idnits 2.17.1 draft-fu-softwire-dslite-mib-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (February 22, 2012) is 4419 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 6333' is mentioned on line 75, but not defined == Unused Reference: 'RFC6333' is defined on line 1292, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-softwire-gateway-init-ds-lite' is defined on line 1298, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) == Outdated reference: A later version (-08) exists of draft-ietf-softwire-gateway-init-ds-lite-06 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track Huawei Technologies Co., Ltd 4 Expires: August 25, 2012 Y. Cui 5 J.Dong 6 Tsinghua University 7 February 22, 2012 9 DS-Lite Management Information Base (MIB) 10 draft-fu-softwire-dslite-mib-03 12 Status of this Memo 14 This Internet-Draft is submitted in full conformance with the 15 provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF). Note that other groups may also distribute working 19 documents as Internet-Drafts. The list of current Internet-Drafts is 20 at http://datatracker.ietf.org/drafts/current/. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 This Internet-Draft will expire on August 25, 2012. 29 Copyright Notice 31 Copyright (c) 2011 IETF Trust and the persons identified as the 32 document authors. All rights reserved. 34 This document is subject to BCP 78 and the IETF Trust's Legal 35 Provisions Relating to IETF Documents 36 (http://trustee.ietf.org/license-info) in effect on the date of 37 publication of this document. Please review these documents 38 carefully, as they describe your rights and restrictions with respect 39 to this document. Code Components extracted from this document must 40 include Simplified BSD License text as described in Section 4.e of 41 the Trust Legal Provisions and are provided without warranty as 42 described in the Simplified BSD License. 44 Abstract 46 This memo defines a portion of the Management Information Base (MIB) 47 for use with network management protocols in the Internet community. 48 In particular, it defines managed objects for DS-Lite. 50 Table of Contents 52 1. Introduction ................................................ 3 53 2. The Internet-Standard Management Framework................... 3 54 3. Terminology ................................................. 3 55 4. Difference from the IP tunnel MIB and NAT MIB................ 3 56 5. Structure of the MIB Module.................................. 4 57 5.1. The dsliteTunnel Subtree................................ 4 58 5.2. The dsliteNAT Subtree................................... 5 59 5.3. The dsliteInfo Subtree.................................. 5 60 5.4. The dsliteTrap Subtree.................................. 5 61 5.5. The dsliteConformance Subtree........................... 5 62 6. MIB modules required for IMPORTS............................. 5 63 7. Definitions ................................................. 5 64 8. Extending this MIB for Gateway Initiated Dual-Stack Lite.... 27 65 9. IANA Considerations ........................................ 27 66 10. Security Considerations.................................... 27 67 11. References ................................................ 28 68 11.1. Normative References.................................. 28 69 11.2. Informative References................................ 29 70 12. Change Log [RFC Editor please remove]...................... 29 71 Author's Addresses ............................................ 30 73 1. Introduction 75 Dual-Stack Lite [RFC 6333] is a solution to offer both IPv4 and IPv6 76 connectivity to customers crossing IPv6 only infrastructure. One of 77 its key components is an IPv4-over-IPv6 78 tunnel, which is used to provide IPv4 connection across service 79 provider IPv6 network. Another key component is a carrier-grade IPv4- 80 IPv4 NAT to share service provider IPv4 addresses among customers. 82 This document defines a portion of the Management Information Base 83 (MIB) for use with network management protocols in the Internet 84 community. This MIB module may be used for configuration and 85 monitoring the devices in the Dual-Stack Lite scenario. 86 This MIB also can be extended to the application for Gateway 87 Initiated Dual-Stack Lite. 89 2. The Internet-Standard Management Framework 91 For a detailed overview of the documents that describe the current 92 Internet-Standard Management Framework, please refer to section 7 of 93 [RFC3410]. 95 Managed objects are accessed via a virtual information store, termed 96 the MIB. MIB objects are generally accessed through the Simple 97 Network Management Protocol (SNMP). 99 Objects in the MIB are defined using the mechanisms defined in the 100 Structure of Management Information (SMI). This memo specifies a MIB 101 module that is compliant to the SMIv2, which is described in 102 [RFC2578], [RFC2579] and [RFC2580]. 104 3. Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 4. Difference from the IP tunnel MIB and NAT MIB 112 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnel 113 and NAT (IPv4 to IPv4 translation). 115 The NAT-MIB [RFC4008] is designed to carry translation from any 116 address family to any address family, therefore supports IPv4 to IPv4 117 translation. 119 The tunnel MIB [RFC4087] is designed for managing tunnels of any type 120 over IPv4 and IPv6 networks, therefore supports IP in IP tunnels. 