| < draft-ietf-ipsecme-mib-iptfs-00.txt | draft-ietf-ipsecme-mib-iptfs-01.txt > | |||
|---|---|---|---|---|
| Network Working Group D. Fedyk | Network Working Group D. Fedyk | |||
| Internet-Draft E. Kinzie | Internet-Draft E. Kinzie | |||
| Intended status: Standards Track LabN Consulting, L.L.C. | Intended status: Standards Track LabN Consulting, L.L.C. | |||
| Expires: November 22, 2021 May 21, 2021 | Expires: 15 May 2022 11 November 2021 | |||
| Definitions of Managed Objects for IP Traffic Flow Security | Definitions of Managed Objects for IP Traffic Flow Security | |||
| draft-ietf-ipsecme-mib-iptfs-00 | draft-ietf-ipsecme-mib-iptfs-01 | |||
| Abstract | Abstract | |||
| This document describes managed objects for the the management of IP | This document describes managed objects for the the management of IP | |||
| Traffic Flow Security additions to IKEv2 and IPsec. This document | Traffic Flow Security additions to IKEv2 and IPsec. This document | |||
| provides a read only version of the objects defined in the YANG | provides a read only version of the objects defined in the YANG | |||
| module for the same purpose. | module for the same purpose. | |||
| This is an unpublished work in progress. | This is an unpublished work in progress. | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 22, 2021. | This Internet-Draft will expire on 15 May 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | license-info) in effect on the date of publication of this document. | |||
| publication of this document. Please review these documents | Please review these documents carefully, as they describe your rights | |||
| carefully, as they describe your rights and restrictions with respect | and restrictions with respect to this document. Code Components | |||
| to this document. Code Components extracted from this document must | extracted from this document must include Simplified BSD License text | |||
| include Simplified BSD License text as described in Section 4.e of | as described in Section 4.e of the Trust Legal Provisions and are | |||
| the Trust Legal Provisions and are provided without warranty as | provided without warranty as described in the Simplified BSD License. | |||
| described in the Simplified BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology & Concepts . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology & Concepts . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Management Objects . . . . . . . . . . . . . . . . . . . . . 3 | 4. Management Objects . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.1. MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . 3 | 4.1. MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.2. SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 4.2. SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 7. Normative References . . . . . . . . . . . . . . . . . . . . 18 | 7. Normative References . . . . . . . . . . . . . . . . . . . . 19 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a Management Information Base (MIB) module for | This document defines a Management Information Base (MIB) module for | |||
| use with network management protocols in the Internet community. | use with network management protocols in the Internet community. | |||
| Traffic Flow Security (IP-TFS) extensions as defined in | Traffic Flow Security (IP-TFS) extensions as defined in | |||
| [I-D.ietf-ipsecme-iptfs]. IP-TFS provides enhancements to an IPsec | [I-D.ietf-ipsecme-iptfs]. IP-TFS provides enhancements to an IPsec | |||
