2InstanceThresholdAddressMapEntriesHigh, then | exceeds natv2InstanceThresholdAddressMapEntriesHigh, then | |||
| natv2NotificationInstanceAddressMapEntriesHigh may be | natv2NotificationInstanceAddressMapEntriesHigh may be | |||
| triggered, unless the notification is disabled by setting | triggered, unless the notification is disabled by setting | |||
| the threshold to 0. Reporting is subject to the minimum | the threshold to -1. Reporting is subject to the minimum | |||
| inter-notification interval given by | inter-notification interval given by | |||
| natv2InstanceNotificationInterval. If multiple notifications | natv2InstanceNotificationInterval. If multiple notifications | |||
| are triggered during one interval, the agent MUST report | are triggered during one interval, the agent MUST report | |||
| only the one containing the highest value of | only the one containing the highest value of | |||
| natv2InstanceAddressMapEntries and discard the others." | natv2InstanceAddressMapEntries and discard the others." | |||
| DEFVAL | DEFVAL | |||
| { 0 } | { -1 } | |||
| ::= { natv2InstanceEntry 20 } | ::= { natv2InstanceEntry 20 } | |||
| natv2InstanceThresholdPortMapEntriesHigh OBJECT-TYPE | natv2InstanceThresholdPortMapEntriesHigh OBJECT-TYPE | |||
| SYNTAX Unsigned32 | SYNTAX Integer32 | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Notification threshold for total number of port map | "Notification threshold for total number of port map | |||
| entries held by this NAT instance. Whenever | entries held by this NAT instance. Whenever | |||
| natv2InstancePortMapEntries is updated, if it equals or | natv2InstancePortMapEntries is updated, if it equals or | |||
| exceeds natv2InstanceThresholdPortMapEntriesHigh, then | exceeds natv2InstanceThresholdPortMapEntriesHigh, then | |||
| natv2NotificationInstancePortMapEntriesHigh may be | natv2NotificationInstancePortMapEntriesHigh may be | |||
| triggered, unless the notification is disabled by setting | triggered, unless the notification is disabled by setting | |||
| the threshold to 0. Reporting is subject to the minimum | the threshold to -1. Reporting is subject to the minimum | |||
| inter-notification interval given by | inter-notification interval given by | |||
| natv2InstanceNotificationInterval. If multiple notifications | natv2InstanceNotificationInterval. If multiple notifications | |||
| are triggered during one interval, the agent MUST report | are triggered during one interval, the agent MUST report | |||
| only the one containing the highest value of | only the one containing the highest value of | |||
| natv2InstancePortMapEntries and discard the others." | natv2InstancePortMapEntries and discard the others." | |||
| DEFVAL | DEFVAL | |||
| { 0 } | { -1 } | |||
| ::= { natv2InstanceEntry 21 } | ::= { natv2InstanceEntry 21 } | |||
| natv2InstanceNotificationInterval OBJECT-TYPE | natv2InstanceNotificationInterval OBJECT-TYPE | |||
| SYNTAX Unsigned32 (1..3600) | SYNTAX Unsigned32 (1..3600) | |||
| UNITS | UNITS | |||
| "Seconds" | "Seconds" | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Minimum number of seconds (default 10) between successive | "Minimum number of seconds between successive | |||
| notifications for this NAT instance. Controls the reporting | notifications for this NAT instance. Controls the reporting | |||
| of natv2NotificationInstanceAddressMapEntriesHigh and | of natv2NotificationInstanceAddressMapEntriesHigh and | |||
| natv2NotificationInstancePortMapEntriesHigh." | natv2NotificationInstancePortMapEntriesHigh." | |||
| DEFVAL | DEFVAL | |||
| { 10 } | { 10 } | |||
| ::= { natv2InstanceEntry 22 } | ::= { natv2InstanceEntry 22 } | |||
| -- Limits, disabled if set to 0 | -- Limits, disabled if set to 0 | |||
| natv2InstanceLimitAddressMapEntries OBJECT-TYPE | natv2InstanceLimitAddressMapEntries OBJECT-TYPE | |||
| skipping to change at page 44, line 37 ¶ | skipping to change at page 44, line 33 ¶ | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Limit on total number of address map entries supported by | "Limit on total number of address map entries supported by | |||
| the NAT instance. When natv2InstanceAddressMapEntries has | the NAT instance. When natv2InstanceAddressMapEntries has | |||
| reached this limit, subsequent packets that would normally | reached this limit, subsequent packets that would normally | |||
| trigger creation of a new address map entry will be dropped | trigger creation of a new address map entry will be dropped | |||
