idnits 2.17.1 draft-ietf-behave-nat-mib-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 736: '... ifIndex MUST have the same ma...' RFC 2119 keyword, line 3731: '... RECOMMENDED. Instead, it is RECOMM...' -- The draft header indicates that this document obsoletes RFC4008, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 22, 2013) is 4081 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6333' is mentioned on line 3385, but not defined == Missing Reference: 'I-D.ietf-behave-lsn-requiremnents' is mentioned on line 3678, but not defined -- Looks like a reference, but probably isn't: '1' on line 3742 ** Downref: Normative reference to an Informational RFC: RFC 2663 ** Downref: Normative reference to an Informational RFC: RFC 3022 -- Obsolete informational reference (is this intentional?): RFC 4008 (Obsoleted by RFC 7658) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Perreault 3 Internet-Draft Viagenie 4 Obsoletes: 4008 (if approved) T. Tsou 5 Intended status: Standards Track Huawei Technologies (USA) 6 Expires: August 26, 2013 S. Sivakumar 7 Cisco Systems 8 February 22, 2013 10 Additional Managed Objects for Network Address Translators (NAT) 11 draft-ietf-behave-nat-mib-05 13 Abstract 15 This memo defines a portion of the Management Information Base (MIB) 16 for devices implementing Network Address Translator (NAT) function. 17 This MIB module may be used for monitoring of a device capable of NAT 18 function. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on August 26, 2013. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 58 3.2. New Features . . . . . . . . . . . . . . . . . . . . . . 4 59 3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 78 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 79 63 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 79 64 7.1. Normative References . . . . . . . . . . . . . . . . . . 79 65 7.2. Informative References . . . . . . . . . . . . . . . . . 80 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 80 68 1. Introduction 70 This memo defines a portion of the Management Information Base (MIB) 71 for devices implementing NAT function. This MIB module may be used 72 for monitoring of a device capable of NAT function. Using it for 73 configuration is deprecated. NAT types and their characteristics are 74 defined in [RFC2663]. Traditional NAT function, in particular is 75 defined in [RFC3022]. This MIB does not address the firewall 76 functions and must not be used for configuring or monitoring these. 77 Section 2 provides references to the SNMP management framework, which 78 was used as the basis for the MIB module definition. Section 3 79 provides an overview of the MIB features. Lastly, Section 4 has the 80 complete NAT MIB definition. 82 2. The Internet-Standard Management Framework 84 For a detailed overview of the documents that describe the current 85 Internet-Standard Management Framework, please refer to section 7 of 86 [RFC3410]. 88 Managed objects are accessed via a virtual information store, termed 89 the Management Information Base or MIB. MIB objects are generally 90 accessed through the Simple Network Management Protocol (SNMP). 92 Objects in the MIB are defined using the mechanisms defined in the 93 Structure of Management Information (SMI). This memo specifies a MIB 94 module that is compliant to the SMIv2, which is described in 95 [RFC2578], [RFC2579] and [RFC2580]. 97 3. Overview 99 3.1. Deprecated Features 101 All objects defined in [RFC4008] have been marked with "STATUS 102 deprecated" for the following reasons: 104 Writability: Experience with NAT has shown that implementations vary 105 tremendously. The NAT algorithms and data structures have little 106 in common across devices, and this results in wildly incompatible 107 configuration parameters. Therefore, few implementations were 108 ever able to claim full compliance. 110 Lesson learned: the MIB should be read-only as much as possible. 112 Exposing configuration parameters: Even in read-only mode, many 113 configuration parameters were exposed by [RFC4008] (e.g. 114 timeouts). Since implementations vary wildly in their sets of 115 configuration parameters, few implementations could claim even 116 basic compliance. 118 Lesson learned: the NAT MIB's purpose is not to expose 119 configuration parameters. 121 Interfaces: Objects from [RFC4008] tie NAT state with interfaces 122 (e.g. the interface table, the way map entries are grouped by 123 interface). Many NAT implementations either never keep track of 124 the interface or associate a mapping to a set of interfaces. 125 Since interfaces are at the core of [RFC4008], many NAT devices 126 were unable to have a proper implementation. 128 Lesson learned: NAT is a logical function that may be independent 129 of interfaces. Do not tie NAT state with interfaces. 131 NAT service types: [RFC4008] used four categories of NAT service: 132 basicNat, napt, bidirectionalNat, twiceNat. These are ill-defined 133 and many implementations either use different categories or do not 134 use categories at all. 136 Lesson learned: do not try to categorize NAT types. 138 Limited transport protocol set: The set of transport protocols was 139 defined as: other, icmp, udp, tcp. Furthermore, the numeric 140 values corresponding to those labels were arbitrary, without 141 relation to the actual standard protocol numbers. This meant that 142 NAT implementations were limited to those protocols and were 143 unable to expose information about DCCP, SCTP, etc. 145 Lesson learned: use standard transport protocol numbers. 147 3.2. New Features 149 New features in this module are as follows: 151 Counters: Many new counters are introduced. Most of them are 152 available in two variants: global and per-transport protocol. 154 Limits: A few limits on the quantity of state data stored by the NAT 155 device. Some of them can trigger notifications. 157 Address+Port Pools: Pools of external addresses and ports are often 158 used in enterprise and ISP settings. Pools are listed in a table, 159 each with its range of addresses and ports. It is possible to 160 inspect each pool's usage, to set limits, and to receive 161 notifications when thresholds are crossed. 163 Address Mappings: NATs that have an "IP address pooling" behavior of 164 "Paired" [RFC4787] maintain a mapping from internal address to 165 external address. This module allows inspection of this mapping 166 table. 168 Mapping table indexed by external 3-tuple: It is often necessary to 169 determine the internal address that is mapped to a given external 170 address and port. This MIB provides this table with an index to 171 accomplish this efficiently, without having to iterate over all 172 mappings. 174 Realms: See Section 3.3. 176 RFC 4787 terminology: Mapping table entries indicate the mapping 177 behavior, the filtering behavior, and the address pooling behavior 178 that were used to create the mapping. 180 Subscriber awareness: With the advent of CGN deployment, a set of 181 subscriber specific counters, limits and parameters are added. 183 3.3. Realms 185 Current NAT devices commonly allow the internal and external parts of 186 a mapping to come from different realms. The meaning of "realm" is 187 implementation-dependent. On some implementations it can be 188 equivalent to the name of a VPN Routing and Forwarding table (VRF). 189 On others it is simply the numeric index of a virtual routing table. 190 Note that this usage of "realm" is completely different from the one 191 in [RFC4008]. 193 This MIB allows the realm to be indicated where it makes sense. The 194 format is an SnmpAdminString. On platforms that identify realms with 195 integers, the string representation of the integer is used instead. 196 The empty string has special meaning: it refers to the default realm. 198 Note that many MIBs implicitly support realms in one form or another 199 by using SNMPv3 contexts. See for example the OSPFv2 MIB [RFC4750]. 200 This method cannot be used for the NAT MIB because mapppings can 201 belong to two realms simultaneously: the internal part can be in one 202 realm while the external part is in another. In such cases the NAT 203 function acts like a "wormhole" between two realms. Using contexts 204 would implicitly impose the restriction that all objects would have 205 to belong to the same realm. 207 4. Definitions 209 This MIB module IMPORTs objects from [RFC2578], [RFC2579], and 210 [RFC4001]. 212 NAT-MIB DEFINITIONS ::= BEGIN 214 IMPORTS 215 MODULE-IDENTITY, 216 OBJECT-TYPE, 217 Integer32, 218 Unsigned32, 219 Gauge32, 220 Counter64, 221 TimeTicks, 222 mib-2, 223 NOTIFICATION-TYPE 224 FROM SNMPv2-SMI 225 TEXTUAL-CONVENTION, 226 StorageType, 227 RowStatus 228 FROM SNMPv2-TC 229 MODULE-COMPLIANCE, 230 NOTIFICATION-GROUP, 231 OBJECT-GROUP 232 FROM SNMPv2-CONF 233 ifIndex, 234 ifCounterDiscontinuityGroup 235 FROM IF-MIB 236 SnmpAdminString 237 FROM SNMP-FRAMEWORK-MIB 238 InetAddressType, 239 InetAddress, 240 InetPortNumber 241 FROM INET-ADDRESS-MIB; 243 natMIB MODULE-IDENTITY 244 LAST-UPDATED "200001010000Z" 245 ORGANIZATION "TBD" 246 CONTACT-INFO "TBD" 247 DESCRIPTION 248 "This MIB module defines the generic managed objects 249 for NAT." 250 REVISION "200503210000Z" -- 21th March 2005 251 DESCRIPTION 252 "Initial version, published as RFC 4008." 253 REVISION "200001010000Z" 254 DESCRIPTION 255 "Dummy version. RFC Editor must replace this." 256 ::= { mib-2 123 } 258 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } 260 NatProtocolType ::= TEXTUAL-CONVENTION 261 STATUS deprecated 262 DESCRIPTION 263 "A list of protocols that support the network 264 address translation. Inclusion of the values is 265 not intended to imply that those protocols 266 need to be supported. Any change in this 267 TEXTUAL-CONVENTION should also be reflected in 268 the definition of NatProtocolMap, which is a 269 BITS representation of this." 270 SYNTAX INTEGER { 271 none (1), -- not specified 272 other (2), -- none of the following 273 icmp (3), 274 udp (4), 275 tcp (5) 276 } 278 NatProtocolMap ::= TEXTUAL-CONVENTION 279 STATUS deprecated 280 DESCRIPTION 281 "A bitmap of protocol identifiers that support 282 the network address translation. Any change 283 in this TEXTUAL-CONVENTION should also be 284 reflected in the definition of NatProtocolType." 285 SYNTAX BITS { 286 other (0), 287 icmp (1), 288 udp (2), 289 tcp (3) 290 } 292 NatAddrMapId ::= TEXTUAL-CONVENTION 293 DISPLAY-HINT "d" 294 STATUS deprecated 295 DESCRIPTION 296 "A unique id that is assigned to each address map 297 by a NAT enabled device." 298 SYNTAX Unsigned32 (1..4294967295) 300 NatBindIdOrZero ::= TEXTUAL-CONVENTION 301 DISPLAY-HINT "d" 302 STATUS deprecated 303 DESCRIPTION 304 "A unique id that is assigned to each bind by 305 a NAT enabled device. The bind id will be zero 306 in the case of a Symmetric NAT." 307 SYNTAX Unsigned32 (0..4294967295) 309 NatBindId ::= TEXTUAL-CONVENTION 310 DISPLAY-HINT "d" 311 STATUS deprecated 312 DESCRIPTION 313 "A unique id that is assigned to each bind by 314 a NAT enabled device." 315 SYNTAX Unsigned32 (1..4294967295) 317 NatSessionId ::= TEXTUAL-CONVENTION 318 DISPLAY-HINT "d" 319 STATUS deprecated 320 DESCRIPTION 321 "A unique id that is assigned to each session by 322 a NAT enabled device." 323 SYNTAX Unsigned32 (1..4294967295) 325 NatBindMode ::= TEXTUAL-CONVENTION 326 STATUS deprecated 327 DESCRIPTION 328 "An indication of whether the bind is 329 an address bind or an address port bind." 330 SYNTAX INTEGER { 331 addressBind (1), 332 addressPortBind (2) 333 } 335 NatAssociationType ::= TEXTUAL-CONVENTION 336 STATUS deprecated 337 DESCRIPTION 338 "An indication of whether the association is 339 static or dynamic." 340 SYNTAX INTEGER { 341 static (1), 342 dynamic (2) 343 } 345 NatTranslationEntity ::= TEXTUAL-CONVENTION 346 STATUS deprecated 347 DESCRIPTION 348 "An indication of a) the direction of a session for 349 which an address map entry, address bind or port 350 bind is applicable, and b) the entity (source or 351 destination) within the session that is subject to 352 translation." 353 SYNTAX BITS { 354 inboundSrcEndPoint (0), 355 outboundDstEndPoint(1), 356 inboundDstEndPoint (2), 357 outboundSrcEndPoint(3) 358 } 360 -- 361 -- Default Values for the Bind and NAT Protocol Timers 362 -- 364 natDefTimeouts OBJECT IDENTIFIER ::= { natMIBObjects 1 } 366 natNotifCtrl OBJECT IDENTIFIER ::= { natMIBObjects 2 } 368 -- 369 -- Address Bind and Port Bind related NAT configuration 370 -- 372 natBindDefIdleTimeout OBJECT-TYPE 373 SYNTAX Unsigned32 (0..4294967295) 374 UNITS "seconds" 375 MAX-ACCESS read-write 376 STATUS deprecated 377 DESCRIPTION 378 "The default Bind (Address Bind or Port Bind) idle 379 timeout parameter. 381 If the agent is capable of storing non-volatile 382 configuration, then the value of this object must be 383 restored after a re-initialization of the management 384 system." 385 DEFVAL { 0 } 386 ::= { natDefTimeouts 1 } 388 -- 389 -- UDP related NAT configuration 390 -- 392 natUdpDefIdleTimeout OBJECT-TYPE 393 SYNTAX Unsigned32 (1..4294967295) 394 UNITS "seconds" 395 MAX-ACCESS read-write 396 STATUS deprecated 397 DESCRIPTION 398 "The default UDP idle timeout parameter. 400 If the agent is capable of storing non-volatile 401 configuration, then the value of this object must be 402 restored after a re-initialization of the management 403 system." 404 DEFVAL { 300 } 405 ::= { natDefTimeouts 2 } 407 -- 408 -- ICMP related NAT configuration 409 -- 411 natIcmpDefIdleTimeout OBJECT-TYPE 412 SYNTAX Unsigned32 (1..4294967295) 413 UNITS "seconds" 414 MAX-ACCESS read-write 415 STATUS deprecated 416 DESCRIPTION 417 "The default ICMP idle timeout parameter. 419 If the agent is capable of storing non-volatile 420 configuration, then the value of this object must be 421 restored after a re-initialization of the management 422 system." 423 DEFVAL { 300 } 424 ::= { natDefTimeouts 3 } 426 -- 427 -- Other protocol parameters 428 -- 430 natOtherDefIdleTimeout OBJECT-TYPE 431 SYNTAX Unsigned32 (1..4294967295) 432 UNITS "seconds" 433 MAX-ACCESS read-write 434 STATUS deprecated 435 DESCRIPTION 436 "The default idle timeout parameter for protocols 437 represented by the value other (2) in 438 NatProtocolType. 440 If the agent is capable of storing non-volatile 441 configuration, then the value of this object must be 442 restored after a re-initialization of the management 443 system." 444 DEFVAL { 60 } 445 ::= { natDefTimeouts 4 } 447 -- 448 -- TCP related NAT Timers 449 -- 451 natTcpDefIdleTimeout OBJECT-TYPE 452 SYNTAX Unsigned32 (1..4294967295) 453 UNITS "seconds" 454 MAX-ACCESS read-write 455 STATUS deprecated 456 DESCRIPTION 457 "The default time interval that a NAT session for an 458 established TCP connection is allowed to remain 459 valid without any activity on the TCP connection. 461 If the agent is capable of storing non-volatile 462 configuration, then the value of this object must be 463 restored after a re-initialization of the management 464 system." 465 DEFVAL { 86400 } 466 ::= { natDefTimeouts 5 } 468 natTcpDefNegTimeout OBJECT-TYPE 469 SYNTAX Unsigned32 (1..4294967295) 470 UNITS "seconds" 471 MAX-ACCESS read-write 472 STATUS deprecated 473 DESCRIPTION 474 "The default time interval that a NAT session for a TCP 475 connection that is not in the established state 476 is allowed to remain valid without any activity on 477 the TCP connection. 