idnits 2.17.1 draft-fu-softwire-dslite-mib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (August 27, 2011) is 4619 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 6333' is mentioned on line 75, but not defined == Unused Reference: 'RFC6333' is defined on line 1295, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-softwire-gateway-init-ds-lite' is defined on line 1301, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) == Outdated reference: A later version (-08) exists of draft-ietf-softwire-gateway-init-ds-lite-05 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track Huawei Technologies Co., Ltd 4 Expires: February 26, 2012 Y. Cui 5 J.Dong 6 Tsinghua University 7 August 27, 2011 9 DS-Lite Management Information Base (MIB) 10 draft-fu-softwire-dslite-mib-02 12 Status of this Memo 14 This Internet-Draft is submitted in full conformance with the 15 provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF). Note that other groups may also distribute working 19 documents as Internet-Drafts. The list of current Internet-Drafts is 20 at http://datatracker.ietf.org/drafts/current/. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 This Internet-Draft will expire on February 26, 2012. 29 Copyright Notice 31 Copyright (c) 2011 IETF Trust and the persons identified as the 32 document authors. All rights reserved. 34 This document is subject to BCP 78 and the IETF Trust's Legal 35 Provisions Relating to IETF Documents 36 (http://trustee.ietf.org/license-info) in effect on the date of 37 publication of this document. Please review these documents 38 carefully, as they describe your rights and restrictions with respect 39 to this document. Code Components extracted from this document must 40 include Simplified BSD License text as described in Section 4.e of 41 the Trust Legal Provisions and are provided without warranty as 42 described in the Simplified BSD License. 44 Abstract 46 This memo defines a portion of the Management Information Base (MIB) 47 for use with network management protocols in the Internet community. 48 In particular, it defines managed objects for DS-Lite. 50 Table of Contents 52 1. Introduction ................................................. 3 53 2. The Internet-Standard Management Framework ................... 3 54 3. Terminology .................................................. 3 55 4. Difference from the IP tunnel MIB and NAT MIB ................ 3 56 5. Structure of the MIB Module .................................. 4 57 5.1. The dsliteTunnel Subtree ................................ 4 58 5.2. The dsliteNAT Subtree ................................... 5 59 5.3. The dsliteInfo Subtree .................................. 5 60 5.4. The dsliteTrap Subtree .................................. 5 61 5.5. The dsliteConformance Subtree ........................... 5 62 6. MIB modules required for IMPORTS ............................. 5 63 7. Definitions .................................................. 5 64 8. Extending this MIB for Gateway Initiated Dual-Stack Lite..... 27 65 9. IANA Considerations ......................................... 27 66 10. Security Considerations .................................... 28 67 11. References ................................................. 28 68 11.1. Normative References .................................. 28 69 11.2. Informative References ................................ 29 70 12. Change Log [RFC Editor please remove] ...................... 29 71 Author's Addresses ..............................................30 73 1. Introduction 75 Dual-Stack Lite [RFC 6333] is a solution to offer both IPv4 and IPv6 76 connectivity to customers crossing IPv6 only infrastructure. One of 77 its key components is an IPv4-over-IPv6 78 tunnel, which is used to provide IPv4 connection across service 79 provider IPv6 network. Another key component is a carrier-grade IPv4- 80 IPv4 NAT to share service provider IPv4 addresses among customers. 82 This document defines a portion of the Management Information Base 83 (MIB) for use with network management protocols in the Internet 84 community. This MIB module may be used for configuration and 85 monitoring the devices in the Dual-Stack Lite scenario. 86 This MIB also can be extended to the application for Gateway 87 Initiated Dual-Stack Lite. 89 2. The Internet-Standard Management Framework 91 For a detailed overview of the documents that describe the current 92 Internet-Standard Management Framework, please refer to section 7 of 93 [RFC3410]. 95 Managed objects are accessed via a virtual information store, termed 96 the MIB. MIB objects are generally accessed through the Simple 97 Network Management Protocol (SNMP). 99 Objects in the MIB are defined using the mechanisms defined in the 100 Structure of Management Information (SMI). This memo specifies a MIB 101 module that is compliant to the SMIv2, which is described in 102 [RFC2578], [RFC2579] and [RFC2580]. 104 3. Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 4. Difference from the IP tunnel MIB and NAT MIB 112 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnel 113 and NAT (IPv4 to IPv4 translation). 115 The NAT-MIB [RFC4008] is designed to carry translation from any 116 address family to any address family, therefore supports IPv4 to IPv4 117 translation. 119 The tunnel MIB [RFC4087] is designed for managing tunnels of any type 120 over IPv4 and IPv6 networks, therefore supports IP in IP tunnels. 