< draft-perrault-behave-natv2-mib-04.txt   draft-perrault-behave-natv2-mib-05.txt >
Network Working Group S. Perreault Network Working Group S. Perreault
Internet-Draft Jive Communications Internet-Draft Jive Communications
Intended status: Standards Track T. Tsou Intended status: Standards Track T. Tsou
Expires: November 26, 2015 Huawei Technologies Expires: December 18, 2015 Huawei Technologies
S. Sivakumar S. Sivakumar
Cisco Systems Cisco Systems
T. Taylor T. Taylor
PT Taylor Consulting PT Taylor Consulting
May 25, 2015 June 16, 2015
Definitions of Managed Objects for Network Address Translators (NAT) Definitions of Managed Objects for Network Address Translators (NAT)
draft-perrault-behave-natv2-mib-04 draft-perrault-behave-natv2-mib-05
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for devices implementing the Network Address Translator (NAT) for devices implementing the Network Address Translator (NAT)
function. The new MIB module defined in this document, NATV2-MIB, is function. The new MIB module defined in this document, NATV2-MIB, is
intended to replace module NAT-MIB (RFC 4008). NATV2-MIB is not intended to replace module NAT-MIB (RFC 4008). NATV2-MIB is not
backwards compatible with NAT-MIB, for reasons given in the text of backwards compatible with NAT-MIB, for reasons given in the text of
this document. A companion document deprecates all objects in NAT- this document. A companion document deprecates all objects in NAT-
MIB. NATV2-MIB can be used for monitoring of NAT instances on a MIB. NATV2-MIB can be used for monitoring of NAT instances on a
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 26, 2015. This Internet-Draft will expire on December 18, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 48 skipping to change at page 2, line 48
3.3.7. The Address Pool Address Range Table: 3.3.7. The Address Pool Address Range Table:
natv2PoolRangeTable . . . . . . . . . . . . . . . . . 16 natv2PoolRangeTable . . . . . . . . . . . . . . . . . 16
3.3.8. The Address Map Table: natv2AddressMapTable . . . . . 16 3.3.8. The Address Map Table: natv2AddressMapTable . . . . . 16
3.3.9. The Port Map Table: natv2PortMapTable . . . . . . . . 17 3.3.9. The Port Map Table: natv2PortMapTable . . . . . . . . 17
3.4. Conformance: Three Application Scenarios . . . . . . . . 17 3.4. Conformance: Three Application Scenarios . . . . . . . . 17
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 18 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 18
5. Operational and Management Considerations . . . . . . . . . . 74 5. Operational and Management Considerations . . . . . . . . . . 74
5.1. Configuration Requirements . . . . . . . . . . . . . . . 74 5.1. Configuration Requirements . . . . . . . . . . . . . . . 74
5.2. Transition From and Coexistence With NAT-MIB [RFC 4008] 76 5.2. Transition From and Coexistence With NAT-MIB [RFC 4008] 76
6. Security Considerations . . . . . . . . . . . . . . . . . . . 78 6. Security Considerations . . . . . . . . . . . . . . . . . . . 78
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 81
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 80 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 81
8.1. Normative References . . . . . . . . . . . . . . . . . . 80 8.1. Normative References . . . . . . . . . . . . . . . . . . 81
8.2. Informative References . . . . . . . . . . . . . . . . . 81 8.2. Informative References . . . . . . . . . . . . . . . . . 82
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 83
1. The SNMP Management Framework 1. The SNMP Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410]. RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP). accessed through the Simple Network Management Protocol (SNMP).
skipping to change at page 18, line 14 skipping to change at page 18, line 14
Finally, a CGN MUST support the full contents of the MIB module. Finally, a CGN MUST support the full contents of the MIB module.
That includes the subscriber table, but also includes the special That includes the subscriber table, but also includes the special
provision for DS-Lite access in the address and port map tables. provision for DS-Lite access in the address and port map tables.
4. Definitions 4. Definitions
This MIB module IMPORTs objects from [RFC2578], [RFC2579], [RFC2580], This MIB module IMPORTs objects from [RFC2578], [RFC2579], [RFC2580],
[RFC3411], and [RFC4001]. [RFC3411], and [RFC4001].
NATV2-MIB DEFINITIONS ::= BEGIN NATV2-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Integer32,
Unsigned32,
Counter64,
mib-2,
NOTIFICATION-TYPE
FROM SNMPv2-SMI -- RFC 2578
TEXTUAL-CONVENTION,
DisplayString,
TimeStamp
FROM SNMPv2-TC -- RFC 2579
MODULE-COMPLIANCE,
NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF -- RFC 2580
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- RFC 3411
InetAddressType,
InetAddress,
InetAddressPrefixLength,
InetPortNumber
FROM INET-ADDRESS-MIB; -- RFC 4001
natv2MIB MODULE-IDENTITY IMPORTS
LAST-UPDATED "201502170000Z" MODULE-IDENTITY,
-- RFC Ed.: set to publication date OBJECT-TYPE,
ORGANIZATION Integer32,
"IETF Behavior Engineering for Hindrance Avoidance Unsigned32,
(BEHAVE) Working Group" Counter64,
CONTACT-INFO mib-2,
"Working Group Email: behave@ietf.org NOTIFICATION-TYPE
FROM SNMPv2-SMI -- RFC 2578
TEXTUAL-CONVENTION,
DisplayString,
TimeStamp
FROM SNMPv2-TC -- RFC 2579
MODULE-COMPLIANCE,
NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF -- RFC 2580
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- RFC 3411
InetAddressType,
InetAddress,
InetAddressPrefixLength,
InetPortNumber
FROM INET-ADDRESS-MIB; -- RFC 4001
Simon Perreault natv2MIB MODULE-IDENTITY
Jive Communications LAST-UPDATED "201502170000Z"
Quebec, QC -- RFC Ed.: set to publication date
Canada ORGANIZATION
"IETF Behavior Engineering for Hindrance
Avoidance (BEHAVE) Working Group"
CONTACT-INFO
"Working Group Email: behave@ietf.org
Email: sperreault@jive.com Simon Perreault
Jive Communications
Quebec, QC
Canada
Tina Tsou Email: sperreault@jive.com
Huawei Technologies
Bantian, Longgang
Shenzhen 518129
PR China
Email: tina.tsou.zouting@huawei.com Tina Tsou
Huawei Technologies
Bantian, Longgang
Shenzhen 518129
PR China
Senthil Sivakumar Email: tina.tsou.zouting@huawei.com
Cisco Systems
7100-8 Kit Creek Road
Research Triangle Park, North Carolina 27709
USA
Phone: +1 919 392 5158 Senthil Sivakumar
Email: ssenthil@cisco.com Cisco Systems
7100-8 Kit Creek Road
Research Triangle Park, North Carolina 27709
USA
Tom Taylor Phone: +1 919 392 5158
PT Taylor Consulting Email: ssenthil@cisco.com
Ottawa
Canada
Email: tom.taylor.stds@gmail.com" Tom Taylor
PT Taylor Consulting
Ottawa
Canada
DESCRIPTION Email: tom.taylor.stds@gmail.com"
"This MIB module defines the generic managed objects
for NAT.
Copyright (C) The Internet Society (2015). This DESCRIPTION
version of this MIB module is part of RFC yyyy; see "This MIB module defines the generic managed objects
the RFC itself for full legal notices." for NAT.
REVISION "201502170000Z"
-- RFC Ed.: set to publication date
DESCRIPTION
"Complete rewrite, published as RFC yyyy.
Replaces former version published as RFC 4008."
-- RFC Ed.: replace yyyy with actual RFC number and set date"
::= { mib-2 123 }
-- temporary for compilation pending IANA assignment
-- textual conventions Copyright (C) The Internet Society (2015). This
ProtocolNumber ::= TEXTUAL-CONVENTION version of this MIB module is part of RFC yyyy; see
DISPLAY-HINT "d" the RFC itself for full legal notices."
STATUS current REVISION "201502170000Z"
DESCRIPTION -- RFC Ed.: set to publication date
"A protocol number, from the 'protocol-numbers' IANA DESCRIPTION
registry." "Complete rewrite, published as RFC yyyy.
REFERENCE Replaces former version published as RFC 4008."
"IANA Protocol Numbers, -- RFC Ed.: replace yyyy with actual RFC number and set date"
http://www.iana.org/assignments/protocol-numbers/protocol- ::= { mib-2 123 }
numbers.xhtml#protocol-numbers-1" -- temporary for compilation pending IANA assignment
SYNTAX Unsigned32 (0..255)
Natv2SubscriberIndex ::= TEXTUAL-CONVENTION -- textual conventions
DISPLAY-HINT "d" ProtocolNumber ::= TEXTUAL-CONVENTION
STATUS current DISPLAY-HINT "d"
DESCRIPTION STATUS current
"A unique value, greater than zero, for each subscriber DESCRIPTION
in the managed system. The value for each "A protocol number, from the 'protocol-numbers' IANA
subscriber MUST remain constant at least from one registry."
update of the entity's natv2SubscriberDiscontinuityTime REFERENCE
object until the next update of that object. If a "IANA Protocol Numbers,
subscriber is deleted, its assigned index value MUST NOT http://www.iana.org/assignments/protocol-numbers
be assigned to another subscriber at least until /protocol-numbers.xhtml#protocol-numbers-1"
reinitialization of the entity's management system." SYNTAX Unsigned32 (0..255)
SYNTAX Unsigned32 (1..4294967295)
Natv2SubscriberIndexOrZero ::= TEXTUAL-CONVENTION Natv2SubscriberIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This textual convention is an extension of the "A unique value, greater than zero, for each subscriber
Natv2SubscriberIndex convention. The latter defines a in the managed system. The value for each
greater than zero value used to identify a subscriber in subscriber MUST remain constant at least from one
the managed system. This extension permits the additional update of the entity's natv2SubscriberDiscontinuityTime
value of zero, which serves as a placeholder when no object until the next update of that object. If a
subscriber is associated with the object." subscriber is deleted, its assigned index value MUST NOT
SYNTAX Unsigned32 (0|1..4294967295) be assigned to another subscriber at least until
reinitialization of the entity's management system."
SYNTAX Unsigned32 (1..4294967295)
Natv2InstanceIndex ::= TEXTUAL-CONVENTION Natv2SubscriberIndexOrZero ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique value, greater than zero, for each NAT instance "This textual convention is an extension of the
in the managed system. It is RECOMMENDED that values are Natv2SubscriberIndex convention. The latter defines a
assigned contiguously starting from 1. The value for each greater than zero value used to identify a subscriber in
NAT instance MUST remain constant at least from one the managed system. This extension permits the additional
update of the entity's natv2InstanceDiscontinuityTime value of zero, which serves as a placeholder when no
object until the next update of that object. If a NAT subscriber is associated with the object."
instance is deleted, its assigned index value MUST NOT SYNTAX Unsigned32 (0|1..4294967295)
be assigned to another NAT instance at least until
reinitialization of the entity's management system."
SYNTAX Unsigned32 (1..4294967295)
Natv2PoolIndex ::= TEXTUAL-CONVENTION Natv2InstanceIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique value over the containing NAT instance, greater than "A unique value, greater than zero, for each NAT instance
zero, for each address pool supported by that NAT instance. in the managed system. It is RECOMMENDED that values are
It is RECOMMENDED that values are assigned contiguously assigned contiguously starting from 1. The value for each
starting from 1. The value for each address pool MUST remain NAT instance MUST remain constant at least from one
constant at least from one update of the entity's update of the entity's natv2InstanceDiscontinuityTime
natv2PoolDiscontinuityTime object until the next update of object until the next update of that object. If a NAT
that object. If an address pool is deleted, its assigned instance is deleted, its assigned index value MUST NOT
index value MUST NOT be assigned to another address pool for be assigned to another NAT instance at least until
the same NAT instance at least until reinitialization of the reinitialization of the entity's management system."
entity's management system." SYNTAX Unsigned32 (1..4294967295)
SYNTAX Unsigned32 (1..4294967295)
Natv2PoolIndexOrZero ::= TEXTUAL-CONVENTION Natv2PoolIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This textual convention is an extension of the "A unique value over the containing NAT instance, greater than
Natv2PoolIndex convention. The latter defines a greater zero, for each address pool supported by that NAT instance.
than zero value used to identify address pools in the It is RECOMMENDED that values are assigned contiguously
managed system. This extension permits the additional starting from 1. The value for each address pool MUST remain
value of zero, which serves as a placeholder when the constant at least from one update of the entity's
implementation does not support address pools or no address natv2PoolDiscontinuityTime object until the next update of
pool is configured in a given external realm." that object. If an address pool is deleted, its assigned
SYNTAX Unsigned32 (0|1..4294967295) index value MUST NOT be assigned to another address pool for
the same NAT instance at least until reinitialization of the
entity's management system."
SYNTAX Unsigned32 (1..4294967295)
-- notifications Natv2PoolIndexOrZero ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"This textual convention is an extension of the
Natv2PoolIndex convention. The latter defines a greater
than zero value used to identify address pools in the
managed system. This extension permits the additional
value of zero, which serves as a placeholder when the
implementation does not support address pools or no address
pool is configured in a given external realm."
SYNTAX Unsigned32 (0|1..4294967295)
natv2MIBNotifications OBJECT IDENTIFIER ::= { natv2MIB 0 } -- notifications
natv2NotificationPoolUsageLow NOTIFICATION-TYPE natv2MIBNotifications OBJECT IDENTIFIER ::= { natv2MIB 0 }
OBJECTS { natv2PoolNotifiedPortMapEntries,
natv2PoolNotifiedPortMapProtocol }
STATUS current
DESCRIPTION
"This notification is triggered when an address pool's usage
becomes less than or equal to the value of the
natv2PoolThresholdUsageLow object for that pool, unless the
notification has been disabled by setting the value of the
threshold to -1. It is reported subject to the rate
limitation specified by natv2PortMapNotificationInterval.
Address pool usage is calculated as the percentage of the natv2NotificationPoolUsageLow NOTIFICATION-TYPE
total number of ports allocated to the address pool that are OBJECTS { natv2PoolNotifiedPortMapEntries,
already in use, for the most-mapped protocol at the time natv2PoolNotifiedPortMapProtocol }
the notification is triggered. The two returned objects are STATUS current
members of natv2PoolTable indexed by the NAT instance and DESCRIPTION
pool indices for which the event is being reported. They "This notification is triggered when an address pool's usage
give the number of port map entries using external addresses becomes less than or equal to the value of the
configured on the pool for the most-mapped protocol and natv2PoolThresholdUsageLow object for that pool, unless the
identify that protocol at the time the notification was notification has been disabled by setting the value of the
triggered." threshold to -1. It is reported subject to the rate
REFERENCE limitation specified by natv2PortMapNotificationInterval.
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 1 }
natv2NotificationPoolUsageHigh NOTIFICATION-TYPE Address pool usage is calculated as the percentage of the
OBJECTS { natv2PoolNotifiedPortMapEntries, total number of ports allocated to the address pool that are
natv2PoolNotifiedPortMapProtocol } already in use, for the most-mapped protocol at the time
STATUS current the notification is triggered. The two returned objects are
DESCRIPTION members of natv2PoolTable indexed by the NAT instance and
"This notification is triggered when an address pool's usage pool indices for which the event is being reported. They
becomes greater than or equal to the value of the give the number of port map entries using external addresses
natv2PoolThresholdUsageHigh object for that pool, unless configured on the pool for the most-mapped protocol and
the notification has been disabled by setting the value of identify that protocol at the time the notification was
the threshold to -1. It is reported subject to the rate triggered."
limitation specified by natv2PortMapNotificationInterval. REFERENCE
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 1 }
Address pool usage is calculated as the percentage of the natv2NotificationPoolUsageHigh NOTIFICATION-TYPE
total number of ports allocated to the address pool that are OBJECTS { natv2PoolNotifiedPortMapEntries,
already in use, for the most-mapped protocol at the time the natv2PoolNotifiedPortMapProtocol }
notification is triggered. The two returned objects are STATUS current
members of natv2PoolTable indexed by the NAT instance and DESCRIPTION
pool indices for which the event is being reported. They "This notification is triggered when an address pool's usage
give the number of port map entries using external addresses becomes greater than or equal to the value of the
configured on the pool for the most-mapped protocol and natv2PoolThresholdUsageHigh object for that pool, unless
identify that protocol at the time the notification was the notification has been disabled by setting the value of
triggered." the threshold to -1. It is reported subject to the rate
REFERENCE limitation specified by natv2PortMapNotificationInterval.
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 2 }
natv2NotificationInstanceAddressMapEntriesHigh NOTIFICATION-TYPE Address pool usage is calculated as the percentage of the
OBJECTS { natv2InstanceAddressMapEntries, total number of ports allocated to the address pool that are
natv2InstanceAddressMapCreations } already in use, for the most-mapped protocol at the time the
STATUS current notification is triggered. The two returned objects are
DESCRIPTION members of natv2PoolTable indexed by the NAT instance and
"This notification is triggered when the value of pool indices for which the event is being reported. They
natv2InstanceAddressMapEntries equals or exceeds the value give the number of port map entries using external addresses
of the natv2InstanceThresholdAddressMapEntriesHigh object configured on the pool for the most-mapped protocol and
for the NAT instance, unless disabled by setting that identify that protocol at the time the notification was
threshold to -1. Reporting is subject to the rate limitation triggered."
given by natv2InstanceNotificationInterval. REFERENCE
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 2 }
natv2InstanceAddressMapEntries and natv2NotificationInstanceAddressMapEntriesHigh NOTIFICATION-TYPE
natv2InstanceAddressMapCreations are members of table OBJECTS { natv2InstanceAddressMapEntries,
natv2InstanceTable indexed by the identifier of the NAT natv2InstanceAddressMapCreations }
instance for which the event is being reported. The values STATUS current
reported are those observed at the moment the notification DESCRIPTION
was triggered." "This notification is triggered when the value of
REFERENCE natv2InstanceAddressMapEntries equals or exceeds the value
"RFC yyyy Section 3.1.2." of the natv2InstanceThresholdAddressMapEntriesHigh object
::= { natv2MIBNotifications 3 } for the NAT instance, unless disabled by setting that
threshold to -1. Reporting is subject to the rate limitation
given by natv2InstanceNotificationInterval.
natv2NotificationInstancePortMapEntriesHigh NOTIFICATION-TYPE natv2InstanceAddressMapEntries and
OBJECTS { natv2InstancePortMapEntries, natv2InstanceAddressMapCreations are members of table
natv2InstancePortMapCreations } natv2InstanceTable indexed by the identifier of the NAT
STATUS current instance for which the event is being reported. The values
DESCRIPTION reported are those observed at the moment the notification
"This notification is triggered when the value of was triggered."
natv2InstancePortMapEntries becomes greater than or equal to REFERENCE
the value of natv2InstanceThresholdPortMapEntriesHigh, "RFC yyyy Section 3.1.2."
unless disabled by setting that threshold to -1. Reporting is ::= { natv2MIBNotifications 3 }
subject to the rate limitation given by
natv2InstanceNotificationInterval.
natv2InstancePortMapEntries and natv2NotificationInstancePortMapEntriesHigh NOTIFICATION-TYPE
natv2InstancePortMapCreations are members of table OBJECTS { natv2InstancePortMapEntries,
natv2InstanceTable indexed by the identifier of the NAT natv2InstancePortMapCreations }
instance for which the event is being reported. The values STATUS current
reported are those observed at the moment the notification DESCRIPTION
was triggered." "This notification is triggered when the value of
::= { natv2MIBNotifications 4 } natv2InstancePortMapEntries becomes greater than or equal
to the value of natv2InstanceThresholdPortMapEntriesHigh,
unless disabled by setting that threshold to -1. Reporting
is subject to the rate limitation given by
natv2InstanceNotificationInterval.
natv2NotificationSubscriberPortMappingEntriesHigh natv2InstancePortMapEntries and
NOTIFICATION-TYPE natv2InstancePortMapCreations are members of table
OBJECTS { natv2SubscriberPortMapEntries, natv2InstanceTable indexed by the identifier of the NAT
natv2SubscriberPortMapCreations } instance for which the event is being reported. The values
STATUS current reported are those observed at the moment the notification
DESCRIPTION was triggered."
