idnits 2.17.1 draft-ietf-behave-nat-mib-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 778: '... ifIndex MUST have the same ma...' RFC 2119 keyword, line 3802: '... Implementations SHOULD provide the se...' RFC 2119 keyword, line 3804: '... SNMPv3 standard MUST include full sup...' RFC 2119 keyword, line 3807: '... MAY also provide support for the Tr...' RFC 2119 keyword, line 3812: '... RECOMMENDED. Instead, it is RECOMM...' -- The draft header indicates that this document obsoletes RFC4008, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 01, 2013) is 4013 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC6333' is mentioned on line 3435, but not defined == Missing Reference: 'I-D.ietf-behave-lsn-requiremnents' is mentioned on line 3727, but not defined -- Looks like a reference, but probably isn't: '1' on line 3823 ** Downref: Normative reference to an Informational RFC: RFC 2663 ** Downref: Normative reference to an Informational RFC: RFC 3022 -- Obsolete informational reference (is this intentional?): RFC 4008 (Obsoleted by RFC 7658) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Perreault 3 Internet-Draft Viagenie 4 Obsoletes: 4008 (if approved) T. Tsou 5 Intended status: Standards Track Huawei Technologies (USA) 6 Expires: November 02, 2013 S. Sivakumar 7 Cisco Systems 8 May 01, 2013 10 Additional Managed Objects for Network Address Translators (NAT) 11 draft-ietf-behave-nat-mib-06 13 Abstract 15 This memo defines a portion of the Management Information Base (MIB) 16 for devices implementing Network Address Translator (NAT) function. 17 This MIB module may be used for monitoring of a device capable of NAT 18 function. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on November 02, 2013. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 58 3.2. New Features . . . . . . . . . . . . . . . . . . . . . . 4 59 3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 78 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 63 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 80 64 7.1. Normative References . . . . . . . . . . . . . . . . . . 80 65 7.2. Informative References . . . . . . . . . . . . . . . . . 81 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 68 1. Introduction 70 This memo defines a portion of the Management Information Base (MIB) 71 for devices implementing NAT function. This MIB module may be used 72 for monitoring of a device capable of NAT function. Using it for 73 configuration is deprecated. NAT types and their characteristics are 74 defined in [RFC2663]. Traditional NAT function, in particular is 75 defined in [RFC3022]. This MIB does not address the firewall 76 functions and must not be used for configuring or monitoring these. 77 Section 2 provides references to the SNMP management framework, which 78 was used as the basis for the MIB module definition. Section 3 79 provides an overview of the MIB features. Lastly, Section 4 has the 80 complete NAT MIB definition. 82 2. The Internet-Standard Management Framework 84 For a detailed overview of the documents that describe the current 85 Internet-Standard Management Framework, please refer to section 7 of 86 RFC 3410 [RFC3410]. 88 Managed objects are accessed via a virtual information store, termed 89 the Management Information Base or MIB. MIB objects are generally 90 accessed through the Simple Network Management Protocol (SNMP). 91 Objects in the MIB are defined using the mechanisms defined in the 92 Structure of Management Information (SMI). This memo specifies a MIB 93 module that is compliant to the SMIv2, which is described in STD 58, 94 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 95 [RFC2580]. 97 3. Overview 99 3.1. Deprecated Features 101 All objects defined in [RFC4008] have been marked with "STATUS 102 deprecated" for the following reasons: 104 Writability: Experience with NAT has shown that implementations vary 105 tremendously. The NAT algorithms and data structures have little 106 in common across devices, and this results in wildly incompatible 107 configuration parameters. Therefore, few implementations were 108 ever able to claim full compliance. 110 Lesson learned: the MIB should be read-only as much as possible. 112 Exposing configuration parameters: Even in read-only mode, many 113 configuration parameters were exposed by [RFC4008] (e.g. 114 timeouts). Since implementations vary wildly in their sets of 115 configuration parameters, few implementations could claim even 116 basic compliance. 118 Lesson learned: the NAT MIB's purpose is not to expose 119 configuration parameters. 121 Interfaces: Objects from [RFC4008] tie NAT state with interfaces 122 (e.g. the interface table, the way map entries are grouped by 123 interface). Many NAT implementations either never keep track of 124 the interface or associate a mapping to a set of interfaces. 