122 However, NAT MIB and tunnel MIB together are not sufficient to 123 support DS-Lite. This document describes the specific MIB 124 requirements for DS-Lite, as below. 126 In DS-Lite scenario, the tunnel type is IP in IP, more 127 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 128 describe tunnel type in DS-Lite MIB. 130 In DS-Lite scenario, the translation type is IPv4 private 131 address to IPv4 public address. Therefore, it is unnecessary to 132 describe the type of address in the corresponding 133 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 134 in DS-Lite MIB. 136 In DS-Lite scenario, the AFTR is not only the tunnel end 137 concentrator, but also a 4-4 translator. Within the AFTR, 138 tunnel information and translation information MUST be mapped 139 each other. Two independent MIB is not able to reflect this 140 mapping relationship. Therefore, a combined MIB is necessary. 142 If the Gateway Initiated Dual-Stack Lite scenario[I-D.ietf- 143 softwire-gateway-init-ds-lite] is required, the MIB defined in 144 this document could be easily extended for GI-DS-Lite. CID 145 (Context Identifier) can be extended to the tunnel MIB to 146 identifier the access devices which have the same IPv4 address. 147 And both CID and SWID (Softwire Identifier) can be extended to 148 the NAT MIB for performing the NAT binding look up. 150 5. Structure of the MIB Module 152 The DS-Lite MIB provides a way to configure and manage the devices in 153 DS-Lite scenario through SNMP. 155 DS-Lite MIB is configurable on a per-interface basis. It depends on 156 several parts of the IF-MIB [RFC2863], tunnel MIB [RFC4087], and NAT 157 MIB [RFC4008]. 159 5.1. The dsliteTunnel Subtree 161 The dsliteTunnel subtree describes managed objects used for managing 162 tunnels in the DS-Lite scenario. Because the tunnel MIB supports the 163 tunnel management function in DS-Lite, we may reuse it in DS-Lite 164 MIB. 166 5.2. The dsliteNAT Subtree 168 The dsliteNAT Subtree describes managed objects used for 169 configuration as well as monitoring of AFTR which is capable of NAT 170 function. Because the NAT MIB supports the NAT management function in 171 DS-Lite, we MAY reuse it in DS-Lite MIB. The dsliteNAT Subtree also 172 provides the information of mapping relationship between the tunnel 173 MIB and NAT MIB by extending B4 address to the bind table in NAT 174 MIB. 176 5.3. The dsliteInfo Subtree 178 The dsliteInfo Subtree provides the statistical information for DS- 179 lite. 181 5.4. The dsliteTrap Subtree 183 The dsliteTrap Subtree provides trap information in DS-lite instance. 185 5.5. The dsliteConformance Subtree 187 The Subtree provides conformance information of MIB objects. 189 6. MIB modules required for IMPORTS 191 This MIB module IMPORTs objects from [RFC4087], [RFC4008], [RFC2580], 192 [RFC2578], [RFC2863], [RFC4001],[RFC3411]. 194 Notes: The IF-MIB defines the MTU for the interface which includes 195 the virtual interface of the tunnel, so DS-Lite MIB does not need to 196 define the MTU for tunnel. 198 7. Definitions 200 DSLite-MIB DEFFINITIONS ::= BEGIN 202 IMPORTS 203 MODULE-IDENTITY, OBJECT-TYPE, mib-2, transmission, 204 Gauge32, Integer32, Counter64 205 FROM SNMPv2-SMI 207 RowStatus, StorageType, DisplayString 208 FROM SNMPv2-TC 210 ifIndex, InterfaceIndexOrZero 211 FROM IF-MIB 213 InetAddress, InetPortNumber 214 FROM INET-ADDRESS-MIB 216 tunnelInetConfigIfIndex 217 FROM tunnelMIB 219 Ipv6Address 220 FROM IPV6-TC 222 NatAddrMapId, natAddrMapName, natAddrMapEntryType, 223 natAddrMapLocalAddrFrom, natAddrMapLocalAddrTo, 224 natAddrMapLocalPortFrom, natAddrMapLocalPortTo, 225 natAddrMapGlobalAddrFrom, natAddrMapGlobalAddrTo, 226 natAddrMapGlobalPortFrom, natAddrMapGlobalPortTo 227 natAddrPortBindGlobalAddr, natAddrPortBindGlobalPort, 228 NatBindId, natAddrPortBindSessions, 229 natAddrPortBindMaxIdleTime, natAddrPortBindCurrentIdleTime, 230 natAddrPortBindInTranslates, natAddrPortBindOutTranslates 231 FROM natMIB 233 dsliteMIB MODULE-IDENTITY 234 LAST-UPDATED "201108270000Z" -- August 27, 2011 235 ORGANIZATION "IETF Softwire Working Group" 236 CONTACT-INFO 237 "Yu Fu 238 Huawei Technologies Co., Ltd 239 Huawei Building, No.3 Xinxi Rd, Hai-Dian District 240 Beijing, P.R. China 100085 241 EMail: eleven.fuyu@huawei.com 243 Sheng Jiang 244 Huawei Technologies Co., Ltd 245 Huawei Building, No.3 Xinxi Rd, Hai-Dian District 246 Beijing, P.R. China 100085 247 EMail: jiangsheng@huawei.com 249 Yong Cui 250 Tsinghua University 251 Department of Computer Science, Tsinghua University 252 Beijing 100084 253 P.R. China 254 Email: yong@csnet1.cs.tsinghua.edu.cn 255 Jiang Dong 256 Tsinghua University 257 Department of Computer Science, Tsinghua University 258 Beijing 100084 259 P.R. China 260 Email: dongjiang@csnet1.cs.tsinghua.edu.cn" 262 DESCRIPTION 263 "The MIB module is defined for management of object in the 264 DS-Lite scenario. " 265 ::= { transmission xxx } --xxx to be replaced with correct 266 value 268 dsliteTunnel OBJECT IDENTIFIER 269 :: = { dsliteMIB 1 } 271 dsliteNAT OBJECT IDENTIFIER 272 :: = { dsliteMIB 2 } 274 dsliteInfo OBJECT IDENTIFIER 275 :: = { dsliteMIB 3 } 277 dsliteTraps OBJECT IDENTIFIER 278 ::= { dsliteMIB 4 } 280 --Conformance 281 dsliteConformance OBJECT IDENTIFIER 282 :: = { dsliteMIB 5 } 284 --dsliteTunnel 285 --dsliteTunnelTable 287 dsliteTunnelTable OBJECT-TYPE 288 SYNTAX SEQUENCE OF dsliteTunnelEntry 289 MAX-ACCESS not-accessible 290 STATUS current 291 DESCRIPTION 292 "The (conceptual) table containing information on configured 293 tunnels. This table can be used to map CPE address to the 294 associated AFTR address. It can also be used for row 295 creation." 