| and counted in natv2InstanceAddressMapEntryLimitDrops. | and counted in natv2InstanceAddressMapEntryLimitDrops. | |||
| Warning of an approach to this limit can be achieved by | Warning of an approach to this limit can be achieved by | |||
| setting natv2InstanceThresholdAddressMapEntriesHigh to a | setting natv2InstanceThresholdAddressMapEntriesHigh to a | |||
| non-zero value, for example, 80% of the limit. The limit is | non-zero value, for example, 80% of the limit. The limit is | |||
| disabled by setting its value to zero (default value). | disabled by setting its value to zero. | |||
| For further information please see the descriptions of | For further information please see the descriptions of | |||
| natv2NotificationInstanceAddressMapEntriesHigh and | natv2NotificationInstanceAddressMapEntriesHigh and | |||
| natv2InstanceAddressMapEntries." | natv2InstanceAddressMapEntries." | |||
| DEFVAL | DEFVAL | |||
| { 0 } | { 0 } | |||
| ::= { natv2InstanceEntry 23 } | ::= { natv2InstanceEntry 23 } | |||
| natv2InstanceLimitPortMapEntries OBJECT-TYPE | natv2InstanceLimitPortMapEntries OBJECT-TYPE | |||
| SYNTAX Unsigned32 | SYNTAX Unsigned32 | |||
| skipping to change at page 45, line 11 ¶ | skipping to change at page 45, line 7 ¶ | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Limit on total number of port map entries supported by the | "Limit on total number of port map entries supported by the | |||
| NAT instance. When natv2InstancePortMapEntries has reached | NAT instance. When natv2InstancePortMapEntries has reached | |||
| this limit, subsequent packets that would normally trigger | this limit, subsequent packets that would normally trigger | |||
| creation of a new port map entry will be dropped and counted | creation of a new port map entry will be dropped and counted | |||
| in natv2InstancePortMapEntryLimitDrops. Warning of an | in natv2InstancePortMapEntryLimitDrops. Warning of an | |||
| approach to this limit can be achieved by setting | approach to this limit can be achieved by setting | |||
| natv2InstanceThresholdPortMapEntriesHigh to a non-zero | natv2InstanceThresholdPortMapEntriesHigh to a non-zero | |||
| value, for example, 80% of the limit. The limit is disabled | value, for example, 80% of the limit. The limit is disabled | |||
| by setting its value to zero (default value). | by setting its value to zero. | |||
| For further information please see the descriptions of | For further information please see the descriptions of | |||
| natv2NotificationInstancePortMapEntriesHigh and | natv2NotificationInstancePortMapEntriesHigh and | |||
| natv2InstancePortMapEntries." | natv2InstancePortMapEntries." | |||
| DEFVAL | DEFVAL | |||
| { 0 } | { 0 } | |||
| ::= { natv2InstanceEntry 24 } | ::= { natv2InstanceEntry 24 } | |||
| natv2InstanceLimitPendingFragments OBJECT-TYPE | natv2InstanceLimitPendingFragments OBJECT-TYPE | |||
| SYNTAX Unsigned32 | SYNTAX Unsigned32 | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Limit on number of out-of-order fragments received by the | "Limit on number of out-of-order fragments received by the | |||
| NAT instance from remote sources and held until head of | NAT instance from remote sources and held until head of | |||
| chain appears. While the number of held fragments is at this | chain appears. While the number of held fragments is at this | |||
| limit, subsequent packets that contain fragments not | limit, subsequent packets that contain fragments not | |||
| relating to those already held will be dropped and counted | relating to those already held will be dropped and counted | |||
| in natv2InstancePendingFragmentLimitDrops. The limit is | in natv2InstancePendingFragmentLimitDrops. The limit is | |||
| disabled by setting the value to zero (default value). | disabled by setting the value to zero. | |||
| Applicable only when the NAT instance supports 'Receive | Applicable only when the NAT instance supports 'Receive | |||
| Fragments Out of Order' behavior, leave at default | Fragments Out of Order' behavior, leave at default | |||
| otherwise. See the description of | otherwise. See the description of | |||
| natv2InstanceFragmentBehavior." | natv2InstanceFragmentBehavior." | |||
| REFERENCE | REFERENCE | |||
| "RFC 4787 Section 11" | "RFC 4787 Section 11" | |||
| DEFVAL { 0 } | DEFVAL { 0 } | |||
| ::= { natv2InstanceEntry 25 } | ::= { natv2InstanceEntry 25 } | |||
