idnits 2.17.1 draft-fu-softwire-dslite-mib-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (April 24, 2012) is 4377 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 6333' is mentioned on line 76, but not defined == Unused Reference: 'RFC6333' is defined on line 1312, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-softwire-gateway-init-ds-lite' is defined on line 1318, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) == Outdated reference: A later version (-08) exists of draft-ietf-softwire-gateway-init-ds-lite-05 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track Huawei Technologies Co., Ltd 4 Expires: October 26, 2012 Y. Cui 5 J.Dong 6 Tsinghua University 7 April 24, 2012 9 DS-Lite Management Information Base (MIB) 10 draft-fu-softwire-dslite-mib-04 12 Status of this Memo 14 This Internet-Draft is submitted in full conformance with the 15 provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF). Note that other groups may also distribute working 19 documents as Internet-Drafts. The list of current Internet-Drafts is 20 at http://datatracker.ietf.org/drafts/current/. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 This Internet-Draft will expire on October 26, 2012. 29 Copyright Notice 31 Copyright (c) 2012 IETF Trust and the persons identified as the 32 document authors. All rights reserved. 34 This document is subject to BCP 78 and the IETF Trust's Legal 35 Provisions Relating to IETF Documents 36 (http://trustee.ietf.org/license-info) in effect on the date of 37 publication of this document. Please review these documents 38 carefully, as they describe your rights and restrictions with respect 39 to this document. Code Components extracted from this document must 40 include Simplified BSD License text as described in Section 4.e of 41 the Trust Legal Provisions and are provided without warranty as 42 described in the Simplified BSD License. 44 Abstract 46 This memo defines a portion of the Management Information Base (MIB) for 47 use with network management protocols in the Internet community. In 48 particular, it defines managed objects for DS-Lite. 50 Table of Contents 52 1. Introduction ................................................. 3 53 2. The Internet-Standard Management Framework ................... 3 54 3. Terminology .................................................. 3 55 4. Difference from the IP tunnel MIB and NAT MIB ................ 3 56 5. Relationship to the IF-MIB ................................... 5 57 6. Structure of the MIB Module .................................. 5 58 6.1. The dsliteTunnel Subtree ................................ 5 59 6.2. The dsliteNAT Subtree ................................... 5 60 6.3. The dsliteInfo Subtree .................................. 6 61 6.4. The dsliteTrap Subtree .................................. 6 62 6.5. The dsliteConformance Subtree ........................... 6 63 7. MIB modules required for IMPORTS ............................. 6 64 8. Definitions .................................................. 6 65 9. Extending this MIB for Gateway Initiated Dual-Stack Lite..... 27 66 10. IANA Considerations ........................................ 27 67 11. Security Considerations .................................... 28 68 12. References ................................................. 28 69 12.1. Normative References .................................. 28 70 12.2. Informative References ................................ 29 71 13. Change Log [RFC Editor please remove] ...................... 29 72 Author's Addresses ............................................. 30 74 1. Introduction 76 Dual-Stack Lite [RFC 6333] is a solution to offer both IPv4 and IPv6 77 connectivity to customers crossing IPv6 only infrastructure. One of 78 its key components is an IPv4-over-IPv6 79 tunnel, which is used to provide IPv4 connection across service 80 provider IPv6 network. Another key component is a carrier-grade IPv4- 81 IPv4 NAT to share service provider IPv4 addresses among customers. 83 This document defines a portion of the Management Information Base 84 (MIB) for use with network management protocols in the Internet 85 community. This MIB module may be used for configuration and 86 monitoring the devices in the Dual-Stack Lite scenario. 87 This MIB also can be extended to the application for Gateway 88 Initiated Dual-Stack Lite. 90 2. The Internet-Standard Management Framework 92 For a detailed overview of the documents that describe the current 93 Internet-Standard Management Framework, please refer to section 7 of 94 [RFC3410]. 96 Managed objects are accessed via a virtual information store, termed 97 the MIB. MIB objects are generally accessed through the Simple 98 Network Management Protocol (SNMP). 100 Objects in the MIB are defined using the mechanisms defined in the 101 Structure of Management Information (SMI). This memo specifies a MIB 102 module that is compliant to the SMIv2, which is described in 103 [RFC2578], [RFC2579] and [RFC2580]. 105 3. Terminology 107 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 108 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 109 document are to be interpreted as described in [RFC2119]. 111 4. Difference from the IP tunnel MIB and NAT MIB 113 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnel 114 and NAT (IPv4 to IPv4 translation). 116 Notes: According to the section 5.2 of RFC6333, DS-Lite only defines 117 IPv4 in IPv6 tunnels at this moment, but other types of encapsulation 118 could be defined in the future. So this DS-Lite MIB only support IP 119 in IP encapsulation, if the RFC6333 defined other tunnel types in the 120 future, this DS-Lite MIB will be updated then. 122 The NAT-MIB [RFC4008] is designed to carry translation from any 123 address family to any address family, therefore supports IPv4 to IPv4 124 translation. 