479 If the agent is capable of storing non-volatile 480 configuration, then the value of this object must be 481 restored after a re-initialization of the management 482 system." 483 DEFVAL { 60 } 484 ::= { natDefTimeouts 6 } 486 natNotifThrottlingInterval OBJECT-TYPE 487 SYNTAX Integer32 (0 | 5..3600) 488 UNITS "seconds" 489 MAX-ACCESS read-write 490 STATUS deprecated 491 DESCRIPTION 492 "This object controls the generation of the 493 natPacketDiscard notification. 495 If this object has a value of zero, then no 496 natPacketDiscard notifications will be transmitted by 497 the agent. 499 If this object has a non-zero value, then the agent must 500 not generate more than one natPacketDiscard 501 'notification-event' in the indicated period, where a 502 'notification-event' is the generation of a single 503 notification PDU type to a list of notification 504 destinations. If additional NAT packets are discarded 505 within the throttling period, then notification-events 506 for these changes must be suppressed by the agent until 507 the current throttling period expires. 509 If natNotifThrottlingInterval notification generation 510 is enabled, the suggested default throttling period is 511 60 seconds, but generation of the natPacketDiscard 512 notification should be disabled by default. 514 If the agent is capable of storing non-volatile 515 configuration, then the value of this object must be 516 restored after a re-initialization of the management 517 system. 519 The actual transmission of notifications is controlled 520 via the MIB modules in RFC 3413." 521 DEFVAL { 0 } 522 ::= { natNotifCtrl 1 } 524 -- 525 -- The NAT Interface Table 526 -- 527 natInterfaceTable OBJECT-TYPE 528 SYNTAX SEQUENCE OF NatInterfaceEntry 529 MAX-ACCESS not-accessible 530 STATUS deprecated 531 DESCRIPTION 532 "This table specifies the attributes for interfaces on a 533 device supporting NAT function." 534 ::= { natMIBObjects 3 } 536 natInterfaceEntry OBJECT-TYPE 537 SYNTAX NatInterfaceEntry 538 MAX-ACCESS not-accessible 539 STATUS deprecated 540 DESCRIPTION 541 "Each entry in the natInterfaceTable holds a set of 542 parameters for an interface, instantiated by 543 ifIndex. Therefore, the interface index must have been 544 assigned, according to the applicable procedures, 545 before it can be meaningfully used. 546 Generally, this means that the interface must exist. 548 When natStorageType is of type nonVolatile, however, 549 this may reflect the configuration for an interface 550 whose ifIndex has been assigned but for which the 551 supporting implementation is not currently present." 552 INDEX { ifIndex } 553 ::= { natInterfaceTable 1 } 555 NatInterfaceEntry ::= SEQUENCE { 556 natInterfaceRealm INTEGER, 557 natInterfaceServiceType BITS, 558 natInterfaceInTranslates Counter64, 559 natInterfaceOutTranslates Counter64, 560 natInterfaceDiscards Counter64, 561 natInterfaceStorageType StorageType, 562 natInterfaceRowStatus RowStatus 563 } 565 natInterfaceRealm OBJECT-TYPE 566 SYNTAX INTEGER { 567 private (1), 568 public (2) 569 } 570 MAX-ACCESS read-create 571 STATUS deprecated 572 DESCRIPTION 573 "This object identifies whether this interface is 574 connected to the private or the public realm." 576 DEFVAL { public } 577 ::= { natInterfaceEntry 1 } 579 natInterfaceServiceType OBJECT-TYPE 580 SYNTAX BITS { 581 basicNat (0), 582 napt (1), 583 bidirectionalNat (2), 584 twiceNat (3) 585 } 586 MAX-ACCESS read-create 587 STATUS deprecated 588 DESCRIPTION 589 "An indication of the direction in which new sessions 590 are permitted and the extent of translation done within 591 the IP and transport headers." 592 ::= { natInterfaceEntry 2 } 594 natInterfaceInTranslates OBJECT-TYPE 595 SYNTAX Counter64 596 MAX-ACCESS read-only 597 STATUS deprecated 598 DESCRIPTION 599 "Number of packets received on this interface that 600 were translated. 601 Discontinuities in the value of this counter can occur 602 at reinitialization of the management system and at 603 other times as indicated by the value of 604 ifCounterDiscontinuityTime on the relevant interface." 605 ::= { natInterfaceEntry 3 } 607 natInterfaceOutTranslates OBJECT-TYPE 608 SYNTAX Counter64 609 MAX-ACCESS read-only 610 STATUS deprecated 611 DESCRIPTION 612 "Number of translated packets that were sent out this 613 interface. 615 Discontinuities in the value of this counter can occur 616 at reinitialization of the management system and at 617 other times as indicated by the value of 618 ifCounterDiscontinuityTime on the relevant interface." 619 ::= { natInterfaceEntry 4 } 621 natInterfaceDiscards OBJECT-TYPE 622 SYNTAX Counter64 623 MAX-ACCESS read-only 624 STATUS deprecated 625 DESCRIPTION 626 "Number of packets that had to be rejected/dropped due to 627 a lack of resources for this interface. 629 Discontinuities in the value of this counter can occur 630 at reinitialization of the management system and at 631 other times as indicated by the value of 632 ifCounterDiscontinuityTime on the relevant interface." 633 ::= { natInterfaceEntry 5 } 635 natInterfaceStorageType OBJECT-TYPE 636 SYNTAX StorageType 637 MAX-ACCESS read-create 638 STATUS deprecated 639 DESCRIPTION 640 "The storage type for this conceptual row. 641 Conceptual rows having the value 'permanent' 642 need not allow write-access to any columnar objects 643 in the row." 644 REFERENCE 645 "Textual Conventions for SMIv2, Section 2." 646 DEFVAL { nonVolatile } 647 ::= { natInterfaceEntry 6 } 649 natInterfaceRowStatus OBJECT-TYPE 650 SYNTAX RowStatus 651 MAX-ACCESS read-create 652 STATUS deprecated 653 DESCRIPTION 654 "The status of this conceptual row. 656 Until instances of all corresponding columns are 657 appropriately configured, the value of the 658 corresponding instance of the natInterfaceRowStatus 659 column is 'notReady'. 661 In particular, a newly created row cannot be made 662 active until the corresponding instance of 663 natInterfaceServiceType has been set. 665 None of the objects in this row may be modified 666 while the value of this object is active(1)." 667 REFERENCE 668 "Textual Conventions for SMIv2, Section 2." 669 ::= { natInterfaceEntry 7 } 671 -- 672 -- The Address Map Table 673 -- 675 natAddrMapTable OBJECT-TYPE 676 SYNTAX SEQUENCE OF NatAddrMapEntry 677 MAX-ACCESS not-accessible 678 STATUS deprecated 679 DESCRIPTION 680 "This table lists address map parameters for NAT." 681 ::= { natMIBObjects 4 } 683 natAddrMapEntry OBJECT-TYPE 684 SYNTAX NatAddrMapEntry 685 MAX-ACCESS not-accessible 686 STATUS deprecated 687 DESCRIPTION 688 "This entry represents an address map to be used for 689 NAT and contributes to the dynamic and/or static 690 address mapping tables of the NAT device." 691 INDEX { ifIndex, natAddrMapIndex } 692 ::= { natAddrMapTable 1 } 694 NatAddrMapEntry ::= SEQUENCE { 695 natAddrMapIndex NatAddrMapId, 696 natAddrMapName SnmpAdminString, 697 natAddrMapEntryType NatAssociationType, 698 natAddrMapTranslationEntity NatTranslationEntity, 699 natAddrMapLocalAddrType InetAddressType, 700 natAddrMapLocalAddrFrom InetAddress, 701 natAddrMapLocalAddrTo InetAddress, 702 natAddrMapLocalPortFrom InetPortNumber, 703 natAddrMapLocalPortTo InetPortNumber, 704 natAddrMapGlobalAddrType InetAddressType, 705 natAddrMapGlobalAddrFrom InetAddress, 706 natAddrMapGlobalAddrTo InetAddress, 707 natAddrMapGlobalPortFrom InetPortNumber, 708 natAddrMapGlobalPortTo InetPortNumber, 709 natAddrMapProtocol NatProtocolMap, 710 natAddrMapInTranslates Counter64, 711 natAddrMapOutTranslates Counter64, 712 natAddrMapDiscards Counter64, 713 natAddrMapAddrUsed Gauge32, 714 natAddrMapStorageType StorageType, 715 natAddrMapRowStatus RowStatus 716 } 718 natAddrMapIndex OBJECT-TYPE 719 SYNTAX NatAddrMapId 720 MAX-ACCESS not-accessible 721 STATUS deprecated 722 DESCRIPTION 723 "Along with ifIndex, this object uniquely 724 identifies an entry in the natAddrMapTable. 725 Address map entries are applied in the order 726 specified by natAddrMapIndex." 727 ::= { natAddrMapEntry 1 } 729 natAddrMapName OBJECT-TYPE 730 SYNTAX SnmpAdminString (SIZE(1..32)) 731 MAX-ACCESS read-create 732 STATUS deprecated 733 DESCRIPTION 734 "Name identifying all map entries in the table associated 735 with the same interface. All map entries with the same 736 ifIndex MUST have the same map name." 737 ::= { natAddrMapEntry 2 } 739 natAddrMapEntryType OBJECT-TYPE 740 SYNTAX NatAssociationType 741 MAX-ACCESS read-create 742 STATUS deprecated 743 DESCRIPTION 744 "This parameter can be used to set up static 745 or dynamic address maps." 746 ::= { natAddrMapEntry 3 } 748 natAddrMapTranslationEntity OBJECT-TYPE 749 SYNTAX NatTranslationEntity 750 MAX-ACCESS read-create 751 STATUS deprecated 752 DESCRIPTION 753 "The end-point entity (source or destination) in 754 inbound or outbound sessions (i.e., first packets) that 755 may be translated by an address map entry. 757 Session direction (inbound or outbound) is 758 derived from the direction of the first packet 759 of a session traversing a NAT interface. 760 NAT address (and Transport-ID) maps may be defined 761 to effect inbound or outbound sessions. 763 Traditionally, address maps for Basic NAT and NAPT are 764 configured on a public interface for outbound sessions, 765 effecting translation of source end-point. The value of 766 this object must be set to outboundSrcEndPoint for 767 those interfaces. 769 Alternately, if address maps for Basic NAT and NAPT were 770 to be configured on a private interface, the desired 771 value for this object for the map entries 772 would be inboundSrcEndPoint (i.e., effecting translation 773 of source end-point for inbound sessions). 775 If TwiceNAT were to be configured on a private 776 interface, the desired value for this object for the map 777 entries would be a bitmask of inboundSrcEndPoint and 778 inboundDstEndPoint." 779 ::= { natAddrMapEntry 4 } 781 natAddrMapLocalAddrType OBJECT-TYPE 782 SYNTAX InetAddressType 783 MAX-ACCESS read-create 784 STATUS deprecated 785 DESCRIPTION 786 "This object specifies the address type used for 787 natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo." 788 ::= { natAddrMapEntry 5 } 790 natAddrMapLocalAddrFrom OBJECT-TYPE 791 SYNTAX InetAddress 792 MAX-ACCESS read-create 793 STATUS deprecated 794 DESCRIPTION 795 "This object specifies the first IP address of the range 796 of IP addresses mapped by this translation entry. The 797 value of this object must be less than or equal to the 798 value of the natAddrMapLocalAddrTo object. 800 The type of this address is determined by the value of 801 the natAddrMapLocalAddrType object." 802 ::= { natAddrMapEntry 6 } 804 natAddrMapLocalAddrTo OBJECT-TYPE 805 SYNTAX InetAddress 806 MAX-ACCESS read-create 807 STATUS deprecated 808 DESCRIPTION 809 "This object specifies the last IP address of the range 810 of IP addresses mapped by this translation entry. If 811 only a single address is being mapped, the value of this 812 object is equal to the value of natAddrMapLocalAddrFrom. 813 For a static NAT, the number of addresses in the range 814 defined by natAddrMapLocalAddrFrom and 815 natAddrMapLocalAddrTo must be equal to the number of 816 addresses in the range defined by 817 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo. 818 The value of this object must be greater than or equal 819 to the value of the natAddrMapLocalAddrFrom object. 821 The type of this address is determined by the value of 822 the natAddrMapLocalAddrType object." 823 ::= { natAddrMapEntry 7 } 825 natAddrMapLocalPortFrom OBJECT-TYPE 826 SYNTAX InetPortNumber 827 MAX-ACCESS read-create 828 STATUS deprecated 829 DESCRIPTION 830 "If this conceptual row describes a Basic NAT address 831 mapping, then the value of this object must be zero. If 832 this conceptual row describes NAPT, then the value of 833 this object specifies the first port number in the range 834 of ports being mapped. 836 The value of this object must be less than or equal to 837 the value of the natAddrMapLocalPortTo object. If the 838 translation specifies a single port, then the value of 839 this object is equal to the value of 840 natAddrMapLocalPortTo." 841 DEFVAL { 0 } 842 ::= { natAddrMapEntry 8 } 844 natAddrMapLocalPortTo OBJECT-TYPE 845 SYNTAX InetPortNumber 846 MAX-ACCESS read-create 847 STATUS deprecated 848 DESCRIPTION 849 "If this conceptual row describes a Basic NAT address 850 mapping, then the value of this object must be zero. If 851 this conceptual row describes NAPT, then the value of 852 this object specifies the last port number in the range 853 of ports being mapped. 855 The value of this object must be greater than or equal 856 to the value of the natAddrMapLocalPortFrom object. If 857 the translation specifies a single port, then the value 858 of this object is equal to the value of 859 natAddrMapLocalPortFrom." 860 DEFVAL { 0 } 861 ::= { natAddrMapEntry 9 } 863 natAddrMapGlobalAddrType OBJECT-TYPE 864 SYNTAX InetAddressType 865 MAX-ACCESS read-create 866 STATUS deprecated 867 DESCRIPTION 868 "This object specifies the address type used for 869 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo." 870 ::= { natAddrMapEntry 10 } 872 natAddrMapGlobalAddrFrom OBJECT-TYPE 873 SYNTAX InetAddress 874 MAX-ACCESS read-create 875 STATUS deprecated 876 DESCRIPTION 877 "This object specifies the first IP address of the range 878 of IP addresses being mapped to. The value of this 879 object must be less than or equal to the value of the 880 natAddrMapGlobalAddrTo object. 882 The type of this address is determined by the value of 883 the natAddrMapGlobalAddrType object." 884 ::= { natAddrMapEntry 11 } 886 natAddrMapGlobalAddrTo OBJECT-TYPE 887 SYNTAX InetAddress 888 MAX-ACCESS read-create 889 STATUS deprecated 890 DESCRIPTION 891 "This object specifies the last IP address of the range 892 of IP addresses being mapped to. If only a single 893 address is being mapped to, the value of this object is 894 equal to the value of natAddrMapGlobalAddrFrom. For a 895 static NAT, the number of addresses in the range defined 896 by natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo 897 must be equal to the number of addresses in the range 898 defined by natAddrMapLocalAddrFrom and 899 natAddrMapLocalAddrTo. The value of this object must be 900 greater than or equal to the value of the 901 natAddrMapGlobalAddrFrom object. 903 The type of this address is determined by the value of 904 the natAddrMapGlobalAddrType object." 905 ::= { natAddrMapEntry 12 } 907 natAddrMapGlobalPortFrom OBJECT-TYPE 908 SYNTAX InetPortNumber 909 MAX-ACCESS read-create 910 STATUS deprecated 911 DESCRIPTION 912 "If this conceptual row describes a Basic NAT address 913 mapping, then the value of this object must be zero. If 914 this conceptual row describes NAPT, then the value of 915 this object specifies the first port number in the range 916 of ports being mapped to. 918 The value of this object must be less than or equal to 919 the value of the natAddrMapGlobalPortTo object. If the 920 translation specifies a single port, then the value of 921 this object is equal to the value 922 natAddrMapGlobalPortTo." 