idnits 2.17.1 draft-fedyk-ipsecme-mib-iptfs-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (February 22, 2021) is 1158 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC XXXX' is mentioned on line 215, but not defined == Outdated reference: A later version (-02) exists of draft-fedyk-ipsecme-yang-iptfs-01 == Outdated reference: A later version (-19) exists of draft-ietf-ipsecme-iptfs-06 ** Downref: Normative reference to an Informational RFC: RFC 3410 Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group D. Fedyk 3 Internet-Draft E. Kinzie 4 Intended status: Standards Track LabN Consulting, L.L.C. 5 Expires: August 26, 2021 February 22, 2021 7 Definitions of Managed Objects for IP Traffic Flow Security 8 draft-fedyk-ipsecme-mib-iptfs-00 10 Abstract 12 This document describes managed objects for the the management of IP 13 Traffic Flow Security additions to IKEv2 and IPsec. This document 14 provides a read only version of the objects defined in the YANG 15 module for the same purpose. 17 This is an unpublished work in progress. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on August 26, 2021. 36 Copyright Notice 38 Copyright (c) 2021 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Terminology & Concepts . . . . . . . . . . . . . . . . . . . 3 55 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 4. Management Objects . . . . . . . . . . . . . . . . . . . . . 3 57 4.1. MIB Tree . . . . . . . . . . . . . . . . . . . . . . . . 3 58 4.2. SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . 4 59 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 60 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18 61 7. Normative References . . . . . . . . . . . . . . . . . . . . 18 62 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 64 1. Introduction 66 This document defines a Management Information Base (MIB) module for 67 use with network management protocols in the Internet community. 68 Traffic Flow Security (IP-TFS) extensions as defined in 69 [I-D.ietf-ipsecme-iptfs]. IP-TFS provides enhancements to an IPsec 70 tunnel Security Association to provide improved traffic 71 confidentiality. 73 For a detailed overview of the documents that describe the current 74 Internet-Standard Management Framework, please refer to section 7 of 75 [RFC3410]. 77 Managed objects are accessed via a virtual information store, termed 78 the Management Information Base or MIB. MIB objects are generally 79 accessed through the Simple Network Management Protocol (SNMP). 80 Objects in the MIB are defined using the mechanisms defined in the 81 Structure of Management Information (SMI). This memo specifies a MIB 82 module that is compliant to the SMIv2, which is described in STD 58, 83 [RFC2578], STD 58, [RFC2579] and STD 58, [RFC2580]. 85 The objects defined here are the same as 86 [I-D.draft-fedyk-ipsecme-yang-iptfs] with the exception that only 87 operational data is supported. This module uses the YANG model as a 88 reference point for managed objects. Note an IETF MIB model for 89 IPsec was never standardized however the structures here could be 90 adapted to existing MIB implementations. 