296 :: = { dsliteTunnel 1 } 298 dsliteTunnelEntry OBJECT-TYPE 299 SYNTAX dsliteTunnelEntry 300 MAX-ACCESS not-accessible 301 STATUS current 302 DESCRIPTION 303 "Each entry in this table contains the information on a 304 particular configured tunnel." 305 INDEX { dsliteTunnelLocalAddress, 306 dsliteTunnelRemoteAddress, 307 dsliteTunnelConfigID } 308 :: = { dsliteTunnelTable 1 } 310 dsliteTunnelEntry :: = 311 SEQUENCE { 312 dsliteTunnelStartAddress Ipv6Address, 313 dsliteTunnelStartAddPreLen Integer32, 314 dsliteTunnelEndAddress Ipv6Address, 315 dsliteTunnelID Integer32, 316 dsliteTunnelIfIndex tunnelInetConfigIfIndex, 317 dsliteTunnelStatus RowStatus, 318 dsliteTunnelStorageType StorageType 319 } 321 dsliteTunnelStartAddress OBJECT-TYPE 322 SYNTAX Ipv6Address 323 MAX-ACCESS read-create 324 STATUS current 325 DESCRIPTION 326 "The address of the start point of the tunnel." 327 ::= { dsliteTunnelEntry 1 } 329 dsliteTunnelStartAddPreLen OBJECT-TYPE 330 SYNTAX Integer32 (0..128) 331 MAX-ACCESS read-create 332 STATUS current 333 DESCRIPTION 334 "IPv6 prefix length of the IP address of the 335 start point of the tunnel." 336 ::= { dsliteTunnelEntry 2 } 338 dsliteTunnelEndAddress OBJECT-TYPE 339 SYNTAX Ipv6Address 340 MAX-ACCESS read-create 341 STATUS current 342 DESCRIPTION 343 "The address of the endpoint of the tunnel." 344 ::= { dsliteTunnelEntry 3 } 346 dsliteTunnelID OBJECT-TYPE 347 SYNTAX Integer32 (1..2147483647) 348 MAX-ACCESS read-create 349 STATUS current 350 DESCRIPTION 351 "An identifier used to distinguish between multiple 352 tunnels in DS-Lite scenario." 353 ::= { dsliteTunnelEntry 4 } 355 dsliteTunnelIfIndex OBJECT-TYPE 356 SYNTAX tunnelInetConfigIfIndex 357 MAX-ACCESS read-only 358 STATUS current 359 DESCRIPTION 360 "If the value of dsliteTunnelStatus for this row 361 is active, then this object contains the value of 362 ifIndex corresponding to the tunnel interface. A 363 value of 0 is not legal in the active state, 364 and means that the interface index has not 365 yet been assigned." 366 ::= { dsliteTunnelEntry 5 } 368 dsliteTunnelStatus OBJECT-TYPE 369 SYNTAX RowStatus 370 MAX-ACCESS read-create 371 STATUS current 372 DESCRIPTION 373 "The status of this row, by which new entries may be 374 created, or old entries deleted from this table. 375 ::= { dsliteTunnelEntry 6 } 377 dsliteTunnelStorageType OBJECT-TYPE 378 SYNTAX StorageType 379 MAX-ACCESS read-create 380 STATUS current 381 DESCRIPTION 382 "The storage type of this row. If the row is 383 permanent(4), no objects in the row need be 384 writable." 385 ::= { dsliteTunnelEntry 7 } 387 --dsliteNAT 388 --dsliteNATMapTable(define address pool) 389 --dsliteNATBindTable 391 dsliteNATMapTable OBJECT-TYPE 392 SYNTAX SEQUENCE OF dsliteNATMapEntry 393 MAX-ACCESS not-accessible 394 STATUS current 395 DESCRIPTION 396 "This table contains information about address map 397 parameters." 398 :: = { dsliteNAT 1 } 400 dsliteNATMapEntry OBJECT-TYPE 401 SYNTAX dsliteNATMapEntry 402 MAX-ACCESS not-accessible 403 STATUS current 404 DESCRIPTION 405 " This entry represents an address map to be used for 406 NAT and contributes to the address mapping tables of 407 AFTR." 408 INDEX { ifIndex, 409 dsliteNATMapIndex } 410 :: = { dsliteNATMapTable 1 } 412 dsliteNATMapEntry :: = 413 SEQUENCE { 414 dsliteNATMapIndex NatAddrMapId, 415 dsliteNATMapAddrName natAddrMapName, 416 dsliteNATMapEntryType natAddrMapEntryType, 417 dsliteNATMapLocalAddrFrom natAddrMapLocalAddrFrom, 418 dsliteNATMapLocalAddrTo natAddrMapLocalAddrTo, 419 dsliteNATMapLocalPortFrom natAddrMapLocalPortFrom, 420 dsliteNATMapLocalPortTo natAddrMapLocalPortTo, 421 dsliteNATMapGlobalAddrFrom natAddrMapGlobalAddrFrom, 422 dsliteNATMapGlobalAddrTo natAddrMapGlobalAddrTo, 423 dsliteNATMapGlobalPortFrom natAddrMapGlobalPortFrom, 424 dsliteNATMapGlobalPortTo natAddrMapGlobalPortTo, 425 dsliteNATMapAddrUsed natAddrMapAddrUsed, 426 dsliteNATMapStorageType StorageType, 427 dsliteNATMapRowStatus RowStatus 428 } 430 dsliteNATMapIndex OBJECT-TYPE 431 SYNTAX NatAddrMapId 432 MAX-ACCESS not-accessible 433 STATUS current 434 DESCRIPTION 435 "Along with ifIndex, this object uniquely 436 identifies an entry in the dsliteNATMapTable. 437 Address map entries are applied in the order 438 specified by dsliteNATMapIndex." 439 ::= { dsliteNATMapEntry 1 } 441 dsliteNATMapAddrName OBJECT-TYPE 442 SYNTAX natAddrMapName 443 MAX-ACCESS read-create 444 STATUS current 445 DESCRIPTION 446 "Name identifying all map entries in the table associated 447 with the same interface. All map entries with the same 448 ifIndex MUST have the same map name." 449 ::= { dsliteNATMapEntry 2 } 451 dsliteNATMapEntryType OBJECT-TYPE 452 SYNTAX natAddrMapEntryType 453 MAX-ACCESS read-create 454 STATUS current 455 DESCRIPTION 456 "This parameter can be used to set up static 457 or dynamic address maps." 458 ::= { dsliteNATMapEntry 3 } 460 dsliteNATMapLocalAddrFrom OBJECT-TYPE 461 SYNTAX natAddrMapLocalAddrFrom 462 MAX-ACCESS read-create 463 STATUS current 464 DESCRIPTION 465 "This object specifies the first IP address of the range 467 of IP addresses mapped by this translation entry. 468 The value of this object must be less than or 469 equal to the value of the dsliteNATMapLocalAddrTo 470 object." 471 ::= { dsliteNATMapEntry 4 } 473 dsliteNATMapLocalAddrTo OBJECT-TYPE 474 SYNTAX natAddrMapLocalAddrTo 475 MAX-ACCESS read-create 476 STATUS current 477 DESCRIPTION 478 "This object specifies the last IP address of the range of 479 IP addresses mapped by this translation entry. If only 480 a single address is being mapped, the value of this 481 object is equal to the value of natAddrMapLocalAddrFrom. 