126 The tunnel MIB [RFC4087] is designed for managing tunnels of any type 127 over IPv4 and IPv6 networks, therefore supports IP in IP tunnels. 129 However, NAT MIB and tunnel MIB together are not sufficient to 130 support DS-Lite. This document describes the specific MIB 131 requirements for DS-Lite, as below. 133 In DS-Lite scenario, the tunnel type is IP in IP, more 134 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 135 describe tunnel type in DS-Lite MIB. 137 In DS-Lite scenario, the translation type is IPv4 private 138 address to IPv4 public address. Therefore, it is unnecessary to 139 describe the type of address in the corresponding 140 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 141 in DS-Lite MIB. 143 In DS-Lite scenario, the AFTR is not only the tunnel end 144 concentrator, but also a 4-4 translator. Within the AFTR, 145 tunnel information and translation information MUST be mapped 146 each other. Two independent MIB is not able to reflect this 147 mapping relationship. Therefore, a combined MIB is necessary. 149 If the Gateway Initiated Dual-Stack Lite scenario[I-D.ietf- 150 softwire-gateway-init-ds-lite] is required, the MIB defined in 151 this document could be easily extended for GI-DS-Lite. CID 152 (Context Identifier) can be extended to the tunnel MIB to 153 identifier the access devices which have the same IPv4 address. 154 And both CID and SWID (Softwire Identifier) can be extended to 155 the NAT MIB for performing the NAT binding look up. 157 The implementation of the IP Tunnel MIB is required for DS-Lite. The 158 tunnelIfEncapsMethod in the tunnelIfEntry should be set to 159 dsLite("xx"), and corresponding entry in the DS-Lite module will 160 exist for every tunnelIfEntry with this tunnelIfEncapsMethod. The 161 tunnelIfRemoteInetAddress must be set to ::. 163 5. Relationship to the IF-MIB 165 The Interfaces MIB [RFC2863] defines generic managed objects for 166 managing interfaces. Each logical interface (physical or virtual)has 167 an ifEntry. Tunnels are handled by creating a logical interface 168 (ifEntry) for each tunnel. DS-Lite tunnel also acts as a virtual 169 interface, which has corresponding entries in IP Tunnel MIB and 170 Interface MIB. Those corresponding entries are indexed by ifIndex. 172 The ifOperStatus in ifTable would be used to represent whether the 173 DS-Lite tunnel function has been originated. The ifInUcastPkts 174 defined in ifTabel will represent the number of IPv6 packets which 175 have been encapsulated with IPv4 packets in it. The ifOutUcastPkts 176 defined in ifTabel contains the number of IPv6 packets which can be 177 decapsulated to IPv4 in the virtual interface. Also, the IF-MIB 178 defines ifMtu for the MTU of this tunnel interface, so DS-Lite MIB 179 does not need to define the MTU for tunnel. 181 6. Structure of the MIB Module 183 The DS-Lite MIB provides a way to configure and manage the devices 184 (AFTRs)in DS-Lite scenario through SNMP. 186 DS-Lite MIB is configurable on a per-interface basis. It depends on 187 several parts of the IF-MIB [RFC2863], tunnel MIB [RFC4087], and NAT 188 MIB [RFC4008]. 190 6.1. The dsliteTunnel Subtree 192 The dsliteTunnel subtree describes managed objects used for managing 193 tunnels in the DS-Lite scenario. Because some objects defined in 194 Tunnel MIB are not access, a few new objects are defined in DS-Lite 195 MIB. 197 6.2. The dsliteNAT Subtree 199 The dsliteNAT Subtree describes managed objects used for 200 configuration as well as monitoring of AFTR which is capable of NAT 201 function. Because the NAT MIB supports the NAT management function in 202 DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT Subtree also 203 provides the information of mapping relationship between the tunnel 204 MIB and NAT MIB by extending B4 address to the bind table in NAT 205 MIB. 207 6.3. The dsliteInfo Subtree 209 The dsliteInfo Subtree provides the statistical information for DS- 210 lite. 212 6.4. The dsliteTrap Subtree 214 The dsliteTrap Subtree provides trap information in DS-lite instance. 216 6.5. The dsliteConformance Subtree 218 The Subtree provides conformance information of MIB objects. 220 7. MIB modules required for IMPORTS 222 This MIB module IMPORTs objects from [RFC4087], [RFC4008], [RFC2580], 223 [RFC2578], [RFC2863], [RFC4001],[RFC3411]. 225 8. Definitions 227 DSLite-MIB DEFFINITIONS ::= BEGIN 229 IMPORTS 230 MODULE-IDENTITY, OBJECT-TYPE, mib-2, transmission, 231 Gauge32, Integer32, Counter64 232 FROM SNMPv2-SMI 234 RowStatus, StorageType, DisplayString 235 FROM SNMPv2-TC 237 ifIndex, InterfaceIndexOrZero 238 FROM IF-MIB 240 IANAtunnelType 241 FROM IANAifType-MIB 243 InetAddress, InetAddressIPv6, InetPortNumber 244 FROM INET-ADDRESS-MIB 246 NatAddrMapId, natAddrMapName, natAddrMapEntryType, 247 natAddrMapLocalAddrFrom, natAddrMapLocalAddrTo, 248 natAddrMapLocalPortFrom, natAddrMapLocalPortTo, 249 natAddrMapGlobalAddrFrom, natAddrMapGlobalAddrTo, 250 natAddrMapGlobalPortFrom, natAddrMapGlobalPortTo 251 natAddrPortBindGlobalAddr, natAddrPortBindGlobalPort, 252 NatBindId, natAddrPortBindSessions, 253 natAddrPortBindMaxIdleTime, natAddrPortBindCurrentIdleTime, 254 natAddrPortBindInTranslates, natAddrPortBindOutTranslates 255 FROM natMIB 257 dsliteMIB MODULE-IDENTITY 258 LAST-UPDATED "201204240000Z" -- April 24, 2012 259 ORGANIZATION "IETF Softwire Working Group" 260 CONTACT-INFO 261 "Yu Fu 262 Huawei Technologies Co., Ltd 263 Huawei Building, 156 Beiqing Rd., Hai-Dian District 264 Beijing, P.R. China 100095 265 EMail: eleven.fuyu@huawei.com 