122 However, NAT MIB and tunnel MIB together are not sufficient to 123 support DS-Lite. This document describes the specific MIB 124 requirements for DS-Lite, as below. 126 In DS-Lite scenario, the tunnel type is IP in IP, more 127 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 128 describe tunnel type in DS-Lite MIB. 130 In DS-Lite scenario, the translation type is IPv4 private 131 address to IPv4 public address. Therefore, it is unnecessary to 132 describe the type of address in the corresponding 133 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 134 in DS-Lite MIB. 136 In DS-Lite scenario, the AFTR is not only the tunnel end 137 concentrator, but also a 4-4 translator. Within the AFTR, 138 tunnel information and translation information MUST be mapped 139 each other. Two independent MIB is not able to reflect this 140 mapping relationship. Therefore, a combined MIB is necessary. 142 If the Gateway Initiated Dual-Stack Lite scenario[I-D.ietf- 143 softwire-gateway-init-ds-lite] is required, the MIB defined in 144 this document could be easily extended for GI-DS-Lite. CID 145 (Context Identifier) can be extended to the tunnel MIB to 146 identifier the access devices which have the same IPv4 address. 147 And both CID and SWID (Softwire Identifier) can be extended to 148 the NAT MIB for performing the NAT binding look up. 150 5. Structure of the MIB Module 152 The DS-Lite MIB provides a way to configure and manage the devices in 153 DS-Lite scenario through SNMP. 155 DS-Lite MIB is configurable on a per-interface basis. It depends on 156 several parts of the IF-MIB [RFC2863], tunnel MIB [RFC4087], and NAT 157 MIB [RFC4008]. 159 5.1. The dsliteTunnel Subtree 161 The dsliteTunnel subtree describes managed objects used for managing 162 tunnels in the DS-Lite scenario. Because the tunnel MIB supports the 163 tunnel management function in DS-Lite, we may reuse it in DS-Lite 164 MIB. 166 5.2. The dsliteNAT Subtree 168 The dsliteNAT Subtree describes managed objects used for 169 configuration as well as monitoring of AFTR which is capable of NAT 170 function. Because the NAT MIB supports the NAT management function in 171 DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT Subtree also 172 provides the information of mapping relationship between the tunnel 173 MIB and NAT MIB by extending B4 address to the bind table in NAT 174 MIB. 176 5.3. The dsliteInfo Subtree 178 The dsliteInfo Subtree provides the statistical information for DS- 179 lite. 181 5.4. The dsliteTrap Subtree 183 The dsliteTrap Subtree provides trap information in DS-lite instance. 185 5.5. The dsliteConformance Subtree 187 The Subtree provides conformance information of MIB objects. 189 6. MIB modules required for IMPORTS 191 This MIB module IMPORTs objects from [RFC4087], [RFC4008], [RFC2580], 192 [RFC2578], [RFC2863], [RFC4001],[RFC3411]. 194 Notes: The IF-MIB defines the MTU for the interface which includes 195 the virtual interface of the tunnel, so DS-Lite MIB does not need to 196 define the MTU for tunnel. 198 7. Definitions 200 DSLite-MIB DEFFINITIONS ::= BEGIN 202 IMPORTS 203 MODULE-IDENTITY, OBJECT-TYPE, mib-2, transmission, 204 Gauge32, Integer32, Counter64 205 FROM SNMPv2-SMI 207 RowStatus, StorageType, DisplayString 208 FROM SNMPv2-TC 210 ifIndex, InterfaceIndexOrZero 211 FROM IF-MIB 213 InetAddress, InetAddressIPv6, InetPortNumber 214 FROM INET-ADDRESS-MIB 216 tunnelInetConfigIfIndex 217 FROM tunnelMIB 219 NatAddrMapId, natAddrMapName, natAddrMapEntryType, 220 natAddrMapLocalAddrFrom, natAddrMapLocalAddrTo, 221 natAddrMapLocalPortFrom, natAddrMapLocalPortTo, 222 natAddrMapGlobalAddrFrom, natAddrMapGlobalAddrTo, 223 natAddrMapGlobalPortFrom, natAddrMapGlobalPortTo 224 natAddrPortBindGlobalAddr, natAddrPortBindGlobalPort, 225 NatBindId, natAddrPortBindSessions, 226 natAddrPortBindMaxIdleTime, natAddrPortBindCurrentIdleTime, 227 natAddrPortBindInTranslates, natAddrPortBindOutTranslates 228 FROM natMIB 230 dsliteMIB MODULE-IDENTITY 231 LAST-UPDATED "201202220000Z" -- February 22, 2012 232 ORGANIZATION "IETF Softwire Working Group" 233 CONTACT-INFO 234 "Yu Fu 235 Huawei Technologies Co., Ltd 236 Huawei Building, 156 Beiqing Rd., Hai-Dian District 237 Beijing, P.R. China 100095 238 EMail: eleven.fuyu@huawei.com 240 Sheng Jiang 241 Huawei Technologies Co., Ltd 242 Huawei Building, 156 Beiqing Rd., Hai-Dian District 243 Beijing, P.R. China 100095 244 EMail: jiangsheng@huawei.com 246 Yong Cui 247 Tsinghua University 248 Department of Computer Science, Tsinghua University 249 Beijing 100084 250 P.R. China 251 Email: yong@csnet1.cs.tsinghua.edu.cn 253 Jiang Dong 254 Tsinghua University 255 Department of Computer Science, Tsinghua University 256 Beijing 100084 257 P.R. China 258 Email: dongjiang@csnet1.cs.tsinghua.edu.cn" 260 DESCRIPTION 261 "The MIB module is defined for management of object in the 262 DS-Lite scenario. " 263 ::= { transmission xxx } --xxx to be replaced with correct 264 value 266 dsliteTunnel OBJECT IDENTIFIER 267 :: = { dsliteMIB 1 } 269 dsliteNAT OBJECT IDENTIFIER 270 :: = { dsliteMIB 2 } 272 dsliteInfo OBJECT IDENTIFIER 273 :: = { dsliteMIB 3 } 275 dsliteTraps OBJECT IDENTIFIER 276 ::= { dsliteMIB 4 } 278 --Conformance 279 dsliteConformance OBJECT IDENTIFIER 280 :: = { dsliteMIB 5 } 282 --dsliteTunnel 283 --dsliteTunnelTable 285 dsliteTunnelTable OBJECT-TYPE 286 SYNTAX SEQUENCE OF dsliteTunnelEntry 287 MAX-ACCESS not-accessible 288 STATUS current 289 DESCRIPTION 290 "The (conceptual) table containing information on configured 291 tunnels. This table can be used to map CPE address to the 292 associated AFTR address. It can also be used for row 293 creation." 