"This notification is triggered when the value of ::= { natv2MIBNotifications 4 }
natv2SubscriberPortMapEntries for an individual subscriber
becomes greater than or equal to the value of the
natv2SubscriberThresholdPortMapEntriesHigh object for that
subscriber, unless disabled by setting that threshold to -1.
Reporting is subject to the rate limitation given by natv2NotificationSubscriberPortMappingEntriesHigh
natv2SubscriberNotificationInterval. NOTIFICATION-TYPE
OBJECTS { natv2SubscriberPortMapEntries,
natv2SubscriberPortMapCreations }
STATUS current
DESCRIPTION
"This notification is triggered when the value of
natv2SubscriberPortMapEntries for an individual subscriber
becomes greater than or equal to the value of the
natv2SubscriberThresholdPortMapEntriesHigh object for that
subscriber, unless disabled by setting that threshold to -1.
natv2SubscriberPortMapEntries and Reporting is subject to the rate limitation given by
natv2SubscriberPortMapCreations are members of table natv2SubscriberNotificationInterval.
natv2SubscriberTable indexed by the subscriber for
which the event is being reported. The values
reported are those observed at the moment the notification
was triggered."
::= { natv2MIBNotifications 5 }
-- Device-level objects natv2SubscriberPortMapEntries and
natv2SubscriberPortMapCreations are members of table
natv2SubscriberTable indexed by the subscriber for
which the event is being reported. The values
reported are those observed at the moment the notification
was triggered."
::= { natv2MIBNotifications 5 }
natv2MIBDeviceObjects OBJECT IDENTIFIER ::= { natv2MIB 1 } -- Device-level objects
-- subscriber table natv2MIBDeviceObjects OBJECT IDENTIFIER ::= { natv2MIB 1 }
natv2SubscriberTable OBJECT-TYPE -- subscriber table
SYNTAX SEQUENCE OF Natv2SubscriberEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of subscribers. As well as the subscriber index, it
provides per-subscriber state and counter objects, a last
discontinuity time object for the counters, and writable
threshold value and limit on port consumption."
REFERENCE
"RFC yyyy Section 3.3.3."
::= { natv2MIBDeviceObjects 1 }
natv2SubscriberEntry OBJECT-TYPE natv2SubscriberTable OBJECT-TYPE
SYNTAX Natv2SubscriberEntry SYNTAX SEQUENCE OF Natv2SubscriberEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Each entry describes a single subscriber." "Table of subscribers. As well as the subscriber index, it
INDEX { natv2SubscriberIndex } provides per-subscriber state and counter objects, a last
::= { natv2SubscriberTable 1 } discontinuity time object for the counters, and writable
threshold value and limit on port consumption."
REFERENCE
"RFC yyyy Section 3.3.3."
::= { natv2MIBDeviceObjects 1 }
Natv2SubscriberEntry ::= natv2SubscriberEntry OBJECT-TYPE
SEQUENCE { SYNTAX Natv2SubscriberEntry
natv2SubscriberIndex Natv2SubscriberIndex, MAX-ACCESS not-accessible
natv2SubscriberInternalRealm SnmpAdminString, STATUS current
natv2SubscriberInternalPrefixType InetAddressType, DESCRIPTION
natv2SubscriberInternalPrefix InetAddress, "Each entry describes a single subscriber."
natv2SubscriberInternalPrefixLength InetAddressPrefixLength, INDEX { natv2SubscriberIndex }
-- State ::= { natv2SubscriberTable 1 }
natv2SubscriberAddressMapEntries Unsigned32,
natv2SubscriberPortMapEntries Unsigned32,
-- Counters and last discontinuity time
natv2SubscriberTranslations Counter64,
natv2SubscriberAddressMapCreations Counter64,
natv2SubscriberPortMapCreations Counter64,
natv2SubscriberAddressMapFailureDrops Counter64,
natv2SubscriberPortMapFailureDrops Counter64,
natv2SubscriberDiscontinuityTime TimeStamp,
-- Read-write controls
natv2SubscriberLimitPortMapEntries Unsigned32,
-- Disable notifications by setting threshold to -1
natv2SubscriberThresholdPortMapEntriesHigh Integer32,
-- Disable limit by setting to 0
natv2SubscriberNotificationInterval Unsigned32
}
natv2SubscriberIndex OBJECT-TYPE Natv2SubscriberEntry ::=
SYNTAX Natv2SubscriberIndex SEQUENCE {
MAX-ACCESS not-accessible natv2SubscriberIndex Natv2SubscriberIndex,
STATUS current natv2SubscriberInternalRealm SnmpAdminString,
DESCRIPTION natv2SubscriberInternalPrefixType InetAddressType,
"A unique value, greater than zero, for each subscriber natv2SubscriberInternalPrefix InetAddress,
in the managed system. The value for each natv2SubscriberInternalPrefixLength InetAddressPrefixLength,
subscriber MUST remain constant at least from one -- State
update of the entity's natv2SubscriberDiscontinuityTime natv2SubscriberAddressMapEntries Unsigned32,
object until the next update of that object. If a natv2SubscriberPortMapEntries Unsigned32,
subscriber is deleted, its assigned index value MUST NOT -- Counters and last discontinuity time
be assigned to another subscriber at least until natv2SubscriberTranslations Counter64,
reinitialization of the entity's management system." natv2SubscriberAddressMapCreations Counter64,
::= { natv2SubscriberEntry 1 } natv2SubscriberPortMapCreations Counter64,
natv2SubscriberAddressMapFailureDrops Counter64,
natv2SubscriberPortMapFailureDrops Counter64,
natv2SubscriberDiscontinuityTime TimeStamp,
-- Read-write controls
natv2SubscriberLimitPortMapEntries Unsigned32,
-- Disable notifications by setting threshold to -1
natv2SubscriberThresholdPortMapEntriesHigh Integer32,
-- Disable limit by setting to 0
natv2SubscriberNotificationInterval Unsigned32
}
-- Configuration for this subscriber: realm, internal address(es) natv2SubscriberIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique value, greater than zero, for each subscriber
in the managed system. The value for each
subscriber MUST remain constant at least from one
update of the entity's natv2SubscriberDiscontinuityTime
object until the next update of that object. If a
subscriber is deleted, its assigned index value MUST NOT
be assigned to another subscriber at least until
reinitialization of the entity's management system."
::= { natv2SubscriberEntry 1 }
natv2SubscriberInternalRealm OBJECT-TYPE -- Configuration for this subscriber: realm, internal address(es)
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address realm to which this subscriber belongs. A realm
defines an address space. All NATs support at least two
realms.
The default realm for subscribers is 'internal'. natv2SubscriberInternalRealm OBJECT-TYPE
Administrators can set other values for individual SYNTAX SnmpAdminString (SIZE(0..32))
subscribers when they are configured. The administrator MAY MAX-ACCESS read-only
configure a new value of natv2SubscriberRealm at any time STATUS current
subsequent to initial configuration of the subscriber. If DESCRIPTION
this happens, it MUST be treated as a point of discontinuity "The address realm to which this subscriber belongs. A realm
requiring an update of natv2SubscriberDiscontinuityTime. defines an address space. All NATs support at least two
realms.
When the subscriber sends a packet to the NAT through a The default realm for subscribers is 'internal'.
DS-Lite [RFC 6333] tunnel, this is the realm of the outer Administrators can set other values for individual
packet header source address. Other tunneled access is out subscribers when they are configured. The administrator MAY
of scope." configure a new value of natv2SubscriberRealm at any time
REFERENCE subsequent to initial configuration of the subscriber. If
"Address realm: RFC 2663. DS-Lite: RFC 6333." this happens, it MUST be treated as a point of discontinuity
DEFVAL requiring an update of natv2SubscriberDiscontinuityTime.
{ "internal" }
::= { natv2SubscriberEntry 2 }
natv2SubscriberInternalPrefixType OBJECT-TYPE When the subscriber sends a packet to the NAT through a
SYNTAX InetAddressType DS-Lite [RFC 6333] tunnel, this is the realm of the outer
MAX-ACCESS read-only packet header source address. Other tunneled access is out
STATUS current of scope."
DESCRIPTION REFERENCE
"Subscriber's internal prefix type. Any value other than "Address realm: RFC 2663. DS-Lite: RFC 6333."
ipv4(1) or ipv6(2) would be unexpected. In the case of DEFVAL
DS-Lite access, this is the prefix type (IPv6(2)) used in { "internal" }
the outer packet header." ::= { natv2SubscriberEntry 2 }
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2SubscriberEntry 3 }
natv2SubscriberInternalPrefix OBJECT-TYPE natv2SubscriberInternalPrefixType OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Prefix assigned to a subscriber's CPE. Source addresses of "Subscriber's internal prefix type. Any value other than
packets outgoing from the subscriber will be contained ipv4(1) or ipv6(2) would be unexpected. In the case of
within this prefix. In the case of DS-Lite access, DS-Lite access, this is the prefix type (IPv6(2)) used in
the source address taken from the prefix will be the outer packet header."
that of the outer header." REFERENCE
REFERENCE "DS-Lite: RFC 6333."
"DS-Lite: RFC 6333." ::= { natv2SubscriberEntry 3 }
::= { natv2SubscriberEntry 4 }
natv2SubscriberInternalPrefixLength OBJECT-TYPE natv2SubscriberInternalPrefix OBJECT-TYPE
SYNTAX InetAddressPrefixLength SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Length of the prefix assigned to a subscriber's CPE, in "Prefix assigned to a subscriber's CPE. The type of this
bits. If a single address is assigned, this will be 32 prefix is given by natv2SubscriberInternalPrefixType. Source
for IPv4 and 128 for IPv6." addresses of packets outgoing from the subscriber will be
contained within this prefix. In the case of DS-Lite
access, the source address taken from the prefix will be
that of the outer header."
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2SubscriberEntry 4 }
::= { natv2SubscriberEntry 5 } natv2SubscriberInternalPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Length of the prefix assigned to a subscriber's CPE, in
bits. If a single address is assigned, this will be 32
for IPv4 and 128 for IPv6."
::= { natv2SubscriberEntry 5 }
-- State objects -- State objects
natv2SubscriberAddressMapEntries OBJECT-TYPE natv2SubscriberAddressMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of address map entries for the "The current number of address map entries for the
subscriber, including static mappings. An address map entry subscriber, including static mappings. An address map entry
maps from a given internal address and realm to an external maps from a given internal address and realm to an external
address in a particular external realm. This definition address in a particular external realm. This definition
includes 'hairpin' mappings, where the external realm is the includes 'hairpin' mappings, where the external realm is the
same as the internal one. Address map entries are also same as the internal one. Address map entries are also
tracked per instance and per address pool within the tracked per instance and per address pool within the
instance." instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.8." "RFC yyyy Section 3.3.8."
::= { natv2SubscriberEntry 6 } ::= { natv2SubscriberEntry 6 }
natv2SubscriberPortMapEntries OBJECT-TYPE natv2SubscriberPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of port map entries in the port map table "The current number of port map entries in the port map table
for the subscriber, including static mappings. A port map for the subscriber, including static mappings. A port map
entry maps from a given external realm, address, and port entry maps from a given external realm, address, and port
for a given protocol to an internal realm, address, and for a given protocol to an internal realm, address, and
port. This definition includes 'hairpin' mappings, where the port. This definition includes 'hairpin' mappings, where the
external realm is the same as the internal one. Port map external realm is the same as the internal one. Port map
entries are also tracked per instance and per protocol and entries are also tracked per instance and per protocol and
address pool within the instance." address pool within the instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.9." "RFC yyyy Section 3.3.9."
::= { natv2SubscriberEntry 7 } ::= { natv2SubscriberEntry 7 }
-- Counters and last discontinuity time -- Counters and last discontinuity time
natv2SubscriberTranslations OBJECT-TYPE natv2SubscriberTranslations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of translated packets received from or "The cumulative number of translated packets received from or
sent to this subscriber. This value MUST be monotone sent to this subscriber. This value MUST be monotone
increasing in the periods between updates of the entity's increasing in the periods between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime." before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 8 } ::= { natv2SubscriberEntry 8 }
natv2SubscriberAddressMapCreations OBJECT-TYPE natv2SubscriberAddressMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of address map entries created for "The cumulative number of address map entries created for
this subscriber, including static mappings. Address map this subscriber, including static mappings. Address map
entries are also tracked per instance and per protocol and entries are also tracked per instance and per protocol and
address pool within the instance. address pool within the instance.
This value MUST be monotone increasing in This value MUST be monotone increasing in
the periods between updates of the entity's the periods between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime." before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 9 } ::= { natv2SubscriberEntry 9 }
natv2SubscriberPortMapCreations OBJECT-TYPE natv2SubscriberPortMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of port map entries created for this "The cumulative number of port map entries created for this
subscriber, including static mappings. Port map entries are subscriber, including static mappings. Port map entries are
also tracked per instance and per protocol and address pool also tracked per instance and per protocol and address pool
within the instance. within the instance.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime." before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 10 } ::= { natv2SubscriberEntry 10 }
natv2SubscriberAddressMapFailureDrops OBJECT-TYPE natv2SubscriberAddressMapFailureDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets originated by this "The cumulative number of packets originated by this
subscriber that were dropped because the packet would have subscriber that were dropped because the packet would have
triggered the creation of a new address map entry, but no triggered the creation of a new address map entry, but no
address could be allocated in the selected external realm address could be allocated in the selected external realm
because all addresses from the selected address pool (or the because all addresses from the selected address pool (or the
whole realm, if no address pool has been configured for that whole realm, if no address pool has been configured for that
realm) have already been fully allocated. realm) have already been fully allocated.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime." before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 11 } ::= { natv2SubscriberEntry 11 }
natv2SubscriberPortMapFailureDrops OBJECT-TYPE natv2SubscriberPortMapFailureDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped because the "The cumulative number of packets dropped because the
packet would have triggered the creation of a new packet would have triggered the creation of a new
port mapping, but no port could be allocated for the port mapping, but no port could be allocated for the
protocol concerned. The usual case for this will be protocol concerned. The usual case for this will be
for a NAT instance that supports address pooling and for a NAT instance that supports address pooling and
the 'paired' pooling behavior recommended by RFC 4787, the 'paired' pooling behavior recommended by RFC 4787,
where the internal endpoint has used up all of the where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to ports allocated to it for the address it was mapped to
in the selected address pool in the external realm in the selected address pool in the external realm
concerned and cannot be given more ports because concerned and cannot be given more ports because
- policy or implementation prevents it from having a - policy or implementation prevents it from having a
second address in the same pool, and second address in the same pool, and
- policy or unavailability prevents it from acquiring - policy or unavailability prevents it from acquiring
more ports at its originally assigned address. more ports at its originally assigned address.
If the NAT instance supports address pooling but its If the NAT instance supports address pooling but its
pooling behavior is 'arbitrary' (meaning that pooling behavior is 'arbitrary' (meaning that
the NAT instance can allocate a new port mapping for the NAT instance can allocate a new port mapping for
the given internal endpoint on any address in the the given internal endpoint on any address in the
selected address pool and is not bound to what it has selected address pool and is not bound to what it has
already mapped for that endpoint), then this counter already mapped for that endpoint), then this counter
is incremented when all ports for the protocol concerned is incremented when all ports for the protocol concerned
over the whole of the selected address pool are already over the whole of the selected address pool are already
in use. in use.
As a third case, if no address pools have been configured As a third case, if no address pools have been configured
for the external realm concerned, then this counter is for the external realm concerned, then this counter is
incremented because all ports for the protocol involved over incremented because all ports for the protocol involved over
the whole set of addresses available for that external realm the whole set of addresses available for that external realm
are already in use. are already in use.
Finally, this counter is incremented if the packet would Finally, this counter is incremented if the packet would
have triggered the creation of a new port mapping, but the have triggered the creation of a new port mapping, but the
current value of natv2SubscriberPortMapEntries equals or current value of natv2SubscriberPortMapEntries equals or
exceeds the value of natv2SubscriberLimitPortMapEntries exceeds the value of natv2SubscriberLimitPortMapEntries
for this subscriber (unless that limit is disabled). for this subscriber (unless that limit is disabled).
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime." before the new value of natv2SubscriberDiscontinuityTime."
REFERENCE REFERENCE
"Pooling behavior: RFC 4787, end of section 4.1." "Pooling behavior: RFC 4787, end of section 4.1."
::= { natv2SubscriberEntry 12 } ::= { natv2SubscriberEntry 12 }
natv2SubscriberDiscontinuityTime OBJECT-TYPE natv2SubscriberDiscontinuityTime OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Snapshot of the value of the sysUpTime object at the "Snapshot of the value of the sysUpTime object at the
beginning of the latest period of continuity of the beginning of the latest period of continuity of the
statistical counters associated with this subscriber." statistical counters associated with this subscriber."
::= { natv2SubscriberEntry 14 } ::= { natv2SubscriberEntry 14 }
-- Per-subscriber limit and threshold on port mappings -- Per-subscriber limit and threshold on port mappings
-- Disabled if set to zero -- Disabled if set to zero
natv2SubscriberLimitPortMapEntries OBJECT-TYPE natv2SubscriberLimitPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on total number of port mappings active for this "Limit on total number of port mappings active for this
subscriber (natv2SubscriberPortMapEntries). Once this limit subscriber (natv2SubscriberPortMapEntries). Once this limit
is reached, packets that might have triggered new port is reached, packets that might have triggered new port
mappings are dropped. The number of such packets dropped is mappings are dropped. The number of such packets dropped is
counted in natv2InstancePortMapFailureDrops. counted in natv2InstancePortMapFailureDrops.
Limit is disabled if set to zero." Limit is disabled if set to zero."
DEFVAL DEFVAL
{ 0 } { 0 }
::= { natv2SubscriberEntry 15 } ::= { natv2SubscriberEntry 15 }
natv2SubscriberThresholdPortMapEntriesHigh OBJECT-TYPE natv2SubscriberThresholdPortMapEntriesHigh OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Notification threshold for total number of port mappings "Notification threshold for total number of port mappings
active for this subscriber. Whenever active for this subscriber. Whenever
natv2SubscriberPortMapEntries is updated, if it equals or natv2SubscriberPortMapEntries is updated, if it equals or
exceeds natv2SubscriberThresholdPortMapEntriesHigh, the exceeds natv2SubscriberThresholdPortMapEntriesHigh, the
notification notification
natv2NotificationSubscriberPortMappingEntriesHigh is natv2NotificationSubscriberPortMappingEntriesHigh is
triggered, unless the notification is disabled by setting triggered, unless the notification is disabled by setting
the threshold to -1. Reporting is subject to the minimum the threshold to -1. Reporting is subject to the minimum
inter-notification interval given by inter-notification interval given by
natv2SubscriberNotificationInterval. If multiple natv2SubscriberNotificationInterval. If multiple
notifications are triggered during one interval, the agent notifications are triggered during one interval, the agent
MUST report only the one containing the highest value of MUST report only the one containing the highest value of
natv2SubscriberPortMapEntries and discard the others." natv2SubscriberPortMapEntries and discard the others."