125 Since interfaces are at the core of [RFC4008], many NAT devices 126 were unable to have a proper implementation. 128 Lesson learned: NAT is a logical function that may be independent 129 of interfaces. Do not tie NAT state with interfaces. 131 NAT service types: [RFC4008] used four categories of NAT service: 132 basicNat, napt, bidirectionalNat, twiceNat. These are ill-defined 133 and many implementations either use different categories or do not 134 use categories at all. 136 Lesson learned: do not try to categorize NAT types. 138 Limited transport protocol set: The set of transport protocols was 139 defined as: other, icmp, udp, tcp. Furthermore, the numeric 140 values corresponding to those labels were arbitrary, without 141 relation to the actual standard protocol numbers. This meant that 142 NAT implementations were limited to those protocols and were 143 unable to expose information about DCCP, SCTP, etc. 145 Lesson learned: use standard transport protocol numbers. 147 3.2. New Features 149 New features in this module are as follows: 151 Counters: Many new counters are introduced. Most of them are 152 available in two variants: global and per-transport protocol. 154 Limits: A few limits on the quantity of state data stored by the NAT 155 device. Some of them can trigger notifications. 157 Address+Port Pools: Pools of external addresses and ports are often 158 used in enterprise and ISP settings. Pools are listed in a table, 159 each with its range of addresses and ports. It is possible to 160 inspect each pool's usage, to set limits, and to receive 161 notifications when thresholds are crossed. 163 Address Mappings: NATs that have an "IP address pooling" behavior of 164 "Paired" [RFC4787] maintain a mapping from internal address to 165 external address. This module allows inspection of this mapping 166 table. 168 Mapping table indexed by external 3-tuple: It is often necessary to 169 determine the internal address that is mapped to a given external 170 address and port. This MIB provides this table with an index to 171 accomplish this efficiently, without having to iterate over all 172 mappings. 174 Realms: See Section 3.3. 176 RFC 4787 terminology: Mapping table entries indicate the mapping 177 behavior, the filtering behavior, and the address pooling behavior 178 that were used to create the mapping. 180 Subscriber awareness: With the advent of CGN deployment, a set of 181 subscriber specific counters, limits and parameters are added. 183 3.3. Realms 185 Current NAT devices commonly allow the internal and external parts of 186 a mapping to come from different realms. The meaning of "realm" is 187 implementation-dependent. On some implementations it can be 188 equivalent to the name of a VPN Routing and Forwarding table (VRF). 189 On others it is simply the numeric index of a virtual routing table. 190 Note that this usage of "realm" is completely different from the one 191 in [RFC4008]. 193 This MIB allows the realm to be indicated where it makes sense. The 194 format is an SnmpAdminString. On platforms that identify realms with 195 integers, the string representation of the integer is used instead. 196 The empty string has special meaning: it refers to the default realm. 198 Note that many MIBs implicitly support realms in one form or another 199 by using SNMPv3 contexts. See for example the OSPFv2 MIB [RFC4750]. 200 This method cannot be used for the NAT MIB because mapppings can 201 belong to two realms simultaneously: the internal part can be in one 202 realm while the external part is in another. In such cases the NAT 203 function acts like a "wormhole" between two realms. Using contexts 204 would implicitly impose the restriction that all objects would have 205 to belong to the same realm. 207 4. Definitions 209 This MIB module IMPORTs objects from [RFC2578], [RFC2579], and 210 [RFC4001]. 212 NAT-MIB DEFINITIONS ::= BEGIN 214 IMPORTS 215 MODULE-IDENTITY, 216 OBJECT-TYPE, 217 Integer32, 218 Unsigned32, 219 Gauge32, 220 Counter64, 221 TimeTicks, 222 mib-2, 223 NOTIFICATION-TYPE 224 FROM SNMPv2-SMI 225 TEXTUAL-CONVENTION, 226 StorageType, 227 RowStatus 228 FROM SNMPv2-TC 229 MODULE-COMPLIANCE, 230 NOTIFICATION-GROUP, 231 OBJECT-GROUP 232 FROM SNMPv2-CONF 233 ifIndex, 234 ifCounterDiscontinuityGroup 235 FROM IF-MIB 236 SnmpAdminString 237 FROM SNMP-FRAMEWORK-MIB 238 InetAddressType, 239 InetAddress, 240 InetAddressPrefixLength, 241 InetPortNumber 242 FROM INET-ADDRESS-MIB; 244 natMIB MODULE-IDENTITY 245 LAST-UPDATED "201304260000Z" 246 -- RFC Ed.: set to publication date 247 ORGANIZATION 248 "IETF Behavior Engineering for Hindrance Avoidance 249 (BEHAVE) Working Group" 250 CONTACT-INFO 251 "Working Group Email: behave@ietf.org 253 Simon Perreault 254 Viagenie 255 