267 Sheng Jiang 268 Huawei Technologies Co., Ltd 269 Huawei Building, 156 Beiqing Rd., Hai-Dian District 270 Beijing, P.R. China 100095 271 EMail: jiangsheng@huawei.com 273 Yong Cui 274 Tsinghua University 275 Department of Computer Science, Tsinghua University 276 Beijing 100084 277 P.R. China 278 Email: yong@csnet1.cs.tsinghua.edu.cn 280 Jiang Dong 281 Tsinghua University 282 Department of Computer Science, Tsinghua University 283 Beijing 100084 284 P.R. China 285 Email: dongjiang@csnet1.cs.tsinghua.edu.cn" 287 DESCRIPTION 288 "The MIB module is defined for management of object in the 289 DS-Lite scenario. " 290 ::= { transmission xxx } --xxx to be replaced with correct 291 value 293 dsliteTunnel OBJECT IDENTIFIER 294 :: = { dsliteMIB 1 } 296 dsliteNAT OBJECT IDENTIFIER 297 :: = { dsliteMIB 2 } 299 dsliteInfo OBJECT IDENTIFIER 300 :: = { dsliteMIB 3 } 302 dsliteTraps OBJECT IDENTIFIER 303 ::= { dsliteMIB 4 } 305 --Conformance 306 dsliteConformance OBJECT IDENTIFIER 307 :: = { dsliteMIB 5 } 309 --dsliteTunnel 310 --dsliteTunnelTable 312 dsliteTunnelTable OBJECT-TYPE 313 SYNTAX SEQUENCE OF dsliteTunnelEntry 314 MAX-ACCESS not-accessible 315 STATUS current 316 DESCRIPTION 317 "The (conceptual) table containing information on configured 318 tunnels. This table can be used to map CPE address to the 319 associated AFTR address. It can also be used for row 320 creation." 321 :: = { dsliteTunnel 1 } 323 dsliteTunnelEntry OBJECT-TYPE 324 SYNTAX dsliteTunnelEntry 325 MAX-ACCESS not-accessible 326 STATUS current 327 DESCRIPTION 328 "Each entry in this table contains the information on a 329 particular configured tunnel." 330 INDEX { dsliteTunnelStartAddress, 331 dsliteTunnelEndAddress, 332 ifIndex } 333 :: = { dsliteTunnelTable 1 } 335 dsliteTunnelEntry :: = 336 SEQUENCE { 337 dsliteTunnelStartAddress InetAddressIPv6, 338 dsliteTunnelStartAddPreLen Integer32, 339 dsliteTunnelEndAddress InetAddressIPv6, 340 dsliteTunnelStatus RowStatus, 341 dsliteTunnelStorageType StorageType 342 } 344 dsliteTunnelStartAddress OBJECT-TYPE 345 SYNTAX InetAddressIPv6 346 MAX-ACCESS read-create 347 STATUS current 348 DESCRIPTION 349 "The address of the start point of the tunnel." 350 ::= { dsliteTunnelEntry 1 } 352 dsliteTunnelStartAddPreLen OBJECT-TYPE 353 SYNTAX Integer32 (0..128) 354 MAX-ACCESS read-create 355 STATUS current 356 DESCRIPTION 357 "IPv6 prefix length of the IP address of the 358 start point of the tunnel." 359 ::= { dsliteTunnelEntry 2 } 361 dsliteTunnelEndAddress OBJECT-TYPE 362 SYNTAX InetAddressIPv6 363 MAX-ACCESS read-create 364 STATUS current 365 DESCRIPTION 366 "The address of the endpoint of the tunnel." 367 ::= { dsliteTunnelEntry 3 } 369 dsliteTunnelStatus OBJECT-TYPE 370 SYNTAX RowStatus 371 MAX-ACCESS read-create 372 STATUS current 373 DESCRIPTION 374 "The status of this row, by which new entries may be 375 created, or old entries deleted from this table. 376 ::= { dsliteTunnelEntry 4 } 378 dsliteTunnelStorageType OBJECT-TYPE 379 SYNTAX StorageType 380 MAX-ACCESS read-create 381 STATUS current 382 DESCRIPTION 383 "The storage type of this row. If the row is 384 permanent(4), no objects in the row need be 385 writable." 386 ::= { dsliteTunnelEntry 5 } 388 --dsliteNAT 389 --dsliteNATMapTable(define address pool) 390 --dsliteNATBindTable 392 dsliteNATMapTable OBJECT-TYPE 393 SYNTAX SEQUENCE OF dsliteNATMapEntry 394 MAX-ACCESS not-accessible 395 STATUS current 396 DESCRIPTION 397 "This table contains information about address map 398 parameters." 399 :: = { dsliteNAT 1 } 401 dsliteNATMapEntry OBJECT-TYPE 402 SYNTAX dsliteNATMapEntry 403 MAX-ACCESS not-accessible 404 STATUS current 405 DESCRIPTION 406 " This entry represents an address map to be used for 407 NAT and contributes to the address mapping tables of 408 AFTR." 409 INDEX { ifIndex, 410 dsliteNATMapIndex } 411 :: = { dsliteNATMapTable 1 } 413 dsliteNATMapEntry :: = 414 SEQUENCE { 415 dsliteNATMapIndex NatAddrMapId, 416 dsliteNATMapAddrName natAddrMapName, 417 dsliteNATMapEntryType natAddrMapEntryType, 418 dsliteNATMapLocalAddrFrom natAddrMapLocalAddrFrom, 419 dsliteNATMapLocalAddrTo natAddrMapLocalAddrTo, 420 dsliteNATMapLocalPortFrom natAddrMapLocalPortFrom, 421 dsliteNATMapLocalPortTo natAddrMapLocalPortTo, 422 dsliteNATMapGlobalAddrFrom natAddrMapGlobalAddrFrom, 423 dsliteNATMapGlobalAddrTo natAddrMapGlobalAddrTo, 424 dsliteNATMapGlobalPortFrom natAddrMapGlobalPortFrom, 425 dsliteNATMapGlobalPortTo natAddrMapGlobalPortTo, 426 dsliteNATMapAddrUsed natAddrMapAddrUsed, 427 dsliteNATMapStorageType StorageType, 428 dsliteNATMapRowStatus RowStatus 429 } 431 dsliteNATMapIndex OBJECT-TYPE 432 SYNTAX NatAddrMapId 433 MAX-ACCESS not-accessible 434 STATUS current 435 DESCRIPTION 436 "Along with ifIndex, this object uniquely 437 identifies an entry in the dsliteNATMapTable. 438 Address map entries are applied in the order 439 specified by dsliteNATMapIndex." 440 ::= { dsliteNATMapEntry 1 } 442 dsliteNATMapAddrName OBJECT-TYPE 443 SYNTAX natAddrMapName 444 MAX-ACCESS read-create 445 STATUS current 446 DESCRIPTION 447 "Name identifying all map entries in the table associated 448 with the same interface. All map entries with the same 449 ifIndex MUST have the same map name." 450 ::= { dsliteNATMapEntry 2 } 452 dsliteNATMapEntryType OBJECT-TYPE 453 SYNTAX natAddrMapEntryType 454 MAX-ACCESS read-create 455 STATUS current 456 DESCRIPTION 457 "This parameter can be used to set up static 458 or dynamic address maps." 459 ::= { dsliteNATMapEntry 3 } 461 dsliteNATMapLocalAddrFrom OBJECT-TYPE 462 SYNTAX natAddrMapLocalAddrFrom 463 MAX-ACCESS read-create 464 STATUS current 465 DESCRIPTION 466 "This object specifies the first IP address of the range 467 of IP addresses mapped by this translation entry. 