923 DEFVAL { 0 } 924 ::= { natAddrMapEntry 13 } 926 natAddrMapGlobalPortTo OBJECT-TYPE 927 SYNTAX InetPortNumber 928 MAX-ACCESS read-create 929 STATUS deprecated 930 DESCRIPTION 931 "If this conceptual row describes a Basic NAT address 932 mapping, then the value of this object must be zero. If 933 this conceptual row describes NAPT, then the value of 934 this object specifies the last port number in the range 935 of ports being mapped to. 937 The value of this object must be greater than or equal 938 to the value of the natAddrMapGlobalPortFrom object. If 939 the translation specifies a single port, then the value 940 of this object is equal to the value of 941 natAddrMapGlobalPortFrom." 942 DEFVAL { 0 } 943 ::= { natAddrMapEntry 14 } 945 natAddrMapProtocol OBJECT-TYPE 946 SYNTAX NatProtocolMap 947 MAX-ACCESS read-create 948 STATUS deprecated 949 DESCRIPTION 950 "This object specifies a bitmap of protocol identifiers." 951 ::= { natAddrMapEntry 15 } 953 natAddrMapInTranslates OBJECT-TYPE 954 SYNTAX Counter64 955 MAX-ACCESS read-only 956 STATUS deprecated 957 DESCRIPTION 958 "The number of inbound packets pertaining to this address 959 map entry that were translated. 961 Discontinuities in the value of this counter can occur 962 at reinitialization of the management system and at 963 other times, as indicated by the value of 964 ifCounterDiscontinuityTime on the relevant interface." 965 ::= { natAddrMapEntry 16 } 967 natAddrMapOutTranslates OBJECT-TYPE 968 SYNTAX Counter64 969 MAX-ACCESS read-only 970 STATUS deprecated 971 DESCRIPTION 972 "The number of outbound packets pertaining to this 973 address map entry that were translated. 975 Discontinuities in the value of this counter can occur 976 at reinitialization of the management system and at 977 other times, as indicated by the value of 978 ifCounterDiscontinuityTime on the relevant interface." 979 ::= { natAddrMapEntry 17 } 981 natAddrMapDiscards OBJECT-TYPE 982 SYNTAX Counter64 983 MAX-ACCESS read-only 984 STATUS deprecated 985 DESCRIPTION 986 "The number of packets pertaining to this address map 987 entry that were dropped due to lack of addresses in the 988 address pool identified by this address map. The value 989 of this object must always be zero in case of static 990 address map. 992 Discontinuities in the value of this counter can occur 993 at reinitialization of the management system and at 994 other times, as indicated by the value of 995 ifCounterDiscontinuityTime on the relevant interface." 996 ::= { natAddrMapEntry 18 } 998 natAddrMapAddrUsed OBJECT-TYPE 999 SYNTAX Gauge32 1000 MAX-ACCESS read-only 1001 STATUS deprecated 1002 DESCRIPTION 1003 "The number of addresses pertaining to this address map 1004 that are currently being used from the NAT pool. 1005 The value of this object must always be zero in the case 1006 of a static address map." 1007 ::= { natAddrMapEntry 19 } 1009 natAddrMapStorageType OBJECT-TYPE 1010 SYNTAX StorageType 1011 MAX-ACCESS read-create 1012 STATUS deprecated 1013 DESCRIPTION 1014 "The storage type for this conceptual row. 1015 Conceptual rows having the value 'permanent' 1016 need not allow write-access to any columnar objects 1017 in the row." 1018 REFERENCE 1019 "Textual Conventions for SMIv2, Section 2." 1020 DEFVAL { nonVolatile } 1021 ::= { natAddrMapEntry 20 } 1023 natAddrMapRowStatus OBJECT-TYPE 1024 SYNTAX RowStatus 1025 MAX-ACCESS read-create 1026 STATUS deprecated 1027 DESCRIPTION 1028 "The status of this conceptual row. 1030 Until instances of all corresponding columns are 1031 appropriately configured, the value of the 1032 corresponding instance of the natAddrMapRowStatus 1033 column is 'notReady'. 1035 None of the objects in this row may be modified 1036 while the value of this object is active(1)." 1037 REFERENCE 1038 "Textual Conventions for SMIv2, Section 2." 1039 ::= { natAddrMapEntry 21 } 1041 -- 1042 -- Address Bind section 1043 -- 1045 natAddrBindNumberOfEntries OBJECT-TYPE 1046 SYNTAX Gauge32 1047 MAX-ACCESS read-only 1048 STATUS deprecated 1049 DESCRIPTION 1050 "This object maintains a count of the number of entries 1051 that currently exist in the natAddrBindTable." 1052 ::= { natMIBObjects 5 } 1054 -- 1055 -- The NAT Address BIND Table 1056 -- 1058 natAddrBindTable OBJECT-TYPE 1059 SYNTAX SEQUENCE OF NatAddrBindEntry 1060 MAX-ACCESS not-accessible 1061 STATUS deprecated 1062 DESCRIPTION 1063 "This table holds information about the currently 1064 active NAT BINDs." 1065 ::= { natMIBObjects 6 } 1067 natAddrBindEntry OBJECT-TYPE 1068 SYNTAX NatAddrBindEntry 1069 MAX-ACCESS not-accessible 1070 STATUS deprecated 1071 DESCRIPTION 1072 "Each entry in this table holds information about 1073 an active address BIND. These entries are lost 1074 upon agent restart. 1076 This row has indexing which may create variables with 1077 more than 128 subidentifiers. Implementers of this 1078 table must be careful not to create entries that would 1079 result in OIDs which exceed the 128 subidentifier limit. 1080 Otherwise, the information cannot be accessed using 1081 SNMPv1, SNMPv2c or SNMPv3." 1083 INDEX { ifIndex, 1084 natAddrBindLocalAddrType, 1085 natAddrBindLocalAddr } 1086 ::= { natAddrBindTable 1 } 1088 NatAddrBindEntry ::= SEQUENCE { 1089 natAddrBindLocalAddrType InetAddressType, 1090 natAddrBindLocalAddr InetAddress, 1091 natAddrBindGlobalAddrType InetAddressType, 1092 natAddrBindGlobalAddr InetAddress, 1093 natAddrBindId NatBindId, 1094 natAddrBindTranslationEntity NatTranslationEntity, 1095 natAddrBindType NatAssociationType, 1096 natAddrBindMapIndex NatAddrMapId, 1097 natAddrBindSessions Gauge32, 1098 natAddrBindMaxIdleTime TimeTicks, 1099 natAddrBindCurrentIdleTime TimeTicks, 1100 natAddrBindInTranslates Counter64, 1101 natAddrBindOutTranslates Counter64 1103 } 1105 natAddrBindLocalAddrType OBJECT-TYPE 1106 SYNTAX InetAddressType 1107 MAX-ACCESS not-accessible 1108 STATUS deprecated 1109 DESCRIPTION 1110 "This object specifies the address type used for 1111 natAddrBindLocalAddr." 1112 ::= { natAddrBindEntry 1 } 1114 natAddrBindLocalAddr OBJECT-TYPE 1115 SYNTAX InetAddress 1116 MAX-ACCESS not-accessible 1117 STATUS deprecated 1118 DESCRIPTION 1119 "This object represents the private-realm specific 1120 network layer address, which maps to the public-realm 1121 address represented by natAddrBindGlobalAddr. 1123 The type of this address is determined by the value of 1124 the natAddrBindLocalAddrType object." 1125 ::= { natAddrBindEntry 2 } 1127 natAddrBindGlobalAddrType OBJECT-TYPE 1128 SYNTAX InetAddressType 1129 MAX-ACCESS read-only 1130 STATUS deprecated 1131 DESCRIPTION 1132 "This object specifies the address type used for 1133 natAddrBindGlobalAddr." 1134 ::= { natAddrBindEntry 3 } 1136 natAddrBindGlobalAddr OBJECT-TYPE 1137 SYNTAX InetAddress 1138 MAX-ACCESS read-only 1139 STATUS deprecated 1140 DESCRIPTION 1141 "This object represents the public-realm network layer 1142 address that maps to the private-realm network layer 1143 address represented by natAddrBindLocalAddr. 1145 The type of this address is determined by the value of 1146 the natAddrBindGlobalAddrType object." 1147 ::= { natAddrBindEntry 4 } 1149 natAddrBindId OBJECT-TYPE 1150 SYNTAX NatBindId 1151 MAX-ACCESS read-only 1152 STATUS deprecated 1153 DESCRIPTION 1154 "This object represents a bind id that is dynamically 1155 assigned to each bind by a NAT enabled device. Each 1156 bind is represented by a bind id that is 1157 unique across both, the natAddrBindTable and the 1158 natAddrPortBindTable." 1159 ::= { natAddrBindEntry 5 } 1161 natAddrBindTranslationEntity OBJECT-TYPE 1162 SYNTAX NatTranslationEntity 1163 MAX-ACCESS read-only 1164 STATUS deprecated 1165 DESCRIPTION 1166 "This object represents the direction of sessions 1167 for which this bind is applicable and the endpoint 1168 entity (source or destination) within the sessions that 1169 is subject to translation using the BIND. 1171 Orientation of the bind can be a superset of 1172 translationEntity of the address map entry which 1173 forms the basis for this bind. 1175 For example, if the translationEntity of an 1176 address map entry is outboundSrcEndPoint, the 1177 translationEntity of a bind derived from this 1178 map entry may either be outboundSrcEndPoint or 1179 it may be bidirectional (a bitmask of 1180 outboundSrcEndPoint and inboundDstEndPoint)." 1181 ::= { natAddrBindEntry 6 } 1183 natAddrBindType OBJECT-TYPE 1184 SYNTAX NatAssociationType 1185 MAX-ACCESS read-only 1186 STATUS deprecated 1187 DESCRIPTION 1188 "This object indicates whether the bind is static or 1189 dynamic." 1190 ::= { natAddrBindEntry 7 } 1192 natAddrBindMapIndex OBJECT-TYPE 1193 SYNTAX NatAddrMapId 1194 MAX-ACCESS read-only 1195 STATUS deprecated 1196 DESCRIPTION 1197 "This object is a pointer to the natAddrMapTable entry 1198 (and the parameters of that entry) which was used in 1199 creating this BIND. This object, in conjunction with 1200 the ifIndex (which identifies a unique addrMapName) 1201 points to a unique entry in the natAddrMapTable." 1202 ::= { natAddrBindEntry 8 } 1204 natAddrBindSessions OBJECT-TYPE 1205 SYNTAX Gauge32 1206 MAX-ACCESS read-only 1207 STATUS deprecated 1208 DESCRIPTION 1209 "Number of sessions currently using this BIND." 1210 ::= { natAddrBindEntry 9 } 1212 natAddrBindMaxIdleTime OBJECT-TYPE 1213 SYNTAX TimeTicks 1214 MAX-ACCESS read-only 1215 STATUS deprecated 1216 DESCRIPTION 1217 "This object indicates the maximum time for 1218 which this bind can be idle with no sessions 1219 attached to it. 1221 The value of this object is of relevance only for 1222 dynamic NAT." 1223 ::= { natAddrBindEntry 10 } 1225 natAddrBindCurrentIdleTime OBJECT-TYPE 1226 SYNTAX TimeTicks 1227 MAX-ACCESS read-only 1228 STATUS deprecated 1229 DESCRIPTION 1230 "At any given instance, this object indicates the 1231 time that this bind has been idle without any sessions 1232 attached to it. 1234 The value of this object is of relevance only for 1235 dynamic NAT." 1236 ::= { natAddrBindEntry 11 } 1238 natAddrBindInTranslates OBJECT-TYPE 1239 SYNTAX Counter64 1240 MAX-ACCESS read-only 1241 STATUS deprecated 1242 DESCRIPTION 1243 "The number of inbound packets that were successfully 1244 translated by using this bind entry. 1246 Discontinuities in the value of this counter can occur 1247 at reinitialization of the management system and at 1248 other times, as indicated by the value of 1249 ifCounterDiscontinuityTime on the relevant interface." 1250 ::= { natAddrBindEntry 12 } 1252 natAddrBindOutTranslates OBJECT-TYPE 1253 SYNTAX Counter64 1254 MAX-ACCESS read-only 1255 STATUS deprecated 1256 DESCRIPTION 1257 "The number of outbound packets that were successfully 1258 translated using this bind entry. 1260 Discontinuities in the value of this counter can occur 1261 at reinitialization of the management system and at 1262 other times as indicated by the value of 1263 ifCounterDiscontinuityTime on the relevant interface." 1264 ::= { natAddrBindEntry 13 } 1266 -- 1267 -- Address Port Bind section 1268 -- 1270 natAddrPortBindNumberOfEntries OBJECT-TYPE 1271 SYNTAX Gauge32 1272 MAX-ACCESS read-only 1273 STATUS deprecated 1274 DESCRIPTION 1275 "This object maintains a count of the number of entries 1276 that currently exist in the natAddrPortBindTable." 1277 ::= { natMIBObjects 7 } 1279 -- 1280 -- The NAT Address Port Bind Table 1281 -- 1283 natAddrPortBindTable OBJECT-TYPE 1284 SYNTAX SEQUENCE OF NatAddrPortBindEntry 1285 MAX-ACCESS not-accessible 1286 STATUS deprecated 1287 DESCRIPTION 1288 "This table holds information about the currently 1289 active NAPT BINDs." 1290 ::= { natMIBObjects 8 } 1292 natAddrPortBindEntry OBJECT-TYPE 1293 SYNTAX NatAddrPortBindEntry 1294 MAX-ACCESS not-accessible 1295 STATUS deprecated 1296 DESCRIPTION 1297 "Each entry in the this table holds information 1298 about a NAPT bind that is currently active. 1299 These entries are lost upon agent restart. 1301 This row has indexing which may create variables with 1302 more than 128 subidentifiers. Implementers of this 1303 table must be careful not to create entries which would 1304 result in OIDs that exceed the 128 subidentifier limit. 1305 Otherwise, the information cannot be accessed using 1306 SNMPv1, SNMPv2c or SNMPv3." 1307 INDEX { ifIndex, natAddrPortBindLocalAddrType, 1308 natAddrPortBindLocalAddr, natAddrPortBindLocalPort, 1309 natAddrPortBindProtocol } 1310 ::= { natAddrPortBindTable 1 } 1312 NatAddrPortBindEntry ::= SEQUENCE { 1313 natAddrPortBindLocalAddrType InetAddressType, 1314 natAddrPortBindLocalAddr InetAddress, 1315 natAddrPortBindLocalPort InetPortNumber, 1316 natAddrPortBindProtocol NatProtocolType, 1317 natAddrPortBindGlobalAddrType InetAddressType, 1318 natAddrPortBindGlobalAddr InetAddress, 1319 natAddrPortBindGlobalPort InetPortNumber, 1320 natAddrPortBindId NatBindId, 1321 natAddrPortBindTranslationEntity NatTranslationEntity, 1322 natAddrPortBindType NatAssociationType, 1323 natAddrPortBindMapIndex NatAddrMapId, 1324 natAddrPortBindSessions Gauge32, 1325 natAddrPortBindMaxIdleTime TimeTicks, 1326 natAddrPortBindCurrentIdleTime TimeTicks, 1327 natAddrPortBindInTranslates Counter64, 1328 natAddrPortBindOutTranslates Counter64 1329 } 1331 natAddrPortBindLocalAddrType OBJECT-TYPE 1332 SYNTAX InetAddressType 1333 MAX-ACCESS not-accessible 1334 STATUS deprecated 1335 DESCRIPTION 1336 "This object specifies the address type used for 1337 natAddrPortBindLocalAddr." 1338 ::= { natAddrPortBindEntry 1 } 1340 natAddrPortBindLocalAddr OBJECT-TYPE 1341 SYNTAX InetAddress 1342 MAX-ACCESS not-accessible 1343 STATUS deprecated 1344 DESCRIPTION 1345 "This object represents the private-realm specific 1346 network layer address which, in conjunction with 1347 natAddrPortBindLocalPort, maps to the public-realm 1348 network layer address and transport id represented by 1349 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort 1350 respectively. 1352 The type of this address is determined by the value of 1353 the natAddrPortBindLocalAddrType object." 1354 ::= { natAddrPortBindEntry 2 } 1356 natAddrPortBindLocalPort OBJECT-TYPE 1357 SYNTAX InetPortNumber 1358 MAX-ACCESS not-accessible 1359 STATUS deprecated 1360 DESCRIPTION 1361 "For a protocol value TCP or UDP, this object represents 1362 the private-realm specific port number. On the other 1363 hand, for ICMP a bind is created only for query/response 1364 type ICMP messages such as ICMP echo, Timestamp, and 1365 Information request messages, and this object represents 1366 the private-realm specific identifier in the ICMP 1367 message, as defined in RFC 792 for ICMPv4 and in RFC 1368 2463 for ICMPv6. 1370 This object, together with natAddrPortBindProtocol, 1371 natAddrPortBindLocalAddrType, and 1372 natAddrPortBindLocalAddr, constitutes a session endpoint 1373 in the private realm. A bind entry binds a private 1374 realm specific endpoint to a public realm specific 1375 endpoint, as represented by the tuple of 1376 (natAddrPortBindGlobalPort, natAddrPortBindProtocol, 1377 natAddrPortBindGlobalAddrType, and 1378 natAddrPortBindGlobalAddr)." 1379 ::= { natAddrPortBindEntry 3 } 1381 natAddrPortBindProtocol OBJECT-TYPE 1382 SYNTAX NatProtocolType 1383 MAX-ACCESS not-accessible 1384 STATUS deprecated 1385 DESCRIPTION 1386 "This object specifies a protocol identifier. If the 1387 value of this object is none(1), then this bind entry 1388 applies to all IP traffic. Any other value of this 1389 object specifies the class of IP traffic to which this 1390 BIND applies." 