246 Aberdeen 256 Quebec, QC G1R 2E1 257 Canada 259 Phone: +1 418 656 9254 260 Email: simon.perreault@viagenie.ca 261 URI: http://viagenie.ca 263 Tina Tsou 264 Huawei Technologies (USA) 265 2330 Central Expressway 266 Santa Clara, CA 95050 267 USA 269 Phone: +1 408 330 4424 270 Email: tina.tsou.zouting@huawei.com 272 Senthil Sivakumar 273 Cisco Systems 274 7100-8 Kit Creek Road 275 Research Triangle Park, North Carolina 27709 276 USA 278 Phone: +1 919 392 5158 279 Email: ssenthil@cisco.com" 280 DESCRIPTION 281 "This MIB module defines the generic managed objects 282 for NAT. 284 Copyright (C) The Internet Society (2013). This 285 version of this MIB module is part of RFC yyyy; see 286 the RFC itself for full legal notices." 288 -- RFC Ed.: replace yyyy with actual RFC number & remove this note" 289 REVISION "201304260000Z" 290 -- RFC Ed.: set to publication date 291 DESCRIPTION 292 "Complete rewrite, published as RFC yyyy." 293 -- RFC Ed.: replace yyyy with actual RFC number & set date" 294 REVISION "200503210000Z" -- 21th March 2005 295 DESCRIPTION 296 "Initial version, published as RFC 4008." 297 ::= { mib-2 123 } 299 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } 301 NatProtocolType ::= TEXTUAL-CONVENTION 302 STATUS deprecated 303 DESCRIPTION 304 "A list of protocols that support the network 305 address translation. Inclusion of the values is 306 not intended to imply that those protocols 307 need to be supported. Any change in this 308 TEXTUAL-CONVENTION should also be reflected in 309 the definition of NatProtocolMap, which is a 310 BITS representation of this." 311 SYNTAX INTEGER { 312 none (1), -- not specified 313 other (2), -- none of the following 314 icmp (3), 315 udp (4), 316 tcp (5) 317 } 319 NatProtocolMap ::= TEXTUAL-CONVENTION 320 STATUS deprecated 321 DESCRIPTION 322 "A bitmap of protocol identifiers that support 323 the network address translation. Any change 324 in this TEXTUAL-CONVENTION should also be 325 reflected in the definition of NatProtocolType." 326 SYNTAX BITS { 327 other (0), 328 icmp (1), 329 udp (2), 330 tcp (3) 331 } 333 NatAddrMapId ::= TEXTUAL-CONVENTION 334 DISPLAY-HINT "d" 335 STATUS deprecated 336 DESCRIPTION 337 "A unique id that is assigned to each address map 338 by a NAT enabled device." 339 SYNTAX Unsigned32 (1..4294967295) 341 NatBindIdOrZero ::= TEXTUAL-CONVENTION 342 DISPLAY-HINT "d" 343 STATUS deprecated 344 DESCRIPTION 345 "A unique id that is assigned to each bind by 346 a NAT enabled device. The bind id will be zero 347 in the case of a Symmetric NAT." 348 SYNTAX Unsigned32 (0..4294967295) 350 NatBindId ::= TEXTUAL-CONVENTION 351 DISPLAY-HINT "d" 352 STATUS deprecated 353 DESCRIPTION 354 "A unique id that is assigned to each bind by 355 a NAT enabled device." 356 SYNTAX Unsigned32 (1..4294967295) 358 NatSessionId ::= TEXTUAL-CONVENTION 359 DISPLAY-HINT "d" 360 STATUS deprecated 361 DESCRIPTION 362 "A unique id that is assigned to each session by 363 a NAT enabled device." 364 SYNTAX Unsigned32 (1..4294967295) 366 NatBindMode ::= TEXTUAL-CONVENTION 367 STATUS deprecated 368 DESCRIPTION 369 "An indication of whether the bind is 370 an address bind or an address port bind." 371 SYNTAX INTEGER { 372 addressBind (1), 373 addressPortBind (2) 374 } 376 NatAssociationType ::= TEXTUAL-CONVENTION 377 STATUS deprecated 378 DESCRIPTION 379 "An indication of whether the association is 380 static or dynamic." 381 SYNTAX INTEGER { 382 static (1), 383 dynamic (2) 385 } 387 NatTranslationEntity ::= TEXTUAL-CONVENTION 388 STATUS deprecated 389 DESCRIPTION 390 "An indication of a) the direction of a session for 391 which an address map entry, address bind or port 392 bind is applicable, and b) the entity (source or 393 destination) within the session that is subject to 394 translation." 395 SYNTAX BITS { 396 inboundSrcEndPoint (0), 397 outboundDstEndPoint(1), 398 inboundDstEndPoint (2), 399 outboundSrcEndPoint(3) 400 } 402 -- 403 -- Default Values for the Bind and NAT Protocol Timers 404 -- 406 natDefTimeouts OBJECT IDENTIFIER ::= { natMIBObjects 1 } 408 natNotifCtrl OBJECT IDENTIFIER ::= { natMIBObjects 2 } 410 -- 411 -- Address Bind and Port Bind related NAT configuration 412 -- 414 natBindDefIdleTimeout OBJECT-TYPE 415 SYNTAX Unsigned32 (0..4294967295) 416 UNITS "seconds" 417 MAX-ACCESS read-write 418 STATUS deprecated 419 DESCRIPTION 420 "The default Bind (Address Bind or Port Bind) idle 421 timeout parameter. 423 If the agent is capable of storing non-volatile 424 configuration, then the value of this object must be 425 restored after a re-initialization of the management 426 system." 427 DEFVAL { 0 } 428 ::= { natDefTimeouts 1 } 430 -- 431 -- UDP related NAT configuration 432 -- 434 natUdpDefIdleTimeout OBJECT-TYPE 435 SYNTAX Unsigned32 (1..4294967295) 436 UNITS "seconds" 437 MAX-ACCESS read-write 438 STATUS deprecated 439 DESCRIPTION 440 "The default UDP idle timeout parameter. 