468 The value of this object must be less than or 469 equal to the value of the dsliteNATMapLocalAddrTo 470 object." 471 ::= { dsliteNATMapEntry 4 } 473 dsliteNATMapLocalAddrTo OBJECT-TYPE 474 SYNTAX natAddrMapLocalAddrTo 475 MAX-ACCESS read-create 476 STATUS current 477 DESCRIPTION 478 "This object specifies the last IP address of the range of 479 IP addresses mapped by this translation entry. If only 480 a single address is being mapped, the value of this 481 object is equal to the value of natAddrMapLocalAddrFrom. 482 The value of this object must be greater than or equal to 483 the value of the natAddrMapLocalAddrFrom object." 484 ::= { dsliteNATMapEntry 5 } 486 dsliteNATMapLocalPortFrom OBJECT-TYPE 487 SYNTAX natAddrMapLocalPortFrom 488 MAX-ACCESS read-create 489 STATUS current 490 DESCRIPTION 491 "The value of this object must be less than or equal 492 to the value of the dsliteNATMapLocalPortTo object. 493 If the translation specifies a single port, then the 494 value of this object is equal to the value of 495 dsliteNATMapLocalPortTo." 496 DEFVAL { 0 } 497 ::= { dsliteNATMapEntry 6 } 499 dsliteNATMapLocalPortTo OBJECT-TYPE 500 SYNTAX natAddrMapLocalPortTo 501 MAX-ACCESS read-create 502 STATUS current 503 DESCRIPTION 504 "The value of this object must be greater than or equal 505 to the value of the dsliteNATMapLocalPortFrom object. 506 If the translation specifies a single port, then 507 the value of this object is equal to the value of 508 dsliteNATMapLocalPortFrom." 509 DEFVAL { 0 } 510 ::= { dsliteNATMapEntry 7 } 512 dsliteNATMapGlobalAddrFrom OBJECT-TYPE 513 SYNTAX natAddrMapGlobalAddrFrom 514 MAX-ACCESS read-create 515 STATUS current 516 DESCRIPTION 517 "This object specifies the first IP address of 518 the range of IP addresses being mapped to. 519 The value of this object must be less than 520 or equal to the value of the 521 dsliteNATMapGlobalAddrTo object. 522 ::= { dsliteNATMapEntry 8 } 524 dsliteNATMapGlobalAddrTo OBJECT-TYPE 525 SYNTAX natAddrMapGlobalAddrTo 526 MAX-ACCESS read-create 527 STATUS current 528 DESCRIPTION 529 "This object specifies the last IP address of the range 530 of IP addresses being mapped to. If only a single 531 address is being mapped to, the value of this object 532 is equal to the value of dsliteNATMapGlobalAddrFrom. 533 The value of this object must be greater than or equal 534 to the value of the dsliteNATMapGlobalAddrFrom object. 535 ::= { dsliteNATMapEntry 9 } 537 dsliteNATMapGlobalPortFrom OBJECT-TYPE 538 SYNTAX natAddrMapGlobalPortFrom 539 MAX-ACCESS read-create 540 STATUS current 541 DESCRIPTION 542 "The value of this object must be less than or equal 543 to the value of the dsliteNATMapGlobalPortTo object. 544 If the translation specifies a single port, then the 545 value of this object is equal to the value 546 dsliteNATMapGlobalPortTo." 547 DEFVAL { 0 } 548 ::= { dsliteNATMapEntry 10 } 550 dsliteNATMapGlobalPortTo OBJECT-TYPE 551 SYNTAX natAddrMapGlobalPortTo 552 MAX-ACCESS read-create 553 STATUS current 554 DESCRIPTION 555 "The value of this object must be greater than or 556 equal to the value of the dsliteNATMapGlobalPortFrom 557 object. If the translation specifies a single port, 558 then the value of this object is equal to the 559 value of dsliteNATMapGlobalPortFrom." 560 DEFVAL { 0 } 561 ::= { dsliteNATMapEntry 11 } 563 dsliteNATMapAddrUsed OBJECT-TYPE 564 SYNTAX natAddrMapAddrUsed 565 MAX-ACCESS read-only 566 STATUS current 567 DESCRIPTION 568 "The number of addresses pertaining to this address 569 map that are currently being used from the NAT pool." 570 ::= { dsliteNATMapEntry 12 } 572 dsliteNATMapStorageType OBJECT-TYPE 573 SYNTAX StorageType 574 MAX-ACCESS read-create 575 STATUS current 576 DESCRIPTION 577 "The storage type for this conceptual row. 578 Conceptual rows having the value 'permanent' 579 need not allow write-access to any columnar 580 objects in the row." 581 REFERENCE 582 "Textual Conventions for SMIv2, Section 2." 584 DEFVAL { nonVolatile } 585 ::= { dsliteNATMapEntry 13 } 587 dsliteNATMapRowStatus OBJECT-TYPE 588 SYNTAX RowStatus 589 MAX-ACCESS read-create 590 STATUS current 591 DESCRIPTION 592 "The status of this conceptual row." 593 REFERENCE 594 "Textual Conventions for SMIv2, Section 2." 595 ::= { dsliteNATMapEntry 14 } 597 dsliteNATBindTable OBJECT-TYPE 598 SYNTAX SEQUENCE OF dsliteNATBindEntry 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "This table contains information about currently 603 active NAT binds in AFTR. This table extends the 604 natAddrPortBindTable designed in NAT MIB (RFC 605 4008) by IPv6 address of B4." 606 :: = { dsliteNAT 2 } 608 dsliteNATBindEntry OBJECT-TYPE 609 SYNTAX dsliteNATBindEntry 610 MAX-ACCESS not-accessible 611 STATUS current 612 DESCRIPTION 613 "Each entry in this table holds the relationship between 614 tunnel information and nat bind information. These entries 615 are lost upon agent restart." 