482 The value of this object must be greater than or equal to 483 the value of the natAddrMapLocalAddrFrom object." 484 ::= { dsliteNATMapEntry 5 } 486 dsliteNATMapLocalPortFrom OBJECT-TYPE 487 SYNTAX natAddrMapLocalPortFrom 488 MAX-ACCESS read-create 489 STATUS current 490 DESCRIPTION 491 "The value of this object must be less than or equal 492 to the value of the dsliteNATMapLocalPortTo object. 493 If the translation specifies a single port, then the 494 value of this object is equal to the value of 495 dsliteNATMapLocalPortTo." 496 DEFVAL { 0 } 497 ::= { dsliteNATMapEntry 6 } 499 dsliteNATMapLocalPortTo OBJECT-TYPE 500 SYNTAX natAddrMapLocalPortTo 501 MAX-ACCESS read-create 502 STATUS current 503 DESCRIPTION 504 "The value of this object must be greater than or equal 505 to the value of the dsliteNATMapLocalPortFrom object. 506 If the translation specifies a single port, then 507 the value of this object is equal to the value of 508 dsliteNATMapLocalPortFrom." 509 DEFVAL { 0 } 510 ::= { dsliteNATMapEntry 7 } 512 dsliteNATMapGlobalAddrFrom OBJECT-TYPE 513 SYNTAX natAddrMapGlobalAddrFrom 514 MAX-ACCESS read-create 515 STATUS current 516 DESCRIPTION 517 "This object specifies the first IP address of 518 the range of IP addresses being mapped to. 519 The value of this object must be less than 520 or equal to the value of the 521 dsliteNATMapGlobalAddrTo object. 522 ::= { dsliteNATMapEntry 8 } 524 dsliteNATMapGlobalAddrTo OBJECT-TYPE 525 SYNTAX natAddrMapGlobalAddrTo 526 MAX-ACCESS read-create 527 STATUS current 528 DESCRIPTION 529 "This object specifies the last IP address of the range 530 of IP addresses being mapped to. If only a single 531 address is being mapped to, the value of this object 532 is equal to the value of dsliteNATMapGlobalAddrFrom. 533 The value of this object must be greater than or equal 534 to the value of the dsliteNATMapGlobalAddrFrom object. 535 ::= { dsliteNATMapEntry 9 } 537 dsliteNATMapGlobalPortFrom OBJECT-TYPE 538 SYNTAX natAddrMapGlobalPortFrom 539 MAX-ACCESS read-create 540 STATUS current 541 DESCRIPTION 542 "The value of this object must be less than or equal 543 to the value of the dsliteNATMapGlobalPortTo object. 544 If the translation specifies a single port, then the 545 value of this object is equal to the value 546 dsliteNATMapGlobalPortTo." 547 DEFVAL { 0 } 548 ::= { dsliteNATMapEntry 10 } 550 dsliteNATMapGlobalPortTo OBJECT-TYPE 551 SYNTAX natAddrMapGlobalPortTo 552 MAX-ACCESS read-create 553 STATUS current 554 DESCRIPTION 555 "The value of this object must be greater than or 556 equal to the value of the dsliteNATMapGlobalPortFrom 557 object. If the translation specifies a single port, 558 then the value of this object is equal to the 559 value of dsliteNATMapGlobalPortFrom." 560 DEFVAL { 0 } 561 ::= { dsliteNATMapEntry 11 } 563 dsliteNATMapAddrUsed OBJECT-TYPE 564 SYNTAX natAddrMapAddrUsed 565 MAX-ACCESS read-only 566 STATUS current 567 DESCRIPTION 568 "The number of addresses pertaining to this address 569 map that are currently being used from the NAT pool." 570 ::= { dsliteNATMapEntry 12 } 572 dsliteNATMapStorageType OBJECT-TYPE 573 SYNTAX StorageType 574 MAX-ACCESS read-create 575 STATUS current 576 DESCRIPTION 577 "The storage type for this conceptual row. 578 Conceptual rows having the value 'permanent' 579 need not allow write-access to any columnar 580 objects in the row." 582 REFERENCE 583 "Textual Conventions for SMIv2, Section 2." 584 DEFVAL { nonVolatile } 585 ::= { dsliteNATMapEntry 13 } 587 dsliteNATMapRowStatus OBJECT-TYPE 588 SYNTAX RowStatus 589 MAX-ACCESS read-create 590 STATUS current 591 DESCRIPTION 592 "The status of this conceptual row." 593 REFERENCE 594 "Textual Conventions for SMIv2, Section 2." 595 ::= { dsliteNATMapEntry 14 } 597 dsliteNATBindTable OBJECT-TYPE 598 SYNTAX SEQUENCE OF dsliteNATBindEntry 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "This table contains information about currently 603 active NAT binds in AFTR. This table extends the 604 natAddrPortBindTable designed in NAT MIB (RFC 605 4008) by IPv6 address of B4." 606 :: = { dsliteNAT 2 } 608 dsliteNATBindEntry OBJECT-TYPE 609 SYNTAX dsliteNATBindEntry 610 MAX-ACCESS not-accessible 611 STATUS current 612 DESCRIPTION 613 "Each entry in this table holds the relationship between 614 tunnel information and nat bind information. These entries 615 are lost upon agent restart." 616 INDEX { ifIndex, 617 dsliteNATBindLocalAddr, 618 dsliteNATBindLocalPort, 619 dsliteB4Addr } 620 :: = { dsliteNATBindTable 1 } 622 dsliteNATBindEntry :: = 623 SEQUENCE { 624 dsliteNATBindLocalAddr InetAddress, 625 dsliteNATBindLocalPort InetPortNumber, 626 dsliteNATBindGlobalAddr natAddrPortBindGlobalAddr, 627 dsliteNATBindGlobalPort natAddrPortBindGlobalPort, 628 dsliteNATBindId NatBindId, 629 dsliteB4Addr dsliteTunnelStartAddress, 630 dsliteB4PreLen dsliteTunnelStartAddPreLen, 631 dsliteNATBindMapIndex NatAddrMapId, 632 dsliteNATBindSessions natAddrPortBindSessions, 633 dsliteNATBindMaxIdleTime natAddrPortBindMaxIdleTime, 634 dsliteNATBindCurrentIdleTime natAddrPortBindCurrentIdleTime, 635 dsliteNATBindInTranslates natAddrPortBindInTranslates, 636 dsliteNATBindOutTranslates natAddrPortBindOutTranslates 637 } 639 dsliteNATBindLocalAddr OBJECT-TYPE 640 SYNTAX InetAddress 641 MAX-ACCESS read-create 642 STATUS current 643 DESCRIPTION 644 "This