92 2. Terminology & Concepts 94 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 95 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 96 "OPTIONAL" in this document are to be interpreted as described in 97 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, 98 as shown here. 100 3. Overview 102 This document defines configuration and operational parameters of IP 103 traffic flow security (IP-TFS). IP-TFS, defined in 104 [I-D.ietf-ipsecme-iptfs], configures a security association for 105 tunnel mode IPsec with characteristics that improve traffic 106 confidentiality and reduce bandwidth efficiency loss. 108 This document is based on the concepts and management model defined 109 in [I-D.draft-fedyk-ipsecme-yang-iptfs]. This documents assume 110 familiarity with IP security concepts described in [RFC4301], IP-TFS 111 as described in [I-D.ietf-ipsecme-iptfs] and the IP-TFS management 112 model described in [I-D.draft-fedyk-ipsecme-yang-iptfs]. 114 This document specifies an extensible operational model for IP-TFS. 115 It reuses the management model defined in 116 [I-D.draft-fedyk-ipsecme-yang-iptfs]. 118 4. Management Objects 120 4.1. MIB Tree 122 The following is the MIB registration tree diagram for the IP-TFS 123 extensions. 125 # IETF-IPTFS-MIB registration tree (generated by smidump 0.5.0) 127 ---- iptfsMIB(1.3.6.1.3.500) 128 +---- iptfsMIBObjects(1) 129 | +---- iptfsGroup(1) 130 | | +---- iptfsConfigTable(1) 131 | | +---- iptfsConfigTableEntry(1) [iptfsConfigSaIndex] 132 | | +---- iptfsConfigSaIndex(1) Integer32 133 | | +--r- congestionControl(2) TruthValue 134 | | +--r- usePathMtu(3) TruthValue 135 | | +--r- outerPacketSize(4) UnsignedShort 136 | | +--r- l2FixedRate(5) Counter64 137 | | +--r- l3FixedRate(6) Counter64 138 | | +--r- dontFragment(7) TruthValue 139 | | +--r- maxAggregationTime(8) NanoSeconds 140 | +---- ipsecStatsGroup(2) 141 | | +---- ipsecStatsTable(1) 142 | | +---- ipsecStatsTableEntry(1) [ipsecSaIndex] 143 | | +---- ipsecSaIndex(1) Integer32 144 | | +--r- txPackets(2) Counter64 145 | | +--r- txOctets(3) Counter64 146 | | +--r- txDropPackets(4) Counter64 147 | | +--r- rxPackets(5) Counter64 148 | | +--r- rxOctets(6) Counter64 149 | | +--r- rxDropPackets(7) Counter64 150 | +---- iptfsInnerStatsGroup(3) 151 | | +---- iptfsInnerStatsTable(1) 152 | | +---- iptfsInnerStatsTableEntry(1) [iptfsInnerSaIndex] 153 | | +---- iptfsInnerSaIndex(1) Integer32 154 | | +--r- txInnerPackets(2) Counter64 155 | | +--r- txInnerOctets(3) Counter64 156 | | +--r- rxInnerPackets(4) Counter64 157 | | +--r- rxInnerOctets(5) Counter64 158 | | +--r- rxIncompleteInnerPackets(6) Counter64 159 | +---- iptfsOuterStatsGroup(4) 160 | +---- iptfsOuterStatsTable(1) 161 | +---- iptfsOuterStatsTableEntry(1) [iptfsSaIndex] 162 | +---- iptfsSaIndex(1) Integer32 163 | +--r- txExtraPadPackets(2) Counter64 164 | +--r- txExtraPadOctets(3) Counter64 165 | +--r- txAllPadPackets(4) Counter64 166 | +--r- txAllPadOctets(5) Counter64 167 | +--r- rxExtraPadPackets(6) Counter64 168 | +--r- rxExtraPadOctets(7) Counter64 169 | +--r- rxAllPadPackets(8) Counter64 170 | +--r- rxAllPadOctets(9) Counter64 171 | +--r- rxErroredPackets(10) Counter64 172 | +--r- rxMissedPackets(11) Counter64 173 +---- iptfsMIBConformance(2) 174 +---- iptfsMIBConformances(1) 175 | +---- iptfsMIBCompliance(1) 176 +---- iptfsMIBGroups(2) 177 +---- iptfsMIBConfGroup(1) 178 +---- ipsecStatsConfGroup(2) 179 +---- iptfsInnerStatsConfGroup(3) 180 +---- iptfsOuterStatsConfGroup(4) 182 4.2. SNMP 184 The following is the MIB for IP-TFS. 186 -- *------------------------------------------------------------------ 187 -- * 188 -- *------------------------------------------------------------------ 190 IETF-IPTFS-MIB DEFINITIONS ::= BEGIN 191 IMPORTS 192 MODULE-IDENTITY, OBJECT-TYPE, 193 Integer32, Unsigned32, Counter64, experimental 194 FROM SNMPv2-SMI 195 MODULE-COMPLIANCE, OBJECT-GROUP 196 FROM SNMPv2-CONF 197 TEXTUAL-CONVENTION, 198 TruthValue 199 FROM SNMPv2-TC; 201 iptfsMIB MODULE-IDENTITY 202 LAST-UPDATED "202011130000Z" 203 ORGANIZATION "IETF IPsecme Working Group" 204 CONTACT-INFO 205 " 206 Author: Don Fedyk 207 209 Author: Christian Hopps 210 " 212 DESCRIPTION 213 "This module defines the configuration and operational 214 state for managing the IP Traffic Flow Security 215 functionality [RFC XXXX]. Copyright (c) 2020 IETF 216 Trust and the persons identified as authors of the 217 code. All rights reserved. 219 Redistribution and use in source and binary forms, 220 with or without modification, is permitted pursuant 221 to, and subject to the license terms contained in, 222 the Simplified BSD License set forth in Section 4.c 223 of the IETF Trust's Legal Provisions Relating to IETF 224 Documents (https://trustee.ietf.org/license-info). 226 This version of this SNMP MIB module is part of RFC XXXX 227 (https://tools.ietf.org/html/rfcXXXX); see the RFC 228 itself for full legal notices." 230 REVISION "202011130000Z" 231 DESCRIPTION 232 "Initial revision. Derived from the IPTFS Yang Model." 233 ::= { experimental 500 } 235 -- 236 -- Textual Conventions 237 -- 239 UnsignedShort ::= TEXTUAL-CONVENTION 240 DISPLAY-HINT "d" 241 STATUS current 242 DESCRIPTION "xs:unsignedShort" 243 SYNTAX Unsigned32 (0 .. 65535) 245 NanoSeconds ::= TEXTUAL-CONVENTION 246 DISPLAY-HINT "d" 247 STATUS current 248 DESCRIPTION 249 "Represents time unit value in nanoseconds." 250 SYNTAX Counter64 252 -- Objects, Notifications & Conformances 254 iptfsMIBObjects OBJECT IDENTIFIER 255 ::= { iptfsMIB 1 } 256 iptfsMIBConformance OBJECT IDENTIFIER 257 ::= { iptfsMIB 2} 259 -- 260 -- IPTFS MIB Object Groups 261 -- 262 iptfsGroup OBJECT IDENTIFIER 263 ::= { iptfsMIBObjects 1 } 265 ipsecStatsGroup OBJECT IDENTIFIER 266 ::= { iptfsMIBObjects 2 } 268 iptfsInnerStatsGroup OBJECT IDENTIFIER 269 ::= { iptfsMIBObjects 3 } 271 iptfsOuterStatsGroup OBJECT IDENTIFIER 272 ::= { iptfsMIBObjects 4 } 274 iptfsConfigTable OBJECT-TYPE 275 SYNTAX SEQUENCE OF IptfsConfigTableEntry 276 MAX-ACCESS not-accessible 277 STATUS current 278 DESCRIPTION 279 "The table containing configuration information for 280 IPTFS." 