DEFVAL DEFVAL
{ -1 } { -1 }
::= { natv2SubscriberEntry 16 } ::= { natv2SubscriberEntry 16 }
natv2SubscriberNotificationInterval OBJECT-TYPE natv2SubscriberNotificationInterval OBJECT-TYPE
SYNTAX Unsigned32 (1..3600) SYNTAX Unsigned32 (1..3600)
UNITS UNITS
"Seconds" "Seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Minimum number of seconds between successive "Minimum number of seconds between successive
reporting of notifications for this subscriber. Controls the reporting of notifications for this subscriber. Controls the
reporting of reporting of
natv2NotificationSubscriberPortMappingEntriesHigh." natv2NotificationSubscriberPortMappingEntriesHigh."
DEFVAL DEFVAL
{ 60 } { 60 }
::= { natv2SubscriberEntry 17 } ::= { natv2SubscriberEntry 17 }
-- Per-NAT-instance objects -- Per-NAT-instance objects
natv2MIBInstanceObjects OBJECT IDENTIFIER ::= { natv2MIB 2 } natv2MIBInstanceObjects OBJECT IDENTIFIER ::= { natv2MIB 2 }
-- Instance table -- Instance table
natv2InstanceTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2InstanceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of NAT instances. As well as state and counter
objects, it provides the instance index, instance name, and
the last discontinuity time object which is applicable to
the counters. It also contains writable thresholds for
reporting of notifications and limits on usage of resources
at the level of the NAT instance.
natv2InstanceTable OBJECT-TYPE It is assumed that NAT instances can be created and deleted
SYNTAX SEQUENCE OF Natv2InstanceEntry dynamically, but this MIB module does not provide the means
MAX-ACCESS not-accessible to do so. For restrictions on assignment and maintenance of
STATUS current the NAT index instance see the description of
DESCRIPTION natv2InstanceIndex in the table below. For the requirements
"Table of NAT instances. As well as state and counter on maintenance of the values of the counters in this table
objects, it provides the instance index, instance name, and see the description of natv2InstanceDiscontinuityTime in
the last discontinuity time object which is applicable to this table.
the counters. It also contains writable thresholds for
reporting of notifications and limits on usage of resources
at the level of the NAT instance.
It is assumed that NAT instances can be created and deleted Each NAT instance has its own resources and behavior. The
dynamically, but this MIB module does not provide the means resources include memory as reflected in space for map
to do so. For restrictions on assignment and maintenance of entries, processing power as reflected in the rate of map
the NAT index instance see the description of creation and deletion, and mappable addresses in each realm
natv2InstanceIndex in the table below. For the requirements that can play the role of an external realm for at least
on maintenance of the values of the counters in this table some mappings for that instance. The NAT instance table
see the description of natv2InstanceDiscontinuityTime in includes limits and notification thresholds that relate to
this table. memory usage for mapping at the level of the whole instance.
The limit on number of subscribers with active mappings is a
limit to some extent on processor usage.
Each NAT instance has its own resources and behavior. The The mappable 'external' addresses may or may not be
resources include memory as reflected in space for map organized into address pools. For a definition of address
entries, processing power as reflected in the rate of map pools see the description of natv2PoolTable. If the instance
creation and deletion, and mappable addresses in each realm does support address pools, it also has a pooling behavior.
that can play the role of an external realm for at least Mapping, filtering, and pooling behavior are defined in the
some mappings for that instance. The NAT instance table descriptions of the natv2InstancePortMappingBehavior,
includes limits and notification thresholds that relate to natv2InstanceFilteringBehavior, and
memory usage for mapping at the level of the whole instance. natv2InstancePoolingBehavior objects in this table. The
The limit on number of subscribers with active mappings is a instance also has a fragmentation behavior, defined in the
limit to some extent on processor usage. description of the natv2InstanceFragmentBehavior object."
REFERENCE
"RFC yyyy Section 3.3.4. NAT behaviors: RFC 4787
(primary, UDP); RFC 5382 (TCP), RFC 5508 (ICMP), RFC5597
(DCCP)."
::= { natv2MIBInstanceObjects 1 }
The mappable 'external' addresses may or may not be natv2InstanceEntry OBJECT-TYPE
organized into address pools. For a definition of address SYNTAX Natv2InstanceEntry
pools see the description of natv2PoolTable. If the instance MAX-ACCESS not-accessible
does support address pools, it also has a pooling behavior. STATUS current
Mapping, filtering, and pooling behavior are defined in the DESCRIPTION
descriptions of the natv2InstancePortMappingBehavior, "Objects related to a single NAT instance."
natv2InstanceFilteringBehavior, and INDEX { natv2InstanceIndex }
natv2InstancePoolingBehavior objects in this table. The ::= { natv2InstanceTable 1 }
instance also has a fragmentation behavior, defined in the
description of the natv2InstanceFragmentBehavior object."
REFERENCE
"RFC yyyy Section 3.3.4. NAT behaviors: RFC 4787
(primary, UDP); RFC 5382 (TCP), RFC 5508 (ICMP), RFC5597
(DCCP)."
::= { natv2MIBInstanceObjects 1 }
natv2InstanceEntry OBJECT-TYPE Natv2InstanceEntry ::=
SYNTAX Natv2InstanceEntry SEQUENCE {
MAX-ACCESS not-accessible natv2InstanceIndex Natv2InstanceIndex,
STATUS current natv2InstanceAlias DisplayString,
DESCRIPTION -- Configured behaviors
"Objects related to a single NAT instance." natv2InstancePortMappingBehavior INTEGER,
INDEX { natv2InstanceIndex } natv2InstanceFilteringBehavior INTEGER,
::= { natv2InstanceTable 1 } natv2InstancePoolingBehavior INTEGER,
natv2InstanceFragmentBehavior INTEGER,
-- State
natv2InstanceAddressMapEntries Unsigned32,
natv2InstancePortMapEntries Unsigned32,
-- Statistics and discontinuity time
natv2InstanceTranslations Counter64,
natv2InstanceAddressMapCreations Counter64,
natv2InstancePortMapCreations Counter64,
natv2InstanceAddressMapEntryLimitDrops Counter64,
natv2InstancePortMapEntryLimitDrops Counter64,
natv2InstanceSubscriberActiveLimitDrops Counter64,
natv2InstanceAddressMapFailureDrops Counter64,
natv2InstancePortMapFailureDrops Counter64,
natv2InstanceFragmentDrops Counter64,
natv2InstanceOtherResourceFailureDrops Counter64,
natv2InstanceDiscontinuityTime TimeStamp,
-- Notification thresholds, disabled if set to -1
natv2InstanceThresholdAddressMapEntriesHigh Integer32,
natv2InstanceThresholdPortMapEntriesHigh Integer32,
natv2InstanceNotificationInterval Unsigned32,
-- Limits, disabled if set to 0
natv2InstanceLimitAddressMapEntries Unsigned32,
natv2InstanceLimitPortMapEntries Unsigned32,
natv2InstanceLimitPendingFragments Unsigned32,
natv2InstanceLimitSubscriberActives Unsigned32
}
Natv2InstanceEntry ::= natv2InstanceIndex OBJECT-TYPE
SEQUENCE { SYNTAX Natv2InstanceIndex
natv2InstanceIndex Natv2InstanceIndex, MAX-ACCESS not-accessible
natv2InstanceAlias DisplayString, STATUS current
-- Configured behaviors DESCRIPTION
natv2InstancePortMappingBehavior INTEGER, "NAT instance index. It is up to the implementation to
natv2InstanceFilteringBehavior INTEGER, determine which values correspond to in-service NAT
natv2InstancePoolingBehavior INTEGER, instances. This object is used as an index for all tables
natv2InstanceFragmentBehavior INTEGER, defined below."
-- State ::= { natv2InstanceEntry 1 }
natv2InstanceAddressMapEntries Unsigned32,
natv2InstancePortMapEntries Unsigned32,
-- Statistics and discontinuity time
natv2InstanceTranslations Counter64,
natv2InstanceAddressMapCreations Counter64,
natv2InstancePortMapCreations Counter64,
natv2InstanceAddressMapEntryLimitDrops Counter64,
natv2InstancePortMapEntryLimitDrops Counter64,
natv2InstanceSubscriberActiveLimitDrops Counter64,
natv2InstanceAddressMapFailureDrops Counter64,
natv2InstancePortMapFailureDrops Counter64,
natv2InstanceFragmentDrops Counter64,
natv2InstanceOtherResourceFailureDrops Counter64,
natv2InstanceDiscontinuityTime TimeStamp,
-- Notification thresholds, disabled if set to -1
natv2InstanceThresholdAddressMapEntriesHigh Integer32,
natv2InstanceThresholdPortMapEntriesHigh Integer32,
natv2InstanceNotificationInterval Unsigned32,
-- Limits, disabled if set to 0
natv2InstanceLimitAddressMapEntries Unsigned32,
natv2InstanceLimitPortMapEntries Unsigned32,
natv2InstanceLimitPendingFragments Unsigned32,
natv2InstanceLimitSubscriberActives Unsigned32
}
natv2InstanceIndex OBJECT-TYPE natv2InstanceAlias OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX DisplayString (SIZE (0..64))
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT instance index. It is up to the implementation to "This object is an 'alias' name for the NAT instance as
determine which values correspond to in-service NAT specified by a network manager, and provides a non-volatile
instances. This object is used as an index for all tables 'handle' for the instance.
defined below."
::= { natv2InstanceEntry 1 }
natv2InstanceAlias OBJECT-TYPE An example of the value which a network manager might store
SYNTAX DisplayString (SIZE (0..64)) in this object for a NAT instance is the name/identifier of
MAX-ACCESS read-only the interface that brings in internal traffic for this NAT
STATUS current instance or the name of the VRF for internal traffic."
DESCRIPTION ::= { natv2InstanceEntry 2 }
"This object is an 'alias' name for the NAT instance as
specified by a network manager, and provides a non-volatile
'handle' for the instance.
An example of the value which a network manager might store -- Configured behaviors
in this object for a NAT instance is the name/identifier of
the interface that brings in internal traffic for this NAT
instance or the name of the VRF for internal traffic."
::= { natv2InstanceEntry 2 }
-- Configured behaviors natv2InstancePortMappingBehavior OBJECT-TYPE
SYNTAX INTEGER {
endpointIndependent (0),
addressDependent (1),
addressAndPortDependent (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Port mapping behavior is the policy governing selection of
external address and port in a given realm for a given
five-tuple of source address and port, destination address
and port, and protocol.
natv2InstancePortMappingBehavior OBJECT-TYPE endpointIndependent(0), the behavior REQUIRED by RFC 4787
SYNTAX INTEGER { REQ-1, maps the source address and port to the same
endpointIndependent (0), external address and port for all destination address and
addressDependent (1), port combinations reached through the same external realm
addressAndPortDependent (2) and using the given protocol.
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Port mapping behavior is the policy governing selection of
external address and port in a given realm for a given
five-tuple of source address and port, destination address
and port, and protocol.
endpointIndependent(0), the behavior REQUIRED by RFC 4787 addressDependent(1) maps to the same external address and
REQ-1, maps the source address and port to the same port for all destination ports at the same destination
external address and port for all destination address and address reached through the same external realm and using
port combinations reached through the same external realm the given protocol.
and using the given protocol.
addressDependent(1) maps to the same external address and addressAndPortDependent(2) maps to a separate external
port for all destination ports at the same destination address and port combination for each different
address reached through the same external realm and using destination address and port combination reached through
the given protocol. the same external realm."
REFERENCE
"RFC 4787 section 4.1."
::= { natv2InstanceEntry 3 }
addressAndPortDependent(2) maps to a separate external natv2InstanceFilteringBehavior OBJECT-TYPE
address and port combination for each different SYNTAX INTEGER {
destination address and port combination reached through endpointIndependent (0),
the same external realm." addressDependent (1),
REFERENCE addressAndPortDependent (2)
"RFC 4787 section 4.1." }
::= { natv2InstanceEntry 3 } MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Filtering behavior is the policy governing acceptance or
dropping of packets incoming from remote sources via a
given external realm and destined to a specific three-tuple
of external address, port, and protocol at the NAT instance
that has been assigned in a port mapping.
natv2InstanceFilteringBehavior OBJECT-TYPE endpointIndependent(0) accepts for translation packets from
SYNTAX INTEGER { all combinations of remote address and port destined to the
endpointIndependent (0), mapped external address and port via the given external
addressDependent (1), realm and using the given protocol.
addressAndPortDependent (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Filtering behavior is the policy governing acceptance or
dropping of packets incoming from remote sources via a
given external realm and destined to a specific three-tuple
of external address, port, and protocol at the NAT instance
that has been assigned in a port mapping.
endpointIndependent(0) accepts for translation packets from addressDependent(1) accepts for translation packets from all
all combinations of remote address and port destined to the remote ports from the same remote source address destined to
mapped external address and port via the given external the mapped external address and port via the given external
realm and using the given protocol. realm and using the given protocol.
addressDependent(1) accepts for translation packets from all addressAndPortDependent(2) accepts for translation only
remote ports from the same remote source address destined to those packets with the same remote source address, port, and
the mapped external address and port via the given external protocol incoming from the same external realm as identified
realm and using the given protocol. when the applicable port map entry was created.
addressAndPortDependent(2) accepts for translation only RFC 4787 REQ-8 recommends either endpointIndependent(0) or
those packets with the same remote source address, port, and addressDependent(1) filtering behavior depending on whether
protocol incoming from the same external realm as identified application-friendliness or security takes priority."
when the applicable port map entry was created. REFERENCE
"RFC 4787 section 5."
::= { natv2InstanceEntry 4 }
RFC 4787 REQ-8 recommends either endpointIndependent(0) or natv2InstancePoolingBehavior OBJECT-TYPE
addressDependent(1) filtering behavior depending on whether SYNTAX INTEGER {
application-friendliness or security takes priority." arbitrary (0),
REFERENCE paired (1)
"RFC 4787 section 5." }
::= { natv2InstanceEntry 4 } MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Pooling behavior is the policy used to select the address
for a new port mapping within a given address pool to which
the internal address has already been mapped.
natv2InstancePoolingBehavior OBJECT-TYPE arbitrary(0) pooling behavior means that the NAT instance
SYNTAX INTEGER { may create the new port mapping using any address in the
arbitrary (0), pool that has a free port for the protocol concerned.
paired (1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Pooling behavior is the policy used to select the address
for a new port mapping within a given address pool to which
the internal address has already been mapped.
arbitrary(0) pooling behavior means that the NAT instance paired(1) pooling behavior, the behavior RECOMMENDED by RFC
may create the new port mapping using any address in the 4787 REQ-2, means that once a given internal address has
pool that has a free port for the protocol concerned. been mapped to a particular address in a particular pool,
further mappings of the same internal address to that pool
will reuse the previously assigned pool member address."
REFERENCE
"RFC 4787 near the end of section 4.1"
::= { natv2InstanceEntry 5 }
paired(1) pooling behavior, the behavior RECOMMENDED by RFC natv2InstanceFragmentBehavior OBJECT-TYPE
4787 REQ-2, means that once a given internal address has SYNTAX INTEGER {
been mapped to a particular address in a particular pool, fragmentNone (0),
further mappings of the same internal address to that pool fragmentInOrder (1),
will reuse the previously assigned pool member address." fragmentOutOfOrder (2)
REFERENCE }
"RFC 4787 near the end of section 4.1" MAX-ACCESS read-only
::= { natv2InstanceEntry 5 } STATUS current
DESCRIPTION
"Fragment behavior is the NAT instance's capability to
receive and translate fragments incoming from remote
sources.
natv2InstanceFragmentBehavior OBJECT-TYPE fragmentNone(0) implies no capability to translate incoming
SYNTAX INTEGER { fragments, so all received fragments are dropped. Each
fragmentNone (0), dropped fragment is counted in natv2InstanceFragmentDrops.
fragmentInOrder (1),
fragmentOutOfOrder (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Fragment behavior is the NAT instance's capability to
receive and translate fragments incoming from remote
sources.
fragmentNone(0) implies no capability to translate incoming fragmentInOrder(1) implies the ability to translate
fragments, so all received fragments are dropped. Each fragments only if they are received in order, so that in
dropped fragment is counted in natv2InstanceFragmentDrops. particular the header is in the first packet. If a fragment
is received out of order, it is dropped and counted in
natv2InstanceFragmentDrops.
fragmentInOrder(1) implies the ability to translate fragmentOutOfOrder(2), the capability REQUIRED by RFC 4787
fragments only if they are received in order, so that in REQ-14, implies the capability to translate fragments even
particular the header is in the first packet. If a fragment when they arrive out of order, subject to a protective
is received out of order, it is dropped and counted in limit natv2InstanceLimitPendingFragments on total number of
natv2InstanceFragmentDrops. fragments awaiting the first fragment of the chain. If the
implementation supports this capability,
natv2InstanceFragmentDrops is incremented only when a new
fragment arrives but is dropped because the limit on pending
fragments has already been reached."
REFERENCE
"RFC 4787 section 11."
::= { natv2InstanceEntry 6 }
fragmentOutOfOrder(2), the capability REQUIRED by RFC 4787 -- State
REQ-14, implies the capability to translate fragments even
when they arrive out of order, subject to a protective
limit natv2InstanceLimitPendingFragments on total number of
fragments awaiting the first fragment of the chain. If the
implementation supports this capability,
natv2InstanceFragmentDrops is incremented only when a new
fragment arrives but is dropped because the limit on pending
fragments has already been reached."
REFERENCE
"RFC 4787 section 11."
::= { natv2InstanceEntry 6 }
-- State natv2InstanceAddressMapEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of address map entries in total over the
whole NAT instance, including static mappings. An address
map entry maps from a given internal address and realm to an
external address in a particular external realm. This
definition includes 'hairpin' mappings, where the external
realm is the same as the internal one. Address map entries
are also tracked per subscriber and per address pool within
the instance."
REFERENCE
"RFC yyyy Section 3.3.8. RFC 4787 section 6."
::= { natv2InstanceEntry 7 }
natv2InstanceAddressMapEntries OBJECT-TYPE natv2InstancePortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of address map entries in total over the "The current number of entries in the port map table in total
whole NAT instance, including static mappings. An address over the whole NAT instance, including static mappings. A
map entry maps from a given internal address and realm to an port map entry maps from a given external realm, address,
external address in a particular external realm. This and port for a given protocol to an internal realm, address,
definition includes 'hairpin' mappings, where the external and port. This definition includes 'hairpin' mappings, where
realm is the same as the internal one. Address map entries the external realm is the same as the internal one. Port map
are also tracked per subscriber and per address pool within entries are also tracked per subscriber and per protocol and
the instance." address pool within the instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.8. RFC 4787 section 6." "RFC yyyy Section 3.3.9.
::= { natv2InstanceEntry 7 } Hairpinning: RFC 4787 Section 6."