| tunnel Security Association to provide improved traffic | tunnel Security Association to provide improved traffic | |||
| confidentiality. | confidentiality. | |||
| skipping to change at page 2, line 42 ¶ | skipping to change at page 2, line 40 ¶ | |||
| Managed objects are accessed via a virtual information store, termed | Managed objects are accessed via a virtual information store, termed | |||
| the Management Information Base or MIB. MIB objects are generally | the Management Information Base or MIB. MIB objects are generally | |||
| accessed through the Simple Network Management Protocol (SNMP). | accessed through the Simple Network Management Protocol (SNMP). | |||
| Objects in the MIB are defined using the mechanisms defined in the | Objects in the MIB are defined using the mechanisms defined in the | |||
| Structure of Management Information (SMI). This memo specifies a MIB | Structure of Management Information (SMI). This memo specifies a MIB | |||
| module that is compliant to the SMIv2, which is described in STD 58, | module that is compliant to the SMIv2, which is described in STD 58, | |||
| [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. | [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. | |||
| The objects defined here are the same as | The objects defined here are the same as | |||
| [I-D.draft-fedyk-ipsecme-yang-iptfs] with the exception that only | [I-D.ietf-ipsecme-yang-iptfs] with the exception that only | |||
| operational data is supported. This module uses the YANG model as a | operational data is supported. This module uses the YANG model as a | |||
| reference point for managed objects. Note an IETF MIB model for | reference point for managed objects. Note an IETF MIB model for | |||
| IPsec was never standardized however the structures here could be | IPsec was never standardized however the structures here could be | |||
| adapted to existing MIB implementations. | adapted to existing MIB implementations. | |||
| 2. Terminology & Concepts | 2. Terminology & Concepts | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| skipping to change at page 3, line 22 ¶ | skipping to change at page 3, line 14 ¶ | |||
| 3. Overview | 3. Overview | |||
| This document defines configuration and operational parameters of IP | This document defines configuration and operational parameters of IP | |||
| traffic flow security (IP-TFS). IP-TFS, defined in | traffic flow security (IP-TFS). IP-TFS, defined in | |||
| [I-D.ietf-ipsecme-iptfs], configures a security association for | [I-D.ietf-ipsecme-iptfs], configures a security association for | |||
| tunnel mode IPsec with characteristics that improve traffic | tunnel mode IPsec with characteristics that improve traffic | |||
| confidentiality and reduce bandwidth efficiency loss. | confidentiality and reduce bandwidth efficiency loss. | |||
| This document is based on the concepts and management model defined | This document is based on the concepts and management model defined | |||
| in [I-D.draft-fedyk-ipsecme-yang-iptfs]. This documents assume | in [I-D.ietf-ipsecme-yang-iptfs]. This documents assume familiarity | |||
| familiarity with IP security concepts described in [RFC4301], IP-TFS | with IP security concepts described in [RFC4301], IP-TFS as described | |||
| as described in [I-D.ietf-ipsecme-iptfs] and the IP-TFS management | in [I-D.ietf-ipsecme-iptfs] and the IP-TFS management model described | |||