1391 ::= { natAddrPortBindEntry 4 } 1393 natAddrPortBindGlobalAddrType OBJECT-TYPE 1394 SYNTAX InetAddressType 1395 MAX-ACCESS read-only 1396 STATUS deprecated 1397 DESCRIPTION 1398 "This object specifies the address type used for 1399 natAddrPortBindGlobalAddr." 1400 ::= { natAddrPortBindEntry 5 } 1402 natAddrPortBindGlobalAddr OBJECT-TYPE 1403 SYNTAX InetAddress 1404 MAX-ACCESS read-only 1405 STATUS deprecated 1406 DESCRIPTION 1407 "This object represents the public-realm specific network 1408 layer address that, in conjunction with 1409 natAddrPortBindGlobalPort, maps to the private-realm 1411 network layer address and transport id represented by 1412 natAddrPortBindLocalAddr and natAddrPortBindLocalPort, 1413 respectively. 1415 The type of this address is determined by the value of 1416 the natAddrPortBindGlobalAddrType object." 1417 ::= { natAddrPortBindEntry 6 } 1419 natAddrPortBindGlobalPort OBJECT-TYPE 1420 SYNTAX InetPortNumber 1421 MAX-ACCESS read-only 1422 STATUS deprecated 1423 DESCRIPTION 1424 "For a protocol value TCP or UDP, this object represents 1425 the public-realm specific port number. On the other 1426 hand, for ICMP a bind is created only for query/response 1427 type ICMP messages such as ICMP echo, Timestamp, and 1428 Information request messages, and this object represents 1429 the public-realm specific identifier in the ICMP 1430 message, as defined in RFC 792 for ICMPv4 and in RFC 1431 2463 for ICMPv6. 1433 This object, together with natAddrPortBindProtocol, 1434 natAddrPortBindGlobalAddrType, and 1435 natAddrPortBindGlobalAddr, constitutes a session 1436 endpoint in the public realm. A bind entry binds a 1437 public realm specific endpoint to a private realm 1438 specific endpoint, as represented by the tuple of 1439 (natAddrPortBindLocalPort, natAddrPortBindProtocol, 1440 natAddrPortBindLocalAddrType, and 1441 natAddrPortBindLocalAddr)." 1442 ::= { natAddrPortBindEntry 7 } 1444 natAddrPortBindId OBJECT-TYPE 1445 SYNTAX NatBindId 1446 MAX-ACCESS read-only 1447 STATUS deprecated 1448 DESCRIPTION 1449 "This object represents a bind id that is dynamically 1450 assigned to each bind by a NAT enabled device. Each 1451 bind is represented by a unique bind id across both 1452 the natAddrBindTable and the natAddrPortBindTable." 1453 ::= { natAddrPortBindEntry 8 } 1455 natAddrPortBindTranslationEntity OBJECT-TYPE 1456 SYNTAX NatTranslationEntity 1457 MAX-ACCESS read-only 1458 STATUS deprecated 1459 DESCRIPTION 1460 "This object represents the direction of sessions 1461 for which this bind is applicable and the entity 1462 (source or destination) within the sessions that is 1463 subject to translation with the BIND. 1465 Orientation of the bind can be a superset of the 1466 translationEntity of the address map entry that 1467 forms the basis for this bind. 1469 For example, if the translationEntity of an 1470 address map entry is outboundSrcEndPoint, the 1471 translationEntity of a bind derived from this 1472 map entry may either be outboundSrcEndPoint or 1473 may be bidirectional (a bitmask of 1474 outboundSrcEndPoint and inboundDstEndPoint)." 1475 ::= { natAddrPortBindEntry 9 } 1477 natAddrPortBindType OBJECT-TYPE 1478 SYNTAX NatAssociationType 1479 MAX-ACCESS read-only 1480 STATUS deprecated 1481 DESCRIPTION 1482 "This object indicates whether the bind is static or 1483 dynamic." 1484 ::= { natAddrPortBindEntry 10 } 1486 natAddrPortBindMapIndex OBJECT-TYPE 1487 SYNTAX NatAddrMapId 1488 MAX-ACCESS read-only 1489 STATUS deprecated 1490 DESCRIPTION 1491 "This object is a pointer to the natAddrMapTable entry 1492 (and the parameters of that entry) used in 1493 creating this BIND. This object, in conjunction with 1494 the ifIndex (which identifies a unique addrMapName), 1495 points to a unique entry in the natAddrMapTable." 1496 ::= { natAddrPortBindEntry 11 } 1498 natAddrPortBindSessions OBJECT-TYPE 1499 SYNTAX Gauge32 1500 MAX-ACCESS read-only 1501 STATUS deprecated 1502 DESCRIPTION 1503 "Number of sessions currently using this BIND." 1504 ::= { natAddrPortBindEntry 12 } 1506 natAddrPortBindMaxIdleTime OBJECT-TYPE 1507 SYNTAX TimeTicks 1508 MAX-ACCESS read-only 1509 STATUS deprecated 1511 DESCRIPTION 1512 "This object indicates the maximum time for 1513 which this bind can be idle without any sessions 1514 attached to it. 1515 The value of this object is of relevance 1516 only for dynamic NAT." 1517 ::= { natAddrPortBindEntry 13 } 1519 natAddrPortBindCurrentIdleTime OBJECT-TYPE 1520 SYNTAX TimeTicks 1521 MAX-ACCESS read-only 1522 STATUS deprecated 1523 DESCRIPTION 1524 "At any given instance, this object indicates the 1525 time that this bind has been idle without any sessions 1526 attached to it. 1528 The value of this object is of relevance 1529 only for dynamic NAT." 1530 ::= { natAddrPortBindEntry 14 } 1532 natAddrPortBindInTranslates OBJECT-TYPE 1533 SYNTAX Counter64 1534 MAX-ACCESS read-only 1535 STATUS deprecated 1536 DESCRIPTION 1537 "The number of inbound packets that were translated as 1538 per this bind entry. 1540 Discontinuities in the value of this counter can occur 1541 at reinitialization of the management system and at 1542 other times, as indicated by the value of 1543 ifCounterDiscontinuityTime on the relevant interface." 1544 ::= { natAddrPortBindEntry 15 } 1546 natAddrPortBindOutTranslates OBJECT-TYPE 1547 SYNTAX Counter64 1548 MAX-ACCESS read-only 1549 STATUS deprecated 1550 DESCRIPTION 1551 "The number of outbound packets that were translated as 1552 per this bind entry. 1554 Discontinuities in the value of this counter can occur 1555 at reinitialization of the management system and at 1556 other times, as indicated by the value of 1557 ifCounterDiscontinuityTime on the relevant interface." 1558 ::= { natAddrPortBindEntry 16 } 1560 -- 1561 -- The Session Table 1562 -- 1564 natSessionTable OBJECT-TYPE 1565 SYNTAX SEQUENCE OF NatSessionEntry 1566 MAX-ACCESS not-accessible 1567 STATUS deprecated 1568 DESCRIPTION 1569 "The (conceptual) table containing one entry for each 1570 NAT session currently active on this NAT device." 1571 ::= { natMIBObjects 9 } 1573 natSessionEntry OBJECT-TYPE 1574 SYNTAX NatSessionEntry 1575 MAX-ACCESS not-accessible 1576 STATUS deprecated 1577 DESCRIPTION 1578 "An entry (conceptual row) containing information 1579 about an active NAT session on this NAT device. 1580 These entries are lost upon agent restart." 1581 INDEX { ifIndex, natSessionIndex } 1582 ::= { natSessionTable 1 } 1584 NatSessionEntry ::= SEQUENCE { 1585 natSessionIndex NatSessionId, 1586 natSessionPrivateSrcEPBindId NatBindIdOrZero, 1587 natSessionPrivateSrcEPBindMode NatBindMode, 1588 natSessionPrivateDstEPBindId NatBindIdOrZero, 1589 natSessionPrivateDstEPBindMode NatBindMode, 1590 natSessionDirection INTEGER, 1591 natSessionUpTime TimeTicks, 1592 natSessionAddrMapIndex NatAddrMapId, 1593 natSessionProtocolType NatProtocolType, 1594 natSessionPrivateAddrType InetAddressType, 1595 natSessionPrivateSrcAddr InetAddress, 1596 natSessionPrivateSrcPort InetPortNumber, 1597 natSessionPrivateDstAddr InetAddress, 1598 natSessionPrivateDstPort InetPortNumber, 1599 natSessionPublicAddrType InetAddressType, 1600 natSessionPublicSrcAddr InetAddress, 1601 natSessionPublicSrcPort InetPortNumber, 1602 natSessionPublicDstAddr InetAddress, 1603 natSessionPublicDstPort InetPortNumber, 1604 natSessionMaxIdleTime TimeTicks, 1605 natSessionCurrentIdleTime TimeTicks, 1606 natSessionInTranslates Counter64, 1607 natSessionOutTranslates Counter64 1608 } 1610 natSessionIndex OBJECT-TYPE 1611 SYNTAX NatSessionId 1612 MAX-ACCESS not-accessible 1613 STATUS deprecated 1614 DESCRIPTION 1615 "The session ID for this NAT session." 1616 ::= { natSessionEntry 1 } 1618 natSessionPrivateSrcEPBindId OBJECT-TYPE 1619 SYNTAX NatBindIdOrZero 1620 MAX-ACCESS read-only 1621 STATUS deprecated 1622 DESCRIPTION 1623 "The bind id associated between private and public 1624 source end points. In the case of Symmetric-NAT, 1625 this should be set to zero." 1626 ::= { natSessionEntry 2 } 1628 natSessionPrivateSrcEPBindMode OBJECT-TYPE 1629 SYNTAX NatBindMode 1630 MAX-ACCESS read-only 1631 STATUS deprecated 1632 DESCRIPTION 1633 "This object indicates whether the bind indicated 1634 by the object natSessionPrivateSrcEPBindId 1635 is an address bind or an address port bind." 1636 ::= { natSessionEntry 3 } 1638 natSessionPrivateDstEPBindId OBJECT-TYPE 1639 SYNTAX NatBindIdOrZero 1640 MAX-ACCESS read-only 1641 STATUS deprecated 1642 DESCRIPTION 1643 "The bind id associated between private and public 1644 destination end points." 1645 ::= { natSessionEntry 4 } 1647 natSessionPrivateDstEPBindMode OBJECT-TYPE 1648 SYNTAX NatBindMode 1649 MAX-ACCESS read-only 1650 STATUS deprecated 1651 DESCRIPTION 1652 "This object indicates whether the bind indicated 1653 by the object natSessionPrivateDstEPBindId 1654 is an address bind or an address port bind." 1655 ::= { natSessionEntry 5 } 1657 natSessionDirection OBJECT-TYPE 1658 SYNTAX INTEGER { 1659 inbound (1), 1660 outbound (2) 1661 } 1663 MAX-ACCESS read-only 1664 STATUS deprecated 1665 DESCRIPTION 1666 "The direction of this session with respect to the 1667 local network. 'inbound' indicates that this session 1668 was initiated from the public network into the private 1669 network. 'outbound' indicates that this session was 1670 initiated from the private network into the public 1671 network." 1672 ::= { natSessionEntry 6 } 1674 natSessionUpTime OBJECT-TYPE 1675 SYNTAX TimeTicks 1676 MAX-ACCESS read-only 1677 STATUS deprecated 1678 DESCRIPTION 1679 "The up time of this session in one-hundredths of a 1680 second." 1681 ::= { natSessionEntry 7 } 1683 natSessionAddrMapIndex OBJECT-TYPE 1684 SYNTAX NatAddrMapId 1685 MAX-ACCESS read-only 1686 STATUS deprecated 1687 DESCRIPTION 1688 "This object is a pointer to the natAddrMapTable entry 1689 (and the parameters of that entry) used in 1690 creating this session. This object, in conjunction with 1691 the ifIndex (which identifies a unique addrMapName), 1692 points to a unique entry in the natAddrMapTable." 1693 ::= { natSessionEntry 8 } 1695 natSessionProtocolType OBJECT-TYPE 1696 SYNTAX NatProtocolType 1697 MAX-ACCESS read-only 1698 STATUS deprecated 1699 DESCRIPTION 1700 "The protocol type of this session." 1701 ::= { natSessionEntry 9 } 1703 natSessionPrivateAddrType OBJECT-TYPE 1704 SYNTAX InetAddressType 1705 MAX-ACCESS read-only 1706 STATUS deprecated 1707 DESCRIPTION 1708 "This object specifies the address type used for 1709 natSessionPrivateSrcAddr and natSessionPrivateDstAddr." 1710 ::= { natSessionEntry 10 } 1712 natSessionPrivateSrcAddr OBJECT-TYPE 1713 SYNTAX InetAddress 1714 MAX-ACCESS read-only 1715 STATUS deprecated 1716 DESCRIPTION 1717 "The source IP address of the session endpoint that 1718 lies in the private network. 1720 The value of this object must be zero only when the 1721 natSessionPrivateSrcEPBindId object has a zero value. 1722 When the value of this object is zero, the NAT session 1723 lookup will match any IP address to this field. 1725 The type of this address is determined by the value of 1726 the natSessionPrivateAddrType object." 1727 ::= { natSessionEntry 11 } 1729 natSessionPrivateSrcPort OBJECT-TYPE 1730 SYNTAX InetPortNumber 1731 MAX-ACCESS read-only 1732 STATUS deprecated 1733 DESCRIPTION 1734 "When the value of protocol is TCP or UDP, this object 1735 represents the source port in the first packet of 1736 session while in private-realm. On the other hand, when 1737 the protocol is ICMP, a NAT session is created only for 1738 query/response type ICMP messages such as ICMP echo, 1739 Timestamp, and Information request messages, and this 1740 object represents the private-realm specific identifier 1741 in the ICMP message, as defined in RFC 792 for ICMPv4 1742 and in RFC 2463 for ICMPv6. 1744 The value of this object must be zero when the 1745 natSessionPrivateSrcEPBindId object has zero value 1746 and value of natSessionPrivateSrcEPBindMode is 1747 addressPortBind(2). In such a case, the NAT session 1748 lookup will match any port number to this field. 1750 The value of this object must be zero when the object 1751 is not a representative field (SrcPort, DstPort, or 1752 ICMP identifier) of the session tuple in either the 1753 public realm or the private realm." 1754 ::= { natSessionEntry 12 } 1756 natSessionPrivateDstAddr OBJECT-TYPE 1757 SYNTAX InetAddress 1758 MAX-ACCESS read-only 1759 STATUS deprecated 1760 DESCRIPTION 1761 "The destination IP address of the session endpoint that 1762 lies in the private network. 1764 The value of this object must be zero when the 1765 natSessionPrivateDstEPBindId object has a zero value. 1766 In such a scenario, the NAT session lookup will match 1767 any IP address to this field. 1769 The type of this address is determined by the value of 1770 the natSessionPrivateAddrType object." 1771 ::= { natSessionEntry 13 } 1773 natSessionPrivateDstPort OBJECT-TYPE 1774 SYNTAX InetPortNumber 1775 MAX-ACCESS read-only 1776 STATUS deprecated 1777 DESCRIPTION 1778 "When the value of protocol is TCP or UDP, this object 1779 represents the destination port in the first packet 1780 of session while in private-realm. On the other hand, 1781 when the protocol is ICMP, this object is not relevant 1782 and should be set to zero. 1784 The value of this object must be zero when the 1785 natSessionPrivateDstEPBindId object has a zero 1786 value and natSessionPrivateDstEPBindMode is set to 1787 addressPortBind(2). In such a case, the NAT session 1788 lookup will match any port number to this field. 1790 The value of this object must be zero when the object 1791 is not a representative field (SrcPort, DstPort, or 1792 ICMP identifier) of the session tuple in either the 1793 public realm or the private realm." 1794 ::= { natSessionEntry 14 } 1796 natSessionPublicAddrType OBJECT-TYPE 1797 SYNTAX InetAddressType 1798 MAX-ACCESS read-only 1799 STATUS deprecated 1800 DESCRIPTION 1801 "This object specifies the address type used for 1802 natSessionPublicSrcAddr and natSessionPublicDstAddr." 1803 ::= { natSessionEntry 15 } 1805 natSessionPublicSrcAddr OBJECT-TYPE 1806 SYNTAX InetAddress 1807 MAX-ACCESS read-only 1808 STATUS deprecated 1809 DESCRIPTION 1810 "The source IP address of the session endpoint that 1811 lies in the public network. 1813 The value of this object must be zero when the 1814 natSessionPrivateSrcEPBindId object has a zero value. 1815 In such a scenario, the NAT session lookup will match 1816 any IP address to this field. 1818 The type of this address is determined by the value of 1819 the natSessionPublicAddrType object." 1820 ::= { natSessionEntry 16 } 1822 natSessionPublicSrcPort OBJECT-TYPE 1823 SYNTAX InetPortNumber 1824 MAX-ACCESS read-only 1825 STATUS deprecated 1826 DESCRIPTION 1827 "When the value of protocol is TCP or UDP, this object 1828 represents the source port in the first packet of 1829 session while in public-realm. On the other hand, when 1830 protocol is ICMP, a NAT session is created only for 1831 query/response type ICMP messages such as ICMP echo, 1832 Timestamp, and Information request messages, and this 1833 object represents the public-realm specific identifier 1834 in the ICMP message, as defined in RFC 792 for ICMPv4 1835 and in RFC 2463 for ICMPv6. 1837 The value of this object must be zero when the 1838 natSessionPrivateSrcEPBindId object has a zero value 1839 and natSessionPrivateSrcEPBindMode is set to 1840 addressPortBind(2). In such a scenario, the NAT 1841 session lookup will match any port number to this 1842 field. 