::= { natv2InstanceEntry 8 }
natv2InstancePortMapEntries OBJECT-TYPE -- Statistics
SYNTAX Unsigned32 natv2InstanceTranslations OBJECT-TYPE
MAX-ACCESS read-only SYNTAX Counter64
STATUS current MAX-ACCESS read-only
DESCRIPTION STATUS current
"The current number of entries in the port map table in total DESCRIPTION
over the whole NAT instance, including static mappings. A "The cumulative number of translated packets passing through
port map entry maps from a given external realm, address, this NAT instance. This value MUST be monotone increasing in
and port for a given protocol to an internal realm, address, the periods between updates of
and port. This definition includes 'hairpin' mappings, where natv2InstanceDiscontinuityTime. If a manager detects a
the external realm is the same as the internal one. Port map change in the latter since the last time it sampled this
entries are also tracked per subscriber and per protocol and counter, it SHOULD NOT make use of the difference between
address pool within the instance." the latest value of the counter and any value retrieved
REFERENCE before the new value of natv2InstanceDiscontinuityTime."
"RFC yyyy Section 3.3.9. ::= { natv2InstanceEntry 9 }
Hairpinning: RFC 4787 Section 6."
::= { natv2InstanceEntry 8 }
-- Statistics natv2InstanceAddressMapCreations OBJECT-TYPE
natv2InstanceTranslations OBJECT-TYPE SYNTAX Counter64
SYNTAX Counter64 MAX-ACCESS read-only
MAX-ACCESS read-only STATUS current
STATUS current DESCRIPTION
DESCRIPTION "The cumulative number of address map entries created by the
"The cumulative number of translated packets passing through NAT instance, including static mappings. Address map
this NAT instance. This value MUST be monotone increasing in creations are also tracked per address pool within the
the periods between updates of instance and per subscriber.
natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 9 }
natv2InstanceAddressMapCreations OBJECT-TYPE This value MUST be monotone increasing in
SYNTAX Counter64 the periods between updates of
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of address map entries created by the the latest value of the counter and any value retrieved
NAT instance, including static mappings. Address map before the new value of natv2InstanceDiscontinuityTime."
creations are also tracked per address pool within the ::= { natv2InstanceEntry 10 }
instance and per subscriber.
This value MUST be monotone increasing in natv2InstancePortMapCreations OBJECT-TYPE
the periods between updates of SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of port map entries created by the
before the new value of natv2InstanceDiscontinuityTime." NAT instance, including static mappings. Port map
::= { natv2InstanceEntry 10 } creations are also tracked per protocol and address pool
within the instance and per subscriber.
natv2InstancePortMapCreations OBJECT-TYPE This value MUST be monotone increasing in
SYNTAX Counter64 the periods between updates of
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of port map entries created by the the latest value of the counter and any value retrieved
NAT instance, including static mappings. Port map before the new value of natv2InstanceDiscontinuityTime."
creations are also tracked per protocol and address pool ::= { natv2InstanceEntry 11 }
within the instance and per subscriber.
This value MUST be monotone increasing in natv2InstanceAddressMapEntryLimitDrops OBJECT-TYPE
the periods between updates of SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped rather than
before the new value of natv2InstanceDiscontinuityTime." translated because the packet would have triggered
::= { natv2InstanceEntry 11 } the creation of a new address map entry but the limit
on number of address map entries for the NAT instance
given by natv2InstanceLimitAddressMapEntries has
already been reached.
natv2InstanceAddressMapEntryLimitDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the entity's
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets dropped rather than the latest value of the counter and any value retrieved
translated because the packet would have triggered before the new value of natv2InstanceDiscontinuityTime."
the creation of a new address map entry but the limit ::= { natv2InstanceEntry 12 }
on number of address map entries for the NAT instance
given by natv2InstanceLimitAddressMapEntries has
already been reached.
This value MUST be monotone increasing in the periods natv2InstancePortMapEntryLimitDrops OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped rather than
before the new value of natv2InstanceDiscontinuityTime." translated because the packet would have triggered
::= { natv2InstanceEntry 12 } the creation of a new port map entry but the limit
on number of port map entries for the NAT instance
given by natv2InstanceLimitPortMapEntries has
already been reached.
natv2InstancePortMapEntryLimitDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the entity's
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets dropped rather than the latest value of the counter and any value retrieved
translated because the packet would have triggered before the new value of natv2InstanceDiscontinuityTime."
the creation of a new port map entry but the limit ::= { natv2InstanceEntry 13 }
on number of port map entries for the NAT instance
given by natv2InstanceLimitPortMapEntries has
already been reached.
This value MUST be monotone increasing in the periods natv2InstanceSubscriberActiveLimitDrops OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped rather than
before the new value of natv2InstanceDiscontinuityTime." translated because the packet would have triggered the
::= { natv2InstanceEntry 13 } creation of a new mapping for a subscriber with no other
active mappings, but the limit on number of active
subscribers for the NAT instance given by
natv2InstanceLimitSubscriberActives has already been
reached.
natv2InstanceSubscriberActiveLimitDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the entity's
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets dropped rather than the latest value of the counter and any value retrieved
translated because the packet would have triggered the before the new value of natv2InstanceDiscontinuityTime."
creation of a new mapping for a subscriber with no other ::= { natv2InstanceEntry 14 }
active mappings, but the limit on number of active
subscribers for the NAT instance given by
natv2InstanceLimitSubscriberActives has already been
reached.
This value MUST be monotone increasing in the periods natv2InstanceAddressMapFailureDrops OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped because the packet
before the new value of natv2InstanceDiscontinuityTime." would have triggered the creation of a new address map
::= { natv2InstanceEntry 14 } entry, but no address could be allocated in the selected
external realm because all addresses from the selected
address pool (or the whole realm, if no address pool has
been configured for that realm) have already been fully
allocated.
natv2InstanceAddressMapFailureDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the entity's
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets dropped because the packet the latest value of the counter and any value retrieved
would have triggered the creation of a new address map before the new value of natv2InstanceDiscontinuityTime."
entry, but no address could be allocated in the selected ::= { natv2InstanceEntry 15 }
external realm because all addresses from the selected
address pool (or the whole realm, if no address pool has
been configured for that realm) have already been fully
allocated.
This value MUST be monotone increasing in the periods natv2InstancePortMapFailureDrops OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped because the
before the new value of natv2InstanceDiscontinuityTime." packet would have triggered the creation of a new
::= { natv2InstanceEntry 15 } port map entry, but no port could be allocated for the
protocol concerned. The usual case for this will be
for a NAT instance that supports address pooling and
the 'paired' pooling behavior recommended by RFC 4787,
where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to
in the selected address pool in the external realm
concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
natv2InstancePortMapFailureDrops OBJECT-TYPE If the NAT instance supports address pooling but its
SYNTAX Counter64 pooling behavior is 'arbitrary' (meaning that
MAX-ACCESS read-only the NAT instance can allocate a new port mapping for
STATUS current the given internal endpoint on any address in the
DESCRIPTION selected address pool and is not bound to what it has
"The cumulative number of packets dropped because the already mapped for that endpoint), then this counter
packet would have triggered the creation of a new is incremented when all ports for the protocol concerned
port map entry, but no port could be allocated for the over the whole of the selected address pool are already
protocol concerned. The usual case for this will be in use.
for a NAT instance that supports address pooling and
the 'paired' pooling behavior recommended by RFC 4787,
where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to
in the selected address pool in the external realm
concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
If the NAT instance supports address pooling but its Finally, if no address pools have been configured for the
pooling behavior is 'arbitrary' (meaning that external realm concerned, then this counter is incremented
the NAT instance can allocate a new port mapping for because all ports for the protocol involved over the whole
the given internal endpoint on any address in the set of addresses available for that external realm are
selected address pool and is not bound to what it has already in use.
already mapped for that endpoint), then this counter
is incremented when all ports for the protocol concerned
over the whole of the selected address pool are already
in use.
Finally, if no address pools have been configured for the This value MUST be monotone increasing in the periods
external realm concerned, then this counter is incremented between updates of the entity's
because all ports for the protocol involved over the whole natv2InstanceDiscontinuityTime. If a manager detects a
set of addresses available for that external realm are change in the latter since the last time it sampled this
already in use. counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
REFERENCE
"Pooling behavior: RFC 4787, end of section 4.1."
::= { natv2InstanceEntry 16 }
This value MUST be monotone increasing in the periods natv2InstanceFragmentDrops OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of fragments received by the NAT
before the new value of natv2InstanceDiscontinuityTime." instance but dropped rather than translated. When the NAT
REFERENCE instance supports the 'Receive Fragment Out of Order'
"Pooling behavior: RFC 4787, end of section 4.1." capability as required by RFC 4787, this occurs because the
::= { natv2InstanceEntry 16 } fragment was received out of order and would be added to the
queue of fragments awaiting the initial fragment of the
chain, but the queue has already reached the limit set by
natv2InstanceLimitsPendingFragments. Counting in other cases
is specified in the description of
natv2InstanceFragmentBehavior.
natv2InstanceFragmentDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the entity's
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of fragments received by the NAT the latest value of the counter and any value retrieved
instance but dropped rather than translated. When the NAT before the new value of natv2InstanceDiscontinuityTime."
instance supports the 'Receive Fragment Out of Order' REFERENCE
capability as required by RFC 4787, this occurs because the "RFC 4787, section 11."
fragment was received out of order and would be added to the ::= { natv2InstanceEntry 17 }
queue of fragments awaiting the initial fragment of the
chain, but the queue has already reached the limit set by
natv2InstanceLimitsPendingFragments. Counting in other cases
is specified in the description of
natv2InstanceFragmentBehavior.
This value MUST be monotone increasing in the periods natv2InstanceOtherResourceFailureDrops OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped because of
before the new value of natv2InstanceDiscontinuityTime." unavailability of a resource other than an address or port
REFERENCE that would have been required to process it. The most likely
"RFC 4787, section 11." case is where the upper layer protocol in the packet is not
::= { natv2InstanceEntry 17 } supported by the NAT instance.
natv2InstanceOtherResourceFailureDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the entity's
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets dropped because of the latest value of the counter and any value retrieved
unavailability of a resource other than an address or port before the new value of natv2InstanceDiscontinuityTime."
that would have been required to process it. The most likely ::= { natv2InstanceEntry 18 }
case is where the upper layer protocol in the packet is not
supported by the NAT instance.
This value MUST be monotone increasing in the periods natv2InstanceDiscontinuityTime OBJECT-TYPE
between updates of the entity's SYNTAX TimeStamp
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "Snapshot of the value of the sysUpTime object at the
before the new value of natv2InstanceDiscontinuityTime." beginning of the latest period of continuity of the
::= { natv2InstanceEntry 18 } statistical counters associated with this NAT instance."
::= { natv2InstanceEntry 19 }
natv2InstanceDiscontinuityTime OBJECT-TYPE -- Notification thresholds, disabled by setting to zero
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Snapshot of the value of the sysUpTime object at the
beginning of the latest period of continuity of the
statistical counters associated with this NAT instance."
::= { natv2InstanceEntry 19 }
-- Notification thresholds, disabled by setting to zero natv2InstanceThresholdAddressMapEntriesHigh OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Notification threshold for total number of address map
entries held by this NAT instance. Whenever
natv2InstanceAddressMapEntries is updated, if it equals or
exceeds natv2InstanceThresholdAddressMapEntriesHigh, then
natv2NotificationInstanceAddressMapEntriesHigh may be
triggered, unless the notification is disabled by setting
the threshold to -1. Reporting is subject to the minimum
inter-notification interval given by
natv2InstanceNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report
only the one containing the highest value of
natv2InstanceAddressMapEntries and discard the others."
DEFVAL
{ -1 }
::= { natv2InstanceEntry 20 }
natv2InstanceThresholdAddressMapEntriesHigh OBJECT-TYPE natv2InstanceThresholdPortMapEntriesHigh OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Notification threshold for total number of address map "Notification threshold for total number of port map
entries held by this NAT instance. Whenever entries held by this NAT instance. Whenever
natv2InstanceAddressMapEntries is updated, if it equals or natv2InstancePortMapEntries is updated, if it equals or
exceeds natv2InstanceThresholdAddressMapEntriesHigh, then exceeds natv2InstanceThresholdPortMapEntriesHigh, then
natv2NotificationInstanceAddressMapEntriesHigh may be natv2NotificationInstancePortMapEntriesHigh may be
triggered, unless the notification is disabled by setting triggered, unless the notification is disabled by setting
the threshold to -1. Reporting is subject to the minimum the threshold to -1. Reporting is subject to the minimum
inter-notification interval given by inter-notification interval given by
natv2InstanceNotificationInterval. If multiple notifications natv2InstanceNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report are triggered during one interval, the agent MUST report
only the one containing the highest value of only the one containing the highest value of
natv2InstanceAddressMapEntries and discard the others." natv2InstancePortMapEntries and discard the others."
DEFVAL DEFVAL
{ -1 } { -1 }
::= { natv2InstanceEntry 20 } ::= { natv2InstanceEntry 21 }
natv2InstanceThresholdPortMapEntriesHigh OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Notification threshold for total number of port map
entries held by this NAT instance. Whenever
natv2InstancePortMapEntries is updated, if it equals or
exceeds natv2InstanceThresholdPortMapEntriesHigh, then
natv2NotificationInstancePortMapEntriesHigh may be
triggered, unless the notification is disabled by setting
the threshold to -1. Reporting is subject to the minimum
inter-notification interval given by
natv2InstanceNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report
only the one containing the highest value of
natv2InstancePortMapEntries and discard the others."
DEFVAL
{ -1 }
::= { natv2InstanceEntry 21 }
natv2InstanceNotificationInterval OBJECT-TYPE natv2InstanceNotificationInterval OBJECT-TYPE
SYNTAX Unsigned32 (1..3600) SYNTAX Unsigned32 (1..3600)
UNITS UNITS
"Seconds" "Seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Minimum number of seconds between successive "Minimum number of seconds between successive
notifications for this NAT instance. Controls the reporting notifications for this NAT instance. Controls the reporting
of natv2NotificationInstanceAddressMapEntriesHigh and of natv2NotificationInstanceAddressMapEntriesHigh and
natv2NotificationInstancePortMapEntriesHigh." natv2NotificationInstancePortMapEntriesHigh."
DEFVAL DEFVAL
{ 10 } { 10 }
::= { natv2InstanceEntry 22 } ::= { natv2InstanceEntry 22 }
-- Limits, disabled if set to 0 -- Limits, disabled if set to 0
natv2InstanceLimitAddressMapEntries OBJECT-TYPE natv2InstanceLimitAddressMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on total number of address map entries supported by "Limit on total number of address map entries supported by
the NAT instance. When natv2InstanceAddressMapEntries has the NAT instance. When natv2InstanceAddressMapEntries has
reached this limit, subsequent packets that would normally reached this limit, subsequent packets that would normally
trigger creation of a new address map entry will be dropped trigger creation of a new address map entry will be dropped
and counted in natv2InstanceAddressMapEntryLimitDrops. and counted in natv2InstanceAddressMapEntryLimitDrops.
Warning of an approach to this limit can be achieved by Warning of an approach to this limit can be achieved by
setting natv2InstanceThresholdAddressMapEntriesHigh to a setting natv2InstanceThresholdAddressMapEntriesHigh to a
non-zero value, for example, 80% of the limit. The limit is non-zero value, for example, 80% of the limit. The limit is
disabled by setting its value to zero. disabled by setting its value to zero.
For further information please see the descriptions of For further information please see the descriptions of
natv2NotificationInstanceAddressMapEntriesHigh and natv2NotificationInstanceAddressMapEntriesHigh and
natv2InstanceAddressMapEntries." natv2InstanceAddressMapEntries."
DEFVAL DEFVAL
{ 0 } { 0 }
::= { natv2InstanceEntry 23 } ::= { natv2InstanceEntry 23 }
natv2InstanceLimitPortMapEntries OBJECT-TYPE natv2InstanceLimitPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on total number of port map entries supported by the "Limit on total number of port map entries supported by the
NAT instance. When natv2InstancePortMapEntries has reached NAT instance. When natv2InstancePortMapEntries has reached
this limit, subsequent packets that would normally trigger this limit, subsequent packets that would normally trigger
creation of a new port map entry will be dropped and counted creation of a new port map entry will be dropped and counted
in natv2InstancePortMapEntryLimitDrops. Warning of an in natv2InstancePortMapEntryLimitDrops. Warning of an
approach to this limit can be achieved by setting approach to this limit can be achieved by setting
natv2InstanceThresholdPortMapEntriesHigh to a non-zero natv2InstanceThresholdPortMapEntriesHigh to a non-zero
value, for example, 80% of the limit. The limit is disabled value, for example, 80% of the limit. The limit is disabled
by setting its value to zero. by setting its value to zero.
For further information please see the descriptions of For further information please see the descriptions of
natv2NotificationInstancePortMapEntriesHigh and natv2NotificationInstancePortMapEntriesHigh and
natv2InstancePortMapEntries." natv2InstancePortMapEntries."
DEFVAL DEFVAL
{ 0 } { 0 }
::= { natv2InstanceEntry 24 } ::= { natv2InstanceEntry 24 }
natv2InstanceLimitPendingFragments OBJECT-TYPE natv2InstanceLimitPendingFragments OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on number of out-of-order fragments received by the "Limit on number of out-of-order fragments received by the
NAT instance from remote sources and held until head of NAT instance from remote sources and held until head of
chain appears. While the number of held fragments is at this chain appears. While the number of held fragments is at this
limit, subsequent packets that contain fragments not limit, subsequent packets that contain fragments not
relating to those already held will be dropped and counted relating to those already held will be dropped and counted
in natv2InstancePendingFragmentLimitDrops. The limit is in natv2InstancePendingFragmentLimitDrops. The limit is
disabled by setting the value to zero. disabled by setting the value to zero.
Applicable only when the NAT instance supports 'Receive Applicable only when the NAT instance supports 'Receive
Fragments Out of Order' behavior, leave at default Fragments Out of Order' behavior, leave at default
otherwise. See the description of otherwise. See the description of
natv2InstanceFragmentBehavior." natv2InstanceFragmentBehavior."
REFERENCE REFERENCE
"RFC 4787 Section 11" "RFC 4787 Section 11"
DEFVAL { 0 } DEFVAL { 0 }
::= { natv2InstanceEntry 25 } ::= { natv2InstanceEntry 25 }
natv2InstanceLimitSubscriberActives OBJECT-TYPE natv2InstanceLimitSubscriberActives OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on number of total number of active subscribers "Limit on number of total number of active subscribers
supported by the NAT instance. An active subscriber is supported by the NAT instance. An active subscriber is
defined as any subscriber with at least one map entry, defined as any subscriber with at least one map entry,
including static mappings. While the number of active including static mappings. While the number of active
subscribers is at this limit, subsequent packets that would subscribers is at this limit, subsequent packets that would
otherwise trigger first mappings for newly active otherwise trigger first mappings for newly active
subscribers will be dropped and counted in subscribers will be dropped and counted in
natv2InstanceSubscriberActiveLimitDrops. The limit is natv2InstanceSubscriberActiveLimitDrops. The limit is
disabled by setting the value to zero." disabled by setting the value to zero."