282 ::= { iptfsGroup 1 } 284 iptfsConfigTableEntry OBJECT-TYPE 285 SYNTAX IptfsConfigTableEntry 286 MAX-ACCESS not-accessible 287 STATUS current 288 DESCRIPTION 289 "An entry (conceptual row) containing the information on 290 a particular IPTFS SA." 291 INDEX { iptfsConfigSaIndex } 292 ::= { iptfsConfigTable 1 } 294 IptfsConfigTableEntry ::= SEQUENCE { 295 iptfsConfigSaIndex Integer32, 297 -- identifier information 298 congestionControl TruthValue, 299 usePathMtu TruthValue, 300 outerPacketSize UnsignedShort, 301 l2FixedRate Counter64, 302 l3FixedRate Counter64, 303 dontFragment TruthValue, 304 maxAggregationTime NanoSeconds 305 } 307 iptfsConfigSaIndex OBJECT-TYPE 308 SYNTAX Integer32 (1..16777215) 309 MAX-ACCESS not-accessible 310 STATUS current 311 DESCRIPTION 312 "A unique value, greater than zero, for each SA. 313 It is recommended that values are assigned contiguously 314 starting from 1. 316 The value for each entry must remain constant at least 317 from one re-initialization of entity's network management 318 system to the next re-initialization." 319 ::= { iptfsConfigTableEntry 1 } 321 congestionControl OBJECT-TYPE 322 SYNTAX TruthValue 323 MAX-ACCESS read-only 324 STATUS current 325 DESCRIPTION 326 "Congestion Control With the congestion controlled 327 mode, IP-TFS adapts to network congestion by lowering 328 the packet send rate to accommodate the congestion, as 329 well as raising the rate when congestion subsides." 331 DEFVAL { false } 332 ::= { iptfsConfigTableEntry 2 } 334 usePathMtu OBJECT-TYPE 335 SYNTAX TruthValue 336 MAX-ACCESS read-only 337 STATUS current 338 DESCRIPTION 339 "Packet size is either auto-discovered or manually 340 configured. If usePathMtu is true the system utilizes 341 path-mtu to determine maximum IPTFS packet size. If 342 the packet size is explicitly configured then it will 343 only be adjusted downward if use-path-mtu is set." 344 ::= { iptfsConfigTableEntry 3 } 346 outerPacketSize OBJECT-TYPE 347 SYNTAX UnsignedShort 348 MAX-ACCESS read-only 349 STATUS current 350 DESCRIPTION 351 "The size of the outer encapsulating tunnel packet 352 (i.e., the IP packet containing the ESP payload)." 353 ::= { iptfsConfigTableEntry 4 } 355 l2FixedRate OBJECT-TYPE 356 SYNTAX Counter64 357 MAX-ACCESS read-only 358 STATUS current 359 DESCRIPTION 360 "TFS bit rate may be specified at layer 2 wire rate. 361 Target bandwidth/bit rate in bps for iptfs tunnel. 362 This rate is the nominal timing for the fixed size 363 packet. If congestion control is enabled the rate may 364 be adjusted down (or up if unset)." 365 ::= { iptfsConfigTableEntry 5 } 367 l3FixedRate OBJECT-TYPE 368 SYNTAX Counter64 369 MAX-ACCESS read-only 370 STATUS current 371 DESCRIPTION 372 "TFS bit rate may be specified at layer 3 packet 373 rate.Target bandwidth/bit rate in bps for iptfs 374 tunnel. this rate is the nominal timing for the fixed 375 size packet. If congestion control is enabled the rate 376 may be adjusted down (or up if unset)." 377 ::= { iptfsConfigTableEntry 6 } 379 dontFragment OBJECT-TYPE 380 SYNTAX TruthValue 381 MAX-ACCESS read-only 382 STATUS current 383 DESCRIPTION 384 "Disable packet fragmentation across consecutive iptfs 385 tunnel packets when set to true." 386 ::= { iptfsConfigTableEntry 7 } 388 maxAggregationTime OBJECT-TYPE 389 SYNTAX NanoSeconds 390 MAX-ACCESS read-only 391 STATUS current 392 DESCRIPTION 393 "Maximum Aggregation Time in nanoseconds." 