616 INDEX { ifIndex, 617 dsliteNATBindLocalAddr, 618 dsliteNATBindLocalPort, 619 dsliteB4Addr } 620 :: = { dsliteNATBindTable 1 } 622 dsliteNATBindEntry :: = 623 SEQUENCE { 624 dsliteNATBindLocalAddr InetAddress, 625 dsliteNATBindLocalPort InetPortNumber, 626 dsliteNATBindGlobalAddr natAddrPortBindGlobalAddr, 627 dsliteNATBindGlobalPort natAddrPortBindGlobalPort, 628 dsliteNATBindId NatBindId, 629 dsliteB4Addr dsliteTunnelStartAddress, 630 dsliteB4PreLen dsliteTunnelStartAddPreLen, 631 dsliteNATBindMapIndex NatAddrMapId, 632 dsliteNATBindSessions natAddrPortBindSessions, 633 dsliteNATBindMaxIdleTime natAddrPortBindMaxIdleTime, 634 dsliteNATBindCurrentIdleTime natAddrPortBindCurrentIdleTime, 635 dsliteNATBindInTranslates natAddrPortBindInTranslates, 636 dsliteNATBindOutTranslates natAddrPortBindOutTranslates 637 } 639 dsliteNATBindLocalAddr OBJECT-TYPE 640 SYNTAX InetAddress 641 MAX-ACCESS read-create 642 STATUS current 643 DESCRIPTION 644 "This object represents the private IP address of host." 645 ::= { dsliteNATBindEntry 1 } 647 dsliteNATBindLocalPort OBJECT-TYPE 648 SYNTAX InetPortNumber 649 MAX-ACCESS read-create 650 STATUS current 651 DESCRIPTION 652 "This object represents the private-realm Port 653 number of host." 654 ::= { dsliteNATBindEntry 2 } 656 dsliteNATBindGlobalAddr OBJECT-TYPE 657 SYNTAX natAddrPortBindGlobalAddr 658 MAX-ACCESS read-only 659 STATUS current 660 DESCRIPTION 661 "This object represents the public-realm IP 662 address of host." 663 ::= { dsliteNATBindEntry 3 } 665 dsliteNATBindGlobalPort OBJECT-TYPE 666 SYNTAX natAddrPortBindGlobalPort 667 MAX-ACCESS read-only 668 STATUS current 669 DESCRIPTION 670 "This object represents the public-realm Port number 671 of host." 672 ::= { dsliteNATBindEntry 4 } 674 dsliteNATBindId OBJECT-TYPE 675 SYNTAX NatBindId 676 MAX-ACCESS read-only 677 STATUS current 678 DESCRIPTION 679 "This object represents a bind id that is 680 dynamically assigned to each bind by AFTR. 681 Each bind is represented by a unique bind 682 id across the dsliteNATBindTable." 683 ::= { dsliteNATBindEntry 5 } 685 dsliteB4Addr OBJECT-TYPE 686 SYNTAX dsliteTunnelStartAddress 687 MAX-ACCESS read-only 688 STATUS current 689 DESCRIPTION 690 "This object represents the relationship between 691 tunnel start point to the Bind entry, which extends 692 the source IPv6 address of packet to the Bind table." 693 ::= { dsliteNATBindEntry 6 } 695 dsliteB4PreLen OBJECT-TYPE 696 SYNTAX dsliteTunnelStartAddPreLen 697 MAX-ACCESS read-only 698 STATUS current 699 DESCRIPTION 700 "This object indicates the IPv6 prefix length of the 701 start point of tunnel, which is also need to extend to 702 the Bind table." 703 ::= { dsliteNATBindEntry 7 } 705 dsliteNATBindMapIndex OBJECT-TYPE 706 SYNTAX NatAddrMapId 707 MAX-ACCESS read-only 708 STATUS current 709 DESCRIPTION 710 "This object is a pointer to the dsliteNATMapTable 711 entry used in creating this BIND." 712 ::= { dsliteNATBindEntry 8 } 714 dsliteNATBindSessions OBJECT-TYPE 715 SYNTAX natAddrPortBindSessions 716 MAX-ACCESS read-only 717 STATUS current 718 DESCRIPTION 719 " This object represents the number of sessions currently 720 using this BIND." 721 ::= { dsliteNATBindEntry 9 } 723 dsliteNATBindMaxIdleTime OBJECT-TYPE 724 SYNTAX natAddrPortBindMaxIdleTime 725 MAX-ACCESS read-only 726 STATUS current 727 DESCRIPTION 728 "This object indicates the maximum time for 729 which this bind can be idle without any sessions 730 attached to it." 731 ::= { dsliteNATBindEntry 10 } 733 dsliteNATBindCurrentIdleTime OBJECT-TYPE 734 SYNTAX natAddrPortBindCurrentIdleTime 735 MAX-ACCESS read-only 736 STATUS current 737 DESCRIPTION 738 "At any given instance, this object indicates the 739 time that this bind has been idle without any sessions 740 attached to it." 741 ::= { dsliteNATBindEntry 11 } 743 dsliteNATBindInTranslates OBJECT-TYPE 744 SYNTAX natAddrPortBindInTranslates 745 MAX-ACCESS read-only 746 STATUS current 747 DESCRIPTION 748 "The number of inbound packets that were 749 translated as per this bind entry." 750 ::= { dsliteNATBindEntry 12 } 752 dsliteNATBindOutTranslates OBJECT-TYPE 753 SYNTAX natAddrPortBindOutTranslates 754 MAX-ACCESS read-only 755 STATUS current 756 DESCRIPTION 757 "The number of outbound packets that were 758 translated as per this bind entry." 759 ::= { dsliteNATBindEntry 13 } 761 --dsliteInfo 763 dsliteSessionLimitTable OBJECT-TYPE 764 SYNTAX SEQUENCE OF dsliteSessionLimitEntry 765 MAX-ACCESS not-accessible 766 STATUS current 767 DESCRIPTION 768 "The (conceptual) table containing information about session 769 limit. It can also be used for row creation." 770 :: = { dsliteInfo 1 } 772 dsliteSessionLimitEntry OBJECT-TYPE 773 SYNTAX dsliteSessionLimitEntry 774 MAX-ACCESS not-accessible 775 STATUS current 776 DESCRIPTION 777 "Each entry in this table contains the information to be 778 used for configuring session limits for DS-lite." 779 INDEX { dsliteInstanceName, 780 dsliteSessionLimitaType } 781 :: = { dsliteSessionLimitTable 1 } 783 dsliteSessionLimitEntry :: = 784 SEQUENCE { 785 dsliteSessionLimitInstanceName DisplayString, 786 dsliteSessionLimitType INTEGER, 787 dsliteSessionLimitNumber Integer32, 788 dsliteSessionLimitStorageType StorageType, 789 dsliteSessionLimitRowStatus RowStatus 790 } 792 dsliteSessionLimitInstanceName OBJECT-TYPE 793 SYNTAX DisplayString (SIZE (1..31)) 794 MAX-ACCESS read-only 795 STATUS current 796 DESCRIPTION 797 " This object represents the instance name 798 that is limited." 799 ::= { dsliteSessionLimitEntry 1 } 801 dsliteSessionLimitType OBJECT-TYPE 802 SYNTAX INTEGER 803 { 804 tcp(0), 805 udp(1), 806 icmp(2), 807 total(3) 808 } 809 MAX-ACCESS read-only 810 STATUS current 811 DESCRIPTION 812 "This object represents the session limit type : 813 tcp or udp or totally." 814 ::= { dsliteSessionLimitEntry 2 } 816 dsliteSessionLimitNumber OBJECT-TYPE 817 SYNTAX Integer32 (1..65535) 818 MAX-ACCESS read-create 819 STATUS current 820 DESCRIPTION 821 " This table represents the limit number of the session." 822 ::= { dsliteSessionLimitEntry 3 } 824 dsliteSessionLimitStorageType OBJECT-TYPE 825 SYNTAX StorageType 826 MAX-ACCESS read-create 827 STATUS current 828 DESCRIPTION 829 "The storage type for this conceptual row. Conceptual 830 rows having the value 'permanent' need not allow 831 write-access to any columnar objects in the row." 832 ::= { dsliteSessionLimitEntry 4 } 834 dsliteSessionLimitRowStatus OBJECT-TYPE 835 SYNTAX RowStatus 836 MAX-ACCESS read-create 837 STATUS current 838 DESCRIPTION 839 " The status of this conceptual row." 840 REFERENCE 841 "Textual Conventions for SMIv2, Section 2." 