294 :: = { dsliteTunnel 1 } 296 dsliteTunnelEntry OBJECT-TYPE 297 SYNTAX dsliteTunnelEntry 298 MAX-ACCESS not-accessible 299 STATUS current 300 DESCRIPTION 301 "Each entry in this table contains the information on a 302 particular configured tunnel." 303 INDEX { dsliteTunnelStartAddress, 304 dsliteTunnelEndAddress, 305 dsliteTunnelID } 306 :: = { dsliteTunnelTable 1 } 308 dsliteTunnelEntry :: = 309 SEQUENCE { 310 dsliteTunnelStartAddress InetAddressIPv6, 311 dsliteTunnelStartAddPreLen Integer32, 312 dsliteTunnelEndAddress InetAddressIPv6, 313 dsliteTunnelID Integer32, 314 dsliteTunnelIfIndex tunnelInetConfigIfIndex, 315 dsliteTunnelStatus RowStatus, 316 dsliteTunnelStorageType StorageType 317 } 319 dsliteTunnelStartAddress OBJECT-TYPE 320 SYNTAX InetAddressIPv6 321 MAX-ACCESS read-create 322 STATUS current 323 DESCRIPTION 324 "The address of the start point of the tunnel." 325 ::= { dsliteTunnelEntry 1 } 327 dsliteTunnelStartAddPreLen OBJECT-TYPE 328 SYNTAX Integer32 (0..128) 329 MAX-ACCESS read-create 330 STATUS current 331 DESCRIPTION 332 "IPv6 prefix length of the IP address of the 333 start point of the tunnel." 334 ::= { dsliteTunnelEntry 2 } 336 dsliteTunnelEndAddress OBJECT-TYPE 337 SYNTAX InetAddressIPv6 338 MAX-ACCESS read-create 339 STATUS current 340 DESCRIPTION 341 "The address of the endpoint of the tunnel." 342 ::= { dsliteTunnelEntry 3 } 344 dsliteTunnelID OBJECT-TYPE 345 SYNTAX Integer32 (1..2147483647) 346 MAX-ACCESS read-create 347 STATUS current 348 DESCRIPTION 349 "An identifier used to distinguish between multiple 350 tunnels in DS-Lite scenario." 351 ::= { dsliteTunnelEntry 4 } 353 dsliteTunnelIfIndex OBJECT-TYPE 354 SYNTAX tunnelInetConfigIfIndex 355 MAX-ACCESS read-only 356 STATUS current 357 DESCRIPTION 358 "If the value of dsliteTunnelStatus for this row 359 is active, then this object contains the value of 360 ifIndex corresponding to the tunnel interface. A 361 value of 0 is not legal in the active state, 362 and means that the interface index has not 363 yet been assigned." 364 ::= { dsliteTunnelEntry 5 } 366 dsliteTunnelStatus OBJECT-TYPE 367 SYNTAX RowStatus 368 MAX-ACCESS read-create 369 STATUS current 370 DESCRIPTION 371 "The status of this row, by which new entries may be 372 created, or old entries deleted from this table. 373 ::= { dsliteTunnelEntry 6 } 375 dsliteTunnelStorageType OBJECT-TYPE 376 SYNTAX StorageType 377 MAX-ACCESS read-create 378 STATUS current 379 DESCRIPTION 380 "The storage type of this row. If the row is 381 permanent(4), no objects in the row need be 382 writable." 383 ::= { dsliteTunnelEntry 7 } 385 --dsliteNAT 386 --dsliteNATMapTable(define address pool) 387 --dsliteNATBindTable 389 dsliteNATMapTable OBJECT-TYPE 390 SYNTAX SEQUENCE OF dsliteNATMapEntry 391 MAX-ACCESS not-accessible 392 STATUS current 393 DESCRIPTION 394 "This table contains information about address map 395 parameters." 396 :: = { dsliteNAT 1 } 398 dsliteNATMapEntry OBJECT-TYPE 399 SYNTAX dsliteNATMapEntry 400 MAX-ACCESS not-accessible 401 STATUS current 402 DESCRIPTION 403 " This entry represents an address map to be used for 404 NAT and contributes to the address mapping tables of 405 AFTR." 406 INDEX { ifIndex, 407 dsliteNATMapIndex } 408 :: = { dsliteNATMapTable 1 } 410 dsliteNATMapEntry :: = 411 SEQUENCE { 412 dsliteNATMapIndex NatAddrMapId, 413 dsliteNATMapAddrName natAddrMapName, 414 dsliteNATMapEntryType natAddrMapEntryType, 415 dsliteNATMapLocalAddrFrom natAddrMapLocalAddrFrom, 416 dsliteNATMapLocalAddrTo natAddrMapLocalAddrTo, 417 dsliteNATMapLocalPortFrom natAddrMapLocalPortFrom, 418 dsliteNATMapLocalPortTo natAddrMapLocalPortTo, 419 dsliteNATMapGlobalAddrFrom natAddrMapGlobalAddrFrom, 420 dsliteNATMapGlobalAddrTo natAddrMapGlobalAddrTo, 421 dsliteNATMapGlobalPortFrom natAddrMapGlobalPortFrom, 422 dsliteNATMapGlobalPortTo natAddrMapGlobalPortTo, 423 dsliteNATMapAddrUsed natAddrMapAddrUsed, 424 dsliteNATMapStorageType StorageType, 425 dsliteNATMapRowStatus RowStatus 426 } 428 dsliteNATMapIndex OBJECT-TYPE 429 SYNTAX NatAddrMapId 430 MAX-ACCESS not-accessible 431 STATUS current 432 DESCRIPTION 433 "Along with ifIndex, this object uniquely 434 identifies an entry in the dsliteNATMapTable. 435 Address map entries are applied in the order 436 specified by dsliteNATMapIndex." 437 ::= { dsliteNATMapEntry 1 } 439 dsliteNATMapAddrName OBJECT-TYPE 440 SYNTAX natAddrMapName 441 MAX-ACCESS read-create 442 STATUS current 443 DESCRIPTION 444 "Name identifying all map entries in the table associated 445 with the same interface. All map entries with the same 446 ifIndex MUST have the same map name." 447 ::= { dsliteNATMapEntry 2 } 449 dsliteNATMapEntryType OBJECT-TYPE 450 SYNTAX natAddrMapEntryType 451 MAX-ACCESS read-create 452 STATUS current 453 DESCRIPTION 454 "This parameter can be used to set up static 455 or dynamic address maps." 456 ::= { dsliteNATMapEntry 3 } 458 dsliteNATMapLocalAddrFrom OBJECT-TYPE 459 SYNTAX natAddrMapLocalAddrFrom 460 MAX-ACCESS read-create 461 STATUS current 462 DESCRIPTION 463 "This object specifies the first IP address of the range 464 of IP addresses mapped by this translation entry. 465 The value of this object must be less than or 466 equal to the value of the dsliteNATMapLocalAddrTo 467 object." 468 ::= { dsliteNATMapEntry 4 } 470 dsliteNATMapLocalAddrTo OBJECT-TYPE 471 SYNTAX natAddrMapLocalAddrTo 472 MAX-ACCESS read-create 473 STATUS current 474 DESCRIPTION 475 "This object specifies the last IP address of the range of 476 IP addresses mapped by this translation entry. If only 477 a single address is being mapped, the value of this 478 object is equal to the value of natAddrMapLocalAddrFrom. 