1844 The value of this object must be zero when the object 1845 is not a representative field (SrcPort, DstPort or 1846 ICMP identifier) of the session tuple in either the 1847 public realm or the private realm." 1848 ::= { natSessionEntry 17 } 1850 natSessionPublicDstAddr OBJECT-TYPE 1851 SYNTAX InetAddress 1852 MAX-ACCESS read-only 1853 STATUS deprecated 1854 DESCRIPTION 1855 "The destination IP address of the session endpoint that 1856 lies in the public network. 1858 The value of this object must be non-zero when the 1859 natSessionPrivateDstEPBindId object has a non-zero 1860 value. If the value of this object and the 1861 corresponding natSessionPrivateDstEPBindId object value 1862 is zero, then the NAT session lookup will match any IP 1863 address to this field. 1865 The type of this address is determined by the value of 1866 the natSessionPublicAddrType object." 1867 ::= { natSessionEntry 18 } 1869 natSessionPublicDstPort OBJECT-TYPE 1870 SYNTAX InetPortNumber 1871 MAX-ACCESS read-only 1872 STATUS deprecated 1873 DESCRIPTION 1874 "When the value of protocol is TCP or UDP, this object 1875 represents the destination port in the first packet of 1876 session while in public-realm. On the other hand, when 1877 the protocol is ICMP, this object is not relevant for 1878 translation and should be zero. 1880 The value of this object must be zero when the 1881 natSessionPrivateDstEPBindId object has a zero value 1882 and natSessionPrivateDstEPBindMode is 1883 addressPortBind(2). In such a scenario, the NAT 1884 session lookup will match any port number to this 1885 field. 1887 The value of this object must be zero when the object 1888 is not a representative field (SrcPort, DstPort, or 1889 ICMP identifier) of the session tuple in either the 1890 public realm or the private realm." 1891 ::= { natSessionEntry 19 } 1893 natSessionMaxIdleTime OBJECT-TYPE 1894 SYNTAX TimeTicks 1895 MAX-ACCESS read-only 1896 STATUS deprecated 1897 DESCRIPTION 1898 "The max time for which this session can be idle 1899 without detecting a packet." 1900 ::= { natSessionEntry 20 } 1902 natSessionCurrentIdleTime OBJECT-TYPE 1903 SYNTAX TimeTicks 1904 MAX-ACCESS read-only 1905 STATUS deprecated 1906 DESCRIPTION 1907 "The time since a packet belonging to this session was 1908 last detected." 1909 ::= { natSessionEntry 21 } 1911 natSessionInTranslates OBJECT-TYPE 1912 SYNTAX Counter64 1913 MAX-ACCESS read-only 1914 STATUS deprecated 1915 DESCRIPTION 1916 "The number of inbound packets that were translated for 1917 this session. 1919 Discontinuities in the value of this counter can occur 1920 at reinitialization of the management system and at 1921 other times, as indicated by the value of 1922 ifCounterDiscontinuityTime on the relevant interface." 1923 ::= { natSessionEntry 22 } 1925 natSessionOutTranslates OBJECT-TYPE 1926 SYNTAX Counter64 1927 MAX-ACCESS read-only 1928 STATUS deprecated 1929 DESCRIPTION 1930 "The number of outbound packets that were translated for 1931 this session. 1933 Discontinuities in the value of this counter can occur 1934 at reinitialization of the management system and at 1935 other times, as indicated by the value of 1936 ifCounterDiscontinuityTime on the relevant interface." 1937 ::= { natSessionEntry 23 } 1939 -- 1940 -- The Protocol table 1941 -- 1943 natProtocolTable OBJECT-TYPE 1944 SYNTAX SEQUENCE OF NatProtocolEntry 1945 MAX-ACCESS not-accessible 1946 STATUS deprecated 1947 DESCRIPTION 1948 "The (conceptual) table containing per protocol NAT 1949 statistics." 1950 ::= { natMIBObjects 10 } 1952 natProtocolEntry OBJECT-TYPE 1953 SYNTAX NatProtocolEntry 1954 MAX-ACCESS not-accessible 1955 STATUS deprecated 1956 DESCRIPTION 1957 "An entry (conceptual row) containing NAT statistics 1958 pertaining to a particular protocol." 1959 INDEX { natProtocol } 1960 ::= { natProtocolTable 1 } 1962 NatProtocolEntry ::= SEQUENCE { 1963 natProtocol NatProtocolType, 1964 natProtocolInTranslates Counter64, 1965 natProtocolOutTranslates Counter64, 1966 natProtocolDiscards Counter64 1968 } 1970 natProtocol OBJECT-TYPE 1971 SYNTAX NatProtocolType 1972 MAX-ACCESS not-accessible 1973 STATUS deprecated 1974 DESCRIPTION 1975 "This object represents the protocol pertaining to which 1976 parameters are reported." 1977 ::= { natProtocolEntry 1 } 1979 natProtocolInTranslates OBJECT-TYPE 1980 SYNTAX Counter64 1981 MAX-ACCESS read-only 1982 STATUS deprecated 1983 DESCRIPTION 1984 "The number of inbound packets pertaining to the protocol 1985 identified by natProtocol that underwent NAT. 1987 Discontinuities in the value of this counter can occur 1988 at reinitialization of the management system and at 1989 other times, as indicated by the value of 1990 ifCounterDiscontinuityTime on the relevant interface." 1991 ::= { natProtocolEntry 2 } 1993 natProtocolOutTranslates OBJECT-TYPE 1994 SYNTAX Counter64 1995 MAX-ACCESS read-only 1996 STATUS deprecated 1997 DESCRIPTION 1998 "The number of outbound packets pertaining to the 1999 protocol identified by natProtocol that underwent NAT. 2001 Discontinuities in the value of this counter can occur 2002 at reinitialization of the management system and at 2003 other times, as indicated by the value of 2004 ifCounterDiscontinuityTime on the relevant interface." 2005 ::= { natProtocolEntry 3 } 2007 natProtocolDiscards OBJECT-TYPE 2008 SYNTAX Counter64 2009 MAX-ACCESS read-only 2010 STATUS deprecated 2011 DESCRIPTION 2012 "The number of packets pertaining to the protocol 2013 identified by natProtocol that had to be 2014 rejected/dropped due to lack of resources. These 2015 rejections could be due to session timeout, resource 2016 unavailability, lack of address space, etc. 2018 Discontinuities in the value of this counter can occur 2019 at reinitialization of the management system and at 2020 other times, as indicated by the value of 2021 ifCounterDiscontinuityTime on the relevant interface." 2022 ::= { natProtocolEntry 4 } 2024 -- 2025 -- Notifications section 2026 -- 2028 natMIBNotifications OBJECT IDENTIFIER ::= { natMIB 0 } 2030 -- 2031 -- Notifications 2032 -- 2034 natPacketDiscard NOTIFICATION-TYPE 2035 OBJECTS { ifIndex } 2036 STATUS deprecated 2037 DESCRIPTION 2038 "This notification is generated when IP packets are 2039 discarded by the NAT function; e.g., due to lack of 2040 mapping space when NAT is out of addresses or ports. 2042 Note that the generation of natPacketDiscard 2043 notifications is throttled by the agent, as specified 2044 by the 'natNotifThrottlingInterval' object." 2045 ::= { natMIBNotifications 1 } 2047 -- 2048 -- Conformance information. 2049 -- 2051 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 } 2053 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } 2054 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } 2056 -- 2057 -- Units of conformance 2058 -- 2060 natConfigGroup OBJECT-GROUP 2061 OBJECTS { natInterfaceRealm, 2062 natInterfaceServiceType, 2063 natInterfaceStorageType, 2064 natInterfaceRowStatus, 2065 natAddrMapName, 2066 natAddrMapEntryType, 2067 natAddrMapTranslationEntity, 2068 natAddrMapLocalAddrType, 2069 natAddrMapLocalAddrFrom, 2070 natAddrMapLocalAddrTo, 2071 natAddrMapLocalPortFrom, 2072 natAddrMapLocalPortTo, 2073 natAddrMapGlobalAddrType, 2074 natAddrMapGlobalAddrFrom, 2075 natAddrMapGlobalAddrTo, 2076 natAddrMapGlobalPortFrom, 2077 natAddrMapGlobalPortTo, 2078 natAddrMapProtocol, 2079 natAddrMapStorageType, 2080 natAddrMapRowStatus, 2081 natBindDefIdleTimeout, 2082 natUdpDefIdleTimeout, 2083 natIcmpDefIdleTimeout, 2084 natOtherDefIdleTimeout, 2085 natTcpDefIdleTimeout, 2086 natTcpDefNegTimeout, 2087 natNotifThrottlingInterval } 2088 STATUS deprecated 2089 DESCRIPTION 2090 "A collection of configuration-related information 2091 required to support management of devices supporting 2092 NAT." 2093 ::= { natMIBGroups 1 } 2095 natTranslationGroup OBJECT-GROUP 2096 OBJECTS { natAddrBindNumberOfEntries, 2097 natAddrBindGlobalAddrType, 2098 natAddrBindGlobalAddr, 2099 natAddrBindId, 2100 natAddrBindTranslationEntity, 2101 natAddrBindType, 2102 natAddrBindMapIndex, 2103 natAddrBindSessions, 2104 natAddrBindMaxIdleTime, 2105 natAddrBindCurrentIdleTime, 2106 natAddrBindInTranslates, 2107 natAddrBindOutTranslates, 2108 natAddrPortBindNumberOfEntries, 2109 natAddrPortBindGlobalAddrType, 2110 natAddrPortBindGlobalAddr, 2111 natAddrPortBindGlobalPort, 2112 natAddrPortBindId, 2113 natAddrPortBindTranslationEntity, 2114 natAddrPortBindType, 2115 natAddrPortBindMapIndex, 2116 natAddrPortBindSessions, 2117 natAddrPortBindMaxIdleTime, 2118 natAddrPortBindCurrentIdleTime, 2119 natAddrPortBindInTranslates, 2120 natAddrPortBindOutTranslates, 2121 natSessionPrivateSrcEPBindId, 2122 natSessionPrivateSrcEPBindMode, 2123 natSessionPrivateDstEPBindId, 2124 natSessionPrivateDstEPBindMode, 2125 natSessionDirection, 2126 natSessionUpTime, 2127 natSessionAddrMapIndex, 2128 natSessionProtocolType, 2129 natSessionPrivateAddrType, 2130 natSessionPrivateSrcAddr, 2131 natSessionPrivateSrcPort, 2132 natSessionPrivateDstAddr, 2133 natSessionPrivateDstPort, 2134 natSessionPublicAddrType, 2135 natSessionPublicSrcAddr, 2136 natSessionPublicSrcPort, 2137 natSessionPublicDstAddr, 2138 natSessionPublicDstPort, 2139 natSessionMaxIdleTime, 2140 natSessionCurrentIdleTime, 2141 natSessionInTranslates, 2142 natSessionOutTranslates } 2143 STATUS deprecated 2145 DESCRIPTION 2146 "A collection of BIND-related objects required to support 2147 management of devices supporting NAT." 2148 ::= { natMIBGroups 2 } 2150 natStatsInterfaceGroup OBJECT-GROUP 2151 OBJECTS { natInterfaceInTranslates, 2152 natInterfaceOutTranslates, 2153 natInterfaceDiscards } 2154 STATUS deprecated 2155 DESCRIPTION 2156 "A collection of NAT statistics associated with the 2157 interface on which NAT is configured, to aid 2158 troubleshooting/monitoring of the NAT operation." 2159 ::= { natMIBGroups 3 } 2161 natStatsProtocolGroup OBJECT-GROUP 2162 OBJECTS { natProtocolInTranslates, 2163 natProtocolOutTranslates, 2164 natProtocolDiscards } 2165 STATUS deprecated 2166 DESCRIPTION 2167 "A collection of protocol specific NAT statistics, 2168 to aid troubleshooting/monitoring of NAT operation." 2169 ::= { natMIBGroups 4 } 2171 natStatsAddrMapGroup OBJECT-GROUP 2172 OBJECTS { natAddrMapInTranslates, 2173 natAddrMapOutTranslates, 2174 natAddrMapDiscards, 2175 natAddrMapAddrUsed } 2176 STATUS deprecated 2177 DESCRIPTION 2178 "A collection of address map specific NAT statistics, 2179 to aid troubleshooting/monitoring of NAT operation." 2180 ::= { natMIBGroups 5 } 2182 natMIBNotificationGroup NOTIFICATION-GROUP 2183 NOTIFICATIONS { natPacketDiscard } 2184 STATUS deprecated 2185 DESCRIPTION 2186 "A collection of notifications generated by 2187 devices supporting this MIB." 2188 ::= { natMIBGroups 6 } 2190 -- 2191 -- Compliance statements 2192 -- 2194 natMIBFullCompliance MODULE-COMPLIANCE 2195 STATUS deprecated 2196 DESCRIPTION 2197 "When this MIB is implemented with support for 2198 read-create, then such an implementation can claim 2199 full compliance. Such devices can then be both 2200 monitored and configured with this MIB. 2202 The following index objects cannot be added as OBJECT 2203 clauses but nevertheless have the compliance 2204 requirements: 2206 " 2207 -- OBJECT natAddrBindLocalAddrType 2208 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2209 -- DESCRIPTION 2210 -- "An implementation is required to support 2211 -- global IPv4 and/or IPv6 addresses, depending 2212 -- on its support for IPv4 and IPv6." 2214 -- OBJECT natAddrBindLocalAddr 2215 -- SYNTAX InetAddress (SIZE(4|16)) 2216 -- DESCRIPTION 2217 -- "An implementation is required to support 2218 -- global IPv4 and/or IPv6 addresses, depending 2219 -- on its support for IPv4 and IPv6." 2221 -- OBJECT natAddrPortBindLocalAddrType 2222 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2223 -- DESCRIPTION 2224 -- "An implementation is required to support 2225 -- global IPv4 and/or IPv6 addresses, depending 2226 -- on its support for IPv4 and IPv6." 2228 -- OBJECT natAddrPortBindLocalAddr 2229 -- SYNTAX InetAddress (SIZE(4|16)) 2230 -- DESCRIPTION 2231 -- "An implementation is required to support 2232 -- global IPv4 and/or IPv6 addresses, depending 2233 -- on its support for IPv4 and IPv6." 2235 MODULE IF-MIB -- The interfaces MIB, RFC2863 2236 MANDATORY-GROUPS { 2237 ifCounterDiscontinuityGroup 2238 } 2240 MODULE -- this module 2241 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2242 natStatsInterfaceGroup } 2244 GROUP natStatsProtocolGroup 2245 DESCRIPTION 2246 "This group is optional." 2247 GROUP natStatsAddrMapGroup 2248 DESCRIPTION 2249 "This group is optional." 2250 GROUP natMIBNotificationGroup 2251 DESCRIPTION 2252 "This group is optional." 2254 OBJECT natAddrMapLocalAddrType 2255 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2256 DESCRIPTION 2257 "An implementation is required to support global IPv4 2258 and/or IPv6 addresses, depending on its support 2259 for IPv4 and IPv6." 2261 OBJECT natAddrMapLocalAddrFrom 2262 SYNTAX InetAddress (SIZE(4|16)) 2263 DESCRIPTION 2264 "An implementation is required to support global IPv4 2265 and/or IPv6 addresses, depending on its support 2266 for IPv4 and IPv6." 2268 OBJECT natAddrMapLocalAddrTo 2269 SYNTAX InetAddress (SIZE(4|16)) 2270 DESCRIPTION 2271 "An implementation is required to support global IPv4 2272 and/or IPv6 addresses, depending on its support 2273 for IPv4 and IPv6." 2275 OBJECT natAddrMapGlobalAddrType 2276 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2277 DESCRIPTION 2278 "An implementation is required to support global IPv4 2279 and/or IPv6 addresses, depending on its support 2280 for IPv4 and IPv6." 2282 OBJECT natAddrMapGlobalAddrFrom 2283 SYNTAX InetAddress (SIZE(4|16)) 2284 DESCRIPTION 2285 "An implementation is required to support global IPv4 2286 and/or IPv6 addresses, depending on its support 2287 for IPv4 and IPv6." 2289 OBJECT natAddrMapGlobalAddrTo 2290 SYNTAX InetAddress (SIZE(4|16)) 2291 DESCRIPTION 2292 "An implementation is required to support global IPv4 2293 and/or IPv6 addresses, depending on its support 2294 for IPv4 and IPv6." 2296 OBJECT natAddrBindGlobalAddrType 2297 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2298 DESCRIPTION 2299 "An implementation is required to support global IPv4 2300 and/or IPv6 addresses, depending on its support 2301 for IPv4 and IPv6." 2303 OBJECT natAddrBindGlobalAddr 2304 SYNTAX InetAddress (SIZE(4|16)) 2305 DESCRIPTION 2306 "An implementation is required to support global IPv4 2307 and/or IPv6 addresses, depending on its support 2308 for IPv4 and IPv6." 2310 OBJECT natAddrPortBindGlobalAddrType 2311 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2312 DESCRIPTION 2313 "An implementation is required to support global IPv4 2314 and/or IPv6 addresses, depending on its support 2315 for IPv4 and IPv6." 2317 OBJECT natAddrPortBindGlobalAddr 2318 SYNTAX InetAddress (SIZE(4|16)) 2319 DESCRIPTION 2320 "An implementation is required to support global IPv4 2321 and/or IPv6 addresses, depending on its support 2322 for IPv4 and IPv6." 2324 OBJECT natSessionPrivateAddrType 2325 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2326 DESCRIPTION 2327 "An implementation is required to support global IPv4 2328 and/or IPv6 addresses, depending on its support 2329 for IPv4 and IPv6." 