842 DEFVAL { nonVolatile } 843 ::= { dsliteSessionLimitEntry 5 } 845 dslitePortLimitTable OBJECT-TYPE 846 SYNTAX SEQUENCE OF dslitePortLimitEntry 847 MAX-ACCESS not-accessible 848 STATUS current 849 DESCRIPTION 850 "This table is used to configure port limits for a 851 DS-Lite instance." 852 ::= { dsliteInfo 2 } 854 dslitePortLimitEntry OBJECT-TYPE 855 SYNTAX dslitePortLimitEntry 856 MAX-ACCESS not-accessible 857 STATUS current 858 DESCRIPTION 859 "Each entry in this table contains the information to be 860 used for configuring port limits for DS-lite." 861 INDEX { dslitePortLimitInstanceName, 862 dslitePortLimitType } 863 ::= { dslitePortLimitTable 1 } 865 dslitePortLimitEntry ::= 866 SEQUENCE { 867 dslitePortLimitInstanceName DisplayString, 868 dslitePortLimitType INTEGER, 869 dslitePortLimitNumber Integer32, 870 dslitePortLimitStorageType StorageType, 871 dslitePortLimitRowStatus RowStatus 872 } 874 dslitePortLimitInstanceName OBJECT-TYPE 875 SYNTAX DisplayString (SIZE (1..31)) 876 MAX-ACCESS read-only 877 STATUS current 878 DESCRIPTION 879 " This object represents the instance name 880 that is limited." 881 ::= { dslitePortLimitEntry 1 } 883 dslitePortLimitType OBJECT-TYPE 884 SYNTAX INTEGER 885 { 886 tcp(0), 887 udp(1), 888 icmp(2), 889 total(3) 890 } 891 MAX-ACCESS read-only 892 STATUS current 893 DESCRIPTION 894 "This object represents the port limit 895 type: tcp or udp or totally." 896 ::= { dslitePortLimitEntry 2 } 898 dslitePortLimitNumber OBJECT-TYPE 899 SYNTAX Integer32 (1..300000) 900 MAX-ACCESS read-create 901 STATUS current 902 DESCRIPTION 903 "This object represents the limit number of the 904 port usage." 905 ::= { dslitePortLimitEntry 3 } 907 dslitePortLimitStorageType OBJECT-TYPE 908 SYNTAX StorageType 909 MAX-ACCESS read-create 910 STATUS current 911 DESCRIPTION 912 "The storage type for this conceptual row. Conceptual 913 rows having the value 'permanent' need not allow 914 write-access to any columnar objects in the row." 915 ::= { dslitePortLimitEntry 4 } 917 dslitePortLimitRowStatus OBJECT-TYPE 918 SYNTAX RowStatus 919 MAX-ACCESS read-create 920 STATUS current 921 DESCRIPTION 922 "Create or delete table row." 923 ::= { dslitePortLimitEntry 5 } 925 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 3 } 927 dsliteAFTRAlarmB4Addr OBJECT-TYPE 928 SYNTAX dsliteTunnelStartAddress 929 MAX-ACCESS accessible-for-notify 930 STATUS current 931 DESCRIPTION 932 "This object indicate the IP address of 933 B4 that send alarm " 934 ::= { dsliteAFTRAlarmScalar 1 } 936 dsliteAFTRAlarmProtocolType OBJECT-TYPE 937 SYNTAX DisplayString 938 MAX-ACCESS accessible-for-notify 939 STATUS current 940 DESCRIPTION 941 "This object indicate the procotol type of alarm, 942 0:tcp,1:udp,2:icmp,3:total " 943 ::= { dsliteAFTRAlarmScalar 2 } 945 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 946 SYNTAX DisplayString 947 MAX-ACCESS accessible-for-notify 948 STATUS current 949 DESCRIPTION 950 "This object indicate the name of dsliteNATMapAddrName " 951 ::= { dsliteAFTRAlarmScalar 3 } 953 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 954 SYNTAX DisplayString 955 MAX-ACCESS accessible-for-notify 956 STATUS current 957 DESCRIPTION 958 " This object indicate the IP address whose port usage 959 reach threshold " 960 ::= { dsliteAFTRAlarmScalar 4 } 962 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 963 SYNTAX Integer32 (60..90) 964 MAX-ACCESS read-write 965 STATUS current 966 DESCRIPTION 967 " This object indicate the threshold of DS-Lite 968 connections alarm." 969 ::= { dsliteAFTRAlarmScalar 5 } 971 dsliteStatisticTable OBJECT-TYPE 972 SYNTAX SEQUENCE OF dsliteStatisticEntry 973 MAX-ACCESS not-accessible 974 STATUS current 975 DESCRIPTION 976 "This table provides statistical information 977 of DS-Lite." 978 ::= { dsliteInfo 4 } 980 dsliteStatisticEntry OBJECT-TYPE 981 SYNTAX dsliteStatisticEntry 982 MAX-ACCESS not-accessible 983 STATUS current 984 DESCRIPTION 985 "This table provides statistical information 986 of DS-Lite." 987 INDEX { dsliteStatisticInstanceName } 988 ::= { dsliteStatisticTable 1 } 990 dsliteStatisticEntry ::= 991 SEQUENCE { 992 dsliteStatisticInstanceName DisplayString, 993 dsliteStatisticDiscard Counter64, 994 dsliteStatisticReceived Counter64, 995 dsliteStatisticTransmitted Counter64, 996 dsliteStatisticIpv4Session Counter64, 997 dsliteStatisticIpv6Session Counter64, 998 dsliteStatisticStorageType StorageType, 999 dsliteStatisticRowStatus RowStatus 1000 } 1002 dsliteStatisticInstanceName OBJECT-TYPE 1003 SYNTAX DisplayString (SIZE (1..31)) 1004 MAX-ACCESS read-only 1005 STATUS current 1006 DESCRIPTION 1007 " This object indicate the instance name 1008 that is limited." 1009 ::= { dsliteStatisticEntry 1 } 1011 dsliteStatisticDiscard OBJECT-TYPE 1012 SYNTAX Counter64 1013 MAX-ACCESS read-create 1014 STATUS current 1015 DESCRIPTION 1016 " This object indicate the count number of 1017 the discarded packet." 1018 ::= { dsliteStatisticEntry 2 } 1020 dsliteStatisticReceived OBJECT-TYPE 1021 SYNTAX Counter64 1022 MAX-ACCESS read-create 1023 STATUS current 1024 DESCRIPTION 1025 "This object indicate the count number of 1026 received packet count." 1027 ::= { dsliteStatisticEntry 3 } 1029 dsliteStatisticTransmitted OBJECT-TYPE 1030 SYNTAX Counter64 1031 MAX-ACCESS read-create 1032 STATUS current 1033 DESCRIPTION 1034 "This object indicate the count number of 1035 transmitted packet count." 1036 ::= { dsliteStatisticEntry 4 } 1038 dsliteStatisticIpv4Session OBJECT-TYPE 1039 SYNTAX Counter64 1040 MAX-ACCESS read-create 1041 STATUS current 1042 DESCRIPTION 1043 " This object indicate the number of the 1044 current IPv4 Session." 