DEFVAL { 0 } DEFVAL { 0 }
::= { natv2InstanceEntry 26 } ::= { natv2InstanceEntry 26 }
-- Table of counters per upper layer protocol identified by the -- Table of counters per upper layer protocol identified by the
-- packet header and supported by the NAT instance -- packet header and supported by the NAT instance
natv2ProtocolTable OBJECT-TYPE natv2ProtocolTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2ProtocolEntry SYNTAX SEQUENCE OF Natv2ProtocolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of protocols with per-protocol counters. Conceptual "Table of protocols with per-protocol counters. Conceptual
rows of the table are indexed by the combination of the NAT rows of the table are indexed by the combination of the NAT
instance number and the IANA-assigned upper layer protocol instance number and the IANA-assigned upper layer protocol
number as given by the ProtocolNumber TC and contained in number as given by the ProtocolNumber TC and contained in
the packet IP header. It is up to the agent implementation the packet IP header. It is up to the agent implementation
to determine and operate upon only those upper layer to determine and operate upon only those upper layer
protocol numbers supported by the NAT instance." protocol numbers supported by the NAT instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.5." "RFC yyyy Section 3.3.5."
::= { natv2MIBInstanceObjects 2 } ::= { natv2MIBInstanceObjects 2 }
natv2ProtocolEntry OBJECT-TYPE natv2ProtocolEntry OBJECT-TYPE
SYNTAX Natv2ProtocolEntry SYNTAX Natv2ProtocolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Per-protocol counters." "Per-protocol counters."
INDEX { natv2ProtocolInstanceIndex, INDEX { natv2ProtocolInstanceIndex,
natv2ProtocolNumber } natv2ProtocolNumber }
::= { natv2ProtocolTable 1 } ::= { natv2ProtocolTable 1 }
Natv2ProtocolEntry ::= Natv2ProtocolEntry ::=
SEQUENCE { SEQUENCE {
natv2ProtocolInstanceIndex Natv2InstanceIndex, natv2ProtocolInstanceIndex Natv2InstanceIndex,
natv2ProtocolNumber ProtocolNumber, natv2ProtocolNumber ProtocolNumber,
-- State -- State
natv2ProtocolPortMapEntries Unsigned32, natv2ProtocolPortMapEntries Unsigned32,
-- Statistics. Discontinuity object from instance table reused here. -- Statistics. Discontinuity object from instance table reused here.
natv2ProtocolTranslations Counter64, natv2ProtocolTranslations Counter64,
natv2ProtocolPortMapCreations Counter64, natv2ProtocolPortMapCreations Counter64,
natv2ProtocolPortMapFailureDrops Counter64 natv2ProtocolPortMapFailureDrops Counter64
} }
natv2ProtocolInstanceIndex OBJECT-TYPE natv2ProtocolInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT instance index. It is up to the implementation to "NAT instance index. It is up to the implementation to
determine and operate upon only those values that determine and operate upon only those values that
correspond to in-service NAT instances." correspond to in-service NAT instances."
::= { natv2ProtocolEntry 1 } ::= { natv2ProtocolEntry 1 }
natv2ProtocolNumber OBJECT-TYPE natv2ProtocolNumber OBJECT-TYPE
SYNTAX ProtocolNumber SYNTAX ProtocolNumber
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Counters in this conceptual row apply to packets indicating "Counters in this conceptual row apply to packets indicating
the upper layer protocol identified by the value of the upper layer protocol identified by the value of
this object. It is up to the implementation to determine and this object. It is up to the implementation to determine and
operate upon only those values that correspond to protocols operate upon only those values that correspond to protocols
supported by the NAT instance." supported by the NAT instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.5. "RFC yyyy Section 3.3.5.
IANA Protocol Numbers, http://www.iana.org/assignments/ IANA Protocol Numbers, http://www.iana.org/assignments/
protocol-numbers/protocol-numbers.xhtml#protocol-numbers-1" protocol-numbers/protocol-numbers.xhtml#protocol-numbers-1"
::= { natv2ProtocolEntry 2 } ::= { natv2ProtocolEntry 2 }
-- State -- State
natv2ProtocolPortMapEntries OBJECT-TYPE natv2ProtocolPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of entries in the port map table in total "The current number of entries in the port map table in total
over the whole NAT instance for a given protocol, including over the whole NAT instance for a given protocol, including
static mappings. A port map entry maps from a given external static mappings. A port map entry maps from a given external
realm, address, and port for a given protocol to an internal realm, address, and port for a given protocol to an internal
realm, address, and port. This definition includes 'hairpin' realm, address, and port. This definition includes 'hairpin'
mappings, where the external realm is the same as the mappings, where the external realm is the same as the
internal one. Port map entries are also tracked per internal one. Port map entries are also tracked per
subscriber, per instance, and per address pool within the subscriber, per instance, and per address pool within the
instance." instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.5 and Section 3.3.9. Hairpinning: "RFC yyyy Section 3.3.5 and Section 3.3.9. Hairpinning:
RFC 4787 Section 6." RFC 4787 Section 6."
::= { natv2ProtocolEntry 3 } ::= { natv2ProtocolEntry 3 }
-- Statistics -- Statistics
natv2ProtocolTranslations OBJECT-TYPE natv2ProtocolTranslations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets translated by the NAT "The cumulative number of packets translated by the NAT
instance in either direction for the given protocol. instance in either direction for the given protocol.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the NAT instance between updates of the NAT instance
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2ProtocolEntry 4 } ::= { natv2ProtocolEntry 4 }
natv2ProtocolPortMapCreations OBJECT-TYPE natv2ProtocolPortMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of port map entries created by the NAT "The cumulative number of port map entries created by the NAT
instance for the given protocol. instance for the given protocol.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the NAT instance between updates of the NAT instance
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2ProtocolEntry 5 } ::= { natv2ProtocolEntry 5 }
natv2ProtocolPortMapFailureDrops OBJECT-TYPE natv2ProtocolPortMapFailureDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped because the packet "The cumulative number of packets dropped because the packet
would have triggered the creation of a new port map entry, would have triggered the creation of a new port map entry,
but no port could be allocated for the protocol concerned. but no port could be allocated for the protocol concerned.
The usual case for this will be for a NAT instance that The usual case for this will be for a NAT instance that
supports address pooling and the 'paired' pooling behavior supports address pooling and the 'paired' pooling behavior
recommended by RFC 4787, where the internal endpoint has recommended by RFC 4787, where the internal endpoint has
used up all of the ports allocated to it for the address it used up all of the ports allocated to it for the address it
was mapped to in the selected address pool in the external was mapped to in the selected address pool in the external
realm concerned and cannot be given more ports because realm concerned and cannot be given more ports because
- policy or implementation prevents it from having a - policy or implementation prevents it from having a
second address in the same pool, and second address in the same pool, and
- policy or unavailability prevents it from acquiring - policy or unavailability prevents it from acquiring
more ports at its originally assigned address. more ports at its originally assigned address.
If the NAT instance supports address pooling but its If the NAT instance supports address pooling but its
pooling behavior is 'arbitrary' (meaning that pooling behavior is 'arbitrary' (meaning that
the NAT instance can allocate a new port mapping for the NAT instance can allocate a new port mapping for
the given internal endpoint on any address in the the given internal endpoint on any address in the
selected address pool and is not bound to what it has selected address pool and is not bound to what it has
already mapped for that endpoint), then this counter already mapped for that endpoint), then this counter
is incremented when all ports for the protocol concerned is incremented when all ports for the protocol concerned
over the whole of the selected address pool are already over the whole of the selected address pool are already
in use. in use.
Finally, if the NAT instance has no configured address Finally, if the NAT instance has no configured address
pooling, then this counter is incremented because all pooling, then this counter is incremented because all
ports for the protocol concerned over the whole of the ports for the protocol concerned over the whole of the
NAT instance for the external realm concerned are already NAT instance for the external realm concerned are already
in use. in use.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the NAT instance between updates of the NAT instance
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
REFERENCE REFERENCE
"RFC 4787, end of section 4.1." "RFC 4787, end of section 4.1."
::= { natv2ProtocolEntry 6 } ::= { natv2ProtocolEntry 6 }
-- pools -- pools
natv2PoolTable OBJECT-TYPE natv2PoolTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2PoolEntry SYNTAX SEQUENCE OF Natv2PoolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of address pools, applicable only if these are "Table of address pools, applicable only if these are
supported by the NAT instance. An address pool is a set of supported by the NAT instance. An address pool is a set of
addresses and ports in a particular realm, available for addresses and ports in a particular realm, available for
assignment to the 'external' portion of a mapping. Where more assignment to the 'external' portion of a mapping. Where more
than one pool has been configured for the realm, policy than one pool has been configured for the realm, policy
determines which subscribers and/or services are mapped to determines which subscribers and/or services are mapped to
which pool. natv2PoolTable provides basic information, state, which pool. natv2PoolTable provides basic information, state,
statistics, and two notification thresholds for each pool. statistics, and two notification thresholds for each pool.
natv2PoolRangeTable is an expansion table for natv2PoolTable natv2PoolRangeTable is an expansion table for natv2PoolTable
that identifies particular address ranges allocated to the that identifies particular address ranges allocated to the
pool." pool."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.6." "RFC yyyy Section 3.3.6."
::= { natv2MIBInstanceObjects 3 } ::= { natv2MIBInstanceObjects 3 }
natv2PoolEntry OBJECT-TYPE natv2PoolEntry OBJECT-TYPE
SYNTAX Natv2PoolEntry SYNTAX Natv2PoolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Entry in the table of address pools." "Entry in the table of address pools."
INDEX { natv2PoolInstanceIndex, natv2PoolIndex } INDEX { natv2PoolInstanceIndex, natv2PoolIndex }
::= { natv2PoolTable 1 } ::= { natv2PoolTable 1 }
Natv2PoolEntry ::= Natv2PoolEntry ::=
SEQUENCE { SEQUENCE {
-- Index -- Index
natv2PoolInstanceIndex Natv2InstanceIndex, natv2PoolInstanceIndex Natv2InstanceIndex,
natv2PoolIndex Natv2PoolIndex, natv2PoolIndex Natv2PoolIndex,
-- Configuration -- Configuration
natv2PoolRealm SnmpAdminString, natv2PoolRealm SnmpAdminString,
natv2PoolAddressType InetAddressType, natv2PoolAddressType InetAddressType,
natv2PoolMinimumPort InetPortNumber, natv2PoolMinimumPort InetPortNumber,
natv2PoolMaximumPort InetPortNumber, natv2PoolMaximumPort InetPortNumber,
-- State -- State
natv2PoolAddressMapEntries Unsigned32, natv2PoolAddressMapEntries Unsigned32,
natv2PoolPortMapEntries Unsigned32, natv2PoolPortMapEntries Unsigned32,
-- Statistics and discontinuity time -- Statistics and discontinuity time
natv2PoolAddressMapCreations Counter64, natv2PoolAddressMapCreations Counter64,
natv2PoolPortMapCreations Counter64, natv2PoolPortMapCreations Counter64,
natv2PoolAddressMapFailureDrops Counter64, natv2PoolAddressMapFailureDrops Counter64,
natv2PoolPortMapFailureDrops Counter64, natv2PoolPortMapFailureDrops Counter64,
natv2PoolDiscontinuityTime TimeStamp, natv2PoolDiscontinuityTime TimeStamp,
-- Notification thresholds and objects returned by notifications -- Notification thresholds and objects returned by notifications
natv2PoolThresholdUsageLow Integer32, natv2PoolThresholdUsageLow Integer32,
natv2PoolThresholdUsageHigh Integer32, natv2PoolThresholdUsageHigh Integer32,
natv2PoolNotifiedPortMapEntries Unsigned32, natv2PoolNotifiedPortMapEntries Unsigned32,
natv2PoolNotifiedPortMapProtocol ProtocolNumber, natv2PoolNotifiedPortMapProtocol ProtocolNumber,
natv2PoolNotificationInterval Unsigned32 natv2PoolNotificationInterval Unsigned32
} }
natv2PoolInstanceIndex OBJECT-TYPE natv2PoolInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT instance index. It is up to the agent implementation "NAT instance index. It is up to the agent implementation
to determine and operate upon only those values that to determine and operate upon only those values that
correspond to in-service NAT instances." correspond to in-service NAT instances."
::= { natv2PoolEntry 1 } ::= { natv2PoolEntry 1 }
natv2PoolIndex OBJECT-TYPE natv2PoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndex SYNTAX Natv2PoolIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of an address pool, unique for a given NAT instance. "Index of an address pool, unique for a given NAT instance.
It is up to the agent implementation to determine and It is up to the agent implementation to determine and
operate upon only those values that correspond to operate upon only those values that correspond to
provisioned pools." provisioned pools."
::= { natv2PoolEntry 2 } ::= { natv2PoolEntry 2 }
-- configuration -- configuration
natv2PoolRealm OBJECT-TYPE natv2PoolRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..32)) SYNTAX SnmpAdminString (SIZE (0..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address realm to which this pool's addresses belong." "Address realm to which this pool's addresses belong."
REFERENCE REFERENCE
"Address realms are discussed in Section 3.3.3 of "Address realms are discussed in Section 3.3.3 of
RFC yyyy. Primary reference is RFC 2663 Section 2.1." RFC yyyy. Primary reference is RFC 2663 Section 2.1."
::= { natv2PoolEntry 3 } ::= { natv2PoolEntry 3 }
natv2PoolAddressType OBJECT-TYPE natv2PoolAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type supplied by this address pool. This will be the "Address type supplied by this address pool. This will be the
same for all pools in a given realm (by definition of an same for all pools in a given realm (by definition of an
address realm). Values other than ipv4(1) or ipv6(2) would address realm). Values other than ipv4(1) or ipv6(2) would
be unexpected." be unexpected."
REFERENCE REFERENCE
"InetAddressType in RFC 4001." "InetAddressType in RFC 4001."
::= { natv2PoolEntry 4 } ::= { natv2PoolEntry 4 }
natv2PoolMinimumPort OBJECT-TYPE natv2PoolMinimumPort OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Minimum port number of the range that can be allocated in "Minimum port number of the range that can be allocated in
this pool. Applies to all protocols supported by the NAT this pool. Applies to all protocols supported by the NAT
instance." instance."
REFERENCE REFERENCE
"InetPortNumber in RFC 4001." "InetPortNumber in RFC 4001."
::= { natv2PoolEntry 5 } ::= { natv2PoolEntry 5 }
natv2PoolMaximumPort OBJECT-TYPE natv2PoolMaximumPort OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Maximum port number of the range that can be allocated in "Maximum port number of the range that can be allocated in
this pool. Applies to all protocols supported by the NAT this pool. Applies to all protocols supported by the NAT
instance." instance."
REFERENCE REFERENCE
"InetPortNumber in RFC 4001." "InetPortNumber in RFC 4001."
::= { natv2PoolEntry 6 } ::= { natv2PoolEntry 6 }
-- State -- State
natv2PoolAddressMapEntries OBJECT-TYPE natv2PoolAddressMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of address map entries using external "The current number of address map entries using external
addresses drawn from this pool, including static mappings. addresses drawn from this pool, including static mappings.
This definition includes 'hairpin' mappings, where the This definition includes 'hairpin' mappings, where the
external realm is the same as the internal one. Address map external realm is the same as the internal one. Address map
entries are also tracked per subscriber and per instance." entries are also tracked per subscriber and per instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.8. Hairpinning: RFC 4787 section 6." "RFC yyyy Section 3.3.8. Hairpinning: RFC 4787 section 6."
::= { natv2PoolEntry 7 } ::= { natv2PoolEntry 7 }
natv2PoolPortMapEntries OBJECT-TYPE natv2PoolPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of entries in the port map table using "The current number of entries in the port map table using
external addresses and ports drawn from this pool, including external addresses and ports drawn from this pool, including
static mappings. This definition includes 'hairpin' static mappings. This definition includes 'hairpin'
mappings, where the external realm is the same as the mappings, where the external realm is the same as the
internal one. Port map entries are also tracked per internal one. Port map entries are also tracked per
subscriber, per instance, and per protocol within the subscriber, per instance, and per protocol within the
instance." instance."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.9. Hairpinning: RFC 4787 Section 6." "RFC yyyy Section 3.3.9. Hairpinning: RFC 4787 Section 6."
::= { natv2PoolEntry 8 } ::= { natv2PoolEntry 8 }
-- Statistics and discontinuity time -- Statistics and discontinuity time
natv2PoolAddressMapCreations OBJECT-TYPE natv2PoolAddressMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of address map entries created in this "The cumulative number of address map entries created in this
pool, including static mappings. Address map entries are pool, including static mappings. Address map entries are
also tracked per instance and per subscriber. also tracked per instance and per subscriber.
This value MUST be monotone increasing in This value MUST be monotone increasing in
the periods between updates of the entity's the periods between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime." before the new value of natv2PoolDiscontinuityTime."
::= { natv2PoolEntry 9 } ::= { natv2PoolEntry 9 }
natv2PoolPortMapCreations OBJECT-TYPE natv2PoolPortMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of port map entries created in this "The cumulative number of port map entries created in this
pool, including static mappings. Port map entries are also pool, including static mappings. Port map entries are also
tracked per instance, per protocol, and per subscriber. tracked per instance, per protocol, and per subscriber.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime." before the new value of natv2PoolDiscontinuityTime."
::= { natv2PoolEntry 10 } ::= { natv2PoolEntry 10 }
natv2PoolAddressMapFailureDrops OBJECT-TYPE natv2PoolAddressMapFailureDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets originated by the "The cumulative number of packets originated by the
subscriber that were dropped because the packet would have subscriber that were dropped because the packet would have
triggered the creation of a new address map entry, but no triggered the creation of a new address map entry, but no
address could be allocated from this address pool because address could be allocated from this address pool because
all addresses in the pool have already been fully allocated. all addresses in the pool have already been fully allocated.
Counters of this event are also provided per instance, per Counters of this event are also provided per instance, per
protocol and per subscriber. protocol and per subscriber.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime." before the new value of natv2PoolDiscontinuityTime."
::= { natv2PoolEntry 11 } ::= { natv2PoolEntry 11 }
natv2PoolPortMapFailureDrops OBJECT-TYPE natv2PoolPortMapFailureDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped because the packet "The cumulative number of packets dropped because the packet
would have triggered the creation of a new port map entry, would have triggered the creation of a new port map entry,
but no port could be allocated for the protocol concerned. but no port could be allocated for the protocol concerned.
The usual case for this will be for a NAT instance that The usual case for this will be for a NAT instance that
supports the 'paired' pooling behavior recommended by RFC supports the 'paired' pooling behavior recommended by RFC
4787, where the internal endpoint has used up all of the 4787, where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to in ports allocated to it for the address it was mapped to in
this pool and cannot be given more ports because this pool and cannot be given more ports because
- policy or implementation prevents it from having a - policy or implementation prevents it from having a
second address in the same pool, and second address in the same pool, and
- policy or unavailability prevents it from acquiring - policy or unavailability prevents it from acquiring
more ports at its originally assigned address. more ports at its originally assigned address.
If the NAT instance pooling behavior is 'arbitrary' (meaning If the NAT instance pooling behavior is 'arbitrary' (meaning
that the NAT instance can allocate a new port mapping for that the NAT instance can allocate a new port mapping for
the given internal endpoint on any address in the selected the given internal endpoint on any address in the selected
address pool and is not bound to what it has already mapped address pool and is not bound to what it has already mapped
for that endpoint), then this counter is incremented when for that endpoint), then this counter is incremented when
all ports for the protocol concerned over the whole of this all ports for the protocol concerned over the whole of this
address pool are already in use. address pool are already in use.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime." before the new value of natv2PoolDiscontinuityTime."