| skipping to change at page 46, line 7 ¶ | skipping to change at page 45, line 51 ¶ | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Limit on number of total number of active subscribers | "Limit on number of total number of active subscribers | |||
| supported by the NAT instance. An active subscriber is | supported by the NAT instance. An active subscriber is | |||
| defined as any subscriber with at least one map entry, | defined as any subscriber with at least one map entry, | |||
| including static mappings. While the number of active | including static mappings. While the number of active | |||
| subscribers is at this limit, subsequent packets that would | subscribers is at this limit, subsequent packets that would | |||
| otherwise trigger first mappings for newly active | otherwise trigger first mappings for newly active | |||
| subscribers will be dropped and counted in | subscribers will be dropped and counted in | |||
| natv2InstanceSubscriberActiveLimitDrops. The limit is | natv2InstanceSubscriberActiveLimitDrops. The limit is | |||
| disabled by setting the value to zero (default value)." | disabled by setting the value to zero." | |||
| DEFVAL { 0 } | DEFVAL { 0 } | |||
| ::= { natv2InstanceEntry 26 } | ::= { natv2InstanceEntry 26 } | |||
| -- Table of counters per upper layer protocol identified by the | -- Table of counters per upper layer protocol identified by the | |||
| -- packet header and supported by the NAT instance | -- packet header and supported by the NAT instance | |||
| natv2ProtocolTable OBJECT-TYPE | natv2ProtocolTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF Natv2ProtocolEntry | SYNTAX SEQUENCE OF Natv2ProtocolEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| skipping to change at page 50, line 40 ¶ | skipping to change at page 50, line 37 ¶ | |||
| natv2PoolAddressMapEntries Unsigned32, | natv2PoolAddressMapEntries Unsigned32, | |||
| natv2PoolPortMapEntries Unsigned32, | natv2PoolPortMapEntries Unsigned32, | |||
| -- Statistics and discontinuity time | -- Statistics and discontinuity time | |||
| natv2PoolAddressMapCreations Counter64, | natv2PoolAddressMapCreations Counter64, | |||
| natv2PoolPortMapCreations Counter64, | natv2PoolPortMapCreations Counter64, | |||
| natv2PoolAddressMapFailureDrops Counter64, | natv2PoolAddressMapFailureDrops Counter64, | |||
| natv2PoolPortMapFailureDrops Counter64, | natv2PoolPortMapFailureDrops Counter64, | |||
| natv2PoolDiscontinuityTime TimeStamp, | natv2PoolDiscontinuityTime TimeStamp, | |||
| -- Notification thresholds and objects returned by notifications | -- Notification thresholds and objects returned by notifications | |||
| natv2PoolThresholdUsageLow Integer32, | natv2PoolThresholdUsageLow Integer32, | |||
| natv2PoolThresholdUsageHigh Unsigned32, | natv2PoolThresholdUsageHigh Integer32, | |||
| natv2PoolNotifiedPortMapEntries Unsigned32, | natv2PoolNotifiedPortMapEntries Unsigned32, | |||
| natv2PoolNotifiedPortMapProtocol ProtocolNumber, | natv2PoolNotifiedPortMapProtocol ProtocolNumber, | |||
| natv2PoolNotificationInterval Unsigned32 | natv2PoolNotificationInterval Unsigned32 | |||
| } | } | |||
| natv2PoolInstanceIndex OBJECT-TYPE | natv2PoolInstanceIndex OBJECT-TYPE | |||
| SYNTAX Natv2InstanceIndex | SYNTAX Natv2InstanceIndex | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| skipping to change at page 55, line 14 ¶ | skipping to change at page 55, line 11 ¶ | |||
| SYNTAX TimeStamp | SYNTAX TimeStamp | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Snapshot of the value of the sysUpTime object at the | "Snapshot of the value of the sysUpTime object at the | |||
| beginning of the latest period of continuity of the | beginning of the latest period of continuity of the | |||
| statistical counters associated with this address | statistical counters associated with this address | |||
| pool. This MUST be initialized when the address pool | pool. This MUST be initialized when the address pool | |||
| is configured and MUST be updated whenever the port | is configured and MUST be updated whenever the port | |||
| or address ranges allocated to the pool change." | or address ranges allocated to the pool change." | |||
| ::= { natv2PoolEntry 14 } | ::= { natv2PoolEntry 13 } | |||
| -- Notification thresholds and objects returned by notifications | -- Notification thresholds and objects returned by notifications | |||
| natv2PoolThresholdUsageLow OBJECT-TYPE | natv2PoolThresholdUsageLow OBJECT-TYPE | |||
| SYNTAX Integer32 (-1|0..100) | SYNTAX Integer32 (-1|0..100) | |||