479 The value of this object must be greater than or equal to 480 the value of the natAddrMapLocalAddrFrom object." 481 ::= { dsliteNATMapEntry 5 } 483 dsliteNATMapLocalPortFrom OBJECT-TYPE 484 SYNTAX natAddrMapLocalPortFrom 485 MAX-ACCESS read-create 486 STATUS current 487 DESCRIPTION 488 "The value of this object must be less than or equal 489 to the value of the dsliteNATMapLocalPortTo object. 490 If the translation specifies a single port, then the 491 value of this object is equal to the value of 492 dsliteNATMapLocalPortTo." 493 DEFVAL { 0 } 494 ::= { dsliteNATMapEntry 6 } 496 dsliteNATMapLocalPortTo OBJECT-TYPE 497 SYNTAX natAddrMapLocalPortTo 498 MAX-ACCESS read-create 499 STATUS current 500 DESCRIPTION 501 "The value of this object must be greater than or equal 502 to the value of the dsliteNATMapLocalPortFrom object. 503 If the translation specifies a single port, then 504 the value of this object is equal to the value of 505 dsliteNATMapLocalPortFrom." 506 DEFVAL { 0 } 507 ::= { dsliteNATMapEntry 7 } 509 dsliteNATMapGlobalAddrFrom OBJECT-TYPE 510 SYNTAX natAddrMapGlobalAddrFrom 511 MAX-ACCESS read-create 512 STATUS current 513 DESCRIPTION 514 "This object specifies the first IP address of 515 the range of IP addresses being mapped to. 516 The value of this object must be less than 517 or equal to the value of the 518 dsliteNATMapGlobalAddrTo object. 519 ::= { dsliteNATMapEntry 8 } 521 dsliteNATMapGlobalAddrTo OBJECT-TYPE 522 SYNTAX natAddrMapGlobalAddrTo 523 MAX-ACCESS read-create 524 STATUS current 525 DESCRIPTION 526 "This object specifies the last IP address of the range 527 of IP addresses being mapped to. If only a single 528 address is being mapped to, the value of this object 529 is equal to the value of dsliteNATMapGlobalAddrFrom. 530 The value of this object must be greater than or equal 531 to the value of the dsliteNATMapGlobalAddrFrom object. 532 ::= { dsliteNATMapEntry 9 } 534 dsliteNATMapGlobalPortFrom OBJECT-TYPE 535 SYNTAX natAddrMapGlobalPortFrom 536 MAX-ACCESS read-create 537 STATUS current 538 DESCRIPTION 539 "The value of this object must be less than or equal 540 to the value of the dsliteNATMapGlobalPortTo object. 541 If the translation specifies a single port, then the 542 value of this object is equal to the value 543 dsliteNATMapGlobalPortTo." 544 DEFVAL { 0 } 545 ::= { dsliteNATMapEntry 10 } 547 dsliteNATMapGlobalPortTo OBJECT-TYPE 548 SYNTAX natAddrMapGlobalPortTo 549 MAX-ACCESS read-create 550 STATUS current 551 DESCRIPTION 552 "The value of this object must be greater than or 553 equal to the value of the dsliteNATMapGlobalPortFrom 554 object. If the translation specifies a single port, 555 then the value of this object is equal to the 556 value of dsliteNATMapGlobalPortFrom." 557 DEFVAL { 0 } 558 ::= { dsliteNATMapEntry 11 } 560 dsliteNATMapAddrUsed OBJECT-TYPE 561 SYNTAX natAddrMapAddrUsed 562 MAX-ACCESS read-only 563 STATUS current 564 DESCRIPTION 565 "The number of addresses pertaining to this address 566 map that are currently being used from the NAT pool." 567 ::= { dsliteNATMapEntry 12 } 569 dsliteNATMapStorageType OBJECT-TYPE 570 SYNTAX StorageType 571 MAX-ACCESS read-create 572 STATUS current 573 DESCRIPTION 574 "The storage type for this conceptual row. 575 Conceptual rows having the value 'permanent' 576 need not allow write-access to any columnar 577 objects in the row." 578 REFERENCE 579 "Textual Conventions for SMIv2, Section 2." 580 DEFVAL { nonVolatile } 581 ::= { dsliteNATMapEntry 13 } 583 dsliteNATMapRowStatus OBJECT-TYPE 584 SYNTAX RowStatus 585 MAX-ACCESS read-create 586 STATUS current 587 DESCRIPTION 588 "The status of this conceptual row." 589 REFERENCE 590 "Textual Conventions for SMIv2, Section 2." 591 ::= { dsliteNATMapEntry 14 } 593 dsliteNATBindTable OBJECT-TYPE 594 SYNTAX SEQUENCE OF dsliteNATBindEntry 595 MAX-ACCESS not-accessible 596 STATUS current 597 DESCRIPTION 598 "This table contains information about currently 599 active NAT binds in AFTR. This table extends the 600 natAddrPortBindTable designed in NAT MIB (RFC 601 4008) by IPv6 address of B4." 602 :: = { dsliteNAT 2 } 604 dsliteNATBindEntry OBJECT-TYPE 605 SYNTAX dsliteNATBindEntry 606 MAX-ACCESS not-accessible 607 STATUS current 608 DESCRIPTION 609 "Each entry in this table holds the relationship between 610 tunnel information and nat bind information. These entries 611 are lost upon agent restart." 612 INDEX { ifIndex, 613 dsliteNATBindLocalAddr, 614 dsliteNATBindLocalPort, 615 dsliteB4Addr } 616 :: = { dsliteNATBindTable 1 } 618 dsliteNATBindEntry :: = 619 SEQUENCE { 620 dsliteNATBindLocalAddr InetAddress, 621 dsliteNATBindLocalPort InetPortNumber, 622 dsliteNATBindGlobalAddr natAddrPortBindGlobalAddr, 623 dsliteNATBindGlobalPort natAddrPortBindGlobalPort, 624 dsliteNATBindId NatBindId, 625 dsliteB4Addr dsliteTunnelStartAddress, 626 dsliteB4PreLen dsliteTunnelStartAddPreLen, 627 dsliteNATBindMapIndex NatAddrMapId, 628 dsliteNATBindSessions natAddrPortBindSessions, 629 dsliteNATBindMaxIdleTime natAddrPortBindMaxIdleTime, 630 dsliteNATBindCurrentIdleTime natAddrPortBindCurrentIdleTime, 631 dsliteNATBindInTranslates natAddrPortBindInTranslates, 632 dsliteNATBindOutTranslates natAddrPortBindOutTranslates 633 } 635 dsliteNATBindLocalAddr OBJECT-TYPE 636 SYNTAX InetAddress 637 MAX-ACCESS read-create 638 STATUS