442 If the agent is capable of storing non-volatile 443 configuration, then the value of this object must be 444 restored after a re-initialization of the management 445 system." 446 DEFVAL { 300 } 447 ::= { natDefTimeouts 2 } 449 -- 450 -- ICMP related NAT configuration 451 -- 453 natIcmpDefIdleTimeout OBJECT-TYPE 454 SYNTAX Unsigned32 (1..4294967295) 455 UNITS "seconds" 456 MAX-ACCESS read-write 457 STATUS deprecated 458 DESCRIPTION 459 "The default ICMP idle timeout parameter. 461 If the agent is capable of storing non-volatile 462 configuration, then the value of this object must be 463 restored after a re-initialization of the management 464 system." 465 DEFVAL { 300 } 466 ::= { natDefTimeouts 3 } 468 -- 469 -- Other protocol parameters 470 -- 472 natOtherDefIdleTimeout OBJECT-TYPE 473 SYNTAX Unsigned32 (1..4294967295) 474 UNITS "seconds" 475 MAX-ACCESS read-write 476 STATUS deprecated 477 DESCRIPTION 478 "The default idle timeout parameter for protocols 479 represented by the value other (2) in 480 NatProtocolType. 482 If the agent is capable of storing non-volatile 483 configuration, then the value of this object must be 484 restored after a re-initialization of the management 485 system." 486 DEFVAL { 60 } 487 ::= { natDefTimeouts 4 } 489 -- 490 -- TCP related NAT Timers 491 -- 493 natTcpDefIdleTimeout OBJECT-TYPE 494 SYNTAX Unsigned32 (1..4294967295) 495 UNITS "seconds" 496 MAX-ACCESS read-write 497 STATUS deprecated 498 DESCRIPTION 499 "The default time interval that a NAT session for an 500 established TCP connection is allowed to remain 501 valid without any activity on the TCP connection. 503 If the agent is capable of storing non-volatile 504 configuration, then the value of this object must be 505 restored after a re-initialization of the management 506 system." 507 DEFVAL { 86400 } 508 ::= { natDefTimeouts 5 } 510 natTcpDefNegTimeout OBJECT-TYPE 511 SYNTAX Unsigned32 (1..4294967295) 512 UNITS "seconds" 513 MAX-ACCESS read-write 514 STATUS deprecated 515 DESCRIPTION 516 "The default time interval that a NAT session for a TCP 517 connection that is not in the established state 518 is allowed to remain valid without any activity on 519 the TCP connection. 521 If the agent is capable of storing non-volatile 522 configuration, then the value of this object must be 523 restored after a re-initialization of the management 524 system." 525 DEFVAL { 60 } 526 ::= { natDefTimeouts 6 } 528 natNotifThrottlingInterval OBJECT-TYPE 529 SYNTAX Integer32 (0 | 5..3600) 530 UNITS "seconds" 531 MAX-ACCESS read-write 532 STATUS deprecated 533 DESCRIPTION 534 "This object controls the generation of the 535 natPacketDiscard notification. 537 If this object has a value of zero, then no 538 natPacketDiscard notifications will be transmitted by 539 the agent. 541 If this object has a non-zero value, then the agent must 542 not generate more than one natPacketDiscard 543 'notification-event' in the indicated period, where a 544 'notification-event' is the generation of a single 545 notification PDU type to a list of notification 546 destinations. If additional NAT packets are discarded 547 within the throttling period, then notification-events 548 for these changes must be suppressed by the agent until 549 the current throttling period expires. 551 If natNotifThrottlingInterval notification generation 552 is enabled, the suggested default throttling period is 553 60 seconds, but generation of the natPacketDiscard 554 notification should be disabled by default. 556 If the agent is capable of storing non-volatile 557 configuration, then the value of this object must be 558 restored after a re-initialization of the management 559 system. 561 The actual transmission of notifications is controlled 562 via the MIB modules in RFC 3413." 563 DEFVAL { 0 } 564 ::= { natNotifCtrl 1 } 566 -- 567 -- The NAT Interface Table 568 -- 570 natInterfaceTable OBJECT-TYPE 571 SYNTAX SEQUENCE OF NatInterfaceEntry 572 MAX-ACCESS not-accessible 573 STATUS deprecated 574 DESCRIPTION 575 "This table specifies the attributes for interfaces on a 576 device supporting NAT function." 577 ::= { natMIBObjects 3 } 579 natInterfaceEntry OBJECT-TYPE 580 SYNTAX NatInterfaceEntry 581 MAX-ACCESS not-accessible 582 STATUS deprecated 583 DESCRIPTION 584 "Each entry in the natInterfaceTable holds a set of 585 parameters for an interface, instantiated by 586 ifIndex. Therefore, the interface index must have been 587 assigned, according to the applicable procedures, 588 before it can be meaningfully used. 589 Generally, this means that the interface must exist. 591 When natStorageType is of type nonVolatile, however, 592 this may reflect the configuration for an interface 593 whose ifIndex has been assigned but for which the 594 supporting implementation is not currently present." 