REFERENCE REFERENCE
"Pooling behavior: RFC 4787, end of section 4.1." "Pooling behavior: RFC 4787, end of section 4.1."
::= { natv2PoolEntry 12 } ::= { natv2PoolEntry 12 }
natv2PoolDiscontinuityTime OBJECT-TYPE natv2PoolDiscontinuityTime OBJECT-TYPE
SYNTAX TimeStamp SYNTAX TimeStamp
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Snapshot of the value of the sysUpTime object at the "Snapshot of the value of the sysUpTime object at the
beginning of the latest period of continuity of the beginning of the latest period of continuity of the
statistical counters associated with this address statistical counters associated with this address
pool. This MUST be initialized when the address pool pool. This MUST be initialized when the address pool
is configured and MUST be updated whenever the port is configured and MUST be updated whenever the port
or address ranges allocated to the pool change." or address ranges allocated to the pool change."
::= { natv2PoolEntry 13 } ::= { natv2PoolEntry 13 }
-- Notification thresholds and objects returned by notifications -- Notification thresholds and objects returned by notifications
natv2PoolThresholdUsageLow OBJECT-TYPE natv2PoolThresholdUsageLow OBJECT-TYPE
SYNTAX Integer32 (-1|0..100) SYNTAX Integer32 (-1|0..100)
UNITS "Percent" UNITS "Percent"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Threshold for reporting low utilization of the address pool. "Threshold for reporting low utilization of the address pool.
Utilization at a given instant is calculated as the Utilization at a given instant is calculated as the
percentage of ports allocated in port map entries for the percentage of ports allocated in port map entries for the
most-used protocol at that instant. If utilization is less most-used protocol at that instant. If utilization is less
than or equal to natv2PoolThresholdUsageLow, an instance of than or equal to natv2PoolThresholdUsageLow, an instance of
natv2NotificationPoolUsageLow may be triggered, unless natv2NotificationPoolUsageLow may be triggered, unless
disabled by setting it to -1. Note the difference from the disabled by setting it to -1. Note the difference from the
disabling setting for other notifications. Reporting is disabling setting for other notifications. Reporting is
subject to the per-pool notification interval given by subject to the per-pool notification interval given by
natv2PoolNotificationInterval. If multiple notifications are natv2PoolNotificationInterval. If multiple notifications are
triggered during one interval, the agent MUST report only triggered during one interval, the agent MUST report only
the one with the lowest value of the one with the lowest value of
natv2PoolNotifiedPortMapEntries and discard the others. natv2PoolNotifiedPortMapEntries and discard the others.
Implementation note: the percentage specified by this object Implementation note: the percentage specified by this object
can be converted to a number of port map entries at can be converted to a number of port map entries at
configuration time (after port and address ranges have been configuration time (after port and address ranges have been
configured or reconfigured) and compared to the current configured or reconfigured) and compared to the current
value of natv2PoolNotifiedPortMapEntries." value of natv2PoolNotifiedPortMapEntries."
REFERENCE REFERENCE
"RFC yyyy Section 3.1.2 and Section 3.3.6." "RFC yyyy Section 3.1.2 and Section 3.3.6."
DEFVAL { -1 } DEFVAL { -1 }
::= { natv2PoolEntry 14 } ::= { natv2PoolEntry 14 }
natv2PoolThresholdUsageHigh OBJECT-TYPE natv2PoolThresholdUsageHigh OBJECT-TYPE
SYNTAX Integer32 (-1|0..100) SYNTAX Integer32 (-1|0..100)
UNITS "Percent" UNITS "Percent"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Threshold for reporting high utilization of the address "Threshold for reporting high utilization of the address
pool. Utilization at a given instant is calculated as the pool. Utilization at a given instant is calculated as the
percentage of ports allocated in port map entries for the percentage of ports allocated in port map entries for the
most-used protocol at that instant. If utilization is most-used protocol at that instant. If utilization is
greater than or equal to natv2PoolThresholdUsageHigh, an greater than or equal to natv2PoolThresholdUsageHigh, an
instance of natv2NotificationPoolUsageHigh may be triggered, instance of natv2NotificationPoolUsageHigh may be triggered,
unless disabled by setting it to -1. unless disabled by setting it to -1.
Reporting is subject to the per-pool notification interval Reporting is subject to the per-pool notification interval
given by natv2PoolNotificationInterval. If multiple given by natv2PoolNotificationInterval. If multiple
notifications are triggered during one interval, the agent notifications are triggered during one interval, the agent
MUST report only the one with the highest value of MUST report only the one with the highest value of
natv2PoolNotifiedPortMapEntries and discard the others. In natv2PoolNotifiedPortMapEntries and discard the others. In
the rare case where both upper and lower thresholds the rare case where both upper and lower thresholds
are crossed in the same interval, the agent MUST report only are crossed in the same interval, the agent MUST report only
the upper threshold notification. the upper threshold notification.
Implementation note: the percentage specified by this object Implementation note: the percentage specified by this object
can be converted to a number of port map entries at can be converted to a number of port map entries at
configuration time (after port and address ranges have been configuration time (after port and address ranges have been
configured or reconfigured) and compared to the current configured or reconfigured) and compared to the current
value of natv2PoolNotifiedPortMapEntries." value of natv2PoolNotifiedPortMapEntries."
DEFVAL { -1 } DEFVAL { -1 }
::= { natv2PoolEntry 15 } ::= { natv2PoolEntry 15 }
natv2PoolNotifiedPortMapEntries OBJECT-TYPE natv2PoolNotifiedPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify MAX-ACCESS accessible-for-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of port map entries using addresses and ports from "Number of port map entries using addresses and ports from
this address pool for the most-used protocol at a given this address pool for the most-used protocol at a given
instant. One of the objects returned by instant. One of the objects returned by
natv2NotificationPoolUsageLow and natv2NotificationPoolUsageLow and
natv2NotificationPoolUsageHigh." natv2NotificationPoolUsageHigh."
::= { natv2PoolEntry 16 } ::= { natv2PoolEntry 16 }
natv2PoolNotifiedPortMapProtocol OBJECT-TYPE natv2PoolNotifiedPortMapProtocol OBJECT-TYPE
SYNTAX ProtocolNumber SYNTAX ProtocolNumber
MAX-ACCESS accessible-for-notify MAX-ACCESS accessible-for-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The most-used protocol (i.e., with the largest number of "The most-used protocol (i.e., with the largest number of
port map entries) mapped into this address pool at a given port map entries) mapped into this address pool at a given
instant. One of the objects returned by instant. One of the objects returned by
natv2NotificationPoolUsageLow and natv2NotificationPoolUsageLow and
natv2NotificationPoolUsageHigh." natv2NotificationPoolUsageHigh."
::= { natv2PoolEntry 17 } ::= { natv2PoolEntry 17 }
natv2PoolNotificationInterval OBJECT-TYPE natv2PoolNotificationInterval OBJECT-TYPE
SYNTAX Unsigned32 (1..3600) SYNTAX Unsigned32 (1..3600)
UNITS UNITS
"Seconds" "Seconds"
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Minimum number of seconds between successive "Minimum number of seconds between successive
notifications for this address pool. Controls the generation notifications for this address pool. Controls the generation
of natv2NotificationPoolUsageLow and of natv2NotificationPoolUsageLow and
natv2NotificationPoolUsageHigh." natv2NotificationPoolUsageHigh."
DEFVAL DEFVAL
{ 20 } { 20 }
::= { natv2PoolEntry 18 } ::= { natv2PoolEntry 18 }
natv2PoolRangeTable OBJECT-TYPE natv2PoolRangeTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2PoolRangeEntry SYNTAX SEQUENCE OF Natv2PoolRangeEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This table contains address ranges used by pool entries. "This table contains address ranges used by pool entries.
It is an expansion of natv2PoolTable." It is an expansion of natv2PoolTable."
REFERENCE REFERENCE
"RFC yyyy <xref target='poolRangeTable'/>." "RFC yyyy <xref target='poolRangeTable'/>."
::= { natv2MIBInstanceObjects 4 } ::= { natv2MIBInstanceObjects 4 }
natv2PoolRangeEntry OBJECT-TYPE natv2PoolRangeEntry OBJECT-TYPE
SYNTAX Natv2PoolRangeEntry SYNTAX Natv2PoolRangeEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT pool address range." "NAT pool address range."
INDEX { INDEX {
natv2PoolRangeInstanceIndex, natv2PoolRangeInstanceIndex,
natv2PoolRangePoolIndex, natv2PoolRangePoolIndex,
natv2PoolRangeRowIndex natv2PoolRangeRowIndex
} }
::= { natv2PoolRangeTable 1 } ::= { natv2PoolRangeTable 1 }
Natv2PoolRangeEntry ::= Natv2PoolRangeEntry ::=
SEQUENCE { SEQUENCE {
natv2PoolRangeInstanceIndex Natv2InstanceIndex, natv2PoolRangeInstanceIndex Natv2InstanceIndex,
natv2PoolRangePoolIndex Natv2PoolIndex, natv2PoolRangePoolIndex Natv2PoolIndex,
natv2PoolRangeRowIndex Unsigned32, natv2PoolRangeRowIndex Unsigned32,
natv2PoolRangeBegin InetAddress, natv2PoolRangeBegin InetAddress,
natv2PoolRangeEnd InetAddress natv2PoolRangeEnd InetAddress
} }
natv2PoolRangeInstanceIndex OBJECT-TYPE natv2PoolRangeInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the NAT instance on which the address pool and this "Index of the NAT instance on which the address pool and this
address range are configured. See Natv2InstanceIndex." address range are configured. See Natv2InstanceIndex."
::= { natv2PoolRangeEntry 1 } ::= { natv2PoolRangeEntry 1 }
natv2PoolRangePoolIndex OBJECT-TYPE natv2PoolRangePoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndex SYNTAX Natv2PoolIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the address pool to which this address range "Index of the address pool to which this address range
belongs. See Natv2PoolIndex." belongs. See Natv2PoolIndex."
::= { natv2PoolRangeEntry 2 } ::= { natv2PoolRangeEntry 2 }
natv2PoolRangeRowIndex OBJECT-TYPE natv2PoolRangeRowIndex OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Row index for successive range entries for the same "Row index for successive range entries for the same
address pool." address pool."
::= { natv2PoolRangeEntry 3 } ::= { natv2PoolRangeEntry 3 }
natv2PoolRangeBegin OBJECT-TYPE natv2PoolRangeBegin OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Lowest address included in this range. The type of address "Lowest address included in this range. The type of address
(IPv4 or IPv6) is given by natv2PoolAddressType (IPv4 or IPv6) is given by natv2PoolAddressType
in natv2PoolTable." in natv2PoolTable."
::= { natv2PoolRangeEntry 4 } ::= { natv2PoolRangeEntry 4 }
natv2PoolRangeEnd OBJECT-TYPE natv2PoolRangeEnd OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Highest address included in this range. The type of address "Highest address included in this range. The type of address
(IPv4 or IPv6) is given by natv2PoolAddressType (IPv4 or IPv6) is given by natv2PoolAddressType
in natv2PoolTable." in natv2PoolTable."
::= { natv2PoolRangeEntry 5 } ::= { natv2PoolRangeEntry 5 }
-- indexed mapping tables -- indexed mapping tables
-- Address Map Table. Mapped from internal to external address. -- Address Map Table. Mapped from internal to external address.
natv2AddressMapTable OBJECT-TYPE natv2AddressMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2AddressMapEntry SYNTAX SEQUENCE OF Natv2AddressMapEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of mappings from internal to external address. By "Table of mappings from internal to external address. By
definition, this is a snapshot of NAT instance state at a definition, this is a snapshot of NAT instance state at a
given moment. Indexed by NAT instance, internal realm, and given moment. Indexed by NAT instance, internal realm, and
internal address in that realm. Provides the mapped external internal address in that realm. Provides the mapped external
address and, depending on implementation support, identifies address and, depending on implementation support, identifies
the address pool from which the external address and port the address pool from which the external address and port
were taken and the index of the subscriber to which the were taken and the index of the subscriber to which the
mapping has been allocated. mapping has been allocated.
In the case of DS-Lite [RFC 6333], the indexing realm and In the case of DS-Lite [RFC 6333], the indexing realm and
address are those of the IPv6 encapsulation rather than the address are those of the IPv6 encapsulation rather than the
IPv4 inner packet." IPv4 inner packet."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.8. DS-Lite: RFC 6333" "RFC yyyy Section 3.3.8. DS-Lite: RFC 6333"
::= { natv2MIBInstanceObjects 5 } ::= { natv2MIBInstanceObjects 5 }
natv2AddressMapEntry OBJECT-TYPE natv2AddressMapEntry OBJECT-TYPE
SYNTAX Natv2AddressMapEntry SYNTAX Natv2AddressMapEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Mapping from internal to external address." "Mapping from internal to external address."
INDEX { natv2AddressMapInstanceIndex, INDEX { natv2AddressMapInstanceIndex,
natv2AddressMapInternalRealm, natv2AddressMapInternalRealm,
natv2AddressMapInternalAddressType, natv2AddressMapInternalAddressType,
natv2AddressMapInternalAddress, natv2AddressMapInternalAddress,
natv2AddressMapRowIndex } natv2AddressMapRowIndex }
::= { natv2AddressMapTable 1 } ::= { natv2AddressMapTable 1 }
Natv2AddressMapEntry ::= Natv2AddressMapEntry ::=
SEQUENCE { SEQUENCE {
natv2AddressMapInstanceIndex Natv2InstanceIndex, natv2AddressMapInstanceIndex Natv2InstanceIndex,
natv2AddressMapInternalRealm SnmpAdminString, natv2AddressMapInternalRealm SnmpAdminString,
natv2AddressMapInternalAddressType InetAddressType, natv2AddressMapInternalAddressType InetAddressType,
natv2AddressMapInternalAddress InetAddress, natv2AddressMapInternalAddress InetAddress,
natv2AddressMapRowIndex Unsigned32, natv2AddressMapRowIndex Unsigned32,
natv2AddressMapInternalMappedAddressType InetAddressType, natv2AddressMapInternalMappedAddressType InetAddressType,
natv2AddressMapInternalMappedAddress InetAddress, natv2AddressMapInternalMappedAddress InetAddress,
natv2AddressMapExternalRealm SnmpAdminString, natv2AddressMapExternalRealm SnmpAdminString,
natv2AddressMapExternalAddressType InetAddressType, natv2AddressMapExternalAddressType InetAddressType,
natv2AddressMapExternalAddress InetAddress, natv2AddressMapExternalAddress InetAddress,
natv2AddressMapExternalPoolIndex Natv2PoolIndexOrZero, natv2AddressMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2AddressMapSubscriberIndex Natv2SubscriberIndexOrZero natv2AddressMapSubscriberIndex Natv2SubscriberIndexOrZero
} }
natv2AddressMapInstanceIndex OBJECT-TYPE natv2AddressMapInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the NAT instance that generated this address map." "Index of the NAT instance that generated this address map."
::= { natv2AddressMapEntry 1 } ::= { natv2AddressMapEntry 1 }
natv2AddressMapInternalRealm OBJECT-TYPE natv2AddressMapInternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Realm to which the internal address belongs. In most cases "Realm to which the internal address belongs. In most cases
this is the realm defining the address space of the packet this is the realm defining the address space of the packet
being translated. However, in the case of DS-Lite [RFC being translated. However, in the case of DS-Lite [RFC
6333], this realm defines the IPv6 outer header address 6333], this realm defines the IPv6 outer header address
space. It is the combination of that outer header and space. It is the combination of that outer header and
the inner IPv4 packet header that is remapped to the the inner IPv4 packet header that is remapped to the
external address and realm. The corresponding IPv4 realm is external address and realm. The corresponding IPv4 realm is
restricted in scope to the tunnel, so there is no point in restricted in scope to the tunnel, so there is no point in
identifying it. The mapped IPv4 address will normally be the identifying it. The mapped IPv4 address will normally be the
well-known value 192.0.0.2, or at least lie in the reserved well-known value 192.0.0.2, or at least lie in the reserved
192.0.0.0/29 range. 192.0.0.0/29 range.
If natv2AddressMapSubscriberIndex in this table is a valid If natv2AddressMapSubscriberIndex in this table is a valid
subscriber index (i.e., greater than zero), then the value subscriber index (i.e., greater than zero), then the value
of natv2AddressMapInternalRealm MUST be identical to the of natv2AddressMapInternalRealm MUST be identical to the
value of natv2SubscriberRealm associated with that index." value of natv2SubscriberRealm associated with that index."
REFERENCE REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables." the NAT mapping tables."
::= { natv2AddressMapEntry 2 } ::= { natv2AddressMapEntry 2 }
natv2AddressMapInternalAddressType OBJECT-TYPE natv2AddressMapInternalAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type in the header of packets on the "Address type in the header of packets on the
interior side of this mapping. Any value other than ipv4(1) interior side of this mapping. Any value other than ipv4(1)
or ipv6(2) would be unexpected. or ipv6(2) would be unexpected.
In the DS-Lite case, the address type is ipv6(2)." In the DS-Lite case, the address type is ipv6(2)."
REFERENCE REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel source Section 6.6 on the need to have the IPv6 tunnel source
address in the NAT mapping tables." address in the NAT mapping tables."
::= { natv2AddressMapEntry 3 } ::= { natv2AddressMapEntry 3 }
natv2AddressMapInternalAddress OBJECT-TYPE natv2AddressMapInternalAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0..16)) SYNTAX InetAddress (SIZE (0..16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Source address of packets originating from the interior "Source address of packets originating from the interior
of the association provided by this mapping. of the association provided by this mapping. The address
type is given by natv2AddressMapInternalAddressType.
In the case of DS-Lite [RFC 6333], this is the IPv6 tunnel In the case of DS-Lite [RFC 6333], this is the IPv6 tunnel
source address. The mapping in this case is considered to source address. The mapping in this case is considered to
be from the combination of the IPv6 tunnel source address be from the combination of the IPv6 tunnel source address
natv2AddressMapInternalRealmAddress and the well-known IPv4 natv2AddressMapInternalRealmAddress and the well-known IPv4
inner source address natv2AddressMapInternalMappedAddress to inner source address natv2AddressMapInternalMappedAddress to
the external address." the external address."
REFERENCE REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables." the NAT mapping tables."
::= { natv2AddressMapEntry 4 } ::= { natv2AddressMapEntry 4 }
natv2AddressMapRowIndex OBJECT-TYPE natv2AddressMapRowIndex OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of a conceptual row corresponding to a mapping of the "Index of a conceptual row corresponding to a mapping of the
given internal realm and address to a single external realm given internal realm and address to a single external realm
and address. Multiple rows will be present because of a and address. Multiple rows will be present because of a
promiscuous external address selection policy, policies promiscuous external address selection policy, policies
associating the same internal address with different address associating the same internal address with different address
pools, or because the same internal realm-address pools, or because the same internal realm-address
combination is communicating with multiple external address combination is communicating with multiple external address
realms." realms."