| model described in [I-D.draft-fedyk-ipsecme-yang-iptfs]. | in [I-D.ietf-ipsecme-yang-iptfs]. | |||
| This document specifies an extensible operational model for IP-TFS. | This document specifies an extensible operational model for IP-TFS. | |||
| It reuses the management model defined in | It reuses the management model defined in | |||
| [I-D.draft-fedyk-ipsecme-yang-iptfs]. | [I-D.ietf-ipsecme-yang-iptfs]. It allows SNMP systems to read | |||
| configured and operational objects of IPTFS. | ||||
| 4. Management Objects | 4. Management Objects | |||
| 4.1. MIB Tree | 4.1. MIB Tree | |||
| The following is the MIB registration tree diagram for the IP-TFS | The following is the MIB registration tree diagram for the IP-TFS | |||
| extensions. | extensions. | |||
| # IETF-IPTFS-MIB registration tree (generated by smidump 0.5.0) | # IETF-IPTFS-MIB registration tree (generated by smidump 0.4.8) | |||
| ---- iptfsMIB(1.3.6.1.3.500) | --iptfsMIB(1.3.6.1.3.500) | |||
| +---- iptfsMIBObjects(1) | +--iptfsMIBObjects(1) | |||
| | +---- iptfsGroup(1) | | +--iptfsGroup(1) | |||
| | | +---- iptfsConfigTable(1) | | | +--iptfsConfigTable(1) | |||
| | | +---- iptfsConfigTableEntry(1) [iptfsConfigSaIndex] | | | +--iptfsConfigTableEntry(1) [iptfsConfigSaIndex] | |||
| | | +---- iptfsConfigSaIndex(1) Integer32 | | | +-- --- Integer32 iptfsConfigSaIndex(1) | |||
| | | +--r- congestionControl(2) TruthValue | | | +-- r-n TruthValue congestionControl(2) | |||
| | | +--r- usePathMtu(3) TruthValue | | | +-- r-n TruthValue usePathMtu(3) | |||
| | | +--r- outerPacketSize(4) UnsignedShort | | | +-- r-n UnsignedShort outerPacketSize(4) | |||
| | | +--r- l2FixedRate(5) Counter64 | | | +-- r-n Counter64 l2FixedRate(5) | |||
| | | +--r- l3FixedRate(6) Counter64 | | | +-- r-n Counter64 l3FixedRate(6) | |||
| | | +--r- dontFragment(7) TruthValue | | | +-- r-n TruthValue dontFragment(7) | |||
| | | +--r- maxAggregationTime(8) NanoSeconds | | | +-- r-n NanoSeconds maxAggregationTime(8) | |||
| | +---- ipsecStatsGroup(2) | | | +-- r-n Unsigned32 windowSize(9) | |||
| | | +---- ipsecStatsTable(1) | | | +-- r-n TruthValue sendImmediately(10) | |||
| | | +---- ipsecStatsTableEntry(1) [ipsecSaIndex] | | | +-- r-n NanoSeconds lostPktTimerInt(11) | |||
| | | +---- ipsecSaIndex(1) Integer32 | | +--ipsecStatsGroup(2) | |||
| | | +--r- txPackets(2) Counter64 | | | +--ipsecStatsTable(1) | |||
| | | +--r- txOctets(3) Counter64 | | | +--ipsecStatsTableEntry(1) [ipsecSaIndex] | |||
| | | +--r- txDropPackets(4) Counter64 | | | +-- --- Integer32 ipsecSaIndex(1) | |||
| | | +--r- rxPackets(5) Counter64 | | | +-- r-n Counter64 txPackets(2) | |||
| | | +--r- rxOctets(6) Counter64 | | | +-- r-n Counter64 txOctets(3) | |||
| | | +--r- rxDropPackets(7) Counter64 | | | +-- r-n Counter64 txDropPackets(4) | |||
| | +---- iptfsInnerStatsGroup(3) | | | +-- r-n Counter64 rxPackets(5) | |||
| | | +---- iptfsInnerStatsTable(1) | | | +-- r-n Counter64 rxOctets(6) | |||
| | | +---- iptfsInnerStatsTableEntry(1) [iptfsInnerSaIndex] | | | +-- r-n Counter64 rxDropPackets(7) | |||
| | | +---- iptfsInnerSaIndex(1) Integer32 | | +--iptfsInnerStatsGroup(3) | |||
| | | +--r- txInnerPackets(2) Counter64 | | | +--iptfsInnerStatsTable(1) | |||
| | | +--r- txInnerOctets(3) Counter64 | | | +--iptfsInnerStatsTableEntry(1) [iptfsInnerSaIndex] | |||
| | | +--r- rxInnerPackets(4) Counter64 | | | +-- --- Integer32 iptfsInnerSaIndex(1) | |||