595 INDEX { ifIndex } 596 ::= { natInterfaceTable 1 } 598 NatInterfaceEntry ::= SEQUENCE { 599 natInterfaceRealm INTEGER, 600 natInterfaceServiceType BITS, 601 natInterfaceInTranslates Counter64, 602 natInterfaceOutTranslates Counter64, 603 natInterfaceDiscards Counter64, 604 natInterfaceStorageType StorageType, 605 natInterfaceRowStatus RowStatus 606 } 608 natInterfaceRealm OBJECT-TYPE 609 SYNTAX INTEGER { 610 private (1), 611 public (2) 612 } 613 MAX-ACCESS read-create 614 STATUS deprecated 615 DESCRIPTION 616 "This object identifies whether this interface is 617 connected to the private or the public realm." 618 DEFVAL { public } 619 ::= { natInterfaceEntry 1 } 621 natInterfaceServiceType OBJECT-TYPE 622 SYNTAX BITS { 623 basicNat (0), 624 napt (1), 625 bidirectionalNat (2), 626 twiceNat (3) 627 } 628 MAX-ACCESS read-create 629 STATUS deprecated 630 DESCRIPTION 631 "An indication of the direction in which new sessions 632 are permitted and the extent of translation done within 633 the IP and transport headers." 634 ::= { natInterfaceEntry 2 } 636 natInterfaceInTranslates OBJECT-TYPE 637 SYNTAX Counter64 638 MAX-ACCESS read-only 639 STATUS deprecated 640 DESCRIPTION 641 "Number of packets received on this interface that 642 were translated. 643 Discontinuities in the value of this counter can occur 644 at reinitialization of the management system and at 645 other times as indicated by the value of 646 ifCounterDiscontinuityTime on the relevant interface." 647 ::= { natInterfaceEntry 3 } 649 natInterfaceOutTranslates OBJECT-TYPE 650 SYNTAX Counter64 651 MAX-ACCESS read-only 652 STATUS deprecated 653 DESCRIPTION 654 "Number of translated packets that were sent out this 655 interface. 657 Discontinuities in the value of this counter can occur 658 at reinitialization of the management system and at 659 other times as indicated by the value of 660 ifCounterDiscontinuityTime on the relevant interface." 661 ::= { natInterfaceEntry 4 } 663 natInterfaceDiscards OBJECT-TYPE 664 SYNTAX Counter64 665 MAX-ACCESS read-only 666 STATUS deprecated 667 DESCRIPTION 668 "Number of packets that had to be rejected/dropped due to 669 a lack of resources for this interface. 671 Discontinuities in the value of this counter can occur 672 at reinitialization of the management system and at 673 other times as indicated by the value of 674 ifCounterDiscontinuityTime on the relevant interface." 675 ::= { natInterfaceEntry 5 } 677 natInterfaceStorageType OBJECT-TYPE 678 SYNTAX StorageType 679 MAX-ACCESS read-create 680 STATUS deprecated 681 DESCRIPTION 682 "The storage type for this conceptual row. 683 Conceptual rows having the value 'permanent' 684 need not allow write-access to any columnar objects 685 in the row." 686 REFERENCE 687 "Textual Conventions for SMIv2, Section 2." 688 DEFVAL { nonVolatile } 689 ::= { natInterfaceEntry 6 } 691 natInterfaceRowStatus OBJECT-TYPE 692 SYNTAX RowStatus 693 MAX-ACCESS read-create 694 STATUS deprecated 695 DESCRIPTION 696 "The status of this conceptual row. 698 Until instances of all corresponding columns are 699 appropriately configured, the value of the 700 corresponding instance of the natInterfaceRowStatus 701 column is 'notReady'. 703 In particular, a newly created row cannot be made 704 active until the corresponding instance of 705 natInterfaceServiceType has been set. 707 None of the objects in this row may be modified 708 while the value of this object is active(1)." 709 REFERENCE 710 "Textual Conventions for SMIv2, Section 2." 711 ::= { natInterfaceEntry 7 } 713 -- 714 -- The Address Map Table 715 -- 717 natAddrMapTable OBJECT-TYPE 718 SYNTAX SEQUENCE OF NatAddrMapEntry 719 MAX-ACCESS not-accessible 720 STATUS deprecated 721 DESCRIPTION 722 "This table lists address map parameters for NAT." 723 ::= { natMIBObjects 4 } 725 natAddrMapEntry OBJECT-TYPE 726 SYNTAX NatAddrMapEntry 727 MAX-ACCESS not-accessible 728 STATUS deprecated 729 DESCRIPTION 730 "This entry represents an address map to be used for 731 NAT and contributes to the dynamic and/or static 732 address mapping tables of the NAT device." 733 INDEX { ifIndex, natAddrMapIndex } 734 ::= { natAddrMapTable 1 } 736 NatAddrMapEntry ::= SEQUENCE { 737 natAddrMapIndex NatAddrMapId, 738 natAddrMapName SnmpAdminString, 739 natAddrMapEntryType NatAssociationType, 740 natAddrMapTranslationEntity NatTranslationEntity, 741 natAddrMapLocalAddrType InetAddressType, 742 natAddrMapLocalAddrFrom InetAddress, 743 natAddrMapLocalAddrTo InetAddress, 744 natAddrMapLocalPortFrom InetPortNumber, 745 natAddrMapLocalPortTo InetPortNumber, 746 natAddrMapGlobalAddrType InetAddressType, 747 natAddrMapGlobalAddrFrom InetAddress, 748 natAddrMapGlobalAddrTo InetAddress, 749 natAddrMapGlobalPortFrom InetPortNumber, 750 natAddrMapGlobalPortTo InetPortNumber, 751 natAddrMapProtocol NatProtocolMap, 752 natAddrMapInTranslates Counter64, 753 natAddrMapOutTranslates Counter64, 754 natAddrMapDiscards Counter64, 755 natAddrMapAddrUsed Gauge32, 756 natAddrMapStorageType StorageType, 757 natAddrMapRowStatus RowStatus 758 } 760 natAddrMapIndex OBJECT-TYPE 761 SYNTAX NatAddrMapId 762 MAX-ACCESS not-accessible 763 STATUS deprecated 764 DESCRIPTION 765 "Along with ifIndex, this object uniquely 766 identifies an entry in the natAddrMapTable. 