| UNITS "Percent" | UNITS "Percent" | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Threshold for reporting low utilization of the address pool. | "Threshold for reporting low utilization of the address pool. | |||
| Utilization at a given instant is calculated as the | Utilization at a given instant is calculated as the | |||
| skipping to change at page 55, line 45 ¶ | skipping to change at page 55, line 42 ¶ | |||
| natv2PoolNotifiedPortMapEntries and discard the others. | natv2PoolNotifiedPortMapEntries and discard the others. | |||
| Implementation note: the percentage specified by this object | Implementation note: the percentage specified by this object | |||
| can be converted to a number of port map entries at | can be converted to a number of port map entries at | |||
| configuration time (after port and address ranges have been | configuration time (after port and address ranges have been | |||
| configured or reconfigured) and compared to the current | configured or reconfigured) and compared to the current | |||
| value of natv2PoolNotifiedPortMapEntries." | value of natv2PoolNotifiedPortMapEntries." | |||
| REFERENCE | REFERENCE | |||
| "RFC yyyy Section 3.1.2 and Section 3.3.6." | "RFC yyyy Section 3.1.2 and Section 3.3.6." | |||
| DEFVAL { -1 } | DEFVAL { -1 } | |||
| ::= { natv2PoolEntry 15 } | ::= { natv2PoolEntry 14 } | |||
| natv2PoolThresholdUsageHigh OBJECT-TYPE | natv2PoolThresholdUsageHigh OBJECT-TYPE | |||
| SYNTAX Unsigned32 (0..100) | SYNTAX Integer32 (-1|0..100) | |||
| UNITS "Percent" | UNITS "Percent" | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Threshold for reporting high utilization of the address | "Threshold for reporting high utilization of the address | |||
| pool. Utilization at a given instant is calculated as the | pool. Utilization at a given instant is calculated as the | |||
| percentage of ports allocated in port map entries for the | percentage of ports allocated in port map entries for the | |||
| most-used protocol at that instant. If utilization is | most-used protocol at that instant. If utilization is | |||
| greater than or equal to natv2PoolThresholdUsageHigh, an | greater than or equal to natv2PoolThresholdUsageHigh, an | |||
| instance of natv2NotificationPoolUsageHigh may be triggered, | instance of natv2NotificationPoolUsageHigh may be triggered, | |||
| unless disabled by setting it to 0. | unless disabled by setting it to -1. | |||
| Reporting is subject to the per-pool notification interval | Reporting is subject to the per-pool notification interval | |||
| given by natv2PoolNotificationInterval. If multiple | given by natv2PoolNotificationInterval. If multiple | |||
| notifications are triggered during one interval, the agent | notifications are triggered during one interval, the agent | |||
| MUST report only the one with the highest value of | MUST report only the one with the highest value of | |||
| natv2PoolNotifiedPortMapEntries and discard the others. In | natv2PoolNotifiedPortMapEntries and discard the others. In | |||
| the rare case where both upper and lower thresholds | the rare case where both upper and lower thresholds | |||
| are crossed in the same interval, the agent MUST report only | are crossed in the same interval, the agent MUST report only | |||
| the upper threshold notification. | the upper threshold notification. | |||
| Implementation note: the percentage specified by this object | Implementation note: the percentage specified by this object | |||
| can be converted to a number of port map entries at | can be converted to a number of port map entries at | |||
| configuration time (after port and address ranges have been | configuration time (after port and address ranges have been | |||
| configured or reconfigured) and compared to the current | configured or reconfigured) and compared to the current | |||
| value of natv2PoolNotifiedPortMapEntries." | value of natv2PoolNotifiedPortMapEntries." | |||
| DEFVAL { 0 } | DEFVAL { -1 } | |||
| ::= { natv2PoolEntry 16 } | ::= { natv2PoolEntry 15 } | |||
| natv2PoolNotifiedPortMapEntries OBJECT-TYPE | natv2PoolNotifiedPortMapEntries OBJECT-TYPE | |||
| SYNTAX Unsigned32 | SYNTAX Unsigned32 | |||
| MAX-ACCESS accessible-for-notify | MAX-ACCESS accessible-for-notify | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Number of port map entries using addresses and ports from | "Number of port map entries using addresses and ports from | |||