| | | +--r- rxInnerOctets(5) Counter64 | | | +-- r-n Counter64 txInnerPackets(2) | |||
| | | +--r- rxIncompleteInnerPackets(6) Counter64 | | | +-- r-n Counter64 txInnerOctets(3) | |||
| | +---- iptfsOuterStatsGroup(4) | | | +-- r-n Counter64 rxInnerPackets(4) | |||
| | +---- iptfsOuterStatsTable(1) | | | +-- r-n Counter64 rxInnerOctets(5) | |||
| | +---- iptfsOuterStatsTableEntry(1) [iptfsSaIndex] | | | +-- r-n Counter64 rxIncompleteInnerPackets(6) | |||
| | +---- iptfsSaIndex(1) Integer32 | | +--iptfsOuterStatsGroup(4) | |||
| | +--r- txExtraPadPackets(2) Counter64 | | +--iptfsOuterStatsTable(1) | |||
| | +--r- txExtraPadOctets(3) Counter64 | | +--iptfsOuterStatsTableEntry(1) [iptfsSaIndex] | |||
| | +--r- txAllPadPackets(4) Counter64 | | +-- --- Integer32 iptfsSaIndex(1) | |||
| | +--r- txAllPadOctets(5) Counter64 | | +-- r-n Counter64 txExtraPadPackets(2) | |||
| | +--r- rxExtraPadPackets(6) Counter64 | | +-- r-n Counter64 txExtraPadOctets(3) | |||
| | +--r- rxExtraPadOctets(7) Counter64 | | +-- r-n Counter64 txAllPadPackets(4) | |||
| | +--r- rxAllPadPackets(8) Counter64 | | +-- r-n Counter64 txAllPadOctets(5) | |||
| | +--r- rxAllPadOctets(9) Counter64 | | +-- r-n Counter64 rxExtraPadPackets(6) | |||
| | +--r- rxErroredPackets(10) Counter64 | | +-- r-n Counter64 rxExtraPadOctets(7) | |||
| | +--r- rxMissedPackets(11) Counter64 | | +-- r-n Counter64 rxAllPadPackets(8) | |||
| +---- iptfsMIBConformance(2) | | +-- r-n Counter64 rxAllPadOctets(9) | |||
| +---- iptfsMIBConformances(1) | | +-- r-n Counter64 rxErroredPackets(10) | |||
| | +---- iptfsMIBCompliance(1) | | +-- r-n Counter64 rxMissedPackets(11) | |||
| +---- iptfsMIBGroups(2) | +--iptfsMIBConformance(2) | |||
| +---- iptfsMIBConfGroup(1) | +--iptfsMIBConformances(1) | |||
| +---- ipsecStatsConfGroup(2) | | +--iptfsMIBCompliance(1) | |||
| +---- iptfsInnerStatsConfGroup(3) | +--iptfsMIBGroups(2) | |||
| +---- iptfsOuterStatsConfGroup(4) | +--iptfsMIBConfGroup(1) | |||
| +--ipsecStatsConfGroup(2) | ||||
| +--iptfsInnerStatsConfGroup(3) | ||||
| +--iptfsOuterStatsConfGroup(4) | ||||
| 4.2. SNMP | 4.2. SNMP | |||
| The following is the MIB for IP-TFS. | The following is the MIB for IP-TFS. | |||
| -- *------------------------------------------------------------------ | -- *------------------------------------------------------------------ | |||
| -- * | -- * | |||
| -- *------------------------------------------------------------------ | -- *------------------------------------------------------------------ | |||
| IETF-IPTFS-MIB DEFINITIONS ::= BEGIN | IETF-IPTFS-MIB DEFINITIONS ::= BEGIN | |||
| skipping to change at page 5, line 18 ¶ | skipping to change at page 5, line 14 ¶ | |||
| MODULE-IDENTITY, OBJECT-TYPE, | MODULE-IDENTITY, OBJECT-TYPE, | |||
| Integer32, Unsigned32, Counter64, experimental | Integer32, Unsigned32, Counter64, experimental | |||
| FROM SNMPv2-SMI | FROM SNMPv2-SMI | |||
| MODULE-COMPLIANCE, OBJECT-GROUP | MODULE-COMPLIANCE, OBJECT-GROUP | |||
| FROM SNMPv2-CONF | FROM SNMPv2-CONF | |||
| TEXTUAL-CONVENTION, | TEXTUAL-CONVENTION, | |||
| TruthValue | TruthValue | |||
| FROM SNMPv2-TC; | FROM SNMPv2-TC; | |||
| iptfsMIB MODULE-IDENTITY | iptfsMIB MODULE-IDENTITY | |||
| LAST-UPDATED "202011130000Z" | LAST-UPDATED "202111110000Z" | |||
| ORGANIZATION "IETF IPsecme Working Group" | ORGANIZATION "IETF IPsecme Working Group" | |||
| CONTACT-INFO | CONTACT-INFO | |||
| " | " | |||
| Author: Don Fedyk | Author: Don Fedyk | |||
| <mailto:dfedyk@labn.net> | <mailto:dfedyk@labn.net> | |||