current 639 DESCRIPTION 640 "This object represents the private IP address of host." 641 ::= { dsliteNATBindEntry 1 } 643 dsliteNATBindLocalPort OBJECT-TYPE 644 SYNTAX InetPortNumber 645 MAX-ACCESS read-create 646 STATUS current 647 DESCRIPTION 648 "This object represents the private-realm Port 649 number of host." 650 ::= { dsliteNATBindEntry 2 } 652 dsliteNATBindGlobalAddr OBJECT-TYPE 653 SYNTAX natAddrPortBindGlobalAddr 654 MAX-ACCESS read-only 655 STATUS current 656 DESCRIPTION 657 "This object represents the public-realm IP 658 address of host." 659 ::= { dsliteNATBindEntry 3 } 661 dsliteNATBindGlobalPort OBJECT-TYPE 662 SYNTAX natAddrPortBindGlobalPort 663 MAX-ACCESS read-only 664 STATUS current 665 DESCRIPTION 666 "This object represents the public-realm Port number 667 of host." 668 ::= { dsliteNATBindEntry 4 } 670 dsliteNATBindId OBJECT-TYPE 671 SYNTAX NatBindId 672 MAX-ACCESS read-only 673 STATUS current 674 DESCRIPTION 675 "This object represents a bind id that is 676 dynamically assigned to each bind by AFTR. 677 Each bind is represented by a unique bind 678 id across the dsliteNATBindTable." 679 ::= { dsliteNATBindEntry 5 } 681 dsliteB4Addr OBJECT-TYPE 682 SYNTAX dsliteTunnelStartAddress 683 MAX-ACCESS read-only 684 STATUS current 685 DESCRIPTION 686 "This object represents the relationship between 687 tunnel start point to the Bind entry, which extends 688 the source IPv6 address of packet to the Bind table." 689 ::= { dsliteNATBindEntry 6 } 691 dsliteB4PreLen OBJECT-TYPE 692 SYNTAX dsliteTunnelStartAddPreLen 693 MAX-ACCESS read-only 694 STATUS current 695 DESCRIPTION 696 "This object indicates the IPv6 prefix length of the 697 start point of tunnel, which is also need to extend to 698 the Bind table." 699 ::= { dsliteNATBindEntry 7 } 701 dsliteNATBindMapIndex OBJECT-TYPE 702 SYNTAX NatAddrMapId 703 MAX-ACCESS read-only 704 STATUS current 705 DESCRIPTION 706 "This object is a pointer to the dsliteNATMapTable 707 entry used in creating this BIND." 708 ::= { dsliteNATBindEntry 8 } 710 dsliteNATBindSessions OBJECT-TYPE 711 SYNTAX natAddrPortBindSessions 712 MAX-ACCESS read-only 713 STATUS current 714 DESCRIPTION 715 " This object represents the number of sessions currently 716 using this BIND." 717 ::= { dsliteNATBindEntry 9 } 719 dsliteNATBindMaxIdleTime OBJECT-TYPE 720 SYNTAX natAddrPortBindMaxIdleTime 721 MAX-ACCESS read-only 722 STATUS current 723 DESCRIPTION 724 "This object indicates the maximum time for 725 which this bind can be idle without any sessions 726 attached to it." 727 ::= { dsliteNATBindEntry 10 } 729 dsliteNATBindCurrentIdleTime OBJECT-TYPE 730 SYNTAX natAddrPortBindCurrentIdleTime 731 MAX-ACCESS read-only 732 STATUS current 733 DESCRIPTION 734 "At any given instance, this object indicates the 735 time that this bind has been idle without any sessions 736 attached to it." 737 ::= { dsliteNATBindEntry 11 } 739 dsliteNATBindInTranslates OBJECT-TYPE 740 SYNTAX natAddrPortBindInTranslates 741 MAX-ACCESS read-only 742 STATUS current 743 DESCRIPTION 744 "The number of inbound packets that were 745 translated as per this bind entry." 746 ::= { dsliteNATBindEntry 12 } 748 dsliteNATBindBindOutTranslates OBJECT-TYPE 749 SYNTAX natAddrPortBindOutTranslates 750 MAX-ACCESS read-only 751 STATUS current 752 DESCRIPTION 753 "The number of outbound packets that were 754 translated as per this bind entry." 755 ::= { dsliteNATBindEntry 13 } 757 --dsliteInfo 759 dsliteSessionLimitTable OBJECT-TYPE 760 SYNTAX SEQUENCE OF dsliteSessionLimitEntry 761 MAX-ACCESS not-accessible 762 STATUS current 763 DESCRIPTION 764 "The (conceptual) table containing information about session 765 limit. It can also be used for row creation." 766 :: = { dsliteInfo 1 } 768 dsliteSessionLimitEntry OBJECT-TYPE 769 SYNTAX dsliteSessionLimitEntry 770 MAX-ACCESS not-accessible 771 STATUS current 772 DESCRIPTION 773 "Each entry in this table contains the information to be 774 used for configuring session limits for DS-lite." 775 INDEX { dsliteInstanceName, 776 dsliteSessionLimitaType } 777 :: = { dsliteSessionLimitTable 1 } 779 dsliteSessionLimitEntry :: = 780 SEQUENCE { 781 dsliteSessionLimitInstanceName DisplayString, 782 dsliteSessionLimitType INTEGER, 783 dsliteSessionLimitNumber Integer32, 784 dsliteSessionLimitStorageType StorageType, 785 dsliteSessionLimitRowStatus RowStatus 786 } 788 dsliteSessionLimitInstanceName OBJECT-TYPE 789 SYNTAX DisplayString (SIZE (1..31)) 790 MAX-ACCESS read-only 791 STATUS current 792 DESCRIPTION 793 " This object represents the instance name 794 that is limited." 795 ::= { dsliteSessionLimitEntry 1 } 797 dsliteSessionLimitType OBJECT-TYPE 798 SYNTAX INTEGER 799 { 800 tcp(0), 801 udp(1), 802 icmp(2), 803 total(3) 804 } 805 MAX-ACCESS read-only 806 STATUS current 807 DESCRIPTION 808 "This object represents the session limit type : 809 tcp or udp or totally." 810 ::= { dsliteSessionLimitEntry 2 } 812 dsliteSessionLimitNumber OBJECT-TYPE 813 SYNTAX Integer32 (1..65535) 814 MAX-ACCESS read-create 815 STATUS current 816 DESCRIPTION 817 " This table represents the limit number of the session." 818 ::= { dsliteSessionLimitEntry 3 } 820 dsliteSessionLimitStorageType OBJECT-TYPE 821 SYNTAX StorageType 822 MAX-ACCESS read-create 823 STATUS current 824 DESCRIPTION 825 "The storage type for this conceptual row. Conceptual 826 rows having the value 'permanent' need not allow 827 write-access to any columnar objects in the row." 828 ::= { dsliteSessionLimitEntry 4 } 830 dsliteSessionLimitRowStatus OBJECT-TYPE 831 SYNTAX RowStatus 832 MAX-ACCESS read-create 833 STATUS current 834 DESCRIPTION 835 " The status of this conceptual row." 836 REFERENCE 837 "Textual Conventions for SMIv2, Section 2." 