::= { natv2AddressMapEntry 5 } ::= { natv2AddressMapEntry 5 }
natv2AddressMapInternalMappedAddressType OBJECT-TYPE natv2AddressMapInternalMappedAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address type actually translated by this mapping. "Internal address type actually translated by this mapping.
Any value other than ipv4(1) or ipv6(2) would be unexpected. Any value other than ipv4(1) or ipv6(2) would be unexpected.
In the general case, this is the same as given by In the general case, this is the same as given by
natv2AddressMapInternalRealmAddressType. In the natv2AddressMapInternalRealmAddressType. In the
tunneled case it is the address type used in the tunneled case it is the address type used in the
encapsulated packet header. In particular, in the DS-Lite encapsulated packet header. In particular, in the DS-Lite
case, the mapped address type is ipv4(1)." case, the mapped address type is ipv4(1)."
REFERENCE REFERENCE
"DS-Lite: RFC 6333." "DS-Lite: RFC 6333."
::= { natv2AddressMapEntry 6 } ::= { natv2AddressMapEntry 6 }
natv2AddressMapInternalMappedAddress OBJECT-TYPE natv2AddressMapInternalMappedAddress OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address actually translated by this mapping. In the "Internal address actually translated by this mapping. In the
general case, this is the same as general case, this is the same as
natv2AddressMapInternalRealmAddress. In the case of DS-Lite natv2AddressMapInternalRealmAddress. The address type is
[RFC 6333], this is the source address of the encapsulated given by natv2AddressMapInternalMappedAddressType. In the
IPv4 packet, normally lying the well-known range case of DS-Lite [RFC 6333], this is the source address of
192.0.0.0/29. The mapping in this case is considered to be the encapsulated IPv4 packet, normally lying the well-known
from the combination of the IPv6 tunnel source address range 192.0.0.0/29. The mapping in this case is considered
natv2AddressMapInternalRealmAddress and the well-known IPv4 to be from the combination of the IPv6 tunnel source address
inner source address natv2AddressMapInternalMappedAddress to natv2AddressMapInternalRealmAddress and the well-known IPv4
the external address." inner source address natv2AddressMapInternalMappedAddress to
REFERENCE the external address."
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and REFERENCE
Section 6.6 on the need to have the IPv6 tunnel address in "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
the NAT mapping tables." Section 6.6 on the need to have the IPv6 tunnel address in
::= { natv2AddressMapEntry 7 } the NAT mapping tables."
::= { natv2AddressMapEntry 7 }
natv2AddressMapExternalRealm OBJECT-TYPE natv2AddressMapExternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"External address realm to which this mapping maps the "External address realm to which this mapping maps the
internal address. This can be the same as the internal realm internal address. This can be the same as the internal realm
in the case of a 'hairpin' connection, but otherwise will be in the case of a 'hairpin' connection, but otherwise will be
different." different."
::= { natv2AddressMapEntry 8 } ::= { natv2AddressMapEntry 8 }
natv2AddressMapExternalAddressType OBJECT-TYPE natv2AddressMapExternalAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type for the external realm. Any value other than "Address type for the external realm. Any value other than
ipv4(1) or ipv6(2) would be unexpected." ipv4(1) or ipv6(2) would be unexpected."
::= { natv2AddressMapEntry 9 } ::= { natv2AddressMapEntry 9 }
natv2AddressMapExternalAddress OBJECT-TYPE natv2AddressMapExternalAddress OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"External address to which the internal address is mapped. "External address to which the internal address is mapped.
The address type is given by
natv2AddressMapExternalAddressType.
In the DS-Lite case, the mapping is from the combination of In the DS-Lite case, the mapping is from the combination of
the internal IPv6 tunnel source address as presented in this the internal IPv6 tunnel source address as presented in this
table and the well-known IPv4 source address of the table and the well-known IPv4 source address of the
encapsulated IPv4 packet." encapsulated IPv4 packet."
REFERENCE REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables." the NAT mapping tables."
::= { natv2AddressMapEntry 10 } ::= { natv2AddressMapEntry 10 }
natv2AddressMapExternalPoolIndex OBJECT-TYPE natv2AddressMapExternalPoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndexOrZero SYNTAX Natv2PoolIndexOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the address pool in the external realm from which "Index of the address pool in the external realm from which
the mapped external address given in the mapped external address given in
natv2AddressMapExternalAddress was taken. Zero if the natv2AddressMapExternalAddress was taken. Zero if the
implementation does not support address pools but has chosen implementation does not support address pools but has chosen
to support this object, or if no pool was configured for the to support this object, or if no pool was configured for the
given external realm." given external realm."
::= { natv2AddressMapEntry 11 } ::= { natv2AddressMapEntry 11 }
natv2AddressMapSubscriberIndex OBJECT-TYPE natv2AddressMapSubscriberIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero SYNTAX Natv2SubscriberIndexOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the subscriber to which this address mapping "Index of the subscriber to which this address mapping
applies, or zero if no subscribers are configured on applies, or zero if no subscribers are configured on
this NAT instance." this NAT instance."
::= { natv2AddressMapEntry 12 } ::= { natv2AddressMapEntry 12 }
-- natv2PortMapTable -- natv2PortMapTable
natv2PortMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2PortMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of port map entries indexed by NAT instance, protocol,
and external realm and address. A port map entry associates
an internal upper layer protocol endpoint with an endpoint
for the same protocol in the given external realm. By
definition, this is a snapshot of NAT instance state at a
given moment. The table provides the basic mapping
information.
In the case of DS-Lite [RFC 6333], the table provides the natv2PortMapTable OBJECT-TYPE
internal IPv6 tunnel source address in SYNTAX SEQUENCE OF Natv2PortMapEntry
natv2PortMapInternalRealmAddress and the IPv4 source address MAX-ACCESS not-accessible
of the encapsulated packet that is actually translated in STATUS current
natv2PortMapInternalMappedAddress. In the general (non-DS- DESCRIPTION
Lite) case, those two objects will have the same value." "Table of port map entries indexed by NAT instance, protocol,
REFERENCE and external realm and address. A port map entry associates
"RFC yyyy Section 3.3.9. DS-Lite: RFC 6333, Section 5.7 for an internal upper layer protocol endpoint with an endpoint
well-known addresses and Section 6.6 on the need to have the for the same protocol in the given external realm. By
IPv6 tunnel address in the NAT mapping tables." definition, this is a snapshot of NAT instance state at a
::= { natv2MIBInstanceObjects 6 } given moment. The table provides the basic mapping
information.
natv2PortMapEntry OBJECT-TYPE In the case of DS-Lite [RFC 6333], the table provides the
SYNTAX Natv2PortMapEntry internal IPv6 tunnel source address in
MAX-ACCESS not-accessible natv2PortMapInternalRealmAddress and the IPv4 source address
STATUS current of the encapsulated packet that is actually translated in
DESCRIPTION natv2PortMapInternalMappedAddress. In the general (non-DS-
"A single NAT mapping." Lite) case, those two objects will have the same value."
INDEX { natv2PortMapInstanceIndex, REFERENCE
natv2PortMapProtocol, "RFC yyyy Section 3.3.9. DS-Lite: RFC 6333, Section 5.7 for
natv2PortMapExternalRealm, well-known addresses and Section 6.6 on the need to have the
natv2PortMapExternalAddressType, IPv6 tunnel address in the NAT mapping tables."
natv2PortMapExternalAddress, ::= { natv2MIBInstanceObjects 6 }
natv2PortMapExternalPort }
::= { natv2PortMapTable 1 }
Natv2PortMapEntry ::= natv2PortMapEntry OBJECT-TYPE
SEQUENCE { SYNTAX Natv2PortMapEntry
natv2PortMapInstanceIndex Natv2InstanceIndex, MAX-ACCESS not-accessible
natv2PortMapProtocol ProtocolNumber, STATUS current
natv2PortMapExternalRealm SnmpAdminString, DESCRIPTION
natv2PortMapExternalAddressType InetAddressType, "A single NAT mapping."
natv2PortMapExternalAddress InetAddress, INDEX { natv2PortMapInstanceIndex,
natv2PortMapExternalPort InetPortNumber, natv2PortMapProtocol,
natv2PortMapInternalRealm SnmpAdminString, natv2PortMapExternalRealm,
natv2PortMapInternalAddressType InetAddressType, natv2PortMapExternalAddressType,
natv2PortMapInternalAddress InetAddress, natv2PortMapExternalAddress,
natv2PortMapInternalMappedAddressType InetAddressType, natv2PortMapExternalPort }
natv2PortMapInternalMappedAddress InetAddress, ::= { natv2PortMapTable 1 }
natv2PortMapInternalPort InetPortNumber,
natv2PortMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2PortMapSubscriberIndex Natv2SubscriberIndexOrZero
}
natv2PortMapInstanceIndex OBJECT-TYPE Natv2PortMapEntry ::=
SYNTAX Natv2InstanceIndex SEQUENCE {
MAX-ACCESS not-accessible natv2PortMapInstanceIndex Natv2InstanceIndex,
STATUS current natv2PortMapProtocol ProtocolNumber,
DESCRIPTION natv2PortMapExternalRealm SnmpAdminString,
"Index of the NAT instance that created this port map entry." natv2PortMapExternalAddressType InetAddressType,
::= { natv2PortMapEntry 1 } natv2PortMapExternalAddress InetAddress,
natv2PortMapExternalPort InetPortNumber,
natv2PortMapInternalRealm SnmpAdminString,
natv2PortMapInternalAddressType InetAddressType,
natv2PortMapInternalAddress InetAddress,
natv2PortMapInternalMappedAddressType InetAddressType,
natv2PortMapInternalMappedAddress InetAddress,
natv2PortMapInternalPort InetPortNumber,
natv2PortMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2PortMapSubscriberIndex Natv2SubscriberIndexOrZero
}
natv2PortMapProtocol OBJECT-TYPE natv2PortMapInstanceIndex OBJECT-TYPE
SYNTAX ProtocolNumber SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The map entry's upper layer protocol number." "Index of the NAT instance that created this port map entry."
::= { natv2PortMapEntry 2 } ::= { natv2PortMapEntry 1 }
natv2PortMapExternalRealm OBJECT-TYPE natv2PortMapProtocol OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX ProtocolNumber
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The realm to which natv2PortMapExternalAddress belongs." "The map entry's upper layer protocol number."
::= { natv2PortMapEntry 3 } ::= { natv2PortMapEntry 2 }
natv2PortMapExternalAddressType OBJECT-TYPE natv2PortMapExternalRealm OBJECT-TYPE
SYNTAX InetAddressType SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type for the external realm. A value other "The realm to which natv2PortMapExternalAddress belongs."
than ipv4(1) or ipv6(2) would be unexpected." ::= { natv2PortMapEntry 3 }
::= { natv2PortMapEntry 4 }
natv2PortMapExternalAddress OBJECT-TYPE natv2PortMapExternalAddressType OBJECT-TYPE
SYNTAX InetAddress (SIZE (0..16)) SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's assigned external address. (This address is "Address type for the external realm. A value other
taken from the address pool identified by than ipv4(1) or ipv6(2) would be unexpected."
natv2PortMapExternalPoolIndex, if the implementation ::= { natv2PortMapEntry 4 }
supports address pools and pools are configured for the
given external realm.) This is the source address for
translated outgoing packets."
::= { natv2PortMapEntry 5 } natv2PortMapExternalAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0..16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's assigned external address. (This address is
taken from the address pool identified by
natv2PortMapExternalPoolIndex, if the implementation
supports address pools and pools are configured for the
given external realm.) This is the source address for
translated outgoing packets. The address type is given
by natv2PortMapExternalAddressType."
natv2PortMapExternalPort OBJECT-TYPE ::= { natv2PortMapEntry 5 }
SYNTAX InetPortNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's assigned external port number. This is the
source port for translated outgoing packets. If the internal
port number given by natv2PortMapInternalPort is zero this
value MUST also be zero. Otherwise this MUST be a non-zero
value."
::= { natv2PortMapEntry 6 }
natv2PortMapInternalRealm OBJECT-TYPE natv2PortMapExternalPort OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The realm to which natv2PortMapInternalRealmAddress belongs. "The mapping's assigned external port number. This is the
In the general case, this realm contains the address that is source port for translated outgoing packets. If the internal
being translated. In the DS-Lite [RFC 6333] case, this realm port number given by natv2PortMapInternalPort is zero this
defines the IPv6 address space from which the tunnel source value MUST also be zero. Otherwise this MUST be a non-zero
address is taken. The realm of the encapsulated IPv4 address value."
is restricted in scope to the tunnel, so there is no point ::= { natv2PortMapEntry 6 }
in identifying it separately."
REFERENCE
"RFC 6333 DS-Lite."
::= { natv2PortMapEntry 7 }
natv2PortMapInternalAddressType OBJECT-TYPE natv2PortMapInternalRealm OBJECT-TYPE
SYNTAX InetAddressType SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type for addresses in the realm identified by "The realm to which natv2PortMapInternalRealmAddress belongs.
natv2PortMapInternalRealm." In the general case, this realm contains the address that is
::= { natv2PortMapEntry 8 } being translated. In the DS-Lite [RFC 6333] case, this realm
defines the IPv6 address space from which the tunnel source
address is taken. The realm of the encapsulated IPv4 address
is restricted in scope to the tunnel, so there is no point
in identifying it separately."
REFERENCE
"RFC 6333 DS-Lite."
::= { natv2PortMapEntry 7 }
natv2PortMapInternalAddress OBJECT-TYPE natv2PortMapInternalAddressType OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Source address for packets received under this mapping on "Address type for addresses in the realm identified by
the internal side of the NAT instance. In the general case natv2PortMapInternalRealm."
this address is the same as the address given in ::= { natv2PortMapEntry 8 }
natv2PortMapInternalMappedAddress. In the DS-Lite case,
natv2PortMapInternalAddress is the IPv6 tunnel source
address."
REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables."
::= { natv2PortMapEntry 9 }
natv2PortMapInternalMappedAddressType OBJECT-TYPE natv2PortMapInternalAddress OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address type actually translated by this mapping. "Source address for packets received under this mapping on
Any value other than ipv4(1) or ipv6(2) would be unexpected. the internal side of the NAT instance. In the general case
In the general case, this is the same as given by this address is the same as the address given in
natv2AddressMapInternalAddressType. In the DS-Lite natv2PortMapInternalMappedAddress. In the DS-Lite case,
case, the address type is ipv4(1)." natv2PortMapInternalAddress is the IPv6 tunnel source
REFERENCE address. The address type is given
"DS-Lite: RFC 6333." by natv2PortMapInternalAddressType."
::= { natv2PortMapEntry 10 } REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables."
::= { natv2PortMapEntry 9 }
natv2PortMapInternalMappedAddress OBJECT-TYPE natv2PortMapInternalMappedAddressType OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address actually translated by this mapping. In the "Internal address type actually translated by this mapping.
general case, this is the same as Any value other than ipv4(1) or ipv6(2) would be unexpected.
natv2PortMapInternalRealmAddress. In the case of DS-Lite In the general case, this is the same as given by
[RFC 6333], this is the source address of the encapsulated natv2AddressMapInternalAddressType. In the DS-Lite
IPv4 packet, normally selected from the well-known range case, the address type is ipv4(1)."
192.0.0.0/29. The mapping in this case is considered to be REFERENCE
from the external address to the combination of the IPv6 "DS-Lite: RFC 6333."
tunnel source address natv2PortMapInternalRealmAddress and ::= { natv2PortMapEntry 10 }
the well-known IPv4 inner source address
natv2PortMapInternalMappedAddress."
REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables."
::= { natv2PortMapEntry 11 }
natv2PortMapInternalPort OBJECT-TYPE natv2PortMapInternalMappedAddress OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's internal port number. If this is zero, ports "Internal address actually translated by this mapping. In the
are not translated (i.e., the NAT instance is a pure NAT general case, this is the same as
rather than a NAPT)." natv2PortMapInternalRealmAddress. The address type is given
::= { natv2PortMapEntry 12 } by natv2PortMapInternalMappedAddressType.
natv2PortMapExternalPoolIndex OBJECT-TYPE In the case of DS-Lite [RFC 6333], this is the source
SYNTAX Natv2PoolIndexOrZero address of the encapsulated IPv4 packet, normally selected
MAX-ACCESS read-only from the well-known range 192.0.0.0/29. The mapping in this
STATUS current case is considered to be from the external address to the
DESCRIPTION combination of the IPv6 tunnel source address
"Identifies the address pool from which the external address natv2PortMapInternalRealmAddress and the well-known IPv4
in this port map entry was taken. Zero if the implementation inner source address natv2PortMapInternalMappedAddress."
does not support address pools but has chosen to support REFERENCE
this object, or if no pools are configured for the given "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
external realm." Section 6.6 on the need to have the IPv6 tunnel address in
::= { natv2PortMapEntry 13 } the NAT mapping tables."
::= { natv2PortMapEntry 11 }
natv2PortMapSubscriberIndex OBJECT-TYPE natv2PortMapInternalPort OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Subscriber using this map entry. Zero if the implementation "The mapping's internal port number. If this is zero, ports
does not support subscribers but has chosen to support are not translated (i.e., the NAT instance is a pure NAT
this object." rather than a NAPT)."
::= { natv2PortMapEntry 14 } ::= { natv2PortMapEntry 12 }
-- Conformance section. Specifies three cumulatively more extensive natv2PortMapExternalPoolIndex OBJECT-TYPE
-- applications: basic NAT, pooled NAT, and carrier grade NAT SYNTAX Natv2PoolIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifies the address pool from which the external address
in this port map entry was taken. Zero if the implementation
does not support address pools but has chosen to support
this object, or if no pools are configured for the given
external realm."
::= { natv2PortMapEntry 13 }
natv2MIBConformance OBJECT IDENTIFIER ::= { natv2MIB 3 } natv2PortMapSubscriberIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Subscriber using this map entry. Zero if the implementation
does not support subscribers but has chosen to support
this object."
::= { natv2PortMapEntry 14 }
natv2MIBCompliances OBJECT IDENTIFIER ::= { natv2MIBConformance 1 } -- Conformance section. Specifies three cumulatively more extensive
natv2MIBGroups OBJECT IDENTIFIER ::= { natv2MIBConformance 2 } -- applications: basic NAT, pooled NAT, and carrier grade NAT
natv2MIBBasicCompliance MODULE-COMPLIANCE natv2MIBConformance OBJECT IDENTIFIER ::= { natv2MIB 3 }
STATUS current
DESCRIPTION
"Describes the requirements for conformance to the basic NAT
application of NATv2 MIB."
MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup
}
GROUP natv2BasicNotificationGroup
DESCRIPTION
"The natv2BasicNotificationGroup is mandatory for all
NAT applications."
GROUP natv2BasicInstanceLevelGroup
DESCRIPTION
"The natv2BasicInstanceLevelGroup is mandatory for all
NAT applications."