| Author: Christian Hopps | Author: Eric Kinzie | |||
| <mailto:chopps@chopps.org>" | <mailto:ekinzie.labn.net>" | |||
| DESCRIPTION | DESCRIPTION | |||
| "This module defines the configuration and operational | "This module defines the configuration and operational | |||
| state for managing the IP Traffic Flow Security | state for managing the IP Traffic Flow Security | |||
| functionality [RFC XXXX]. Copyright (c) 2020 IETF | functionality [RFC XXXX]. Copyright (c) 2020 IETF | |||
| Trust and the persons identified as authors of the | Trust and the persons identified as authors of the | |||
| code. All rights reserved. | code. All rights reserved. | |||
| Redistribution and use in source and binary forms, | Redistribution and use in source and binary forms, | |||
| with or without modification, is permitted pursuant | with or without modification, is permitted pursuant | |||
| to, and subject to the license terms contained in, | to, and subject to the license terms contained in, | |||
| the Simplified BSD License set forth in Section 4.c | the Simplified BSD License set forth in Section 4.c | |||
| of the IETF Trust's Legal Provisions Relating to IETF | of the IETF Trust's Legal Provisions Relating to IETF | |||
| Documents (https://trustee.ietf.org/license-info). | Documents (https://trustee.ietf.org/license-info). | |||
| This version of this SNMP MIB module is part of RFC XXXX | This version of this SNMP MIB module is part of RFC XXXX | |||
| (https://tools.ietf.org/html/rfcXXXX); see the RFC | (https://tools.ietf.org/html/rfcXXXX); see the RFC | |||
| itself for full legal notices." | itself for full legal notices." | |||
| REVISION "202011130000Z" | REVISION "202111110000Z" | |||
| DESCRIPTION | DESCRIPTION | |||
| "Initial revision. Derived from the IPTFS Yang Model." | "Initial revision. Derived from the IPTFS Yang Model." | |||
| ::= { experimental 500 } | ::= { experimental 500 } | |||
| -- | -- | |||
| -- Textual Conventions | -- Textual Conventions | |||
| -- | -- | |||
| UnsignedShort ::= TEXTUAL-CONVENTION | UnsignedShort ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION "xs:unsignedShort" | DESCRIPTION "xs:unsignedShort" | |||
| SYNTAX Unsigned32 (0 .. 65535) | SYNTAX Unsigned32 (0 .. 65535) | |||
| NanoSeconds ::= TEXTUAL-CONVENTION | NanoSeconds ::= TEXTUAL-CONVENTION | |||
| DISPLAY-HINT "d" | DISPLAY-HINT "d" | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| skipping to change at page 7, line 27 ¶ | skipping to change at page 7, line 22 ¶ | |||
| IptfsConfigTableEntry ::= SEQUENCE { | IptfsConfigTableEntry ::= SEQUENCE { | |||
| iptfsConfigSaIndex Integer32, | iptfsConfigSaIndex Integer32, | |||
| -- identifier information | -- identifier information | |||
| congestionControl TruthValue, | congestionControl TruthValue, | |||
| usePathMtu TruthValue, | usePathMtu TruthValue, | |||
| outerPacketSize UnsignedShort, | outerPacketSize UnsignedShort, | |||
| l2FixedRate Counter64, | l2FixedRate Counter64, | |||
| l3FixedRate Counter64, | l3FixedRate Counter64, | |||
| dontFragment TruthValue, | dontFragment TruthValue, | |||
| maxAggregationTime NanoSeconds | maxAggregationTime NanoSeconds, | |||
| windowSize Unsigned32, | ||||
| sendImmediately TruthValue, | ||||
| lostPktTimerInt NanoSeconds | ||||
| } | } | |||
| iptfsConfigSaIndex OBJECT-TYPE | iptfsConfigSaIndex OBJECT-TYPE | |||