2331 OBJECT natSessionPrivateSrcAddr 2332 SYNTAX InetAddress (SIZE(4|16)) 2333 DESCRIPTION 2334 "An implementation is required to support global IPv4 2335 and/or IPv6 addresses, depending on its support 2336 for IPv4 and IPv6." 2338 OBJECT natSessionPrivateDstAddr 2339 SYNTAX InetAddress (SIZE(4|16)) 2340 DESCRIPTION 2341 "An implementation is required to support global IPv4 2342 and/or IPv6 addresses, depending on its support 2343 for IPv4 and IPv6." 2345 OBJECT natSessionPublicAddrType 2346 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2347 DESCRIPTION 2348 "An implementation is required to support global IPv4 2349 and/or IPv6 addresses, depending on its support 2350 for IPv4 and IPv6." 2352 OBJECT natSessionPublicSrcAddr 2353 SYNTAX InetAddress (SIZE(4|16)) 2354 DESCRIPTION 2355 "An implementation is required to support global IPv4 2356 and/or IPv6 addresses, depending on its support 2357 for IPv4 and IPv6." 2359 OBJECT natSessionPublicDstAddr 2360 SYNTAX InetAddress (SIZE(4|16)) 2361 DESCRIPTION 2362 "An implementation is required to support global IPv4 2363 and/or IPv6 addresses, depending on its support 2364 for IPv4 and IPv6." 2366 ::= { natMIBCompliances 1 } 2368 natMIBReadOnlyCompliance MODULE-COMPLIANCE 2369 STATUS deprecated 2370 DESCRIPTION 2371 "When this MIB is implemented without support for 2372 read-create (i.e., in read-only mode), then such an 2373 implementation can claim read-only compliance. 2374 Such a device can then be monitored but cannot be 2375 configured with this MIB. 2377 The following index objects cannot be added as OBJECT 2378 clauses but nevertheless have the compliance 2379 requirements: 2380 " 2381 -- OBJECT natAddrBindLocalAddrType 2382 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2383 -- DESCRIPTION 2384 -- "An implementation is required to support 2385 -- global IPv4 and/or IPv6 addresses, depending 2386 -- on its support for IPv4 and IPv6." 2388 -- OBJECT natAddrBindLocalAddr 2389 -- SYNTAX InetAddress (SIZE(4|16)) 2391 -- DESCRIPTION 2392 -- "An implementation is required to support 2393 -- global IPv4 and/or IPv6 addresses, depending 2394 -- on its support for IPv4 and IPv6." 2396 -- OBJECT natAddrPortBindLocalAddrType 2397 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2398 -- DESCRIPTION 2399 -- "An implementation is required to support 2400 -- global IPv4 and/or IPv6 addresses, depending 2401 -- on its support for IPv4 and IPv6." 2402 -- OBJECT natAddrPortBindLocalAddr 2403 -- SYNTAX InetAddress (SIZE(4|16)) 2404 -- DESCRIPTION 2405 -- "An implementation is required to support 2406 -- global IPv4 and/or IPv6 addresses, depending 2407 -- on its support for IPv4 and IPv6." 2409 MODULE IF-MIB -- The interfaces MIB, RFC2863 2410 MANDATORY-GROUPS { 2411 ifCounterDiscontinuityGroup 2412 } 2414 MODULE -- this module 2415 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2416 natStatsInterfaceGroup } 2418 GROUP natStatsProtocolGroup 2419 DESCRIPTION 2420 "This group is optional." 2421 GROUP natStatsAddrMapGroup 2422 DESCRIPTION 2423 "This group is optional." 2424 GROUP natMIBNotificationGroup 2425 DESCRIPTION 2426 "This group is optional." 2427 OBJECT natInterfaceRowStatus 2428 SYNTAX RowStatus { active(1) } 2429 MIN-ACCESS read-only 2430 DESCRIPTION 2431 "Write access is not required, and active is the only 2432 status that needs to be supported." 2434 OBJECT natAddrMapLocalAddrType 2435 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2436 MIN-ACCESS read-only 2437 DESCRIPTION 2438 "Write access is not required. An implementation is 2439 required to support global IPv4 and/or IPv6 addresses, 2440 depending on its support for IPv4 and IPv6." 2442 OBJECT natAddrMapLocalAddrFrom 2443 SYNTAX InetAddress (SIZE(4|16)) 2444 MIN-ACCESS read-only 2445 DESCRIPTION 2446 "Write access is not required. An implementation is 2447 required to support global IPv4 and/or IPv6 addresses, 2448 depending on its support for IPv4 and IPv6." 2450 OBJECT natAddrMapLocalAddrTo 2451 SYNTAX InetAddress (SIZE(4|16)) 2452 MIN-ACCESS read-only 2453 DESCRIPTION 2454 "Write access is not required. An implementation is 2455 required to support global IPv4 and/or IPv6 addresses, 2456 depending on its support for IPv4 and IPv6." 2458 OBJECT natAddrMapGlobalAddrType 2459 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2460 MIN-ACCESS read-only 2461 DESCRIPTION 2462 "Write access is not required. An implementation is 2463 required to support global IPv4 and/or IPv6 addresses, 2464 depending on its support for IPv4 and IPv6." 2466 OBJECT natAddrMapGlobalAddrFrom 2467 SYNTAX InetAddress (SIZE(4|16)) 2468 MIN-ACCESS read-only 2469 DESCRIPTION 2470 "Write access is not required. An implementation is 2471 required to support global IPv4 and/or IPv6 addresses, 2472 depending on its support for IPv4 and IPv6." 2474 OBJECT natAddrMapGlobalAddrTo 2475 SYNTAX InetAddress (SIZE(4|16)) 2476 MIN-ACCESS read-only 2477 DESCRIPTION 2478 "Write access is not required. An implementation is 2479 required to support global IPv4 and/or IPv6 addresses, 2480 depending on its support for IPv4 and IPv6." 2482 OBJECT natAddrMapRowStatus 2483 SYNTAX RowStatus { active(1) } 2484 MIN-ACCESS read-only 2485 DESCRIPTION 2486 "Write access is not required, and active is the only 2487 status that needs to be supported." 2489 OBJECT natAddrBindGlobalAddrType 2490 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2491 DESCRIPTION 2492 "An implementation is required to support global IPv4 2493 and/or IPv6 addresses, depending on its support for 2494 IPv4 and IPv6." 2496 OBJECT natAddrBindGlobalAddr 2497 SYNTAX InetAddress (SIZE(4|16)) 2498 DESCRIPTION 2499 "An implementation is required to support global IPv4 2500 and/or IPv6 addresses, depending on its support for 2501 IPv4 and IPv6." 2503 OBJECT natAddrPortBindGlobalAddrType 2504 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2505 DESCRIPTION 2506 "An implementation is required to support global IPv4 2507 and/or IPv6 addresses, depending on its support for 2508 IPv4 and IPv6." 2510 OBJECT natAddrPortBindGlobalAddr 2511 SYNTAX InetAddress (SIZE(4|16)) 2512 DESCRIPTION 2513 "An implementation is required to support global IPv4 2514 and/or IPv6 addresses, depending on its support for 2515 IPv4 and IPv6." 2517 OBJECT natSessionPrivateAddrType 2518 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2519 DESCRIPTION 2520 "An implementation is required to support global IPv4 2521 and/or IPv6 addresses, depending on its support for 2522 IPv4 and IPv6." 2524 OBJECT natSessionPrivateSrcAddr 2525 SYNTAX InetAddress (SIZE(4|16)) 2526 DESCRIPTION 2527 "An implementation is required to support global IPv4 2528 and/or IPv6 addresses, depending on its support for 2529 IPv4 and IPv6." 2531 OBJECT natSessionPrivateDstAddr 2532 SYNTAX InetAddress (SIZE(4|16)) 2533 DESCRIPTION 2534 "An implementation is required to support global IPv4 2535 and/or IPv6 addresses, depending on its support for 2536 IPv4 and IPv6." 2538 OBJECT natSessionPublicAddrType 2539 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2540 DESCRIPTION 2541 "An implementation is required to support global IPv4 2542 and/or IPv6 addresses, depending on its support for 2543 IPv4 and IPv6." 2545 OBJECT natSessionPublicSrcAddr 2546 SYNTAX InetAddress (SIZE(4|16)) 2547 DESCRIPTION 2548 "An implementation is required to support global IPv4 2549 and/or IPv6 addresses, depending on its support for 2550 IPv4 and IPv6." 2552 OBJECT natSessionPublicDstAddr 2553 SYNTAX InetAddress (SIZE(4|16)) 2554 DESCRIPTION 2555 "An implementation is required to support global IPv4 2556 and/or IPv6 addresses, depending on its support for 2557 IPv4 and IPv6." 2559 ::= { natMIBCompliances 2 } 2561 --------------------------------------------------------------------- 2562 -- END OF DEPRECATED OBJECTS. CURRENT OBJECTS FOLLOW. 2564 -- textual conventions 2566 ProtocolNumber ::= TEXTUAL-CONVENTION 2567 DISPLAY-HINT "d" 2568 STATUS current 2569 DESCRIPTION 2570 "A transport protocol number, from the 'protocol-numbers' 2571 IANA registry." 2572 SYNTAX Unsigned32 (0..255) 2574 NatPoolId ::= TEXTUAL-CONVENTION 2575 DISPLAY-HINT "d" 2576 STATUS current 2577 DESCRIPTION 2578 "A unique ID that is assigned to each pool." 2579 SYNTAX Unsigned32 (1..4294967295) 2581 NatBehaviorType ::= TEXTUAL-CONVENTION 2582 STATUS current 2583 DESCRIPTION 2584 "Behavior type as described in [RFC4787] sections 4.1 and 5." 2585 SYNTAX INTEGER { 2586 endpointIndependent (0), 2587 addressDependent (1), 2588 addressAndPortDependent (2) 2589 } 2591 NatPoolingType ::= TEXTUAL-CONVENTION 2592 STATUS current 2593 DESCRIPTION 2594 "Pooling type as described in [RFC4787] sections 4.1." 2595 SYNTAX INTEGER { 2596 arbitrary (0), 2597 paired (1) 2598 } 2600 -- notifications 2602 natNotifPoolWatermarkLow NOTIFICATION-TYPE 2603 OBJECTS { natPoolIndex } 2604 STATUS current 2605 DESCRIPTION 2606 "This notification is generated when the specified pool's 2607 number of free addresses becomes lower than or equal to the 2608 specified threshold. The threshold is specified by the 2609 natPoolWatermarkLow object" 2610 ::= { natMIBNotifications 2 } 2612 natNotifPoolWatermarkHigh NOTIFICATION-TYPE 2613 OBJECTS { natPoolIndex } 2614 STATUS current 2615 DESCRIPTION 2616 "This notification is generated when the specified pool's 2617 number of free addresses becomes greater than or equal to 2618 the specified threshold. The threshold is specified by the 2619 natPoolWatermarkHigh object" 2620 ::= { natMIBNotifications 3 } 2622 natNotifMappings NOTIFICATION-TYPE 2623 OBJECTS { natCntMappings } 2624 STATUS current 2625 DESCRIPTION 2626 "This notification is generated when natCntMappings exceeds 2627 the value of natMappingsNotifyThreshold." 2628 ::= { natMIBNotifications 4 } 2630 natNotifAddrMappings NOTIFICATION-TYPE 2631 OBJECTS { natCntAddressMappings } 2632 STATUS current 2633 DESCRIPTION 2634 "This notification is generated when natCntAddressMappings 2635 exceeds the value of natAddrMapNotifyThreshold." 2636 ::= { natMIBNotifications 5 } 2638 natNotifSubscriberMappings NOTIFICATION-TYPE 2639 OBJECTS { natSubscriberCntMappings } 2640 STATUS current 2641 DESCRIPTION 2642 "This notification is generated when natSubscriberCntMappings 2643 exceeds the value of natSubscriberMapNotifyThresh, unless 2644 natSubscriberMapNotifyThresh is zero.." 2645 ::= { NatNotifications 6 } 2647 -- counters 2649 natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 } 2651 natCntTranslates OBJECT-TYPE 2652 SYNTAX Counter64 2653 MAX-ACCESS read-only 2654 STATUS current 2655 DESCRIPTION 2656 "The number of packets to which NAT has been applied." 2657 ::= { natCounters 1 } 2659 natCntOOP OBJECT-TYPE 2660 SYNTAX Counter64 2661 MAX-ACCESS read-only 2662 STATUS current 2663 DESCRIPTION 2664 "The number of packets to which NAT could not be applied 2665 because no external port was available, excluding quota 2666 limitations." 2667 ::= { natCounters 2 } 2669 natCntResource OBJECT-TYPE 2670 SYNTAX Counter64 2671 MAX-ACCESS read-only 2672 STATUS current 2673 DESCRIPTION 2674 "The number of packets to which NAT could not be applied 2675 because of resource constraints (excluding out-of-ports 2676 condition)." 2677 ::= { natCounters 3 } 2679 natCntStateMismatch OBJECT-TYPE 2680 SYNTAX Counter64 2681 MAX-ACCESS read-only 2682 STATUS current 2683 DESCRIPTION 2684 "The number of packets to which NAT could not be applied 2685 because of mapping state mismatch. For example, a TCP packet 2686 that matches an existing mapping but is dropped because its 2687 flags are incompatible with the current state of the mapping 2688 would cause this counter to be incremented." 2689 ::= { natCounters 4 } 2691 natCntQuota OBJECT-TYPE 2692 SYNTAX Counter64 2693 MAX-ACCESS read-only 2694 STATUS current 2695 DESCRIPTION 2696 "The number of packets to which NAT could not be applied 2697 because of quota limitations. Quotas include absolute limits 2698 as well as limits on rate of allocation." 2699 ::= { natCounters 5 } 2701 natCntMappings OBJECT-TYPE 2702 SYNTAX Gauge32 2703 MAX-ACCESS read-only 2704 STATUS current 2705 DESCRIPTION 2706 "Number of currently active mappings. 2708 Equal to natCntMapRemovals - natCntMapCreations." 2709 ::= { natCounters 6 } 2711 natCntMapCreations OBJECT-TYPE 2712 SYNTAX Counter64 2713 MAX-ACCESS read-only 2714 STATUS current 2715 DESCRIPTION 2716 "Number of mapping creations. This includes static mappings." 2717 ::= { natCounters 7 } 2719 natCntMapRemovals OBJECT-TYPE 2720 SYNTAX Counter64 2721 MAX-ACCESS read-only 2722 STATUS current 2723 DESCRIPTION 2724 "Number of mapping removals. This includes static mappings." 2725 ::= { natCounters 8 } 2727 natCntAddressMappings OBJECT-TYPE 2728 SYNTAX Gauge32 2729 MAX-ACCESS read-only 2730 STATUS current 2731 DESCRIPTION 2732 "Number of active address mappings. 2734 Equal to natCntAddrMapRemovals - natCntAddrMapCreations." 2735 ::= { natCounters 9 } 2737 natCntAddrMapCreations OBJECT-TYPE 2738 SYNTAX Counter64 2739 MAX-ACCESS read-only 2740 STATUS current 2741 DESCRIPTION 2742 "Number of address mapping creations. This includes static 2743 mappings." 2744 ::= { natCounters 10 } 2746 natCntAddrMapRemovals OBJECT-TYPE 2747 SYNTAX Counter64 2748 MAX-ACCESS read-only 2749 STATUS current 2750 DESCRIPTION 2751 "Number of address mapping removals. This includes static 2752 mappings." 2753 ::= { natCounters 11 } 2755 natCntProtocolTable OBJECT-TYPE 2756 SYNTAX SEQUENCE OF NatCntProtocolEntry 2757 MAX-ACCESS not-accessible 2758 STATUS current 2759 DESCRIPTION 2760 "Table of protocols with per-protocol counters." 2761 ::= { natCounters 128 } 2763 natCntProtocolEntry OBJECT-TYPE 2764 SYNTAX NatCntProtocolEntry 2765 MAX-ACCESS not-accessible 2766 STATUS current 2767 DESCRIPTION 2768 "Per-protocol counters." 2769 INDEX { natCntProtocolNumber } 2770 ::= { natCntProtocolTable 1 } 2772 NatCntProtocolEntry ::= 2773 SEQUENCE { 2774 natCntProtocolNumber ProtocolNumber, 2775 natCntProtocolTranslates Counter64, 2776 natCntProtocolOOP Counter64, 2777 natCntProtocolResource Counter64, 2778 natCntProtocolStateMismatch Counter64, 2779 natCntProtocolQuota Counter64, 2780 natCntProtocolMappings Gauge32, 2781 natCntProtocolMapCreations Counter64, 2782 natCntProtocolMapRemovals Counter64 2783 } 2785 natCntProtocolNumber OBJECT-TYPE 2786 SYNTAX ProtocolNumber 2787 MAX-ACCESS not-accessible 2788 STATUS current 2789 DESCRIPTION 2790 "Counters in this conceptual row apply to packets using the 2791 transport protocol identified by this object's value." 2792 ::= { natCntProtocolEntry 1 } 2794 natCntProtocolTranslates OBJECT-TYPE 2795 SYNTAX Counter64 2796 MAX-ACCESS read-only 2797 STATUS current 2798 DESCRIPTION 2799 "The number of packets to which NAT has been applied." 2800 ::= { natCntProtocolEntry 2 } 2802 natCntProtocolOOP OBJECT-TYPE 2803 SYNTAX Counter64 2804 MAX-ACCESS read-only 2805 STATUS current 2806 DESCRIPTION 2807 "The number of packets to which NAT could not be applied 2808 because no external port was available." 2809 ::= { natCntProtocolEntry 3 } 2811 natCntProtocolResource OBJECT-TYPE 2812 SYNTAX Counter64 2813 MAX-ACCESS read-only 2814 STATUS current 2815 DESCRIPTION 2816 "The number of packets to which NAT could not be applied 2817 because of resource constraints (excluding out-of-ports 2818 condition)." 