::= { natv2MIBCompliances 1 }
natv2MIBPooledNATCompliance MODULE-COMPLIANCE natv2MIBCompliances OBJECT IDENTIFIER ::= { natv2MIBConformance 1 }
STATUS current natv2MIBGroups OBJECT IDENTIFIER ::= { natv2MIBConformance 2 }
DESCRIPTION natv2MIBBasicCompliance MODULE-COMPLIANCE
"Describes the requirements for conformance to the pooled NAT STATUS current
application of NATv2-MIB." DESCRIPTION
MODULE -- this module "Describes the requirements for conformance to the basic NAT
MANDATORY-GROUPS { natv2BasicNotificationGroup, application of NATv2 MIB."
natv2BasicInstanceLevelGroup, MODULE -- this module
natv2PooledNotificationGroup, MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2PooledInstanceLevelGroup natv2BasicInstanceLevelGroup
} }
GROUP natv2BasicNotificationGroup GROUP natv2BasicNotificationGroup
DESCRIPTION DESCRIPTION
"The natv2BasicNotificationGroup is mandatory for all "The natv2BasicNotificationGroup is mandatory for all
NAT applications." NAT applications."
GROUP natv2BasicInstanceLevelGroup GROUP natv2BasicInstanceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2BasicInstanceLevelGroup is mandatory for all "The natv2BasicInstanceLevelGroup is mandatory for all
NAT applications." NAT applications."
GROUP natv2PooledNotificationGroup ::= { natv2MIBCompliances 1 }
DESCRIPTION
"The natv2PooledNotificationGroup is mandatory for
the pooled and CGN applications."
GROUP natv2PooledInstanceLevelGroup
DESCRIPTION
"The natv2PooledInstanceLevelGroup is mandatory for
the pooled and CGN applications."
::= { natv2MIBCompliances 2 }
natv2MIBCGNCompliance MODULE-COMPLIANCE natv2MIBPooledNATCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Describes the requirements for conformance to the "Describes the requirements for conformance to the pooled NAT
carrier grade NAT application of NATv2-MIB." application of NATv2-MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup, MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup, natv2BasicInstanceLevelGroup,
natv2PooledNotificationGroup, natv2PooledNotificationGroup,
natv2PooledInstanceLevelGroup, natv2PooledInstanceLevelGroup
natv2CGNNotificationGroup, }
natv2CGNDeviceLevelGroup, GROUP natv2BasicNotificationGroup
natv2CGNInstanceLevelGroup DESCRIPTION
} "The natv2BasicNotificationGroup is mandatory for all
GROUP natv2BasicNotificationGroup NAT applications."
DESCRIPTION GROUP natv2BasicInstanceLevelGroup
"The natv2BasicNotificationGroup is mandatory for all DESCRIPTION
NAT applications." "The natv2BasicInstanceLevelGroup is mandatory for all
GROUP natv2BasicInstanceLevelGroup NAT applications."
DESCRIPTION GROUP natv2PooledNotificationGroup
"The natv2BasicInstanceLevelGroup is mandatory for all DESCRIPTION
NAT applications." "The natv2PooledNotificationGroup is mandatory for
GROUP natv2PooledNotificationGroup the pooled and CGN applications."
DESCRIPTION GROUP natv2PooledInstanceLevelGroup
"The natv2PooledNotificationGroup is mandatory for DESCRIPTION
the pooled and CGN applications." "The natv2PooledInstanceLevelGroup is mandatory for
GROUP natv2PooledInstanceLevelGroup the pooled and CGN applications."
DESCRIPTION ::= { natv2MIBCompliances 2 }
"The natv2PooledInstanceLevelGroup is mandatory for
the pooled and CGN applications."
GROUP natv2CGNNotificationGroup
DESCRIPTION
"The natv2CGNNotificationGroup is mandatory
for the carrier grade NAT application."
GROUP natv2CGNDeviceLevelGroup
DESCRIPTION
"The natv2CGNDeviceLevelGroup is mandatory
for the carrier grade NAT application."
GROUP natv2CGNInstanceLevelGroup
DESCRIPTION
"The natv2CGNInstanceLevelGroup is mandatory
for the carrier grade NAT application."
::= { natv2MIBCompliances 3 }
-- Groups natv2MIBCGNCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Describes the requirements for conformance to the
carrier grade NAT application of NATv2-MIB."
MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup,
natv2PooledNotificationGroup,
natv2PooledInstanceLevelGroup,
natv2CGNNotificationGroup,
natv2CGNDeviceLevelGroup,
natv2CGNInstanceLevelGroup
}
GROUP natv2BasicNotificationGroup
DESCRIPTION
"The natv2BasicNotificationGroup is mandatory for all
NAT applications."
GROUP natv2BasicInstanceLevelGroup
DESCRIPTION
"The natv2BasicInstanceLevelGroup is mandatory for all
NAT applications."
GROUP natv2PooledNotificationGroup
DESCRIPTION
"The natv2PooledNotificationGroup is mandatory for
the pooled and CGN applications."
GROUP natv2PooledInstanceLevelGroup
DESCRIPTION
"The natv2PooledInstanceLevelGroup is mandatory for
the pooled and CGN applications."
GROUP natv2CGNNotificationGroup
DESCRIPTION
"The natv2CGNNotificationGroup is mandatory
for the carrier grade NAT application."
GROUP natv2CGNDeviceLevelGroup
DESCRIPTION
"The natv2CGNDeviceLevelGroup is mandatory
for the carrier grade NAT application."
GROUP natv2CGNInstanceLevelGroup
DESCRIPTION
"The natv2CGNInstanceLevelGroup is mandatory
for the carrier grade NAT application."
::= { natv2MIBCompliances 3 }
natv2BasicNotificationGroup NOTIFICATION-GROUP -- Groups
NOTIFICATIONS {
natv2NotificationInstanceAddressMapEntriesHigh,
natv2NotificationInstancePortMapEntriesHigh
}
STATUS current
DESCRIPTION
"Notifications that MUST be supported by all NAT
applications."
::= { natv2MIBGroups 1 }
natv2BasicInstanceLevelGroup OBJECT-GROUP natv2BasicNotificationGroup NOTIFICATION-GROUP
OBJECTS { NOTIFICATIONS {
-- from natv2InstanceTable natv2NotificationInstanceAddressMapEntriesHigh,
natv2InstanceAlias, natv2NotificationInstancePortMapEntriesHigh
natv2InstancePortMappingBehavior, }
natv2InstanceFilteringBehavior, STATUS current
natv2InstanceFragmentBehavior, DESCRIPTION
natv2InstanceAddressMapEntries, "Notifications that MUST be supported by all NAT
natv2InstancePortMapEntries, applications."
natv2InstanceTranslations, ::= { natv2MIBGroups 1 }
natv2InstanceAddressMapCreations,
natv2InstanceAddressMapEntryLimitDrops,
natv2InstanceAddressMapFailureDrops,
natv2InstancePortMapCreations,
natv2InstancePortMapEntryLimitDrops,
natv2InstancePortMapFailureDrops,
natv2InstanceFragmentDrops,
natv2InstanceOtherResourceFailureDrops,
natv2InstanceDiscontinuityTime,
natv2InstanceThresholdAddressMapEntriesHigh,
natv2InstanceThresholdPortMapEntriesHigh,
natv2InstanceNotificationInterval,
natv2InstanceLimitAddressMapEntries,
natv2InstanceLimitPortMapEntries,
natv2InstanceLimitPendingFragments,
-- from natv2ProtocolTable
natv2ProtocolPortMapEntries,
natv2ProtocolTranslations,
natv2ProtocolPortMapCreations,
natv2ProtocolPortMapFailureDrops,
-- from natv2AddressMapTable
natv2AddressMapExternalRealm,
natv2AddressMapExternalAddressType,
natv2AddressMapExternalAddress,
-- from natv2PortMapTable
natv2PortMapInternalRealm,
natv2PortMapInternalAddressType,
natv2PortMapInternalAddress,
natv2PortMapInternalPort
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by
implementations of all NAT applications."
::= { natv2MIBGroups 2 } natv2BasicInstanceLevelGroup OBJECT-GROUP
OBJECTS {
-- from natv2InstanceTable
natv2InstanceAlias,
natv2InstancePortMappingBehavior,
natv2InstanceFilteringBehavior,
natv2InstanceFragmentBehavior,
natv2InstanceAddressMapEntries,
natv2InstancePortMapEntries,
natv2InstanceTranslations,
natv2InstanceAddressMapCreations,
natv2InstanceAddressMapEntryLimitDrops,
natv2InstanceAddressMapFailureDrops,
natv2InstancePortMapCreations,
natv2InstancePortMapEntryLimitDrops,
natv2InstancePortMapFailureDrops,
natv2InstanceFragmentDrops,
natv2InstanceOtherResourceFailureDrops,
natv2InstanceDiscontinuityTime,
natv2InstanceThresholdAddressMapEntriesHigh,
natv2InstanceThresholdPortMapEntriesHigh,
natv2InstanceNotificationInterval,
natv2InstanceLimitAddressMapEntries,
natv2InstanceLimitPortMapEntries,
natv2InstanceLimitPendingFragments,
-- from natv2ProtocolTable
natv2ProtocolPortMapEntries,
natv2ProtocolTranslations,
natv2ProtocolPortMapCreations,
natv2ProtocolPortMapFailureDrops,
-- from natv2AddressMapTable
natv2AddressMapExternalRealm,
natv2AddressMapExternalAddressType,
natv2AddressMapExternalAddress,
-- from natv2PortMapTable
natv2PortMapInternalRealm,
natv2PortMapInternalAddressType,
natv2PortMapInternalAddress,
natv2PortMapInternalPort
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by
implementations of all NAT applications."
::= { natv2MIBGroups 2 }
natv2PooledNotificationGroup NOTIFICATION-GROUP natv2PooledNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
natv2NotificationPoolUsageLow, natv2NotificationPoolUsageLow,
natv2NotificationPoolUsageHigh natv2NotificationPoolUsageHigh
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Notifications that MUST be supported by pooled and "Notifications that MUST be supported by pooled and
carrier-grade NAT applications." carrier-grade NAT applications."
::= { natv2MIBGroups 3 } ::= { natv2MIBGroups 3 }
natv2PooledInstanceLevelGroup OBJECT-GROUP natv2PooledInstanceLevelGroup OBJECT-GROUP
OBJECTS { OBJECTS {
-- from natv2InstanceTable -- from natv2InstanceTable
natv2InstancePoolingBehavior, natv2InstancePoolingBehavior,
-- from natv2PoolTable -- from natv2PoolTable
natv2PoolRealm, natv2PoolRealm,
natv2PoolAddressType, natv2PoolAddressType,
natv2PoolMinimumPort, natv2PoolMinimumPort,
natv2PoolMaximumPort, natv2PoolMaximumPort,
natv2PoolAddressMapEntries, natv2PoolAddressMapEntries,
natv2PoolPortMapEntries, natv2PoolPortMapEntries,
natv2PoolAddressMapCreations, natv2PoolAddressMapCreations,
natv2PoolPortMapCreations, natv2PoolPortMapCreations,
natv2PoolAddressMapFailureDrops, natv2PoolAddressMapFailureDrops,
natv2PoolPortMapFailureDrops, natv2PoolPortMapFailureDrops,
natv2PoolDiscontinuityTime, natv2PoolDiscontinuityTime,
natv2PoolThresholdUsageLow, natv2PoolThresholdUsageLow,
natv2PoolThresholdUsageHigh, natv2PoolThresholdUsageHigh,
natv2PoolNotifiedPortMapEntries, natv2PoolNotifiedPortMapEntries,
natv2PoolNotifiedPortMapProtocol, natv2PoolNotifiedPortMapProtocol,
natv2PoolNotificationInterval, natv2PoolNotificationInterval,
-- from natv2PoolRangeTable -- from natv2PoolRangeTable
natv2PoolRangeBegin, natv2PoolRangeBegin,
natv2PoolRangeEnd, natv2PoolRangeEnd,
-- from natv2AddressMapTable -- from natv2AddressMapTable
natv2AddressMapExternalPoolIndex, natv2AddressMapExternalPoolIndex,
-- from natv2PortMapTable -- from natv2PortMapTable
natv2PortMapExternalPoolIndex natv2PortMapExternalPoolIndex
} }
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by
implementations of the pooled and carrier grade
NAT applications."
::= { natv2MIBGroups 4 }
natv2CGNNotificationGroup NOTIFICATION-GROUP STATUS current
NOTIFICATIONS { DESCRIPTION
natv2NotificationSubscriberPortMappingEntriesHigh "Per-instance objects that MUST be supported by
} implementations of the pooled and carrier grade
STATUS current NAT applications."
DESCRIPTION ::= { natv2MIBGroups 4 }
"Notification that MUST be supported by implementations
of the carrier grade NAT application."
::= { natv2MIBGroups 5 }
natv2CGNDeviceLevelGroup OBJECT-GROUP natv2CGNNotificationGroup NOTIFICATION-GROUP
OBJECTS { NOTIFICATIONS {
-- from table natv2SubscriberTable natv2NotificationSubscriberPortMappingEntriesHigh
natv2SubscriberInternalRealm, }
natv2SubscriberInternalPrefixType, STATUS current
natv2SubscriberInternalPrefix, DESCRIPTION
natv2SubscriberInternalPrefixLength, "Notification that MUST be supported by implementations
natv2SubscriberAddressMapEntries, of the carrier grade NAT application."
natv2SubscriberPortMapEntries, ::= { natv2MIBGroups 5 }
natv2SubscriberTranslations,
natv2SubscriberAddressMapCreations,
natv2SubscriberPortMapCreations,
natv2SubscriberAddressMapFailureDrops,
natv2SubscriberPortMapFailureDrops,
natv2SubscriberDiscontinuityTime,
natv2SubscriberLimitPortMapEntries,
natv2SubscriberThresholdPortMapEntriesHigh,
natv2SubscriberNotificationInterval
}
STATUS current
DESCRIPTION
"Device-level objects that MUST be supported by the
carrier-grade NAT application."
::= { natv2MIBGroups 6 }
natv2CGNInstanceLevelGroup OBJECT-GROUP natv2CGNDeviceLevelGroup OBJECT-GROUP
OBJECTS { OBJECTS {
-- from natv2InstanceTable -- from table natv2SubscriberTable
natv2InstanceSubscriberActiveLimitDrops, natv2SubscriberInternalRealm,
natv2InstanceLimitSubscriberActives, natv2SubscriberInternalPrefixType,
-- from natv2AddressMapTable natv2SubscriberInternalPrefix,
natv2AddressMapInternalMappedAddressType, natv2SubscriberInternalPrefixLength,
natv2AddressMapInternalMappedAddress, natv2SubscriberAddressMapEntries,
natv2AddressMapSubscriberIndex, natv2SubscriberPortMapEntries,
-- from natv2PortMapTable natv2SubscriberTranslations,
natv2PortMapInternalMappedAddressType, natv2SubscriberAddressMapCreations,
natv2PortMapInternalMappedAddress, natv2SubscriberPortMapCreations,
natv2PortMapSubscriberIndex natv2SubscriberAddressMapFailureDrops,
natv2SubscriberPortMapFailureDrops,
natv2SubscriberDiscontinuityTime,
natv2SubscriberLimitPortMapEntries,
natv2SubscriberThresholdPortMapEntriesHigh,
natv2SubscriberNotificationInterval
}
STATUS current
DESCRIPTION
"Device-level objects that MUST be supported by the
carrier-grade NAT application."
::= { natv2MIBGroups 6 }
} natv2CGNInstanceLevelGroup OBJECT-GROUP
STATUS current OBJECTS {
DESCRIPTION -- from natv2InstanceTable
"Per-instance objects that MUST be supported by the natv2InstanceSubscriberActiveLimitDrops,
carrier grade NAT application." natv2InstanceLimitSubscriberActives,
::= { natv2MIBGroups 7 } -- from natv2AddressMapTable
natv2AddressMapInternalMappedAddressType,
natv2AddressMapInternalMappedAddress,
natv2AddressMapSubscriberIndex,
-- from natv2PortMapTable
natv2PortMapInternalMappedAddressType,
natv2PortMapInternalMappedAddress,
natv2PortMapSubscriberIndex
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by the
carrier grade NAT application."
::= { natv2MIBGroups 7 }
END END
5. Operational and Management Considerations 5. Operational and Management Considerations
This section covers two particular areas of operations and This section covers two particular areas of operations and
management: configuration requirements, and transition from or management: configuration requirements, and transition from or
coexistence with the [RFC4008] MIB module. coexistence with the [RFC4008] MIB module.
5.1. Configuration Requirements 5.1. Configuration Requirements
This MIB module assumes that the following information is configured This MIB module assumes that the following information is configured
skipping to change at page 78, line 21 skipping to change at page 78, line 28
address bind and address and port bind tables respectively. Finally, address bind and address and port bind tables respectively. Finally,
[RFC4008] provides a count of the number of sessions currently using [RFC4008] provides a count of the number of sessions currently using
each entry in the address and port bind table. None of these counts each entry in the address and port bind table. None of these counts
are directly comparable with the state values offered by NATV2-MIB, are directly comparable with the state values offered by NATV2-MIB,
because of the exclusion of static entries at the address map level, because of the exclusion of static entries at the address map level,
and because of the differing models of the translation tables between and because of the differing models of the translation tables between
[RFC4008] and the NATV2=MIB. [RFC4008] and the NATV2=MIB.
6. Security Considerations 6. Security Considerations
A number of management objects defined in this MIB module have a MAX- There are a number of management objects defined in this MIB module
ACCESS clause of read-write. Such objects may be considered with a MAX-ACCESS clause of read-write and/or read-create. Such
sensitive or vulnerable in some network environments. The support objects may be considered sensitive or vulnerable in some network
for SET operations in a non-secure environment without proper environments. The support for SET operations in a non-secure
protection can have a negative effect on network operations. These environment without proper protection opens devices to attack. These
are the tables and objects and their sensitivity/vulnerability: are the tables and objects and their sensitivity/vulnerability:
Limits: An attacker setting a very low or very high limit can easily Limits: An attacker setting a very low or very high limit can easily
cause a denial-of-service situation. cause a denial-of-service situation.
* natv2InstanceLimitAddressMapEntries; * natv2InstanceLimitAddressMapEntries;
* natv2InstanceLimitPortMapEntries; * natv2InstanceLimitPortMapEntries;
* natv2InstanceLimitPendingFragments; * natv2InstanceLimitPendingFragments;
skipping to change at page 79, line 33 skipping to change at page 79, line 42
the network via SNMP. These are the tables and objects and their the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
Objects that reveal host identities: Various objects can reveal the Objects that reveal host identities: Various objects can reveal the
identity of private hosts that are engaged in a session with identity of private hosts that are engaged in a session with
external end nodes. A curious outsider could monitor these to external end nodes. A curious outsider could monitor these to
assess the number of private hosts being supported by the NAT assess the number of private hosts being supported by the NAT
device. Further, a disgruntled former employee of an enterprise device. Further, a disgruntled former employee of an enterprise
could use the information to break into specific private hosts by could use the information to break into specific private hosts by
intercepting the existing sessions or originating new sessions intercepting the existing sessions or originating new sessions
into the host. into the host. If nothing else, unauthorized monitoring of these
objects will violate individual subscribers' privacy.
* entries in the natv2SubscriberTable;
* entries in the natv2AddressMapTable; * entries in the natv2AddressMapTable;
* entries in the natv2PortMapTable. * entries in the natv2PortMapTable.
Other objects that reveal NAT state: Other managed objects in this Other objects that reveal NAT state: Other managed objects in this
MIB may contain information that may be sensitive from a business MIB may contain information that may be sensitive from a business
perspective, in that they may represent NAT capabilities, business perspective, in that they may represent NAT capabilities, business
policies, and state information. policies, and state information.
 End of changes. 253 change blocks. 
2451 lines changed or deleted 2460 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/