| this address pool for the most-used protocol at a given | this address pool for the most-used protocol at a given | |||
| instant. One of the objects returned by | instant. One of the objects returned by | |||
| natv2NotificationPoolUsageLow and | natv2NotificationPoolUsageLow and | |||
| natv2NotificationPoolUsageHigh." | natv2NotificationPoolUsageHigh." | |||
| ::= { natv2PoolEntry 17 } | ::= { natv2PoolEntry 16 } | |||
| natv2PoolNotifiedPortMapProtocol OBJECT-TYPE | natv2PoolNotifiedPortMapProtocol OBJECT-TYPE | |||
| SYNTAX ProtocolNumber | SYNTAX ProtocolNumber | |||
| MAX-ACCESS accessible-for-notify | MAX-ACCESS accessible-for-notify | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The most-used protocol (i.e., with the largest number of | "The most-used protocol (i.e., with the largest number of | |||
| port map entries) mapped into this address pool at a given | port map entries) mapped into this address pool at a given | |||
| instant. One of the objects returned by | instant. One of the objects returned by | |||
| natv2NotificationPoolUsageLow and | natv2NotificationPoolUsageLow and | |||
| natv2NotificationPoolUsageHigh." | natv2NotificationPoolUsageHigh." | |||
| ::= { natv2PoolEntry 17 } | ||||
| ::= { natv2PoolEntry 18 } | ||||
| natv2PoolNotificationInterval OBJECT-TYPE | natv2PoolNotificationInterval OBJECT-TYPE | |||
| SYNTAX Unsigned32 (1..3600) | SYNTAX Unsigned32 (1..3600) | |||
| UNITS | UNITS | |||
| "Seconds" | "Seconds" | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Minimum number of seconds (default 20) between successive | "Minimum number of seconds between successive | |||
| notifications for this address pool. Controls the generation | notifications for this address pool. Controls the generation | |||
| of natv2NotificationPoolUsageLow and | of natv2NotificationPoolUsageLow and | |||
| natv2NotificationPoolUsageHigh." | natv2NotificationPoolUsageHigh." | |||
| DEFVAL | DEFVAL | |||
| { 20 } | { 20 } | |||
| ::= { natv2PoolEntry 19 } | ::= { natv2PoolEntry 18 } | |||
| natv2PoolRangeTable OBJECT-TYPE | natv2PoolRangeTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF Natv2PoolRangeEntry | SYNTAX SEQUENCE OF Natv2PoolRangeEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "This table contains address ranges used by pool entries. | "This table contains address ranges used by pool entries. | |||
| It is an expansion of natv2PoolTable." | It is an expansion of natv2PoolTable." | |||
| REFERENCE | REFERENCE | |||
| "RFC yyyy <xref target='poolRangeTable'/>." | "RFC yyyy <xref target='poolRangeTable'/>." | |||
| skipping to change at page 61, line 22 ¶ | skipping to change at page 61, line 19 ¶ | |||
| Section 6.6 on the need to have the IPv6 tunnel source | Section 6.6 on the need to have the IPv6 tunnel source | |||
| address in the NAT mapping tables." | address in the NAT mapping tables." | |||
| ::= { natv2AddressMapEntry 3 } | ::= { natv2AddressMapEntry 3 } | |||
| natv2AddressMapInternalAddress OBJECT-TYPE | natv2AddressMapInternalAddress OBJECT-TYPE | |||
| SYNTAX InetAddress (SIZE (0..16)) | SYNTAX InetAddress (SIZE (0..16)) | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Source address of packets originating from the interior | "Source address of packets originating from the interior | |||
| of the association provided by this mapping. | of the association provided by this mapping. The address | |||
| type is given by natv2AddressMapInternalAddressType. | ||||
| In the case of DS-Lite [RFC 6333], this is the IPv6 tunnel | In the case of DS-Lite [RFC 6333], this is the IPv6 tunnel | |||
| source address. The mapping in this case is considered to | source address. The mapping in this case is considered to | |||
| be from the combination of the IPv6 tunnel source address | be from the combination of the IPv6 tunnel source address | |||
| natv2AddressMapInternalRealmAddress and the well-known IPv4 | natv2AddressMapInternalRealmAddress and the well-known IPv4 | |||
| inner source address natv2AddressMapInternalMappedAddress to | inner source address natv2AddressMapInternalMappedAddress to | |||
| the external address." | the external address." | |||
| REFERENCE | REFERENCE | |||
| "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | |||
| Section 6.6 on the need to have the IPv6 tunnel address in | Section 6.6 on the need to have the IPv6 tunnel address in | |||
| skipping to change at page 62, line 26 ¶ | skipping to change at page 62, line 24 ¶ | |||