767 Address map entries are applied in the order 768 specified by natAddrMapIndex." 769 ::= { natAddrMapEntry 1 } 771 natAddrMapName OBJECT-TYPE 772 SYNTAX SnmpAdminString (SIZE(1..32)) 773 MAX-ACCESS read-create 774 STATUS deprecated 775 DESCRIPTION 776 "Name identifying all map entries in the table associated 777 with the same interface. All map entries with the same 778 ifIndex MUST have the same map name." 779 ::= { natAddrMapEntry 2 } 781 natAddrMapEntryType OBJECT-TYPE 782 SYNTAX NatAssociationType 783 MAX-ACCESS read-create 784 STATUS deprecated 785 DESCRIPTION 786 "This parameter can be used to set up static 787 or dynamic address maps." 788 ::= { natAddrMapEntry 3 } 790 natAddrMapTranslationEntity OBJECT-TYPE 791 SYNTAX NatTranslationEntity 792 MAX-ACCESS read-create 793 STATUS deprecated 794 DESCRIPTION 795 "The end-point entity (source or destination) in 796 inbound or outbound sessions (i.e., first packets) that 797 may be translated by an address map entry. 799 Session direction (inbound or outbound) is 800 derived from the direction of the first packet 801 of a session traversing a NAT interface. 802 NAT address (and Transport-ID) maps may be defined 803 to effect inbound or outbound sessions. 805 Traditionally, address maps for Basic NAT and NAPT are 806 configured on a public interface for outbound sessions, 807 effecting translation of source end-point. The value of 808 this object must be set to outboundSrcEndPoint for 809 those interfaces. 811 Alternately, if address maps for Basic NAT and NAPT were 812 to be configured on a private interface, the desired 813 value for this object for the map entries 814 would be inboundSrcEndPoint (i.e., effecting translation 815 of source end-point for inbound sessions). 817 If TwiceNAT were to be configured on a private 818 interface, the desired value for this object for the map 819 entries would be a bitmask of inboundSrcEndPoint and 820 inboundDstEndPoint." 821 ::= { natAddrMapEntry 4 } 823 natAddrMapLocalAddrType OBJECT-TYPE 824 SYNTAX InetAddressType 825 MAX-ACCESS read-create 826 STATUS deprecated 827 DESCRIPTION 828 "This object specifies the address type used for 829 natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo." 830 ::= { natAddrMapEntry 5 } 832 natAddrMapLocalAddrFrom OBJECT-TYPE 833 SYNTAX InetAddress 834 MAX-ACCESS read-create 835 STATUS deprecated 836 DESCRIPTION 837 "This object specifies the first IP address of the range 838 of IP addresses mapped by this translation entry. The 839 value of this object must be less than or equal to the 840 value of the natAddrMapLocalAddrTo object. 842 The type of this address is determined by the value of 843 the natAddrMapLocalAddrType object." 844 ::= { natAddrMapEntry 6 } 846 natAddrMapLocalAddrTo OBJECT-TYPE 847 SYNTAX InetAddress 848 MAX-ACCESS read-create 849 STATUS deprecated 850 DESCRIPTION 851 "This object specifies the last IP address of the range 852 of IP addresses mapped by this translation entry. If 853 only a single address is being mapped, the value of this 854 object is equal to the value of natAddrMapLocalAddrFrom. 855 For a static NAT, the number of addresses in the range 856 defined by natAddrMapLocalAddrFrom and 857 natAddrMapLocalAddrTo must be equal to the number of 858 addresses in the range defined by 859 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo. 860 The value of this object must be greater than or equal 861 to the value of the natAddrMapLocalAddrFrom object. 863 The type of this address is determined by the value of 864 the natAddrMapLocalAddrType object." 865 ::= { natAddrMapEntry 7 } 867 natAddrMapLocalPortFrom OBJECT-TYPE 868 SYNTAX InetPortNumber 869 MAX-ACCESS read-create 870 STATUS deprecated 871 DESCRIPTION 872 "If this conceptual row describes a Basic NAT address 873 mapping, then the value of this object must be zero. If 874 this conceptual row describes NAPT, then the value of 875 this object specifies the first port number in the range 876 of ports being mapped. 878 The value of this object must be less than or equal to 879 the value of the natAddrMapLocalPortTo object. If the 880 translation specifies a single port, then the value of 881 this object is equal to the value of 882 natAddrMapLocalPortTo." 