object represents the private IP address of host." 645 ::= { dsliteNATBindEntry 1 } 647 dsliteNATBindLocalPort OBJECT-TYPE 648 SYNTAX InetPortNumber 649 MAX-ACCESS read-create 650 STATUS current 651 DESCRIPTION 652 "This object represents the private-realm Port 653 number of host." 654 ::= { dsliteNATBindEntry 2 } 656 dsliteNATBindGlobalAddr OBJECT-TYPE 657 SYNTAX natAddrPortBindGlobalAddr 658 MAX-ACCESS read-only 659 STATUS current 660 DESCRIPTION 661 "This object represents the public-realm IP 662 address of host." 663 ::= { dsliteNATBindEntry 3 } 665 dsliteNATBindGlobalPort OBJECT-TYPE 666 SYNTAX natAddrPortBindGlobalPort 667 MAX-ACCESS read-only 668 STATUS current 669 DESCRIPTION 670 "This object represents the public-realm Port number 671 of host." 672 ::= { dsliteNATBindEntry 4 } 674 dsliteNATBindId OBJECT-TYPE 675 SYNTAX NatBindId 676 MAX-ACCESS read-only 677 STATUS current 678 DESCRIPTION 679 "This object represents a bind id that is 680 dynamically assigned to each bind by AFTR. 681 Each bind is represented by a unique bind 682 id across the dsliteNATBindTable." 683 ::= { dsliteNATBindEntry 5 } 685 dsliteB4Addr OBJECT-TYPE 686 SYNTAX dsliteTunnelStartAddress 687 MAX-ACCESS read-only 688 STATUS current 689 DESCRIPTION 690 "This object represents the relationship between 691 tunnel start point to the Bind entry, which extends 692 the source IPv6 address of packet to the Bind table." 693 ::= { dsliteNATBindEntry 6 } 695 dsliteB4PreLen OBJECT-TYPE 696 SYNTAX dsliteTunnelStartAddPreLen 697 MAX-ACCESS read-only 698 STATUS current 699 DESCRIPTION 700 "This object indicates the IPv6 prefix length of the 701 start point of tunnel, which is also need to extend to 702 the Bind table." 703 ::= { dsliteNATBindEntry 7 } 705 dsliteNATBindMapIndex OBJECT-TYPE 706 SYNTAX NatAddrMapId 707 MAX-ACCESS read-only 708 STATUS current 709 DESCRIPTION 710 "This object is a pointer to the dsliteNATMapTable 711 entry used in creating this BIND." 712 ::= { dsliteNATBindEntry 8 } 714 dsliteNATBindSessions OBJECT-TYPE 715 SYNTAX natAddrPortBindSessions 716 MAX-ACCESS read-only 717 STATUS current 718 DESCRIPTION 719 " This object represents the number of sessions currently 720 using this BIND." 721 ::= { dsliteNATBindEntry 9 } 723 dsliteNATBindMaxIdleTime OBJECT-TYPE 724 SYNTAX natAddrPortBindMaxIdleTime 725 MAX-ACCESS read-only 726 STATUS current 727 DESCRIPTION 728 "This object indicates the maximum time for 729 which this bind can be idle without any sessions 730 attached to it." 731 ::= { dsliteNATBindEntry 10 } 733 dsliteNATBindCurrentIdleTime OBJECT-TYPE 734 SYNTAX natAddrPortBindCurrentIdleTime 735 MAX-ACCESS read-only 736 STATUS current 737 DESCRIPTION 738 "At any given instance, this object indicates the 739 time that this bind has been idle without any sessions 740 attached to it." 741 ::= { dsliteNATBindEntry 11 } 743 dsliteNATBindInTranslates OBJECT-TYPE 744 SYNTAX natAddrPortBindInTranslates 745 MAX-ACCESS read-only 746 STATUS current 747 DESCRIPTION 748 "The number of inbound packets that were 749 translated as per this bind entry." 750 ::= { dsliteNATBindEntry 12 } 752 dsliteNATBindBindOutTranslates OBJECT-TYPE 753 SYNTAX natAddrPortBindOutTranslates 754 MAX-ACCESS read-only 755 STATUS current 756 DESCRIPTION 757 "The number of outbound packets that were 758 translated as per this bind entry." 759 ::= { dsliteNATBindEntry 13 } 761 --dsliteInfo 763 dsliteSessionLimitTable OBJECT-TYPE 764 SYNTAX SEQUENCE OF dsliteSessionLimitEntry 765 MAX-ACCESS not-accessible 766 STATUS current 767 DESCRIPTION 768 "The (conceptual) table containing information about session 769 limit. It can also be used for row creation." 770 :: = { dsliteInfo 1 } 772 dsliteSessionLimitEntry OBJECT-TYPE 773 SYNTAX dsliteSessionLimitEntry 774 MAX-ACCESS not-accessible 775 STATUS current 776 DESCRIPTION 777 "Each entry in this table contains the information to be 778 used for configuring session limits for DS-lite." 779 INDEX { dsliteInstanceName, 780 dsliteSessionLimitaType } 781 :: = { dsliteSessionLimitTable 1 } 783 dsliteSessionLimitEntry :: = 784 SEQUENCE { 785 dsliteSessionLimitInstanceName DisplayString, 786 dsliteSessionLimitType INTEGER, 787 dsliteSessionLimitNumber Integer32, 788 dsliteSessionLimitStorageType StorageType, 789 dsliteSessionLimitRowStatus RowStatus 790 } 792 dsliteSessionLimitInstanceName OBJECT-TYPE 793 SYNTAX DisplayString (SIZE (1..31)) 794 MAX-ACCESS read-only 795 STATUS current 796 DESCRIPTION 797 " This object represents the instance name 798 that is limited." 799 ::= { dsliteSessionLimitEntry 1 } 801 dsliteSessionLimitType OBJECT-TYPE 802 SYNTAX INTEGER 803 { 804 tcp(0), 805 udp(1), 806 icmp(2), 807 total(3) 808 } 809 MAX-ACCESS read-only 810 STATUS current 811 DESCRIPTION 812 "This object represents the session limit type : 813 tcp or udp or totally." 814 ::= { dsliteSessionLimitEntry 2 } 816 dsliteSessionLimitNumber OBJECT-TYPE 817 SYNTAX Integer32 (1..65535) 818 MAX-ACCESS read-create 819 STATUS current 820 DESCRIPTION 821 " This table represents the limit number of the session." 822 ::= { dsliteSessionLimitEntry 3 } 824 dsliteSessionLimitStorageType OBJECT-TYPE 825 SYNTAX StorageType 826 MAX-ACCESS read-create 827 STATUS current 828 DESCRIPTION 829 "The storage type for this conceptual row. Conceptual 830 rows having the value 'permanent' need not allow 831 write-access to any columnar objects in the row." 832 ::= { dsliteSessionLimitEntry 4 } 834 dsliteSessionLimitRowStatus OBJECT-TYPE 835 SYNTAX RowStatus 836 MAX-ACCESS read-create 837 STATUS current 838 DESCRIPTION 839 " The status of this conceptual row." 840 REFERENCE 841 "Textual Conventions for SMIv2, Section 2." 