| "DS-Lite: RFC 6333." | "DS-Lite: RFC 6333." | |||
| ::= { natv2AddressMapEntry 6 } | ::= { natv2AddressMapEntry 6 } | |||
| natv2AddressMapInternalMappedAddress OBJECT-TYPE | natv2AddressMapInternalMappedAddress OBJECT-TYPE | |||
| SYNTAX InetAddress | SYNTAX InetAddress | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Internal address actually translated by this mapping. In the | "Internal address actually translated by this mapping. In the | |||
| general case, this is the same as | general case, this is the same as | |||
| natv2AddressMapInternalRealmAddress. In the case of DS-Lite | natv2AddressMapInternalRealmAddress. The address type is | |||
| [RFC 6333], this is the source address of the encapsulated | given by natv2AddressMapInternalMappedAddressType. In the | |||
| IPv4 packet, normally lying the well-known range | case of DS-Lite [RFC 6333], this is the source address of | |||
| 192.0.0.0/29. The mapping in this case is considered to be | the encapsulated IPv4 packet, normally lying the well-known | |||
| from the combination of the IPv6 tunnel source address | range 192.0.0.0/29. The mapping in this case is considered | |||
| to be from the combination of the IPv6 tunnel source address | ||||
| natv2AddressMapInternalRealmAddress and the well-known IPv4 | natv2AddressMapInternalRealmAddress and the well-known IPv4 | |||
| inner source address natv2AddressMapInternalMappedAddress to | inner source address natv2AddressMapInternalMappedAddress to | |||
| the external address." | the external address." | |||
| REFERENCE | REFERENCE | |||
| "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | |||
| Section 6.6 on the need to have the IPv6 tunnel address in | Section 6.6 on the need to have the IPv6 tunnel address in | |||
| the NAT mapping tables." | the NAT mapping tables." | |||
| ::= { natv2AddressMapEntry 7 } | ::= { natv2AddressMapEntry 7 } | |||
| natv2AddressMapExternalRealm OBJECT-TYPE | natv2AddressMapExternalRealm OBJECT-TYPE | |||
| skipping to change at page 63, line 18 ¶ | skipping to change at page 63, line 17 ¶ | |||
| "Address type for the external realm. Any value other than | "Address type for the external realm. Any value other than | |||
| ipv4(1) or ipv6(2) would be unexpected." | ipv4(1) or ipv6(2) would be unexpected." | |||
| ::= { natv2AddressMapEntry 9 } | ::= { natv2AddressMapEntry 9 } | |||
| natv2AddressMapExternalAddress OBJECT-TYPE | natv2AddressMapExternalAddress OBJECT-TYPE | |||
| SYNTAX InetAddress | SYNTAX InetAddress | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "External address to which the internal address is mapped. | "External address to which the internal address is mapped. | |||
| The address type is given by | ||||
| natv2AddressMapExternalAddressType. | ||||
| In the DS-Lite case, the mapping is from the combination of | In the DS-Lite case, the mapping is from the combination of | |||
| the internal IPv6 tunnel source address as presented in this | the internal IPv6 tunnel source address as presented in this | |||
| table and the well-known IPv4 source address of the | table and the well-known IPv4 source address of the | |||
| encapsulated IPv4 packet." | encapsulated IPv4 packet." | |||
| REFERENCE | REFERENCE | |||
| "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | |||
| Section 6.6 on the need to have the IPv6 tunnel address in | Section 6.6 on the need to have the IPv6 tunnel address in | |||
| the NAT mapping tables." | the NAT mapping tables." | |||
| ::= { natv2AddressMapEntry 10 } | ::= { natv2AddressMapEntry 10 } | |||
| skipping to change at page 66, line 10 ¶ | skipping to change at page 66, line 10 ¶ | |||
| natv2PortMapExternalAddress OBJECT-TYPE | natv2PortMapExternalAddress OBJECT-TYPE | |||
| SYNTAX InetAddress (SIZE (0..16)) | SYNTAX InetAddress (SIZE (0..16)) | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The mapping's assigned external address. (This address is | "The mapping's assigned external address. (This address is | |||
| taken from the address pool identified by | taken from the address pool identified by | |||
| natv2PortMapExternalPoolIndex, if the implementation | natv2PortMapExternalPoolIndex, if the implementation | |||
| supports address pools and pools are configured for the | supports address pools and pools are configured for the | |||
| given external realm.) This is the source address for | given external realm.) This is the source address for | |||
| translated outgoing packets." | translated outgoing packets. The address type is given | |||