| SYNTAX Integer32 (1..16777215) | SYNTAX Integer32 (1..16777215) | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A unique value, greater than zero, for each SA. | "A unique value, greater than zero, for each SA. | |||
| It is recommended that values are assigned contiguously | It is recommended that values are assigned contiguously | |||
| starting from 1. | starting from 1. | |||
| skipping to change at page 9, line 19 ¶ | skipping to change at page 9, line 17 ¶ | |||
| DESCRIPTION | DESCRIPTION | |||
| "Disable packet fragmentation across consecutive iptfs | "Disable packet fragmentation across consecutive iptfs | |||
| tunnel packets when set to true." | tunnel packets when set to true." | |||
| ::= { iptfsConfigTableEntry 7 } | ::= { iptfsConfigTableEntry 7 } | |||
| maxAggregationTime OBJECT-TYPE | maxAggregationTime OBJECT-TYPE | |||
| SYNTAX NanoSeconds | SYNTAX NanoSeconds | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Maximum Aggregation Time in nanoseconds." | "Maximum aggregation time is the maximum length of | |||
| time a received inner packet can be held prior to | ||||
| transmission in the iptfs tunnel. Inner packets that | ||||
| would be held longer than this time, based on the | ||||
| current tunnel configuration will be dropped rather | ||||
| than be queued for transmission." | ||||
| ::= { iptfsConfigTableEntry 8 } | ::= { iptfsConfigTableEntry 8 } | |||
| windowSize OBJECT-TYPE | ||||
| SYNTAX Unsigned32(0..65535) | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "The maximum number of out-of-order packets that will be | ||||
| reordered by an iptfs receiver while performing the | ||||
| reordering operation. The value 0 disables any | ||||
| reordering." | ||||
| ::= { iptfsConfigTableEntry 9 } | ||||
| sendImmediately OBJECT-TYPE | ||||
| SYNTAX TruthValue | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Send inner packets as soon as possible, do not wait for | ||||
| lost or misordered outer packets. Selecting this option | ||||
| reduces the inner (user) packet delay but can amplify | ||||
| out-of-order delivery of the inner packet stream in the | ||||
| presence of packet aggregation and any reordering." | ||||
| ::= { iptfsConfigTableEntry 10 } | ||||
| lostPktTimerInt OBJECT-TYPE | ||||
| SYNTAX NanoSeconds | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "This interval defines the length of time an iptfs | ||||
| receiver will wait for a missing packet before | ||||
| considering it lost. Setting this value too low can | ||||
| impact reordering and reassembly. The value is | ||||
| configurable in milliseconds or fractional milliseconds | ||||
| down to 1 nanosecond." | ||||
| ::= { iptfsConfigTableEntry 11 } | ||||
| ipsecStatsTable OBJECT-TYPE | ipsecStatsTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF IpsecStatsTableEntry | SYNTAX SEQUENCE OF IpsecStatsTableEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The table containing basic statistics on IPsec." | "The table containing basic statistics on IPsec." | |||
| ::= { ipsecStatsGroup 1 } | ::= { ipsecStatsGroup 1 } | |||
| ipsecStatsTableEntry OBJECT-TYPE | ipsecStatsTableEntry OBJECT-TYPE | |||
| SYNTAX IpsecStatsTableEntry | SYNTAX IpsecStatsTableEntry | |||
| skipping to change at page 16, line 44 ¶ | skipping to change at page 17, line 35 ¶ | |||
| -- | -- | |||
| iptfsMIBConfGroup OBJECT-GROUP | iptfsMIBConfGroup OBJECT-GROUP | |||
| OBJECTS { | OBJECTS { | |||
| congestionControl, | congestionControl, | |||
| usePathMtu, | usePathMtu, | |||
| outerPacketSize , | outerPacketSize , | |||