394 ::= { iptfsConfigTableEntry 8 } 396 ipsecStatsTable OBJECT-TYPE 397 SYNTAX SEQUENCE OF IpsecStatsTableEntry 398 MAX-ACCESS not-accessible 399 STATUS current 400 DESCRIPTION 401 "The table containing basic statistics on IPsec." 402 ::= { ipsecStatsGroup 1 } 404 ipsecStatsTableEntry OBJECT-TYPE 405 SYNTAX IpsecStatsTableEntry 406 MAX-ACCESS not-accessible 407 STATUS current 408 DESCRIPTION 409 "An entry (conceptual row) containing the information on 410 a particular IKE SA." 411 INDEX { ipsecSaIndex } 412 ::= { ipsecStatsTable 1 } 414 IpsecStatsTableEntry ::= SEQUENCE { 415 ipsecSaIndex Integer32, 416 -- packet statistics information 417 txPackets Counter64, 418 txOctets Counter64, 419 txDropPackets Counter64, 420 rxPackets Counter64, 421 rxOctets Counter64, 422 rxDropPackets Counter64 423 } 425 ipsecSaIndex OBJECT-TYPE 426 SYNTAX Integer32 (1..16777215) 427 MAX-ACCESS not-accessible 428 STATUS current 429 DESCRIPTION 430 "A unique value, greater than zero, for each SA. 431 It is recommended that values are assigned contiguously 432 starting from 1. 434 The value for each entry must remain constant at least 435 from one re-initialization of entity's network management 436 system to the next re-initialization." 437 ::= { ipsecStatsTableEntry 1 } 439 txPackets OBJECT-TYPE 440 SYNTAX Counter64 441 MAX-ACCESS read-only 442 STATUS current 443 DESCRIPTION 444 "Outbound Packet count." 445 ::= { ipsecStatsTableEntry 2 } 447 txOctets OBJECT-TYPE 448 SYNTAX Counter64 449 MAX-ACCESS read-only 450 STATUS current 451 DESCRIPTION 452 "Outbound Packet bytes." 453 ::= { ipsecStatsTableEntry 3 } 455 txDropPackets OBJECT-TYPE 456 SYNTAX Counter64 457 MAX-ACCESS read-only 458 STATUS current 459 DESCRIPTION 460 "Outbound dropped packets count." 461 ::= { ipsecStatsTableEntry 4 } 463 rxPackets OBJECT-TYPE 464 SYNTAX Counter64 465 MAX-ACCESS read-only 466 STATUS current 467 DESCRIPTION 468 "Inbound Packet count." 469 ::= { ipsecStatsTableEntry 5 } 471 rxOctets OBJECT-TYPE 472 SYNTAX Counter64 473 MAX-ACCESS read-only 474 STATUS current 475 DESCRIPTION 476 "Inbound Packet bytes." 477 ::= { ipsecStatsTableEntry 6 } 479 rxDropPackets OBJECT-TYPE 480 SYNTAX Counter64 481 MAX-ACCESS read-only 482 STATUS current 483 DESCRIPTION 484 "Inbound Dropped packets" 485 ::= { ipsecStatsTableEntry 7 } 487 iptfsInnerStatsTable OBJECT-TYPE 488 SYNTAX SEQUENCE OF IptfsInnerSaEntry 489 MAX-ACCESS not-accessible 490 STATUS current 491 DESCRIPTION 492 "The table containing information on IPTFS 493 Inner Packets." 494 ::= { iptfsInnerStatsGroup 1 } 496 iptfsInnerStatsTableEntry OBJECT-TYPE 497 SYNTAX IptfsInnerSaEntry 498 MAX-ACCESS not-accessible 499 STATUS current 500 DESCRIPTION 501 "An entry containing the information on 502 a particular tfs SA." 503 INDEX { iptfsInnerSaIndex } 504 ::= { iptfsInnerStatsTable 1 } 506 IptfsInnerSaEntry ::= SEQUENCE { 507 iptfsInnerSaIndex Integer32, 509 txInnerPackets Counter64, 510 txInnerOctets Counter64, 511 rxInnerPackets Counter64, 512 rxInnerOctets Counter64, 513 rxIncompleteInnerPackets Counter64 514 } 516 iptfsInnerSaIndex OBJECT-TYPE 517 SYNTAX Integer32 (1..16777215) 518 MAX-ACCESS not-accessible 519 STATUS current 520 DESCRIPTION 521 "A unique value, greater than zero, for each SA. 522 It is recommended that values are assigned contiguously 523 starting from 1. 