| by natv2PortMapExternalAddressType." | ||||
| ::= { natv2PortMapEntry 5 } | ::= { natv2PortMapEntry 5 } | |||
| natv2PortMapExternalPort OBJECT-TYPE | natv2PortMapExternalPort OBJECT-TYPE | |||
| SYNTAX InetPortNumber | SYNTAX InetPortNumber | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The mapping's assigned external port number. This is the | "The mapping's assigned external port number. This is the | |||
| source port for translated outgoing packets. If the internal | source port for translated outgoing packets. If the internal | |||
| skipping to change at page 67, line 13 ¶ | skipping to change at page 67, line 15 ¶ | |||
| natv2PortMapInternalAddress OBJECT-TYPE | natv2PortMapInternalAddress OBJECT-TYPE | |||
| SYNTAX InetAddress | SYNTAX InetAddress | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Source address for packets received under this mapping on | "Source address for packets received under this mapping on | |||
| the internal side of the NAT instance. In the general case | the internal side of the NAT instance. In the general case | |||
| this address is the same as the address given in | this address is the same as the address given in | |||
| natv2PortMapInternalMappedAddress. In the DS-Lite case, | natv2PortMapInternalMappedAddress. In the DS-Lite case, | |||
| natv2PortMapInternalAddress is the IPv6 tunnel source | natv2PortMapInternalAddress is the IPv6 tunnel source | |||
| address." | address. The address type is given | |||
| by natv2PortMapInternalAddressType." | ||||
| REFERENCE | REFERENCE | |||
| "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | |||
| Section 6.6 on the need to have the IPv6 tunnel address in | Section 6.6 on the need to have the IPv6 tunnel address in | |||
| the NAT mapping tables." | the NAT mapping tables." | |||
| ::= { natv2PortMapEntry 9 } | ::= { natv2PortMapEntry 9 } | |||
| natv2PortMapInternalMappedAddressType OBJECT-TYPE | natv2PortMapInternalMappedAddressType OBJECT-TYPE | |||
| SYNTAX InetAddressType | SYNTAX InetAddressType | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| skipping to change at page 67, line 41 ¶ | skipping to change at page 67, line 44 ¶ | |||
| "DS-Lite: RFC 6333." | "DS-Lite: RFC 6333." | |||
| ::= { natv2PortMapEntry 10 } | ::= { natv2PortMapEntry 10 } | |||
| natv2PortMapInternalMappedAddress OBJECT-TYPE | natv2PortMapInternalMappedAddress OBJECT-TYPE | |||
| SYNTAX InetAddress | SYNTAX InetAddress | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Internal address actually translated by this mapping. In the | "Internal address actually translated by this mapping. In the | |||
| general case, this is the same as | general case, this is the same as | |||
| natv2PortMapInternalRealmAddress. In the case of DS-Lite | natv2PortMapInternalRealmAddress. The address type is given | |||
| [RFC 6333], this is the source address of the encapsulated | by natv2PortMapInternalMappedAddressType. | |||
| IPv4 packet, normally selected from the well-known range | ||||
| 192.0.0.0/29. The mapping in this case is considered to be | In the case of DS-Lite [RFC 6333], this is the source | |||
| from the external address to the combination of the IPv6 | address of the encapsulated IPv4 packet, normally selected | |||
| tunnel source address natv2PortMapInternalRealmAddress and | from the well-known range 192.0.0.0/29. The mapping in this | |||
| the well-known IPv4 inner source address | case is considered to be from the external address to the | |||
| natv2PortMapInternalMappedAddress." | combination of the IPv6 tunnel source address | |||
| natv2PortMapInternalRealmAddress and the well-known IPv4 | ||||
| inner source address natv2PortMapInternalMappedAddress." | ||||
| REFERENCE | REFERENCE | |||
| "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and | |||
| Section 6.6 on the need to have the IPv6 tunnel address in | Section 6.6 on the need to have the IPv6 tunnel address in | |||
| the NAT mapping tables." | the NAT mapping tables." | |||
| ::= { natv2PortMapEntry 11 } | ::= { natv2PortMapEntry 11 } | |||
| natv2PortMapInternalPort OBJECT-TYPE | natv2PortMapInternalPort OBJECT-TYPE | |||
| SYNTAX InetPortNumber | SYNTAX InetPortNumber | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| skipping to change at page 78, line 26 ¶ | skipping to change at page 78, line 28 ¶ | |||
| address bind and address and port bind tables respectively. Finally, | address bind and address and port bind tables respectively. Finally, | |||