| l2FixedRate , | l2FixedRate , | |||
| l3FixedRate , | l3FixedRate , | |||
| dontFragment, | dontFragment, | |||
| maxAggregationTime | maxAggregationTime, | |||
| windowSize, | ||||
| sendImmediately, | ||||
| lostPktTimerInt | ||||
| } | } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A collection of objects providing per SA IPTFS | "A collection of objects providing per SA IPTFS | |||
| Configuration." | Configuration." | |||
| ::= { iptfsMIBGroups 1 } | ::= { iptfsMIBGroups 1 } | |||
| ipsecStatsConfGroup OBJECT-GROUP | ipsecStatsConfGroup OBJECT-GROUP | |||
| OBJECTS { | OBJECTS { | |||
| txPackets, | txPackets, | |||
| skipping to change at page 18, line 9 ¶ | skipping to change at page 19, line 7 ¶ | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "A collection of objects providing per SA IPTFS | "A collection of objects providing per SA IPTFS | |||
| Outer Packet Statistics." | Outer Packet Statistics." | |||
| ::= { iptfsMIBGroups 4 } | ::= { iptfsMIBGroups 4 } | |||
| END | END | |||
| 5. Security Considerations | 5. Security Considerations | |||
| The MIB specified in this document can enable, disable and modify the | The MIB specified in this document can read the operational and | |||
| behavior of IP traffic flow security, for the implications regarding | configured the behavior of IP traffic flow security, for the | |||
| these types of changes consult the [I-D.ietf-ipsecme-iptfs] which | implications regarding write configuration consult the | |||
| defines the functionality. | [I-D.ietf-ipsecme-iptfs] which defines the functionality. | |||
| 6. Acknowledgements | 6. Acknowledgements | |||
| The authors would like to thank Eric Kinzie for his help and feedback | The authors would like to thank Chris Hopps for his help and feedback | |||
| on the MIB model. | on the MIB model. | |||
| 7. Normative References | 7. Normative References | |||
| [I-D.draft-fedyk-ipsecme-yang-iptfs] | ||||
| Fedyk, D. and C. Hopps, "IP Traffic Flow Security YANG | ||||
| Module", draft-fedyk-ipsecme-yang-iptfs-01 (work in | ||||
| progress), November 2020. | ||||
| [I-D.ietf-ipsecme-iptfs] | [I-D.ietf-ipsecme-iptfs] | |||
| Hopps, C., "IP-TFS: Aggregation and Fragmentation Mode for | Hopps, C., "IP-TFS: Aggregation and Fragmentation Mode for | |||
| ESP and its Use for IP Traffic Flow Security", draft-ietf- | ESP and its Use for IP Traffic Flow Security", Work in | |||
| ipsecme-iptfs-08 (work in progress), March 2021. | Progress, Internet-Draft, draft-ietf-ipsecme-iptfs-12, 8 | |||
| November 2021, <https://www.ietf.org/archive/id/draft- | ||||
| ietf-ipsecme-iptfs-12.txt>. | ||||
| [I-D.ietf-ipsecme-yang-iptfs] | ||||
| Fedyk, D. and C. Hopps, "A YANG Data Model for IP Traffic | ||||
| Flow Security", Work in Progress, Internet-Draft, draft- | ||||
| ietf-ipsecme-yang-iptfs-03, 11 November 2021, | ||||
| <https://www.ietf.org/archive/id/draft-ietf-ipsecme-yang- | ||||
| iptfs-03.txt>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. | [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. | |||
| Schoenwaelder, Ed., "Structure of Management Information | Schoenwaelder, Ed., "Structure of Management Information | |||
| Version 2 (SMIv2)", STD 58, RFC 2578, | Version 2 (SMIv2)", STD 58, RFC 2578, | |||
| DOI 10.17487/RFC2578, April 1999, | DOI 10.17487/RFC2578, April 1999, | |||
| End of changes. 24 change blocks. | ||||
| 98 lines changed or deleted | 150 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||