842 DEFVAL { nonVolatile } 843 ::= { dsliteSessionLimitEntry 5 } 845 dslitePortLimitTable OBJECT-TYPE 846 SYNTAX SEQUENCE OF dslitePortLimitEntry 847 MAX-ACCESS not-accessible 848 STATUS current 849 DESCRIPTION 850 "This table is used to configure port limits for a 851 DS-Lite instance." 852 ::= { dsliteInfo 2 } 854 dslitePortLimitEntry OBJECT-TYPE 855 SYNTAX dslitePortLimitEntry 856 MAX-ACCESS not-accessible 857 STATUS current 858 DESCRIPTION 859 "Each entry in this table contains the information to be 860 used for configuring session limits for DS-lite." 861 INDEX { dslitePortLimitInstanceName, 862 dslitePortLimitType } 863 ::= { dslitePortLimitTable 1 } 865 dslitePortLimitEntry ::= 866 SEQUENCE { 867 dslitePortLimitInstanceName DisplayString, 868 dslitePortLimitType INTEGER, 869 dslitePortLimitNumber Integer32, 870 dslitePortLimitStorageType StorageType, 871 dslitePortLimitRowStatus RowStatus 872 } 874 dslitePortLimitInstanceName OBJECT-TYPE 875 SYNTAX DisplayString (SIZE (1..31)) 876 MAX-ACCESS read-only 877 STATUS current 878 DESCRIPTION 879 " This object represents the instance name 880 that is limited." 881 ::= { dslitePortLimitEntry 1 } 883 dslitePortLimitType OBJECT-TYPE 884 SYNTAX INTEGER 885 { 886 tcp(0), 887 udp(1), 888 icmp(2), 889 total(3) 890 } 891 MAX-ACCESS read-only 892 STATUS current 893 DESCRIPTION 894 "This object represents the port limit 895 type: tcp or udp or totally." 896 ::= { dslitePortLimitEntry 2 } 898 dslitePortLimitNumber OBJECT-TYPE 899 SYNTAX Integer32 (1..300000) 900 MAX-ACCESS read-create 901 STATUS current 902 DESCRIPTION 903 "This object represents the limit number of the 904 port usage." 905 ::= { dslitePortLimitEntry 3 } 907 dslitePortLimitStorageType OBJECT-TYPE 908 SYNTAX StorageType 909 MAX-ACCESS read-create 910 STATUS current 911 DESCRIPTION 912 "The storage type for this conceptual row. Conceptual 913 rows having the value 'permanent' need not allow 914 write-access to any columnar objects in the row." 915 ::= { dslitePortLimitEntry 4 } 917 dslitePortLimitRowStatus OBJECT-TYPE 918 SYNTAX RowStatus 919 MAX-ACCESS read-create 920 STATUS current 921 DESCRIPTION 922 "Create or delete table row." 923 ::= { dslitePortLimitEntry 5 } 925 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 3 } 927 dsliteAFTRAlarmB4Addr OBJECT-TYPE 928 SYNTAX dsliteTunnelStartAddress 929 MAX-ACCESS accessible-for-notify 930 STATUS current 931 DESCRIPTION 932 "This object indicate the IP address of 933 B4 that send alarm " 934 ::= { dsliteAFTRAlarmScalar 1 } 936 dsliteAFTRAlarmProtocolType OBJECT-TYPE 937 SYNTAX DisplayString 938 MAX-ACCESS accessible-for-notify 939 STATUS current 940 DESCRIPTION 941 "This object indicate the procotol type of alarm, 942 0:tcp,1:udp,2:icmp,3:total " 943 ::= { dsliteAFTRAlarmScalar 2 } 945 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 946 SYNTAX DisplayString 947 MAX-ACCESS accessible-for-notify 948 STATUS current 949 DESCRIPTION 950 "This object indicate the name of dsliteNATMapAddrName " 951 ::= { dsliteAFTRAlarmScalar 3 } 953 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 954 SYNTAX DisplayString 955 MAX-ACCESS accessible-for-notify 956 STATUS current 957 DESCRIPTION 958 " This object indicate the IP address whose port usage 959 reach threshold " 960 ::= { dsliteAFTRAlarmScalar 4 } 962 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 963 SYNTAX Integer32 (60..90) 964 MAX-ACCESS read-write 965 STATUS current 966 DESCRIPTION 967 " This object indicate the threshold of DS-Lite 968 connections alarm." 969 ::= { dsliteAFTRAlarmScalar 5 } 971 dsliteStatisticTable OBJECT-TYPE 972 SYNTAX SEQUENCE OF dsliteStatisticEntry 973 MAX-ACCESS not-accessible 974 STATUS current 975 DESCRIPTION 976 "This table provides statistical information 977 of DS-Lite." 978 ::= { dsliteInfo 4 } 980 dsliteStatisticEntry OBJECT-TYPE 981 SYNTAX dsliteStatisticEntry 982 MAX-ACCESS not-accessible 983 STATUS current 984 DESCRIPTION 985 "This table provides statistical information 986 of DS-Lite." 987 INDEX { dsliteStatisticInstanceName } 988 ::= { dsliteStatisticTable 1 } 990 dsliteStatisticEntry ::= 991 SEQUENCE { 992 dsliteStatisticInstanceName DisplayString, 993 dsliteStatisticDiscard Counter64, 994 dsliteStatisticReceived Counter64, 995 dsliteStatisticTransmitted Counter64, 996 dsliteStatisticIpv4Session Counter64, 997 dsliteStatisticIpv6Session Counter64, 998 dsliteStatisticStorageType StorageType, 999 dsliteStatisticRowStatus RowStatus 1000 } 1001 dsliteStatisticInstanceName OBJECT-TYPE 1002 SYNTAX DisplayString (SIZE (1..31)) 1003 MAX-ACCESS read-only 1004 STATUS current 1005 DESCRIPTION 1006 " This object indicate the instance name 1007 that is limited." 1008 ::= { dsliteStatisticEntry 1 } 1010 dsliteStatisticDiscard OBJECT-TYPE 1011 SYNTAX Counter64 1012 MAX-ACCESS read-create 1013 STATUS current 1014 DESCRIPTION 1015 " This object indicate the count number of 1016 the discarded packet." 1017 ::= { dsliteStatisticEntry 2 } 1019 dsliteStatisticReceived OBJECT-TYPE 1020 SYNTAX Counter64 1021 MAX-ACCESS read-create 1022 STATUS current 1023 DESCRIPTION 1024 "This object indicate the count number of 1025 received packet count." 1026 ::= { dsliteStatisticEntry 3 } 1028 dsliteStatisticTransmitted OBJECT-TYPE 1029 SYNTAX Counter64 1030 MAX-ACCESS read-create 1031 STATUS current 1032 DESCRIPTION 1033 "This object indicate the count number of 1034 transmitted packet count." 