838 DEFVAL { nonVolatile } 839 ::= { dsliteSessionLimitEntry 5 } 841 dslitePortLimitTable OBJECT-TYPE 842 SYNTAX SEQUENCE OF dslitePortLimitEntry 843 MAX-ACCESS not-accessible 844 STATUS current 845 DESCRIPTION 846 "This table is used to configure port limits for a 847 DS-Lite instance." 848 ::= { dsliteInfo 2 } 850 dslitePortLimitEntry OBJECT-TYPE 851 SYNTAX dslitePortLimitEntry 852 MAX-ACCESS not-accessible 853 STATUS current 854 DESCRIPTION 855 "Each entry in this table contains the information to be 856 used for configuring port limits for DS-lite." 857 INDEX { dslitePortLimitInstanceName, 858 dslitePortLimitType } 859 ::= { dslitePortLimitTable 1 } 861 dslitePortLimitEntry ::= 862 SEQUENCE { 863 dslitePortLimitInstanceName DisplayString, 864 dslitePortLimitType INTEGER, 865 dslitePortLimitNumber Integer32, 866 dslitePortLimitStorageType StorageType, 867 dslitePortLimitRowStatus RowStatus 868 } 870 dslitePortLimitInstanceName OBJECT-TYPE 871 SYNTAX DisplayString (SIZE (1..31)) 872 MAX-ACCESS read-only 873 STATUS current 874 DESCRIPTION 875 " This object represents the instance name 876 that is limited." 877 ::= { dslitePortLimitEntry 1 } 879 dslitePortLimitType OBJECT-TYPE 880 SYNTAX INTEGER 881 { 882 tcp(0), 883 udp(1), 884 icmp(2), 885 total(3) 886 } 887 MAX-ACCESS read-only 888 STATUS current 889 DESCRIPTION 890 "This object represents the port limit 891 type: tcp or udp or totally." 892 ::= { dslitePortLimitEntry 2 } 894 dslitePortLimitNumber OBJECT-TYPE 895 SYNTAX Integer32 (1..300000) 896 MAX-ACCESS read-create 897 STATUS current 898 DESCRIPTION 899 "This object represents the limit number of the 900 port usage." 901 ::= { dslitePortLimitEntry 3 } 903 dslitePortLimitStorageType OBJECT-TYPE 904 SYNTAX StorageType 905 MAX-ACCESS read-create 906 STATUS current 907 DESCRIPTION 908 "The storage type for this conceptual row. Conceptual 909 rows having the value 'permanent' need not allow 910 write-access to any columnar objects in the row." 911 ::= { dslitePortLimitEntry 4 } 913 dslitePortLimitRowStatus OBJECT-TYPE 914 SYNTAX RowStatus 915 MAX-ACCESS read-create 916 STATUS current 917 DESCRIPTION 918 "Create or delete table row." 919 ::= { dslitePortLimitEntry 5 } 921 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 3 } 923 dsliteAFTRAlarmB4Addr OBJECT-TYPE 924 SYNTAX dsliteTunnelStartAddress 925 MAX-ACCESS accessible-for-notify 926 STATUS current 927 DESCRIPTION 928 "This object indicate the IP address of 929 B4 that send alarm " 930 ::= { dsliteAFTRAlarmScalar 1 } 932 dsliteAFTRAlarmProtocolType OBJECT-TYPE 933 SYNTAX DisplayString 934 MAX-ACCESS accessible-for-notify 935 STATUS current 936 DESCRIPTION 937 "This object indicate the procotol type of alarm, 938 0:tcp,1:udp,2:icmp,3:total " 939 ::= { dsliteAFTRAlarmScalar 2 } 941 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 942 SYNTAX DisplayString 943 MAX-ACCESS accessible-for-notify 944 STATUS current 945 DESCRIPTION 946 "This object indicate the name of dsliteNATMapAddrName " 947 ::= { dsliteAFTRAlarmScalar 3 } 949 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 950 SYNTAX DisplayString 951 MAX-ACCESS accessible-for-notify 952 STATUS current 953 DESCRIPTION 954 " This object indicate the IP address whose port usage 955 reach threshold " 956 ::= { dsliteAFTRAlarmScalar 4 } 958 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 959 SYNTAX Integer32 (60..90) 960 MAX-ACCESS read-write 961 STATUS current 962 DESCRIPTION 963 " This object indicate the threshold of DS-Lite 964 connections alarm." 965 ::= { dsliteAFTRAlarmScalar 5 } 967 dsliteStatisticTable OBJECT-TYPE 968 SYNTAX SEQUENCE OF dsliteStatisticEntry 969 MAX-ACCESS not-accessible 970 STATUS current 971 DESCRIPTION 972 "This table provides statistical information 973 of DS-Lite." 974 ::= { dsliteInfo 4 } 976 dsliteStatisticEntry OBJECT-TYPE 977 SYNTAX dsliteStatisticEntry 978 MAX-ACCESS not-accessible 979 STATUS current 980 DESCRIPTION 981 "This table provides statistical information 982 of DS-Lite." 983 INDEX { dsliteStatisticInstanceName } 984 ::= { dsliteStatisticTable 1 } 986 dsliteStatisticEntry ::= 987 SEQUENCE { 988 dsliteStatisticInstanceName DisplayString, 989 dsliteStatisticDiscard Counter64, 990 dsliteStatisticReceived Counter64, 991 dsliteStatisticTransmitted Counter64, 992 dsliteStatisticIpv4Session Counter64, 993 dsliteStatisticIpv6Session Counter64, 994 dsliteStatisticStorageType StorageType, 995 dsliteStatisticRowStatus RowStatus 996 } 998 dsliteStatisticInstanceName OBJECT-TYPE 999 SYNTAX DisplayString (SIZE (1..31)) 1000 MAX-ACCESS read-only 1001 STATUS current 1002 DESCRIPTION 1003 " This object indicate the instance name 1004 that is limited." 1005 ::= { dsliteStatisticEntry 1 } 1007 dsliteStatisticDiscard OBJECT-TYPE 1008 SYNTAX Counter64 1009 MAX-ACCESS read-create 1010 STATUS current 1011 DESCRIPTION 1012 " This object indicate the count number of 1013 the discarded packet." 1015 ::= { dsliteStatisticEntry 2 } 1017 dsliteStatisticReceived OBJECT-TYPE 1018 SYNTAX Counter64 1019 MAX-ACCESS read-create 1020 STATUS current 1021 DESCRIPTION 1022 "This object indicate the count number of 1023 received packet count." 1024 ::= { dsliteStatisticEntry 3 } 1026 dsliteStatisticTransmitted OBJECT-TYPE 1027 SYNTAX Counter64 1028 MAX-ACCESS read-create 1029 STATUS current 1030 DESCRIPTION 1031 "This object indicate the count number of 1032 transmitted packet count." 