1045 ::= { dsliteStatisticEntry 5 } 1047 dsliteStatisticIpv6Session OBJECT-TYPE 1048 SYNTAX Counter64 1049 MAX-ACCESS read-create 1050 STATUS current 1051 DESCRIPTION 1052 " This object indicate the number of the 1053 current IPv6 Session." 1054 ::= { dsliteStatisticEntry 6 } 1056 dsliteStatisticRowStatus OBJECT-TYPE 1057 SYNTAX RowStatus 1058 MAX-ACCESS read-create 1059 STATUS current 1060 DESCRIPTION 1061 "Create or delete table row." 1062 ::= { dsliteStatisticEntry 7 } 1064 ---dslite trap 1066 dsliteTunnelNumAlarm NOTIFICATION-TYPE 1067 STATUS current 1068 DESCRIPTION 1069 "This trap is triggered when dslite tunnel 1070 reach the threshold." 1071 ::= { dsliteTraps 1 } 1073 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 1074 OBJECTS { dsliteAFTRAlarmProtocolType, 1075 dsliteAFTRAlarmB4Addr } 1076 STATUS current 1077 DESCRIPTION 1078 " This trap is triggered when sessions of 1079 user reach the threshold." 1080 ::= { dsliteTraps 2 } 1082 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 1083 OBJECTS { dsliteAFTRAlarmMapAddrName, 1084 dsliteAFTRAlarmSpecificIP } 1085 STATUS current 1086 DESCRIPTION 1087 "This trap is triggered when used NAT 1088 ports of map address reach the threshold." 1089 ::= { dsliteTraps 3 } 1091 --Module Conformance statement 1093 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 1095 dsliteCompliance MODULE-COMPLIANCE 1096 STATUS current 1097 DESCRIPTION 1098 "Description." 1100 MODULE -- this module 1101 MANDATORY-GROUPS { dsliteNATMapGroup, 1102 dsliteTunnelGroup } 1103 ::= { dsliteCompliances 1 } 1105 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 1107 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 1108 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 1109 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 1110 dsliteAFTRAlarmConnectNumber } 1111 STATUS current 1112 DESCRIPTION 1113 " The collection of this objects are used to give the 1114 information about AFTR alarming Scalar." 1115 ::= { dsliteGroups 1 } 1117 dsliteNATMapGroup OBJECT-GROUP 1118 OBJECTS { dsliteNATMapIndex, dsliteNATMapAddrName, 1119 dsliteNATMapEntryType, dsliteNATMapLocalAddrFrom, 1120 dsliteNATMapLocalAddrTo, dsliteNATMapLocalPortFrom, 1121 dsliteNATMapLocalPortTo, dsliteNATMapGlobalAddrFrom, 1122 dsliteNATMapGlobalAddrTo, dsliteNATMapGlobalPortFrom, 1123 dsliteNATMapGlobalPortTo, dsliteNATMapAddrUsed, 1124 dsliteNATMapStorageType, dsliteNATMapRowStatu } 1125 STATUS current 1126 DESCRIPTION 1127 " The collection of this objects are used to give the 1128 information about NAT address mapping." 1129 ::= { dsliteGroups 2 } 1131 dsliteTunnelGroup OBJECT-GROUP 1132 OBJECTS { dsliteTunnelStartAddress, dsliteTunnelStartAddPreLen, 1133 dsliteTunnelEndAddress, 1134 dsliteTunnelStatus, 1135 dsliteTunnelStorageType } 1136 STATUS current 1137 DESCRIPTION 1138 " The collection of this objects are used to give the 1139 information of tunnel in ds-lite." 1140 ::= { dsliteGroups 3 } 1142 dsliteNATBindGroup OBJECT-GROUP 1143 OBJECTS { dsliteNATBindLocalAddr, dsliteNATBindLocalPort, 1144 dsliteNATBindGlobalAddr, dsliteNATBindGlobalPort, 1145 dsliteNATBindId, dsliteB4Addr, dsliteB4PreLen, 1146 dsliteNATBindMapIndex, dsliteNATBindSessions, 1147 dsliteNATBindMaxIdleTime, 1148 dsliteNATBindCurrentIdleTime, 1149 dsliteNATBindInTranslates, 1150 dsliteNATBindOutTranslates } 1151 STATUS current 1152 DESCRIPTION 1153 " The collection of this objects are used to give the 1154 information about NAT Bind." 1155 ::= { dsliteGroups 4 } 1157 dsliteSessionLimitGroup OBJECT-GROUP 1158 OBJECTS { dsliteSessionLimitInstanceName, 1159 dsliteSessionLimitType, dsliteSessionLimitNumber, 1160 dsliteSessionLimitStorageType, 1161 dsliteSessionLimitRowStatus } 1162 STATUS current 1163 DESCRIPTION 1164 " The collection of this objects are used to give the 1165 information about port limit." 1166 ::= { dsliteGroups 5 } 1168 dslitePortLimitGroup OBJECT-GROUP 1169 OBJECTS { dslitePortLimitInstanceName, 1170 dslitePortLimitType, dslitePortLimitNumber, 1171 dslitePortLimitStorageType, 1172 dslitePortLimitRowStatus } 1173 STATUS current 1174 DESCRIPTION 1175 " The collection of this objects are used to give the 1176 information about port limit." 1177 ::= { dsliteGroups 6 } 1179 dsliteStatisticGroup OBJECT-GROUP 1180 OBJECTS { dsliteStatisticInstanceName, 1181 dsliteStatisticDiscard, 1182 dsliteStatisticReceived, 1183 dsliteStatisticTransmitted, 1184 dsliteStatisticIpv4Session, 1185 dsliteStatisticIpv6Session, 1186 dsliteStatisticStorageType, 1187 dsliteStatisticRowStatus } 1188 STATUS current 1189 DESCRIPTION 1190 " The collection of this objects are used to give the 1191 statistical information of ds-lite." 1192 ::= { dsliteGroups 7 } 1194 dsliteTrapsGroup NOTIFICATION-GROUP 1195 NOTIFICATIONS { dsliteTunnelNumAlarm, 1196 dsliteAFTRUserSessionNumAlarm, 1197 dsliteAFTRPortUsageOfSpecificIpAlarm } 1198 STATUS current 1199 DESCRIPTION 1200 "The collection of this objects are used to give the 1201 trap information of ds-lite." 1202 ::= { dsliteGroups 8 } 1204 END 1206 9. Extending this MIB for Gateway Initiated Dual-Stack Lite 1208 Similar to DS-lite, GI-DS-lite enables the service provider to 1209 share public IPv4 addresses among different customers by combining 1210 tunneling and NAT. GI-DS-lite extends existing access tunnels 1211 beyond the access gateway to an IPv4-IPv4 NAT using softwires with 1212 an embedded context identifier that uniquely identifies the end host 1213 the tunneled packets belong to. The MIB defined in this document can 1214 easily extended to use for GI-DS-Lite scenario. New object as CID 1215 SHOULD be extended to the dsliteTunnelTable. And a new object as 1216 dsliteTunnelID can be defined in DS-Lite MIB as SWID in GI-DS-Lite. 1217 Both CID and SWID SHOULD be extended to the dsliteNATBindTable. It 1218 will use the combination of CID and SWID as the unique identifier for 1219 the end host and store it in the NAT binding entry. 