2819 ::= { natCntProtocolEntry 4 } 2821 natCntProtocolStateMismatch OBJECT-TYPE 2822 SYNTAX Counter64 2823 MAX-ACCESS read-only 2824 STATUS current 2825 DESCRIPTION 2826 "The number of packets to which NAT could not be applied 2827 because of state table mismatch. For example, a TCP packet 2828 that matches an existing mapping but is dropped because its 2829 flags are incompatible with the current state of the mapping 2830 would cause this counter to be incremented." 2831 ::= { natCntProtocolEntry 5 } 2833 natCntProtocolQuota OBJECT-TYPE 2834 SYNTAX Counter64 2835 MAX-ACCESS read-only 2836 STATUS current 2837 DESCRIPTION 2838 "The number of packets to which NAT could not be applied 2839 because of exceeded quotas. Quotas include absolute limits 2840 as well as limits on rate of allocation." 2841 ::= { natCntProtocolEntry 6 } 2843 natCntProtocolMappings OBJECT-TYPE 2844 SYNTAX Gauge32 2845 MAX-ACCESS read-only 2846 STATUS current 2847 DESCRIPTION 2848 "Number of active mappings. 2850 Equal to natCntMapRemovals - natCntMapCreations." 2851 ::= { natCntProtocolEntry 7 } 2853 natCntProtocolMapCreations OBJECT-TYPE 2854 SYNTAX Counter64 2855 MAX-ACCESS read-only 2856 STATUS current 2857 DESCRIPTION 2858 "Number of mapping creations. This includes static mappings." 2859 ::= { natCntProtocolEntry 8 } 2861 natCntProtocolMapRemovals OBJECT-TYPE 2862 SYNTAX Counter64 2863 MAX-ACCESS read-only 2864 STATUS current 2865 DESCRIPTION 2866 "Number of mapping removals. This includes statis mappings." 2867 ::= { natCntProtocolEntry 9 } 2869 -- limits 2871 natLimits OBJECT IDENTIFIER ::= { natMIBObjects 12 } 2872 natLimitMappings OBJECT-TYPE 2873 SYNTAX Unsigned32 2874 MAX-ACCESS read-write 2875 STATUS current 2876 DESCRIPTION 2877 "Global limit on the total number of mappings. Zero means 2878 unlimited." 2879 ::= { natLimits 1 } 2881 natMappingsNotifyThreshold OBJECT-TYPE 2882 SYNTAX Unsigned32 2883 MAX-ACCESS read-write 2884 STATUS current 2885 DESCRIPTION 2886 "See natNotifMappings." 2887 ::= { natLimits 2 } 2889 natLimitAddressMappings OBJECT-TYPE 2890 SYNTAX Unsigned32 2891 MAX-ACCESS read-write 2892 STATUS current 2893 DESCRIPTION 2894 "Global limit on the total number of internal-to-external 2895 address mappings. Zero means unlimited. 2897 This limit is only applicable to NATs that have an 'IP 2898 address pooling' behavior of 'Paired' [RFC4787]." 2899 ::= { natLimits 3 } 2901 natAddrMapNotifyThreshold OBJECT-TYPE 2902 SYNTAX Unsigned32 2903 MAX-ACCESS read-write 2904 STATUS current 2905 DESCRIPTION 2906 "See natNotifAddrMappings." 2907 ::= { natLimits 4 } 2909 natLimitFragments OBJECT-TYPE 2910 SYNTAX Unsigned32 2911 MAX-ACCESS read-write 2912 STATUS current 2913 DESCRIPTION 2914 "Global limit on the total number of fragments pending 2915 reassembly. Zero means unlimited. 2917 This limit is only applicable to NATs having 'Receive 2918 Fragments Out of Order' behavior [RFC4787]." 2919 ::= { natLimits 5 } 2921 natLimitSubscribers OBJECT-TYPE 2922 SYNTAX Unsigned32 2923 MAX-ACCESS read-write 2924 STATUS current 2925 DESCRIPTION 2926 "Global limit on the number of subscribers with active 2927 mappings. Zero means unlimited." 2928 ::= { natLimits 6 } 2930 -- pools 2932 natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 } 2934 natPoolTable OBJECT-TYPE 2935 SYNTAX SEQUENCE OF NatPoolEntry 2936 MAX-ACCESS not-accessible 2937 STATUS current 2938 DESCRIPTION 2939 "Table of pools." 2940 ::= { natPoolObjects 1 } 2942 natPoolEntry OBJECT-TYPE 2943 SYNTAX NatPoolEntry 2944 MAX-ACCESS not-accessible 2945 STATUS current 2946 DESCRIPTION 2947 "Entry in the table of pools." 2948 INDEX { natPoolIndex } 2949 ::= { natPoolTable 1 } 2951 NatPoolEntry ::= 2952 SEQUENCE { 2953 natPoolIndex NatPoolId, 2954 natPoolRealm SnmpAdminString, 2955 natPoolUsage Integer32, 2956 natPoolWatermarkLow Integer32, 2957 natPoolWatermarkHigh Integer32, 2958 natPoolPortMin InetPortNumber, 2959 natPoolPortMax InetPortNumber 2960 } 2962 natPoolIndex OBJECT-TYPE 2963 SYNTAX NatPoolId 2964 MAX-ACCESS read-only 2965 STATUS current 2966 DESCRIPTION 2967 "Index of an address pool." 2968 ::= { natPoolEntry 1 } 2970 natPoolRealm OBJECT-TYPE 2971 SYNTAX SnmpAdminString (SIZE (0..32)) 2972 MAX-ACCESS read-only 2973 STATUS current 2974 DESCRIPTION 2975 "Realm to which this pool's addresses belong." 2976 ::= { natPoolEntry 2 } 2978 natPoolUsage OBJECT-TYPE 2979 SYNTAX Integer32 (0..100) 2980 MAX-ACCESS read-only 2981 STATUS current 2982 DESCRIPTION 2983 "Percentage of the pool's total number of external ports 2984 currently mapped." 2985 ::= { natPoolEntry 3 } 2987 natPoolWatermarkLow OBJECT-TYPE 2988 SYNTAX Integer32 (-1|0..100) 2989 MAX-ACCESS read-create 2990 STATUS current 2991 DESCRIPTION 2992 "Low watermark on a pool's usage, in percentage of the total 2993 number of ports available. If set to -1, the watermark is 2994 disabled. Otherwise when natPoolUsage becomes lower than or 2995 equal to natPoolWatermarkLow, a notification is sent. The 2996 NAT may also start behaving in low usage mode (this is 2997 implementation-defined)." 2998 ::= { natPoolEntry 4 } 3000 natPoolWatermarkHigh OBJECT-TYPE 3001 SYNTAX Integer32 (-1|0..100) 3002 MAX-ACCESS read-create 3003 STATUS current 3004 DESCRIPTION 3005 "High watermark on a pool's usage, in percentage of the total 3006 number of ports available. If set to -1, the watermark is 3007 disabled. Otherwise, when natPoolUsage becomes higher than 3008 or equal to natPoolWatermarkHigh, a notification is sent. 3009 The NAT may also start behaving in high usage mode (this is 3010 implementation-defined)." 3011 ::= { natPoolEntry 5 } 3013 natPoolPortMin OBJECT-TYPE 3014 SYNTAX InetPortNumber 3015 MAX-ACCESS read-create 3016 STATUS current 3017 DESCRIPTION 3018 "Minimal port number to be allocated in this pool." 3019 ::= { natPoolEntry 6 } 3021 natPoolPortMax OBJECT-TYPE 3022 SYNTAX InetPortNumber 3023 MAX-ACCESS read-create 3024 STATUS current 3025 DESCRIPTION 3026 "Maximal port number to be allocated in this pool." 3027 ::= { natPoolEntry 7 } 3029 natPoolRangeTable OBJECT-TYPE 3030 SYNTAX SEQUENCE OF NatPoolRangeEntry 3031 MAX-ACCESS not-accessible 3032 STATUS current 3033 DESCRIPTION 3034 "This table contains address ranges used by pool entries." 3035 ::= { natPoolObjects 2 } 3037 natPoolRangeEntry OBJECT-TYPE 3038 SYNTAX NatPoolRangeEntry 3039 MAX-ACCESS not-accessible 3040 STATUS current 3041 DESCRIPTION 3042 "NAT pool address range." 3043 INDEX { natPoolRangeType, 3044 natPoolRangeBegin } 3045 ::= { natPoolRangeTable 1 } 3047 NatPoolRangeEntry ::= 3048 SEQUENCE { 3049 natPoolRangePoolIndex NatPoolId, 3050 natPoolRangeType InetAddressType, 3051 natPoolRangeBegin InetAddress, 3052 natPoolRangeEnd InetAddress, 3053 natPoolRangeAllocatedPorts Gauge32 3054 } 3056 natPoolRangePoolIndex OBJECT-TYPE 3057 SYNTAX NatPoolId 3058 MAX-ACCESS read-only 3059 STATUS current 3060 DESCRIPTION 3061 "Index of the address pool to which this address range 3062 belongs. See natPoolIndex." 3063 ::= { natPoolRangeEntry 1 } 3065 natPoolRangeType OBJECT-TYPE 3066 SYNTAX InetAddressType 3067 MAX-ACCESS not-accessible 3068 STATUS current 3069 DESCRIPTION 3070 "The address type of natPoolRangeBegin and 3071 natPoolRangeEnd." 3072 ::= { natPoolRangeEntry 2 } 3074 natPoolRangeBegin OBJECT-TYPE 3075 SYNTAX InetAddress (SIZE (4|16)) 3076 MAX-ACCESS not-accessible 3077 STATUS current 3078 DESCRIPTION 3079 "Lowest address included in this range." 3080 ::= { natPoolRangeEntry 3 } 3082 natPoolRangeEnd OBJECT-TYPE 3083 SYNTAX InetAddress (SIZE (4|16)) 3084 MAX-ACCESS read-only 3085 STATUS current 3086 DESCRIPTION 3087 "Highest address included in this range." 3088 ::= { natPoolRangeEntry 4 } 3090 natPoolRangeAllocatedPorts OBJECT-TYPE 3091 SYNTAX Gauge32 3092 MAX-ACCESS read-only 3093 STATUS current 3094 DESCRIPTION 3095 "Number of ports currently allocated on the addresses in this 3096 range." 3097 ::= { natPoolRangeEntry 5 } 3099 -- indexed mapping tables 3101 natMapObjects OBJECT IDENTIFIER ::= { natMIBObjects 14 } 3103 natMapIntAddrTable OBJECT-TYPE 3104 SYNTAX SEQUENCE OF NatMapIntAddrEntry 3105 MAX-ACCESS not-accessible 3106 STATUS current 3107 DESCRIPTION 3108 "Table of mappings from internal to external address. 3110 This table is only applicable to NATs that have an 'IP 3111 address pooling' behavior of 'Paired' [RFC4787]." 3112 ::= { natMapObjects 1 } 3114 natMapIntAddrEntry OBJECT-TYPE 3115 SYNTAX NatMapIntAddrEntry 3116 MAX-ACCESS not-accessible 3117 STATUS current 3118 DESCRIPTION 3119 "Mapping from internal to external address." 3120 INDEX { natMapIntAddrIntRealm, 3121 natMapIntAddrType, 3122 natMapIntAddrInt } 3123 ::= { natMapIntAddrTable 1 } 3125 NatMapIntAddrEntry ::= 3126 SEQUENCE { 3127 natMapIntAddrIntRealm SnmpAdminString, 3128 natMapIntAddrExtRealm SnmpAdminString, 3129 natMapIntAddrType InetAddressType, 3130 natMapIntAddrInt InetAddress, 3131 natMapIntAddrExt InetAddress 3132 } 3134 natMapIntAddrIntRealm OBJECT-TYPE 3135 SYNTAX SnmpAdminString (SIZE(0..32)) 3136 MAX-ACCESS not-accessible 3137 STATUS current 3138 DESCRIPTION 3139 "Realm to which natMapIntAddrInt belongs." 3140 ::= { natMapIntAddrEntry 1 } 3142 natMapIntAddrExtRealm OBJECT-TYPE 3143 SYNTAX SnmpAdminString 3144 MAX-ACCESS read-only 3145 STATUS current 3146 DESCRIPTION 3147 "Realm to which natMapIntAddrExt belongs." 3148 ::= { natMapIntAddrEntry 2 } 3150 natMapIntAddrType OBJECT-TYPE 3151 SYNTAX InetAddressType 3152 MAX-ACCESS not-accessible 3153 STATUS current 3154 DESCRIPTION 3155 "Address type for natMapIntAddrInt and natMapIntAddrExt." 3156 ::= { natMapIntAddrEntry 3 } 3158 natMapIntAddrInt OBJECT-TYPE 3159 SYNTAX InetAddress (SIZE (4|16)) 3160 MAX-ACCESS not-accessible 3161 STATUS current 3162 DESCRIPTION 3163 "Internal address." 3164 ::= { natMapIntAddrEntry 4 } 3166 natMapIntAddrExt OBJECT-TYPE 3167 SYNTAX InetAddress 3168 MAX-ACCESS read-only 3169 STATUS current 3170 DESCRIPTION 3171 "External address." 3172 ::= { natMapIntAddrEntry 5 } 3174 natMappingTable OBJECT-TYPE 3175 SYNTAX SEQUENCE OF NatMappingTableEntry 3176 MAX-ACCESS not-accessible 3177 STATUS current 3178 DESCRIPTION 3179 "Table of mappings indexed by external 3-tuple." 3180 ::= { natMapObjects 2 } 3182 natMappingTableEntry OBJECT-TYPE 3183 SYNTAX NatMappingTableEntry 3184 MAX-ACCESS not-accessible 3185 STATUS current 3186 DESCRIPTION 3187 "A single NAT mapping." 3188 INDEX { natMappingProto, 3189 natMappingExtRealm, 3190 natMappingExtAddressType, 3191 natMappingExtAddress, 3192 natMappingExtPort } 3193 ::= { natMappingTable 1 } 3195 NatMappingTableEntry ::= 3196 SEQUENCE { 3197 natMappingProto ProtocolNumber, 3198 natMappingExtRealm SnmpAdminString, 3199 natMappingExtAddressType InetAddressType, 3200 natMappingExtAddress InetAddress, 3201 natMappingExtPort InetPortNumber, 3202 natMappingIntRealm SnmpAdminString, 3203 natMappingIntAddressType InetAddressType, 3204 natMappingIntAddress InetAddress, 3205 natMappingIntPort InetPortNumber, 3206 natMappingPool NatPoolId, 3207 natMappingMapBehavior NatBehaviorType, 3208 natMappingFilterBehavior NatBehaviorType, 3209 natMappingAddressPooling NatPoolingType 3210 } 3212 natMappingProto OBJECT-TYPE 3213 SYNTAX ProtocolNumber 3214 MAX-ACCESS not-accessible 3215 STATUS current 3216 DESCRIPTION 3217 "The mapping's transport protocol number." 3218 ::= { natMappingTableEntry 1 } 3220 natMappingExtRealm OBJECT-TYPE 3221 SYNTAX SnmpAdminString (SIZE(0..32)) 3222 MAX-ACCESS not-accessible 3223 STATUS current 3224 DESCRIPTION 3225 "The realm to which natMappingExtAddress belongs." 3226 ::= { natMappingTableEntry 2 } 3228 natMappingExtAddressType OBJECT-TYPE 3229 SYNTAX InetAddressType 3230 MAX-ACCESS not-accessible 3231 STATUS current 3232 DESCRIPTION 3233 "Type of the mapping's external address." 3234 ::= { natMappingTableEntry 3 } 3236 natMappingExtAddress OBJECT-TYPE 3237 SYNTAX InetAddress (SIZE (4|16)) 3238 MAX-ACCESS not-accessible 3239 STATUS current 3240 DESCRIPTION 3241 "The mapping's external address. If this is the undefined 3242 address, all external addresses are mapped to the internal 3243 address." 3244 ::= { natMappingTableEntry 4 } 3246 natMappingExtPort OBJECT-TYPE 3247 SYNTAX InetPortNumber 3248 MAX-ACCESS not-accessible 3249 STATUS current 3250 DESCRIPTION 3251 "The mapping's external port number. If this is zero, all 3252 external ports are mapped to the internal port." 3253 ::= { natMappingTableEntry 5 } 3255 natMappingIntRealm OBJECT-TYPE 3256 SYNTAX SnmpAdminString 3257 MAX-ACCESS read-only 3258 STATUS current 3259 DESCRIPTION 3260 "The realm to which natMappingIntAddress belongs." 3261 ::= { natMappingTableEntry 6 } 3263 natMappingIntAddressType OBJECT-TYPE 3264 SYNTAX InetAddressType 3265 MAX-ACCESS read-only 3266 STATUS current 3267 DESCRIPTION 3268 "Type of the mapping's internal address." 3269 ::= { natMappingTableEntry 7 } 3271 natMappingIntAddress OBJECT-TYPE 3272 SYNTAX InetAddress 3273 MAX-ACCESS read-only 3274 STATUS current 3275 DESCRIPTION 3276 "The mapping's internal address. If this is the undefined 3277 address, addresses are not translated." 3278 ::= { natMappingTableEntry 8 } 3280 natMappingIntPort OBJECT-TYPE 3281 SYNTAX InetPortNumber 3282 MAX-ACCESS read-only 3283 STATUS current 3284 DESCRIPTION 3285 "The mapping's internal port number. If this is zero, ports 3286 are not translated." 3287 ::= { natMappingTableEntry 9 } 3289 natMappingPool OBJECT-TYPE 3290 SYNTAX NatPoolId (0|1..4294967295) 3291 MAX-ACCESS read-only 3292 STATUS current 3293 DESCRIPTION 3294 "Index of the pool that contains this mapping's external 3295 address and port. If zero, no pool is associated with this 3296 mapping." 3297 ::= { natMappingTableEntry 10 } 3299 natMappingMapBehavior OBJECT-TYPE 3300 SYNTAX NatBehaviorType 3301 MAX-ACCESS read-only 3302 STATUS current 3303 DESCRIPTION 3304 "Mapping behavior as described in [RFC4787] section 4.1." 3305 ::= { natMappingTableEntry 11 } 3307 natMappingFilterBehavior OBJECT-TYPE 3308 SYNTAX NatBehaviorType 3309 MAX-ACCESS read-only 3310 STATUS current 3311 DESCRIPTION 3312 "Filtering behavior as described in [RFC4787] section 5." 3313 ::= { natMappingTableEntry 12 } 3315 natMappingAddressPooling OBJECT-TYPE 3316 SYNTAX NatPoolingType 3317 MAX-ACCESS read-only 3318 STATUS current 3319 DESCRIPTION 3320 "Type of address pooling behavior that was used to create 3321 this mapping." 3322 ::= { natMappingTableEntry 13 } 3324 -- subscribers 3326 natSubscribers OBJECT IDENTIFIER ::= { NatObjects 5 } 3328 natSubscribersTable OBJECT-TYPE 3329 SYNTAX SEQUENCE OF natSubscribersTableEntry 3330 MAX-ACCESS not-accessible 3331 STATUS current 3332 DESCRIPTION 3333 "Table of CGN subscribers." 3334 ::= { natSubscribers 1 } 3336 natSubscribersTableEntry OBJECT-TYPE 3337 SYNTAX natSubscribersTableEntry 3338 MAX-ACCESS not-accessible 3339 STATUS current 3340 DESCRIPTION 3341 "Each entry describes a single CGN subscriber." 3342 INDEX { natSubscriberIdentifierType, 3343 natSubscriberIdentifier } 3344 ::= { natSubscribersTable 1 } 3346 natSubscribersTableEntry ::= 3347 SEQUENCE { 3348 natSubscriberIdentifierType InetAddressType, 3349 natSubscriberIdentifier InetAddress, 3350 natSubscriberIntPrefixType InetAddressType, 3351 natSubscriberIntPrefix InetAddress, 3352 natSubscriberIntPrefixLength InetAddressPrefixLength, 3353 natSubscriberPool NatPoolIndex, 3354 natSubscriberCntTranslates Counter64, 3355 natSubscriberCntOOP Counter64, 3356 natSubscriberCntResource Counter64, 3357 natSubscriberCntStateMismatch Counter64, 3358 natSubscriberCntQuota Counter64, 3359 natSubscriberCntMappings Gauge32, 3360 natSubscriberCntMapCreations Counter64, 3361 natSubscriberCntMapRemovals Counter64, 3362 natSubscriberLimitMappings Unsigned32, 3363 natSubscriberMapNotifyThresh Unsigned32 3364 } 3366 natSubscriberIdentifierType OBJECT-TYPE 3367 SYNTAX InetAddressType 3368 MAX-ACCESS not-accessible 3369 STATUS current 3370 DESCRIPTION 3371 "Address type of the subscriber identifier." 