1035 ::= { dsliteStatisticEntry 4 } 1037 dsliteStatisticIpv4Session OBJECT-TYPE 1038 SYNTAX Counter64 1039 MAX-ACCESS read-create 1040 STATUS current 1041 DESCRIPTION 1042 " This object indicate the number of the 1043 current IPv4 Session." 1044 ::= { dsliteStatisticEntry 5 } 1046 dsliteStatisticIpv6Session OBJECT-TYPE 1047 SYNTAX Counter64 1048 MAX-ACCESS read-create 1049 STATUS current 1050 DESCRIPTION 1051 " This object indicate the number of the 1052 current IPv6 Session." 1053 ::= { dsliteStatisticEntry 6 } 1055 dsliteStatisticRowStatus OBJECT-TYPE 1056 SYNTAX RowStatus 1057 MAX-ACCESS read-create 1058 STATUS current 1059 DESCRIPTION 1060 "Create or delete table row." 1061 ::= { hwDsliteStatisticEntry 8 } 1063 ---dslite trap 1065 dsliteTunnelNumAlarm NOTIFICATION-TYPE 1066 STATUS current 1067 DESCRIPTION 1068 "This trap is triggered when dslite tunnel 1069 reach the threshold." 1070 ::= { dsliteTraps 1 } 1072 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 1073 OBJECTS { dsliteAFTRAlarmProtocolType, 1074 dsliteAFTRAlarmB4Addr } 1075 STATUS current 1076 DESCRIPTION 1077 " This trap is triggered when sessions of 1078 user reach the threshold." 1079 ::= { dsliteTraps 2 } 1081 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 1082 OBJECTS { dsliteAFTRAlarmMapAddrName, 1083 dsliteAFTRAlarmSpecificIP } 1084 STATUS current 1085 DESCRIPTION 1086 "This trap is triggered when used NAT 1087 ports of map address reach the threshold." 1088 ::= { dsliteTraps 3 } 1090 --Module Conformance statement 1092 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 1093 dsliteCompliance MODULE-COMPLIANCE 1094 STATUS current 1095 DESCRIPTION 1096 "Description." 1097 MODULE -- this module 1098 MANDATORY-GROUPS { dsliteNATMapGroup, 1099 dsliteTunnelGroup } 1100 ::= { dsliteCompliances 1 } 1102 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 1104 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 1105 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 1106 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 1107 dsliteAFTRAlarmConnectNumber } 1108 STATUS current 1109 DESCRIPTION 1110 " The collection of this objects are used to give the 1111 information about AFTR alarming Scalar." 1112 ::= { dsliteGroups 1 } 1114 dsliteNATMapGroup OBJECT-GROUP 1115 OBJECTS { dsliteNATMapIndex, dsliteNATMapAddrName, 1116 dsliteNATMapEntryType, dsliteNATMapLocalAddrFrom, 1117 dsliteNATMapLocalAddrTo, dsliteNATMapLocalPortFrom, 1118 dsliteNATMapLocalPortTo, dsliteNATMapGlobalAddrFrom, 1119 dsliteNATMapGlobalAddrTo, dsliteNATMapGlobalPortFrom, 1120 dsliteNATMapGlobalPortTo, dsliteNATMapAddrUsed, 1121 dsliteNATMapStorageType, dsliteNATMapRowStatu } 1122 STATUS current 1123 DESCRIPTION 1124 " The collection of this objects are used to give the 1125 information about NAT address mapping." 1126 ::= { dsliteGroups 2 } 1128 dsliteTunnelGroup OBJECT-GROUP 1129 OBJECTS { dsliteTunnelStartAddress, dsliteTunnelStartAddPreLen, 1130 dsliteTunnelEndAddress, dsliteTunnelID, 1131 dsliteTunnelIfIndex, dsliteTunnelStatus, 1132 dsliteTunnelStorageType } 1133 STATUS current 1134 DESCRIPTION 1135 " The collection of this objects are used to give the 1136 information of tunnel in ds-lite." 1137 ::= { dsliteGroups 3 } 1139 dsliteNATBindGroup OBJECT-GROUP 1140 OBJECTS { dsliteNATBindLocalAddr, dsliteNATBindLocalPort, 1141 dsliteNATBindGlobalAddr, dsliteNATBindGlobalPort, 1142 dsliteNATBindId, dsliteB4Addr, dsliteB4PreLen, 1143 dsliteNATBindMapIndex, dsliteNATBindSessions, 1144 dsliteNATBindMaxIdleTime, 1145 dsliteNATBindCurrentIdleTime, 1146 dsliteNATBindInTranslates, 1147 dsliteNATBindOutTranslates } 1148 STATUS current 1149 DESCRIPTION 1150 " The collection of this objects are used to give the 1151 information about NAT Bind." 1152 ::= { dsliteGroups 4 } 1154 dsliteSessionLimitGroup OBJECT-GROUP 1155 OBJECTS { dsliteSessionLimitInstanceName, 1156 dsliteSessionLimitType, dsliteSessionLimitNumber, 1157 dsliteSessionLimitStorageType, 1158 dsliteSessionLimitRowStatus } 1159 STATUS current 1160 DESCRIPTION 1161 " The collection of this objects are used to give the 1162 information about port limit." 1163 ::= { dsliteGroups 5 } 1165 dslitePortLimitGroup OBJECT-GROUP 1166 OBJECTS { dslitePortLimitInstanceName, 1167 dslitePortLimitType, dslitePortLimitNumber, 1168 dslitePortLimitStorageType, 1169 dslitePortLimitRowStatus } 1170 STATUS current 1171 DESCRIPTION 1172 " The collection of this objects are used to give the 1173 information about port limit." 1174 ::= { dsliteGroups 6 } 1176 dsliteStatisticGroup OBJECT-GROUP 1177 OBJECTS { dsliteStatisticInstanceName, 1178 dsliteStatisticDiscard, 1179 dsliteStatisticReceived, 1180 dsliteStatisticTransmitted, 1181 dsliteStatisticIpv4Session, 1182 dsliteStatisticIpv6Session, 1183 dsliteStatisticStorageType, 1184 dsliteStatisticRowStatus } 1185 STATUS current 1186 DESCRIPTION 1187 " The collection of this objects are used to give the 1188 statistical information of ds-lite." 1189 ::= { dsliteGroups 7 } 1191 dsliteTrapsGroup NOTIFICATION-GROUP 1192 NOTIFICATIONS { dsliteTunnelNumAlarm, 1193 dsliteAFTRUserSessionNumAlarm, 1194 dsliteAFTRPortUsageOfSpecificIpAlarm } 1195 STATUS current 1196 DESCRIPTION 1197 "The collection of this objects are used to give the 1198 trap information of ds-lite." 1199 ::= { dsliteGroups 8 } 1201 END 1203 8. Extending this MIB for Gateway Initiated Dual-Stack Lite 1205 Similar to DS-lite, GI-DS-lite enables the service provider to 1206 share public IPv4 addresses among different customers by combining 1207 tunneling and NAT. GI-DS-lite extends existing access tunnels beyond 1208 the access gateway to an IPv4-IPv4 NAT using softwires with an 1209 embedded context identifier that uniquely identifies the end host the 1210 tunneled packets belong to[[I-D.ietf-softwire-gateway-init-ds- 1211 lite]].The MIB defined in this document MAY easily extended to use 1212 for GI-DS-Lite scenario. New object as CID SHOULD be extended to the 1213 dsliteTunnelTable. And the dsliteTunnelID which has already been 1214 defined in DS-Lite MIB can be defined as SWID in GI-DS-Lite. Both CID 1215 and SWID SHOULD be extended to the dsliteNATBindTable. It will use 1216 the combination of CID and SWID as the unique identifier for the end 1217 host and store it in the NAT binding entry. 