| [RFC4008] provides a count of the number of sessions currently using | [RFC4008] provides a count of the number of sessions currently using | |||
| each entry in the address and port bind table. None of these counts | each entry in the address and port bind table. None of these counts | |||
| are directly comparable with the state values offered by NATV2-MIB, | are directly comparable with the state values offered by NATV2-MIB, | |||
| because of the exclusion of static entries at the address map level, | because of the exclusion of static entries at the address map level, | |||
| and because of the differing models of the translation tables between | and because of the differing models of the translation tables between | |||
| [RFC4008] and the NATV2=MIB. | [RFC4008] and the NATV2=MIB. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| A number of management objects defined in this MIB module have a MAX- | There are a number of management objects defined in this MIB module | |||
| ACCESS clause of read-write. Such objects may be considered | with a MAX-ACCESS clause of read-write and/or read-create. Such | |||
| sensitive or vulnerable in some network environments. The support | objects may be considered sensitive or vulnerable in some network | |||
| for SET operations in a non-secure environment without proper | environments. The support for SET operations in a non-secure | |||
| protection can have a negative effect on network operations. These | environment without proper protection opens devices to attack. These | |||
| are the tables and objects and their sensitivity/vulnerability: | are the tables and objects and their sensitivity/vulnerability: | |||
| Limits: An attacker setting a very low or very high limit can easily | Limits: An attacker setting a very low or very high limit can easily | |||
| cause a denial-of-service situation. | cause a denial-of-service situation. | |||
| * natv2InstanceLimitAddressMapEntries; | * natv2InstanceLimitAddressMapEntries; | |||
| * natv2InstanceLimitPortMapEntries; | * natv2InstanceLimitPortMapEntries; | |||
| * natv2InstanceLimitPendingFragments; | * natv2InstanceLimitPendingFragments; | |||
| skipping to change at page 79, line 40 ¶ | skipping to change at page 79, line 42 ¶ | |||
| the network via SNMP. These are the tables and objects and their | the network via SNMP. These are the tables and objects and their | |||
| sensitivity/vulnerability: | sensitivity/vulnerability: | |||
| Objects that reveal host identities: Various objects can reveal the | Objects that reveal host identities: Various objects can reveal the | |||
| identity of private hosts that are engaged in a session with | identity of private hosts that are engaged in a session with | |||
| external end nodes. A curious outsider could monitor these to | external end nodes. A curious outsider could monitor these to | |||
| assess the number of private hosts being supported by the NAT | assess the number of private hosts being supported by the NAT | |||
| device. Further, a disgruntled former employee of an enterprise | device. Further, a disgruntled former employee of an enterprise | |||
| could use the information to break into specific private hosts by | could use the information to break into specific private hosts by | |||
| intercepting the existing sessions or originating new sessions | intercepting the existing sessions or originating new sessions | |||
| into the host. | into the host. If nothing else, unauthorized monitoring of these | |||
| objects will violate individual subscribers' privacy. | ||||
| * entries in the natv2SubscriberTable; | ||||
| * entries in the natv2AddressMapTable; | * entries in the natv2AddressMapTable; | |||
| * entries in the natv2PortMapTable. | * entries in the natv2PortMapTable. | |||
| Other objects that reveal NAT state: Other managed objects in this | Other objects that reveal NAT state: Other managed objects in this | |||
| MIB may contain information that may be sensitive from a business | MIB may contain information that may be sensitive from a business | |||
| perspective, in that they may represent NAT capabilities, business | perspective, in that they may represent NAT capabilities, business | |||
| policies, and state information. | policies, and state information. | |||
| End of changes. 61 change blocks. | ||||
| 95 lines changed or deleted | 98 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||