3372 ::= { natSubscribersTableEntry 1 } 3374 natSubscriberIdentifier OBJECT-TYPE 3375 SYNTAX InetAddress (SIZE (4|16)) 3376 MAX-ACCESS not-accessible 3377 STATUS current 3378 DESCRIPTION 3379 "Address used for uniquely identifying the subscriber. 3381 In traditional NAT, this is the internal address assigned to 3382 the CPE. In case an address range is assigned to a 3383 subscriber, the first address in the range is used as 3384 identifier. For tunnelled connectivity (e.g., DS-Lite 3385 [RFC6333]), the outer address is used as identifier (i.e., 3386 the IPv6 address in the case of DS-Lite)." 3387 ::= { natSubscribersTableEntry 2 } 3389 natSubscriberIntPrefixType OBJECT-TYPE 3390 SYNTAX InetAddressType 3391 MAX-ACCESS read-only 3392 STATUS current 3393 DESCRIPTION 3394 "Subscriber's internal prefix type." 3395 ::= { natSubscribersTableEntry 3 } 3397 natSubscriberIntPrefix OBJECT-TYPE 3398 SYNTAX InetAddress 3399 MAX-ACCESS read-only 3400 STATUS current 3401 DESCRIPTION 3402 "Prefix assigned to a subscriber's CPE." 3403 ::= { natSubscribersTableEntry 4 } 3405 natSubscriberIntPrefixLength OBJECT-TYPE 3406 SYNTAX InetAddressPrefixLength 3407 MAX-ACCESS read-only 3408 STATUS current 3409 DESCRIPTION 3410 "Length of the prefix assigned to a subscriber's CPE, in 3411 bits. In case a single address is assigned, this will be 32 3412 for IPv4 and 128 for IPv6." 3413 ::= { natSubscribersTableEntry 5 } 3415 natSubscriberPool OBJECT-TYPE 3416 SYNTAX NatPoolIndex 3417 MAX-ACCESS read-only 3418 STATUS current 3419 DESCRIPTION 3420 "External address pool to which this subscriber belongs." 3421 ::= { natSubscribersTableEntry 6 } 3423 natSubscriberCntTranslates OBJECT-TYPE 3424 SYNTAX Counter64 3425 MAX-ACCESS read-only 3426 STATUS current 3427 DESCRIPTION 3428 "The number of packets received from or sent to this 3429 subscriber and to which NAT has been applied." 3430 ::= { natSubscribersTableEntry 7 } 3432 natSubscriberCntOOP OBJECT-TYPE 3433 SYNTAX Counter64 3434 MAX-ACCESS read-only 3435 STATUS current 3436 DESCRIPTION 3437 "The number of packets received from this subscriber to which 3438 NAT could not be applied because no external port was 3439 available, excluding quota limitations." 3440 ::= { natSubscribersTableEntry 8 } 3442 natSubscriberCntResource OBJECT-TYPE 3443 SYNTAX Counter64 3444 MAX-ACCESS read-only 3445 STATUS current 3446 DESCRIPTION 3447 "The number of packets received from this subscriber to which 3448 NAT could not be applied because of resource constraints 3449 (excluding out-of-ports condition)." 3450 ::= { natSubscribersTableEntry 9 } 3452 natSubscriberCntStateMismatch OBJECT-TYPE 3453 SYNTAX Counter64 3454 MAX-ACCESS read-only 3455 STATUS current 3456 DESCRIPTION 3457 "The number of packets received from or destined to this 3458 subscriber to which NAT could not be applied because of 3459 mapping state mismatch. For example, a TCP packet that 3460 matches an existing mapping but is dropped because its flags 3461 are incompatible with the current state of the mapping would 3462 cause this counter to be incremented." 3463 ::= { natSubscribersTableEntry 10 } 3465 natSubscriberCntQuota OBJECT-TYPE 3466 SYNTAX Counter64 3467 MAX-ACCESS read-only 3468 STATUS current 3469 DESCRIPTION 3470 "The number of packets received from or destined to this 3471 subscriber to which NAT could not be applied because of 3472 quota limitations. Quotas include absolute limits as well as 3473 limits on the rate of allocation." 3474 ::= { natSubscribersTableEntry 11 } 3476 natSubscriberCntMappings OBJECT-TYPE 3477 SYNTAX Gauge32 3478 MAX-ACCESS read-only 3479 STATUS current 3480 DESCRIPTION 3481 "Number of currently active mappings created by or for this 3482 subscriber. 3484 Equal to natSubscriberCntMapRemovals - 3485 natSubscriberCntMapCreations." 3486 ::= { natSubscribersTableEntry 12 } 3488 natSubscriberCntMapCreations OBJECT-TYPE 3489 SYNTAX Counter64 3490 MAX-ACCESS read-only 3491 STATUS current 3492 DESCRIPTION 3493 "Number of mappings created by or for this subscriber." 3494 ::= { natSubscribersTableEntry 13 } 3496 natSubscriberCntMapRemovals OBJECT-TYPE 3497 SYNTAX Counter64 3498 MAX-ACCESS read-only 3499 STATUS current 3500 DESCRIPTION 3501 "Number of mappings removed by or for this subscriber." 3502 ::= { natSubscribersTableEntry 14 } 3504 natSubscriberLimitMappings OBJECT-TYPE 3505 SYNTAX Unsigned32 3506 MAX-ACCESS read-write 3507 STATUS current 3508 DESCRIPTION 3509 "Limit on the number of active mappings created by or for 3510 this subscriber. Zero means unlimited." 3511 ::= { natSubscribersTableEntry 15 } 3513 natSubscriberMapNotifyThresh OBJECT-TYPE 3514 SYNTAX Unsigned32 3515 MAX-ACCESS read-write 3516 STATUS current 3517 DESCRIPTION 3518 "See NatNotifSubscriberMappings." 3519 ::= { natSubscribersTableEntry 16 } 3521 -- object groups 3523 natGroupBasicObjects OBJECT-GROUP 3524 OBJECTS { natCntTranslates, 3525 natCntOOP, 3526 natCntResource, 3527 natCntStateMismatch, 3528 natCntQuota, 3529 natCntMappings, 3530 natCntMapCreations, 3531 natCntMapRemovals, 3532 natCntProtocolTranslates, 3533 natCntProtocolOOP, 3534 natCntProtocolResource, 3535 natCntProtocolStateMismatch, 3536 natCntProtocolQuota, 3537 natCntProtocolMappings, 3538 natCntProtocolMapCreations, 3539 natCntProtocolMapRemovals, 3540 natLimitMappings, 3541 natMappingsNotifyThreshold, 3542 natPoolIndex, 3543 natPoolRealm, 3544 natPoolUsage, 3545 natPoolWatermarkLow, 3546 natPoolWatermarkHigh, 3547 natPoolPortMin, 3548 natPoolPortMax, 3549 natPoolRangePoolIndex, 3550 natPoolRangeEnd, 3551 natPoolRangeAllocatedPorts, 3552 natMappingIntRealm, 3553 natMappingIntAddressType, 3554 natMappingIntAddress, 3555 natMappingIntPort, 3556 natMappingPool, 3557 natMappingMapBehavior, 3558 natMappingFilterBehavior, 3559 natMappingAddressPooling } 3560 STATUS current 3561 DESCRIPTION 3562 "Basic counters, limits, and thresholds." 3563 ::= { natMIBGroups 7 } 3565 natGroupAddrMapObjects OBJECT-GROUP 3566 OBJECTS { natCntAddressMappings, 3567 natCntAddrMapCreations, 3568 natCntAddrMapRemovals, 3569 natLimitAddressMappings, 3570 natAddrMapNotifyThreshold, 3571 natMapIntAddrExtRealm, 3572 natMapIntAddrExt } 3573 STATUS current 3574 DESCRIPTION 3575 "Objects that require 'Paired IP address pooling' behavior 3576 [RFC4787]." 3577 ::= { natMIBGroups 8 } 3579 natGroupFragmentObjects OBJECT-GROUP 3580 OBJECTS { natLimitFragments } 3581 STATUS current 3582 DESCRIPTION 3583 "Objects that require 'Receive Fragments Out of Order' 3584 behavior [RFC4787]." 3585 ::= { natMIBGroups 9 } 3587 natGroupBasicNotifications NOTIFICATION-GROUP 3588 NOTIFICATIONS { natNotifPoolWatermarkLow, 3589 natNotifPoolWatermarkHigh, 3590 natNotifMappings } 3592 STATUS current 3593 DESCRIPTION 3594 "Basic notifications." 3595 ::= { natMIBGroups 11 } 3597 natGroupAddrMapNotifications NOTIFICATION-GROUP 3598 NOTIFICATIONS { natNotifAddrMappings } 3599 STATUS current 3600 DESCRIPTION 3601 "Notifications about address mappings." 3602 ::= { natMIBGroups 12 } 3604 natGroupSubscriberObjects OBJECT-GROUP 3605 OBJECTS { natSubscriberIntPrefixType, 3606 natSubscriberIntPrefix, 3607 natSubscriberIntPrefixLength, 3608 natSubscriberPool, 3609 natSubscriberCntTranslates, 3610 natSubscriberCntOOP, 3611 natSubscriberCntResource, 3612 natSubscriberCntStateMismatch, 3613 natSubscriberCntQuota, 3614 natSubscriberCntMappings, 3615 natSubscriberCntMapCreations, 3616 natSubscriberCntMapRemovals, 3617 natSubscriberLimitMappings, 3618 natLimitSubscribers } 3619 STATUS current 3620 DESCRIPTION 3621 "Per-subscriber counters, limits, and thresholds." 3622 ::= { natMIBGroups 13 } 3624 natGroupSubscriberNotifications NOTIFICATION-GROUP 3625 NOTIFICATIONS { natSubscriberMapNotifyThresh } 3627 STATUS current 3628 DESCRIPTION 3629 "Subscriber notifications." 3630 ::= { natMIBGroups 14 } 3632 -- compliance statements 3634 natBasicCompliance MODULE-COMPLIANCE 3635 STATUS current 3636 DESCRIPTION 3637 "Basic compliance with this MIB is attained when the objects 3638 contained in the mandatory groups are implemented." 3640 MODULE -- this module 3641 MANDATORY-GROUPS { natGroupBasicObjects, 3642 natGroupBasicNotifications } 3643 ::= { natMIBCompliances 3 } 3645 natAddrMapCompliance MODULE-COMPLIANCE 3646 STATUS current 3647 DESCRIPTION 3648 "NATs that have 'Paired IP address pooling' behavior 3649 [RFC4787] and implement the objects in this group can claim 3650 this level of compliance." 3651 MODULE -- this module 3652 MANDATORY-GROUPS { natGroupBasicObjects, 3653 natGroupBasicNotifications, 3654 natGroupAddrMapObjects, 3655 natGroupAddrMapNotifications } 3656 ::= { natMIBCompliances 4 } 3658 natFragmentsCompliance MODULE-COMPLIANCE 3659 STATUS current 3660 DESCRIPTION 3661 "NATs that have 'Receive Fragments Out of Order' behavior 3662 [RFC4787] and implement the objects in this group can claim 3663 this level of compliance." 3664 MODULE -- this module 3665 MANDATORY-GROUPS { natGroupBasicObjects, 3666 natGroupBasicNotifications, 3667 natGroupFragmentObjects } 3668 ::= { natMIBCompliances 5 } 3670 natCGNCompliance MODULE-COMPLIANCE 3671 STATUS current 3672 DESCRIPTION 3673 "NATs that have 'Paired IP address pooling' and 'Receive 3674 Fragments Out of Order' behavior [RFC4787] and implement the 3675 objects in this group can claim this level of compliance. 3677 This level of compliance is to be expected of a CGN 3678 compliant with [I-D.ietf-behave-lsn-requiremnents]." 3679 MODULE -- this module 3680 MANDATORY-GROUPS { natGroupBasicObjects, 3681 natGroupBasicNotifications, 3682 natGroupAddrMapObjects, 3683 natGroupAddrMapNotifications, 3684 natGroupFragmentObjects, 3685 natGroupSubscriberObjects, 3686 natGroupSubscriberNotifications } 3687 ::= { natMIBCompliances 6 } 3689 END 3691 5. Security Considerations 3693 Unauthorized access to the write-able objects could cause a denial of 3694 service and/or widespread network disturbance. Hence, the support 3695 for SET operations in a non-secure environment without proper 3696 protection can have a negative effect on network operations. 3698 At this writing, no security holes have been identified beyond those 3699 that SNMP Security is itself intended to address. These relate 3700 primarily to controlled access to sensitive information and the 3701 ability to configure a device - or which might result from operator 3702 error, which is beyond the scope of any security architecture. 3704 There are a number of managed objects in this MIB that may contain 3705 information that may be sensitive from a business perspective, in 3706 that they may represent NAT state information. Various objects can 3707 reveal the identity of private hosts that are engaged in a session 3708 with external end nodes. A curious outsider could monitor these to 3709 assess the number of private hosts being supported by the NAT device. 3710 Further, a disgruntled former employee of an enterprise could use the 3711 information to break into specific private hosts by intercepting the 3712 existing sessions or originating new sessions into the host. There 3713 are no objects that are sensitive in their own right, such as 3714 passwords or monetary amounts. It may even be important to control 3715 GET access to these objects and possibly to encrypt the values of 3716 these objects when they are sent over the network via SNMP. Not all 3717 versions of SNMP provide features for such a secure environment. 3719 SNMP versions prior to SNMPv3 did not include adequate security. 3720 Even if the network itself is secure (for example by using IPSec), 3721 even then, there is no control as to who on the secure network is 3722 allowed to access and GET/SET (read/change/create/delete) the objects 3723 in this MIB. 3725 It is recommended that the implementers consider the security 3726 features as provided by the SNMPv3 framework (see [RFC3410], section 3727 8), including full support for the SNMPv3 cryptographic mechanisms 3728 (for authentication and privacy). 3730 Further, deployment of SNMP versions prior to SNMPv3 is NOT 3731 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 3732 enable cryptographic security. It is then a customer/operator 3733 responsibility to ensure that the SNMP entity giving access to an 3734 instance of this MIB module is properly configured to give access to 3735 the objects only to those principals (users) that have legitimate 3736 rights to indeed GET or SET (change/create/delete) them. 3738 6. IANA Considerations 3740 IANA has assigned object identifier 123 to the natMIB module, with 3741 prefix iso.org.dod.internet.mgmt.mib-2 in the Network Management 3742 Parameters registry [1]. 3744 7. References 3746 7.1. Normative References 3748 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3749 Schoenwaelder, Ed., "Structure of Management Information 3750 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 3752 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3753 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 3754 58, RFC 2579, April 1999. 3756 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 3757 "Conformance Statements for SMIv2", STD 58, RFC 2580, 3758 April 1999. 3760 [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address 3761 Translator (NAT) Terminology and Considerations", RFC 3762 2663, August 1999. 3764 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 3765 Address Translator (Traditional NAT)", RFC 3022, January 3766 2001. 3768 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 3769 Schoenwaelder, "Textual Conventions for Internet Network 3770 Addresses", RFC 4001, February 2005. 3772 [RFC4750] Joyal, D., Galecki, P., Giacalone, S., Coltun, R., and F. 3773 Baker, "OSPF Version 2 Management Information Base", RFC 3774 4750, December 2006. 3776 [RFC4787] Audet, F. and C. Jennings, "Network Address Translation 3777 (NAT) Behavioral Requirements for Unicast UDP", BCP 127, 3778 RFC 4787, January 2007. 3780 7.2. Informative References 3782 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 3783 "Introduction and Applicability Statements for Internet- 3784 Standard Management Framework", RFC 3410, December 2002. 3786 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and 3787 C. Wang, "Definitions of Managed Objects for Network 3788 Address Translators (NAT)", RFC 4008, March 2005. 3790 Authors' Addresses 3792 Simon Perreault 3793 Viagenie 3794 246 Aberdeen 3795 Quebec, QC G1R 2E1 3796 Canada 3798 Phone: +1 418 656 9254 3799 Email: simon.perreault@viagenie.ca 3800 URI: http://viagenie.ca 3802 Tina Tsou 3803 Huawei Technologies (USA) 3804 2330 Central Expressway 3805 Santa Clara, CA 95050 3806 USA 3808 Phone: +1 408 330 4424 3809 Email: tina.tsou.zouting@huawei.com 3811 Senthil Sivakumar 3812 Cisco Systems 3813 7100-8 Kit Creek Road 3814 Research Triangle Park, North Carolina 27709 3815 USA 3817 Phone: +1 919 392 5158 3818 Email: ssenthil@cisco.com