883 DEFVAL { 0 } 884 ::= { natAddrMapEntry 8 } 886 natAddrMapLocalPortTo OBJECT-TYPE 887 SYNTAX InetPortNumber 888 MAX-ACCESS read-create 889 STATUS deprecated 890 DESCRIPTION 891 "If this conceptual row describes a Basic NAT address 892 mapping, then the value of this object must be zero. If 893 this conceptual row describes NAPT, then the value of 894 this object specifies the last port number in the range 895 of ports being mapped. 897 The value of this object must be greater than or equal 898 to the value of the natAddrMapLocalPortFrom object. If 899 the translation specifies a single port, then the value 900 of this object is equal to the value of 901 natAddrMapLocalPortFrom." 902 DEFVAL { 0 } 903 ::= { natAddrMapEntry 9 } 905 natAddrMapGlobalAddrType OBJECT-TYPE 906 SYNTAX InetAddressType 907 MAX-ACCESS read-create 908 STATUS deprecated 909 DESCRIPTION 910 "This object specifies the address type used for 911 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo." 912 ::= { natAddrMapEntry 10 } 914 natAddrMapGlobalAddrFrom OBJECT-TYPE 915 SYNTAX InetAddress 916 MAX-ACCESS read-create 917 STATUS deprecated 918 DESCRIPTION 919 "This object specifies the first IP address of the range 920 of IP addresses being mapped to. The value of this 921 object must be less than or equal to the value of the 922 natAddrMapGlobalAddrTo object. 924 The type of this address is determined by the value of 925 the natAddrMapGlobalAddrType object." 926 ::= { natAddrMapEntry 11 } 928 natAddrMapGlobalAddrTo OBJECT-TYPE 929 SYNTAX InetAddress 930 MAX-ACCESS read-create 931 STATUS deprecated 932 DESCRIPTION 933 "This object specifies the last IP address of the range 934 of IP addresses being mapped to. If only a single 935 address is being mapped to, the value of this object is 936 equal to the value of natAddrMapGlobalAddrFrom. For a 937 static NAT, the number of addresses in the range defined 938 by natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo 939 must be equal to the number of addresses in the range 940 defined by natAddrMapLocalAddrFrom and 941 natAddrMapLocalAddrTo. The value of this object must be 942 greater than or equal to the value of the 943 natAddrMapGlobalAddrFrom object. 945 The type of this address is determined by the value of 946 the natAddrMapGlobalAddrType object." 947 ::= { natAddrMapEntry 12 } 949 natAddrMapGlobalPortFrom OBJECT-TYPE 950 SYNTAX InetPortNumber 951 MAX-ACCESS read-create 952 STATUS deprecated 953 DESCRIPTION 954 "If this conceptual row describes a Basic NAT address 955 mapping, then the value of this object must be zero. If 956 this conceptual row describes NAPT, then the value of 957 this object specifies the first port number in the range 958 of ports being mapped to. 960 The value of this object must be less than or equal to 961 the value of the natAddrMapGlobalPortTo object. If the 962 translation specifies a single port, then the value of 963 this object is equal to the value 964 natAddrMapGlobalPortTo." 965 DEFVAL { 0 } 966 ::= { natAddrMapEntry 13 } 968 natAddrMapGlobalPortTo OBJECT-TYPE 969 SYNTAX InetPortNumber 970 MAX-ACCESS read-create 971 STATUS deprecated 972 DESCRIPTION 973 "If this conceptual row describes a Basic NAT address 974 mapping, then the value of this object must be zero. If 975 this conceptual row describes NAPT, then the value of 976 this object specifies the last port number in the range 977 of ports being mapped to. 979 The value of this object must be greater than or equal 980 to the value of the natAddrMapGlobalPortFrom object. If 981 the translation specifies a single port, then the value 982 of this object is equal to the value of 983 natAddrMapGlobalPortFrom." 984 DEFVAL { 0 } 985 ::= { natAddrMapEntry 14 } 987 natAddrMapProtocol OBJECT-TYPE 988 SYNTAX NatProtocolMap 989 MAX-ACCESS read-create 990 STATUS deprecated 991 DESCRIPTION 992 "This object specifies a bitmap of protocol identifiers." 993 ::= { natAddrMapEntry 15 } 995 natAddrMapInTranslates OBJECT-TYPE 996 SYNTAX Counter64 997 MAX-ACCESS read-only 998 STATUS deprecated 999 DESCRIPTION 1000 "The number of inbound packets pertaining to this address 1001 map entry that were translated. 1003 Discontinuities in the value of this counter can occur 1004 at reinitialization of the management system and at 1005 other times, as indicated by the value of 1006 ifCounterDiscontinuityTime on the relevant interface." 1007 ::= { natAddrMapEntry 16 } 1009 natAddrMapOutTranslates OBJECT-TYPE 1010 SYNTAX Counter64 1011 MAX-ACCESS read-only 1012 STATUS deprecated 1013 DESCRIPTION 1014 "The number of outbound packets pertaining to this 1015 address map entry that were translated. 1017 Discontinuities in the value of this counter can occur 1018 at reinitialization of the management system and at 1019 other times, as indicated by the value of 1020 ifCounterDiscontinuityTime on the relevant interface." 