525 The value for each entry must remain constant at least 526 from one re-initialization of entity's network management 527 system to the next re-initialization." 528 ::= { iptfsInnerStatsTableEntry 1 } 530 txInnerPackets OBJECT-TYPE 531 SYNTAX Counter64 532 MAX-ACCESS read-only 533 STATUS current 534 DESCRIPTION 535 "Total number of IP-TFS inner packets sent. This count 536 is whole packets only. A fragmented packet counts as 537 one packet." 538 ::= { iptfsInnerStatsTableEntry 2 } 540 txInnerOctets OBJECT-TYPE 541 SYNTAX Counter64 542 MAX-ACCESS read-only 543 STATUS current 544 DESCRIPTION 545 "Total number of IP-TFS inner octets sent. This is 546 inner packet octets only. Does not count padding." 547 ::= { iptfsInnerStatsTableEntry 3 } 549 rxInnerPackets OBJECT-TYPE 550 SYNTAX Counter64 551 MAX-ACCESS read-only 552 STATUS current 553 DESCRIPTION 554 "Total number of IP-TFS inner packets received." 555 ::= { iptfsInnerStatsTableEntry 4 } 557 rxInnerOctets OBJECT-TYPE 558 SYNTAX Counter64 559 MAX-ACCESS read-only 560 STATUS current 561 DESCRIPTION 562 "Total number of IP-TFS inner octets received. Does 563 not include padding or overhead." 564 ::= { iptfsInnerStatsTableEntry 5 } 566 rxIncompleteInnerPackets OBJECT-TYPE 567 SYNTAX Counter64 568 MAX-ACCESS read-only 569 STATUS current 570 DESCRIPTION 571 "Total number of IP-TFS inner packets that were 572 incomplete. Usually this is due to fragments not 573 received. Also, this may be due to misordering or 574 errors in received outer packets." 575 ::= { iptfsInnerStatsTableEntry 6 } 577 iptfsOuterStatsTable OBJECT-TYPE 578 SYNTAX SEQUENCE OF IptfsOuterSaEntry 579 MAX-ACCESS not-accessible 580 STATUS current 581 DESCRIPTION 582 "The table containing information on IPTFS." 583 ::= { iptfsOuterStatsGroup 1 } 585 iptfsOuterStatsTableEntry OBJECT-TYPE 586 SYNTAX IptfsOuterSaEntry 587 MAX-ACCESS not-accessible 588 STATUS current 589 DESCRIPTION 590 "An entry containing the information on 591 a particular tfs SA." 592 INDEX { iptfsSaIndex } 593 ::= { iptfsOuterStatsTable 1 } 595 IptfsOuterSaEntry ::= SEQUENCE { 596 iptfsSaIndex Integer32, 598 -- iptfs packet statistics information 599 txExtraPadPackets Counter64, 600 txExtraPadOctets Counter64, 601 txAllPadPackets Counter64, 602 txAllPadOctets Counter64, 603 rxExtraPadPackets Counter64, 604 rxExtraPadOctets Counter64, 605 rxAllPadPackets Counter64, 606 rxAllPadOctets Counter64, 607 rxErroredPackets Counter64, 608 rxMissedPackets Counter64 609 } 611 iptfsSaIndex OBJECT-TYPE 612 SYNTAX Integer32 (1..16777215) 613 MAX-ACCESS not-accessible 614 STATUS current 615 DESCRIPTION 616 "A unique value, greater than zero, for each SA. 617 It is recommended that values are assigned contiguously 618 starting from 1. 620 The value for each entry must remain constant at least 621 from one re-initialization of entity's network management 622 system to the next re-initialization." 623 ::= { iptfsOuterStatsTableEntry 1 } 625 txExtraPadPackets OBJECT-TYPE 626 SYNTAX Counter64 627 MAX-ACCESS read-only 628 STATUS current 629 DESCRIPTION 630 "Total number of transmitted outer IP-TFS packets that 631 included some padding." 