1033 ::= { dsliteStatisticEntry 4 } 1035 dsliteStatisticIpv4Session OBJECT-TYPE 1036 SYNTAX Counter64 1037 MAX-ACCESS read-create 1038 STATUS current 1039 DESCRIPTION 1040 " This object indicate the number of the 1041 current IPv4 Session." 1042 ::= { dsliteStatisticEntry 5 } 1044 dsliteStatisticIpv6Session OBJECT-TYPE 1045 SYNTAX Counter64 1046 MAX-ACCESS read-create 1047 STATUS current 1048 DESCRIPTION 1049 " This object indicate the number of the 1050 current IPv6 Session." 1051 ::= { dsliteStatisticEntry 6 } 1053 dsliteStatisticRowStatus OBJECT-TYPE 1054 SYNTAX RowStatus 1055 MAX-ACCESS read-create 1056 STATUS current 1057 DESCRIPTION 1058 "Create or delete table row." 1059 ::= { dsliteStatisticEntry 7 } 1061 ---dslite trap 1063 dsliteTunnelNumAlarm NOTIFICATION-TYPE 1064 STATUS current 1065 DESCRIPTION 1066 "This trap is triggered when dslite tunnel 1067 reach the threshold." 1068 ::= { dsliteTraps 1 } 1070 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 1071 OBJECTS { dsliteAFTRAlarmProtocolType, 1072 dsliteAFTRAlarmB4Addr } 1073 STATUS current 1074 DESCRIPTION 1075 " This trap is triggered when sessions of 1076 user reach the threshold." 1077 ::= { dsliteTraps 2 } 1079 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 1080 OBJECTS { dsliteAFTRAlarmMapAddrName, 1081 dsliteAFTRAlarmSpecificIP } 1082 STATUS current 1083 DESCRIPTION 1084 "This trap is triggered when used NAT 1085 ports of map address reach the threshold." 1086 ::= { dsliteTraps 3 } 1088 --Module Conformance statement 1090 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 1092 dsliteCompliance MODULE-COMPLIANCE 1093 STATUS current 1094 DESCRIPTION 1095 "Description." 1096 MODULE -- this module 1097 MANDATORY-GROUPS { dsliteNATMapGroup, 1098 dsliteTunnelGroup } 1099 ::= { dsliteCompliances 1 } 1101 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 1103 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 1104 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 1105 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 1106 dsliteAFTRAlarmConnectNumber } 1107 STATUS current 1108 DESCRIPTION 1109 " The collection of this objects are used to give the 1110 information about AFTR alarming Scalar." 1111 ::= { dsliteGroups 1 } 1113 dsliteNATMapGroup OBJECT-GROUP 1114 OBJECTS { dsliteNATMapIndex, dsliteNATMapAddrName, 1115 dsliteNATMapEntryType, dsliteNATMapLocalAddrFrom, 1116 dsliteNATMapLocalAddrTo, dsliteNATMapLocalPortFrom, 1117 dsliteNATMapLocalPortTo, dsliteNATMapGlobalAddrFrom, 1118 dsliteNATMapGlobalAddrTo, dsliteNATMapGlobalPortFrom, 1119 dsliteNATMapGlobalPortTo, dsliteNATMapAddrUsed, 1120 dsliteNATMapStorageType, dsliteNATMapRowStatu } 1121 STATUS current 1122 DESCRIPTION 1123 " The collection of this objects are used to give the 1124 information about NAT address mapping." 1125 ::= { dsliteGroups 2 } 1127 dsliteTunnelGroup OBJECT-GROUP 1128 OBJECTS { dsliteTunnelStartAddress, dsliteTunnelStartAddPreLen, 1129 dsliteTunnelEndAddress, dsliteTunnelID, 1130 dsliteTunnelIfIndex, dsliteTunnelStatus, 1131 dsliteTunnelStorageType } 1132 STATUS current 1133 DESCRIPTION 1134 " The collection of this objects are used to give the 1135 information of tunnel in ds-lite." 1136 ::= { dsliteGroups 3 } 1138 dsliteNATBindGroup OBJECT-GROUP 1139 OBJECTS { dsliteNATBindLocalAddr, dsliteNATBindLocalPort, 1140 dsliteNATBindGlobalAddr, dsliteNATBindGlobalPort, 1141 dsliteNATBindId, dsliteB4Addr, dsliteB4PreLen, 1142 dsliteNATBindMapIndex, dsliteNATBindSessions, 1143 dsliteNATBindMaxIdleTime, 1144 dsliteNATBindCurrentIdleTime, 1145 dsliteNATBindInTranslates, 1146 dsliteNATBindOutTranslates } 1147 STATUS current 1148 DESCRIPTION 1149 " The collection of this objects are used to give the 1150 information about NAT Bind." 1151 ::= { dsliteGroups 4 } 1153 dsliteSessionLimitGroup OBJECT-GROUP 1154 OBJECTS { dsliteSessionLimitInstanceName, 1155 dsliteSessionLimitType, dsliteSessionLimitNumber, 1156 dsliteSessionLimitStorageType, 1157 dsliteSessionLimitRowStatus } 1158 STATUS current 1159 DESCRIPTION 1160 " The collection of this objects are used to give the 1161 information about port limit." 1162 ::= { dsliteGroups 5 } 1164 dslitePortLimitGroup OBJECT-GROUP 1165 OBJECTS { dslitePortLimitInstanceName, 1166 dslitePortLimitType, dslitePortLimitNumber, 1167 dslitePortLimitStorageType, 1168 dslitePortLimitRowStatus } 1169 STATUS current 1170 DESCRIPTION 1171 " The collection of this objects are used to give the 1172 information about port limit." 1173 ::= { dsliteGroups 6 } 1175 dsliteStatisticGroup OBJECT-GROUP 1176 OBJECTS { dsliteStatisticInstanceName, 1177 dsliteStatisticDiscard, 1178 dsliteStatisticReceived, 1179 dsliteStatisticTransmitted, 1180 dsliteStatisticIpv4Session, 1181 dsliteStatisticIpv6Session, 1182 dsliteStatisticStorageType, 1183 dsliteStatisticRowStatus } 1184 STATUS current 1185 DESCRIPTION 1186 " The collection of this objects are used to give the 1187 statistical information of ds-lite." 1188 ::= { dsliteGroups 7 } 1190 dsliteTrapsGroup NOTIFICATION-GROUP 1191 NOTIFICATIONS { dsliteTunnelNumAlarm, 1192 dsliteAFTRUserSessionNumAlarm, 1193 dsliteAFTRPortUsageOfSpecificIpAlarm } 1194 STATUS current 1195 DESCRIPTION 1196 "The collection of this objects are used to give the 1197 trap information of ds-lite." 1198 ::= { dsliteGroups 8 } 1199 END 1201 8. Extending this MIB for Gateway Initiated Dual-Stack Lite 1203 Similar to DS-lite, GI-DS-lite enables the service provider to 1204 share public IPv4 addresses among different customers by combining 1205 tunneling and NAT. GI-DS-lite extends existing access tunnels 1206 beyond the access gateway to an IPv4-IPv4 NAT using softwires with 1207 an embedded context identifier that uniquely identifies the end host 1208 the tunneled packets belong to.The MIB defined in this document MAY 1209 easily extended to use for GI-DS-Lite scenario. New object as CID 1210 SHOULD be extended to the dsliteTunnelTable. And the dsliteTunnelID 1211 which has already been defined in DS-Lite MIB can be defined as SWID 1212 in GI-DS-Lite. Both CID and SWID SHOULD be extended to the 1213 dsliteNATBindTable. It will use the combination of CID and SWID as 1214 the unique identifier for the end host and store it in the NAT 1215 binding entry. 