1219 9. IANA Considerations 1221 The MIB module in this document uses the following IANA-assigned 1222 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1224 Descriptor OBJECT IDENTIFIER value 1225 ---------- ----------------------- 1226 DSLite-MIB { transmission XXX } 1228 10. Security Considerations 1230 The DS-Lite MIB module can be used for configuration of certain 1231 objects, and anything that can be configured can be incorrectly 1232 configured, with potentially disastrous results. Because this MIB 1233 module reuse the IP tunnel MIB and nat MIB, the security 1234 considerations for these MIBs are also applicable to the DS-Lite 1235 MIB. 1237 Unauthorized read access to tunnelIfLocalAddress, or any object in 1238 the dsliteBindRelationTable or dslitePortBindRelationTable would 1239 reveal information about the mapping information. 1241 SNMP versions prior to SNMPv3 did not include adequate security. 1242 Even if the network itself is secure (for example by using IPSec), 1243 even then, there is no control as to who on the secure network is 1244 allowed to access and GET/SET (read/change/create/delete) the objects 1245 in this MIB module. 1247 It is RECOMMENDED that implementers consider the security features as 1248 provided by the SNMPv3 framework (see [RFC3410], section 8), 1249 including full support for the SNMPv3 cryptographic mechanisms (for 1250 authentication and privacy). 1252 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1253 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1254 enable cryptographic security. It is then a customer/operator 1255 responsibility to ensure that the SNMP entity giving access to an 1256 instance of this MIB module is properly configured to give access to 1257 the objects only to those principals (users) that have legitimate 1258 rights to indeed GET or SET (change/create/delete) them. 1260 11. References 1262 11.1. Normative References 1264 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1265 Requirement Levels", BCP 14, RFC 2119, March 1997. 1267 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1268 "Structure of Management Information Version 2 (SMIv2)", 1269 RFC 2578, April 1999. 1271 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual 1272 Conventions for SMIv2", RFC 2579, April 1999. 1274 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1275 "Conformance Statements for SMIv2", RFC 2580, April 1999. 1277 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 1278 MIB", RFC 2863, June 2000. 1280 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1281 Architecture for Describing Simple Network Management 1282 Protocol (SNMP) Management Frameworks", RFC 3411, December 1283 2002. 1285 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1286 Schoenwaelder, "Textual Conventions for Internet Network 1287 Addresses", RFC 4001, February 2005. 1289 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and 1290 Wang, C., "Definitions of Managed Objects for Network 1291 Address Translators (NAT)", RFC 4008, March 2005. 1293 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 1295 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1296 Stack Lite Broadband Deployments Following IPv4 1297 Exhaustion", RFC6333, August 2011. 1299 11.2. Informative References 1301 [I-D.ietf-softwire-gateway-init-ds-lite] 1302 Brockners, F., Gundavelli, S., Speicher, S., and D. Ward, 1303 "Gateway Initiated Dual-Stack Lite Deployment", 1304 draft-ietf-softwire-gateway-init-ds-lite-05 (work in 1305 progress), July 2011. 1307 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1308 "Introduction and Applicability Statements for Internet- 1309 Standard Management Framework", RFC 3410, December 2002. 1311 12. Change Log [RFC Editor please remove] 1313 draft-fu-softwire-dslite-mib-00, original version, 2011-05-04 1315 draft-fu-softwire-dslite-mib-01, 01 version, 2011-07-11 1317 draft-fu-softwire-dslite-mib-02, 02 version, 2011-08-27 1319 Author's Addresses 1321 Yu Fu 1322 Huawei Technologies Co., Ltd 1323 Huawei Building, No.3 Xinxi Rd., 1324 Shang-Di Information Industry Base, Hai-Dian District, Beijing 100085 1325 P.R. China 1326 Email: eleven.fuyu@huawei.com 1328 Sheng Jiang 1329 Huawei Technologies Co., Ltd 1330 Huawei Building, No.3 Xinxi Rd., 1331 Shang-Di Information Industry Base, Hai-Dian District, Beijing 100085 1332 P.R. China 1333 Email: shengjiang@huawei.com 1335 Yong Cui 1336 Tsinghua University 1337 Department of Computer Science, Tsinghua University 1338 Beijing 100084 1339 P.R. China 1340 Email: yong@csnet1.cs.tsinghua.edu.cn 1342 Jiang Dong 1343 Tsinghua University 1344 Department of Computer Science, Tsinghua University 1345 Beijing 100084 1346 P.R. China 1347 Email: dongjiang@csnet1.cs.tsinghua.edu.cn