632 ::= { iptfsOuterStatsTableEntry 2 } 634 txExtraPadOctets OBJECT-TYPE 635 SYNTAX Counter64 636 MAX-ACCESS read-only 637 STATUS current 638 DESCRIPTION 639 "Total number of transmitted octets of padding added to 640 outer IP-TFS packets with data." 641 ::= { iptfsOuterStatsTableEntry 3 } 643 txAllPadPackets OBJECT-TYPE 644 SYNTAX Counter64 645 MAX-ACCESS read-only 646 STATUS current 647 DESCRIPTION 648 "Total number of transmitted IP-TFS packets that were 649 all padding with no inner packet data." 650 ::= { iptfsOuterStatsTableEntry 4 } 652 txAllPadOctets OBJECT-TYPE 653 SYNTAX Counter64 654 MAX-ACCESS read-only 655 STATUS current 656 DESCRIPTION 657 "Total number transmitted octets of padding added to 658 IP-TFS packets with no inner packet data." 659 ::= { iptfsOuterStatsTableEntry 5 } 661 rxExtraPadPackets OBJECT-TYPE 662 SYNTAX Counter64 663 MAX-ACCESS read-only 664 STATUS current 665 DESCRIPTION 666 "Total number of received outer IP-TFS packets that 667 included some padding." 668 ::= { iptfsOuterStatsTableEntry 6 } 670 rxExtraPadOctets OBJECT-TYPE 671 SYNTAX Counter64 672 MAX-ACCESS read-only 673 STATUS current 674 DESCRIPTION 675 "Total number of received octets of padding added to 676 outer IP-TFS packets with data." 677 ::= { iptfsOuterStatsTableEntry 7 } 679 rxAllPadPackets OBJECT-TYPE 680 SYNTAX Counter64 681 MAX-ACCESS read-only 682 STATUS current 683 DESCRIPTION 684 "Total number of received IP-TFS packets that were all 685 padding with no inner paccket data." 686 ::= { iptfsOuterStatsTableEntry 8 } 688 rxAllPadOctets OBJECT-TYPE 689 SYNTAX Counter64 690 MAX-ACCESS read-only 691 STATUS current 692 DESCRIPTION 693 "Total number received octets of padding added to 694 IP-TFS packets with no inner packet data." 695 ::= { iptfsOuterStatsTableEntry 9 } 697 rxErroredPackets OBJECT-TYPE 698 SYNTAX Counter64 699 MAX-ACCESS read-only 700 STATUS current 701 DESCRIPTION 702 "Total number of IP-TFS outer packets dropped due to 703 errors." 704 ::= { iptfsOuterStatsTableEntry 10 } 706 rxMissedPackets OBJECT-TYPE 707 SYNTAX Counter64 708 MAX-ACCESS read-only 709 STATUS current 710 DESCRIPTION 711 "Total number of IP-TFS outer packets missing indicated 712 by missing sequence number." 713 ::= { iptfsOuterStatsTableEntry 11 } 715 -- 716 -- Iptfs Module Compliance 717 -- 719 iptfsMIBConformances OBJECT IDENTIFIER 720 ::= { iptfsMIBConformance 1 } 722 iptfsMIBGroups OBJECT IDENTIFIER 723 ::= { iptfsMIBConformance 2 } 725 iptfsMIBCompliance MODULE-COMPLIANCE 726 STATUS current 727 DESCRIPTION 728 "The compliance statement for entities which implement 729 the IPTFS MIB" 730 MODULE -- this module 731 MANDATORY-GROUPS { 732 iptfsMIBConfGroup, 733 ipsecStatsConfGroup, 734 iptfsInnerStatsConfGroup, 735 iptfsOuterStatsConfGroup 736 } 738 ::= { iptfsMIBConformances 1 } 740 -- 741 -- MIB Groups (Units of Conformance) 742 -- 744 iptfsMIBConfGroup OBJECT-GROUP 745 OBJECTS { 746 congestionControl, 747 usePathMtu, 748 outerPacketSize , 749 l2FixedRate , 750 l3FixedRate , 751 dontFragment, 752 maxAggregationTime 753 } 754 STATUS current 755 DESCRIPTION 756 "A collection of objects providing per SA IPTFS 757 Configuration." 