1217 9. IANA Considerations 1219 The MIB module in this document uses the following IANA-assigned 1220 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 1222 Descriptor OBJECT IDENTIFIER value 1223 ---------- ----------------------- 1224 DSLite-MIB { transmission XXX } 1226 10. Security Considerations 1228 The DS-Lite MIB module can be used for configuration of certain 1229 objects, and anything that can be incorrectly configured, with 1230 potentially disastrous results. Because this MIB module reuse the 1231 IP tunnel MIB and nat MIB, the security considerations for these MIBs 1232 are also applicable to the DS-Lite MIB. 1234 Unauthorized read access to tunnelIfLocalAddress, or any object in 1235 the dsliteBindRelationTable or dslitePortBindRelationTable would 1236 reveal information about the mapping information. 1238 SNMP versions prior to SNMPv3 did not include adequate security. 1239 Even if the network itself is secure (for example by using IPSec), 1240 even then, there is no control as to who on the secure network is 1241 allowed to access and GET/SET (read/change/create/delete) the objects 1242 in this MIB module. 1244 It is RECOMMENDED that implementers consider the security features as 1245 provided by the SNMPv3 framework (see [RFC3410], section 8), 1246 including full support for the SNMPv3 cryptographic mechanisms (for 1247 authentication and privacy). 1249 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1250 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1251 enable cryptographic security. It is then a customer/operator 1252 responsibility to ensure that the SNMP entity giving access to an 1253 instance of this MIB module is properly configured to give access to 1254 the objects only to those principals (users) that have legitimate 1255 rights to indeed GET or SET (change/create/delete) them. 1257 11. References 1259 11.1. Normative References 1261 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1262 Requirement Levels", BCP 14, RFC 2119, March 1997. 1264 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1265 "Structure of Management Information Version 2 (SMIv2)", 1266 RFC 2578, April 1999. 1268 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual 1269 Conventions for SMIv2", RFC 2579, April 1999. 1271 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1272 "Conformance Statements for SMIv2", RFC 2580, April 1999. 1274 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 1275 MIB", RFC 2863, June 2000. 1277 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1278 Architecture for Describing Simple Network Management 1279 Protocol (SNMP) Management Frameworks", RFC 3411, December 1280 2002. 1282 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1283 Schoenwaelder, "Textual Conventions for Internet Network 1284 Addresses", RFC 4001, February 2005. 1286 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and 1287 Wang, C., "Definitions of Managed Objects for Network 1288 Address Translators (NAT)", RFC 4008, March 2005. 1290 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 1292 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1293 Stack Lite Broadband Deployments Following IPv4 1294 Exhaustion", RFC6333, August 2011. 1296 11.2. Informative References 1298 [I-D.ietf-softwire-gateway-init-ds-lite] 1299 Brockners, F., Gundavelli, S., Speicher, S., and D. Ward, 1300 "Gateway Initiated Dual-Stack Lite Deployment", 1301 draft-ietf-softwire-gateway-init-ds-lite-06 (work in 1302 progress), December 2011. 1304 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1305 "Introduction and Applicability Statements for Internet- 1306 Standard Management Framework", RFC 3410, December 2002. 1308 12. Change Log [RFC Editor please remove] 1310 draft-fu-softwire-dslite-mib-00, original version, 2011-05-04 1312 draft-fu-softwire-dslite-mib-01, 01 version, 2011-07-11 1314 draft-fu-softwire-dslite-mib-02, 02 version, 2011-08-27 1316 draft-fu-softwire-dslite-mib-03, 03 version, 2012-02-22 1318 Author's Addresses 1320 Yu Fu 1321 Huawei Technologies Co., Ltd 1322 Huawei Building, 156 Beiqing Rd., 1323 Hai-Dian District, Beijing 100095 1324 P.R. China 1325 Email: eleven.fuyu@huawei.com 1327 Sheng Jiang 1328 Huawei Technologies Co., Ltd 1329 Huawei Building, 156 Beiqing Rd., 1330 Hai-Dian District, Beijing 100095 1331 P.R. China 1332 Email: jiangsheng@huawei.com 1334 Yong Cui 1335 Tsinghua University 1336 Department of Computer Science, Tsinghua University 1337 Beijing 100084 1338 P.R. China 1339 Email: yong@csnet1.cs.tsinghua.edu.cn 1341 Jiang Dong 1342 Tsinghua University 1343 Department of Computer Science, Tsinghua University 1344 Beijing 100084 1345 P.R. China 1346 Email: dongjiang@csnet1.cs.tsinghua.edu.cn