1221 10. IANA Considerations 1223 The MIB module in this document uses the following IANA-assigned 1224 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 1225 the following IANA-assigned tunnelType values recorded in the 1226 IANAtunnelType-MIB registry: 1228 Descriptor OBJECT IDENTIFIER value 1229 ---------- ----------------------- 1230 DSLite-MIB { transmission XXX } 1232 IANAtunnelType ::= TEXTUAL-CONVENTION 1234 SYNTAX INTEGER { 1236 dsLite ("XX") -- dslite tunnel 1237 } 1239 Notes: As the Appendix A of the IP Tunnel MIB[RFC4087] described that 1240 it has already assigned the value direct(2) to indicate the tunnel 1241 type is IP in ip tunnel, but it is still difficult to distinguish the 1242 DS-Lite tunnel packets and the normal IP in IP tunnel packets in the 1243 scenario of the AFTR connecting to both the DS-lite tunnel and IP in 1244 IP tunnel. 1246 11. Security Considerations 1248 The DS-Lite MIB module can be used for configuration of certain 1249 objects, and anything that can be incorrectly configured, with 1250 potentially disastrous results. Because this MIB module reuses the 1251 IP tunnel MIB and nat MIB, the security considerations for these MIBs 1252 are also applicable to the DS-Lite MIB. 1254 Unauthorized read access todsliteTunnelEndAddress, or any object in 1255 the dsliteBindRelationTable or dslitePortBindRelationTable would 1256 reveal information about the mapping information. 1258 SNMP versions prior to SNMPv3 did not include adequate security. 1259 Even if the network itself is secure (for example by using IPSec), 1260 even then, there is no control as to who on the secure network is 1261 allowed to access and GET/SET (read/change/create/delete) the objects 1262 in this MIB module. 1264 It is RECOMMENDED that implementers consider the security features as 1265 provided by the SNMPv3 framework (see [RFC3410], section 8), 1266 including full support for the SNMPv3 cryptographic mechanisms (for 1267 authentication and privacy). 1269 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1270 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1271 enable cryptographic security. It is then a customer/operator 1272 responsibility to ensure that the SNMP entity giving access to an 1273 instance of this MIB module is properly configured to give access to 1274 the objects only to those principals (users) that have legitimate 1275 rights to indeed GET or SET (change/create/delete) them. 1277 12. References 1279 12.1. Normative References 1281 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1282 Requirement Levels", BCP 14, RFC 2119, March 1997. 1284 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1285 "Structure of Management Information Version 2 (SMIv2)", 1286 RFC 2578, April 1999. 1288 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual 1289 Conventions for SMIv2", RFC 2579, April 1999. 1291 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1292 "Conformance Statements for SMIv2", RFC 2580, April 1999. 1294 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 1295 MIB", RFC 2863, June 2000. 1297 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1298 Architecture for Describing Simple Network Management 1299 Protocol (SNMP) Management Frameworks", RFC 3411, December 1300 2002. 1302 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1303 Schoenwaelder, "Textual Conventions for Internet Network 1304 Addresses", RFC 4001, February 2005. 1306 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and 1307 Wang, C., "Definitions of Managed Objects for Network 1308 Address Translators (NAT)", RFC 4008, March 2005. 1310 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 1312 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1313 Stack Lite Broadband Deployments Following IPv4 1314 Exhaustion", RFC6333, August 2011. 1316 12.2. Informative References 1318 [I-D.ietf-softwire-gateway-init-ds-lite] 1319 Brockners, F., Gundavelli, S., Speicher, S., and D. Ward, 1320 "Gateway Initiated Dual-Stack Lite Deployment", 1321 draft-ietf-softwire-gateway-init-ds-lite-05 (work in 1322 progress), July 2011. 1324 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1325 "Introduction and Applicability Statements for Internet- 1326 Standard Management Framework", RFC 3410, December 2002. 1328 13. Change Log [RFC Editor please remove] 1330 draft-fu-softwire-dslite-mib-00, original version, 2011-05-04 1331 draft-fu-softwire-dslite-mib-01, 01 version, 2011-07-11 1333 draft-fu-softwire-dslite-mib-02, 02 version, 2011-08-27 1335 draft-fu-softwire-dslite-mib-03, 03 version, 2012-02-22 1337 draft-fu-softwire-dslite-mib-04, 04 version, 2012-04-24 1339 Author's Addresses 1341 Yu Fu 1342 Huawei Technologies Co., Ltd 1343 Huawei Building, 156 Beiqing Rd., 1344 Hai-Dian District, Beijing 100095 1345 P.R. China 1346 Email: eleven.fuyu@huawei.com 1348 Sheng Jiang 1349 Huawei Technologies Co., Ltd 1350 Huawei Building, 156 Beiqing Rd., 1351 Hai-Dian District, Beijing 100095 1352 P.R. China 1353 Email: jiangsheng@huawei.com 1355 Yong Cui 1356 Tsinghua University 1357 Department of Computer Science, Tsinghua University 1358 Beijing 100084 1359 P.R. China 1360 Email: yong@csnet1.cs.tsinghua.edu.cn 1362 Jiang Dong 1363 Tsinghua University 1364 Department of Computer Science, Tsinghua University 1365 Beijing 100084 1366 P.R. China 1367 Email: dongjiang@csnet1.cs.tsinghua.edu.cn