758 ::= { iptfsMIBGroups 1 } 760 ipsecStatsConfGroup OBJECT-GROUP 761 OBJECTS { 762 txPackets, 763 txOctets, 764 txDropPackets, 765 rxPackets, 766 rxOctets, 767 rxDropPackets 768 } 769 STATUS current 770 DESCRIPTION 771 "A collection of objects providing per SA Basic 772 Stats." 773 ::= { iptfsMIBGroups 2 } 775 iptfsInnerStatsConfGroup OBJECT-GROUP 776 OBJECTS { 777 txInnerPackets, 778 txInnerOctets, 779 rxInnerPackets, 780 rxInnerOctets, 781 rxIncompleteInnerPackets 782 } 783 STATUS current 784 DESCRIPTION 785 "A collection of objects providing per SA IPTFS 786 Inner Packet Statistics." 787 ::= { iptfsMIBGroups 3 } 789 iptfsOuterStatsConfGroup OBJECT-GROUP 790 OBJECTS { 791 txExtraPadPackets, 792 txExtraPadOctets, 793 txAllPadPackets, 794 txAllPadOctets, 795 rxExtraPadPackets, 796 rxExtraPadOctets, 797 rxAllPadPackets, 798 rxAllPadOctets, 799 rxErroredPackets, 800 rxMissedPackets 801 } 802 STATUS current 803 DESCRIPTION 804 "A collection of objects providing per SA IPTFS 805 Outer Packet Statistics." 806 ::= { iptfsMIBGroups 4 } 808 END 810 5. Security Considerations 812 The MIB specified in this document can enable, disable and modify the 813 behavior of IP traffic flow security, for the implications regarding 814 these types of changes consult the [I-D.ietf-ipsecme-iptfs] which 815 defines the functionality. 817 6. Acknowledgements 819 The authors would like to thank Eric Kinzie for his help and feedback 820 on the MIB model. 822 7. Normative References 824 [I-D.draft-fedyk-ipsecme-yang-iptfs] 825 Fedyk, D. and C. Hopps, "IP Traffic Flow Security YANG 826 Module", draft-fedyk-ipsecme-yang-iptfs-01 (work in 827 progress), November 2020. 829 [I-D.ietf-ipsecme-iptfs] 830 Hopps, C., "IP-TFS: IP Traffic Flow Security Using 831 Aggregation and Fragmentation", draft-ietf-ipsecme- 832 iptfs-06 (work in progress), January 2021. 834 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 835 Requirement Levels", BCP 14, RFC 2119, 836 DOI 10.17487/RFC2119, March 1997, 837 . 839 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 840 Schoenwaelder, Ed., "Structure of Management Information 841 Version 2 (SMIv2)", STD 58, RFC 2578, 842 DOI 10.17487/RFC2578, April 1999, 843 . 845 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 846 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 847 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 848 . 850 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 851 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 852 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 853 . 855 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 856 "Introduction and Applicability Statements for Internet- 857 Standard Management Framework", RFC 3410, 858 DOI 10.17487/RFC3410, December 2002, 859 . 861 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 862 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 863 December 2005, . 865 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 866 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 867 May 2017, . 869 Authors' Addresses 871 Don Fedyk 872 LabN Consulting, L.L.C. 874 Email: dfedyk@labn.net 876 Eric Kinzie 877 LabN Consulting, L.L.C. 879 Email: ekinzie@labn.net