1021 ::= { natAddrMapEntry 17 } 1023 natAddrMapDiscards OBJECT-TYPE 1024 SYNTAX Counter64 1025 MAX-ACCESS read-only 1026 STATUS deprecated 1027 DESCRIPTION 1028 "The number of packets pertaining to this address map 1029 entry that were dropped due to lack of addresses in the 1030 address pool identified by this address map. The value 1031 of this object must always be zero in case of static 1032 address map. 1034 Discontinuities in the value of this counter can occur 1035 at reinitialization of the management system and at 1036 other times, as indicated by the value of 1037 ifCounterDiscontinuityTime on the relevant interface." 1038 ::= { natAddrMapEntry 18 } 1040 natAddrMapAddrUsed OBJECT-TYPE 1041 SYNTAX Gauge32 1042 MAX-ACCESS read-only 1043 STATUS deprecated 1044 DESCRIPTION 1045 "The number of addresses pertaining to this address map 1046 that are currently being used from the NAT pool. 1047 The value of this object must always be zero in the case 1048 of a static address map." 1049 ::= { natAddrMapEntry 19 } 1051 natAddrMapStorageType OBJECT-TYPE 1052 SYNTAX StorageType 1053 MAX-ACCESS read-create 1054 STATUS deprecated 1055 DESCRIPTION 1056 "The storage type for this conceptual row. 1058 Conceptual rows having the value 'permanent' 1059 need not allow write-access to any columnar objects 1060 in the row." 1061 REFERENCE 1062 "Textual Conventions for SMIv2, Section 2." 1063 DEFVAL { nonVolatile } 1064 ::= { natAddrMapEntry 20 } 1066 natAddrMapRowStatus OBJECT-TYPE 1067 SYNTAX RowStatus 1068 MAX-ACCESS read-create 1069 STATUS deprecated 1070 DESCRIPTION 1071 "The status of this conceptual row. 1073 Until instances of all corresponding columns are 1074 appropriately configured, the value of the 1075 corresponding instance of the natAddrMapRowStatus 1076 column is 'notReady'. 1078 None of the objects in this row may be modified 1079 while the value of this object is active(1)." 1080 REFERENCE 1081 "Textual Conventions for SMIv2, Section 2." 1082 ::= { natAddrMapEntry 21 } 1084 -- 1085 -- Address Bind section 1086 -- 1088 natAddrBindNumberOfEntries OBJECT-TYPE 1089 SYNTAX Gauge32 1090 MAX-ACCESS read-only 1091 STATUS deprecated 1092 DESCRIPTION 1093 "This object maintains a count of the number of entries 1094 that currently exist in the natAddrBindTable." 1095 ::= { natMIBObjects 5 } 1097 -- 1098 -- The NAT Address BIND Table 1099 -- 1101 natAddrBindTable OBJECT-TYPE 1102 SYNTAX SEQUENCE OF NatAddrBindEntry 1103 MAX-ACCESS not-accessible 1104 STATUS deprecated 1105 DESCRIPTION 1106 "This table holds information about the currently 1107 active NAT BINDs." 1108 ::= { natMIBObjects 6 } 1110 natAddrBindEntry OBJECT-TYPE 1111 SYNTAX NatAddrBindEntry 1112 MAX-ACCESS not-accessible 1113 STATUS deprecated 1114 DESCRIPTION 1115 "Each entry in this table holds information about 1116 an active address BIND. These entries are lost 1117 upon agent restart. 1119 This row has indexing which may create variables with 1120 more than 128 subidentifiers. Implementers of this 1121 table must be careful not to create entries that would 1122 result in OIDs which exceed the 128 subidentifier limit. 1123 Otherwise, the information cannot be accessed using 1124 SNMPv1, SNMPv2c or SNMPv3." 1126 INDEX { ifIndex, 1127 natAddrBindLocalAddrType, 1128 natAddrBindLocalAddr } 1129 ::= { natAddrBindTable 1 } 1131 NatAddrBindEntry ::= SEQUENCE { 1132 natAddrBindLocalAddrType InetAddressType, 1133 natAddrBindLocalAddr InetAddress, 1134 natAddrBindGlobalAddrType InetAddressType, 1135 natAddrBindGlobalAddr InetAddress, 1136 natAddrBindId NatBindId, 1137 natAddrBindTranslationEntity NatTranslationEntity, 1138 natAddrBindType NatAssociationType, 1139 natAddrBindMapIndex NatAddrMapId, 1140 natAddrBindSessions Gauge32, 1141 natAddrBindMaxIdleTime TimeTicks, 1142 natAddrBindCurrentIdleTime TimeTicks, 1143 natAddrBindInTranslates Counter64, 1144 natAddrBindOutTranslates Counter64 1145 } 1147 natAddrBindLocalAddrType OBJECT-TYPE 1148 SYNTAX InetAddressType 1149 MAX-ACCESS not-accessible 1150 STATUS deprecated 1151 DESCRIPTION 1152 "This object specifies the address type used for 1153 natAddrBindLocalAddr." 1155 ::= { natAddrBindEntry 1 } 1157 natAddrBindLocalAddr OBJECT-TYPE 1158 SYNTAX InetAddress (SIZE (4|16)) 1159 MAX-ACCESS not-accessible 1160 STATUS deprecated 1161 DESCRIPTION 1162 "This object represents the private-realm specific 1163 network layer address, which maps to the public-realm 1164 address represented by natAddrBindGlobalAddr. 1166 The type of this address is determined by the value of 1167 the natAddrBindLocalAddrType object." 1168 ::= { natAddrBindEntry 2 } 1170 natAddrBindGlobalAddrType OBJECT-TYPE 1171 SYNTAX InetAddressType 1172 MAX-ACCESS read-only 1173 STATUS deprecated 1174 DESCRIPTION 1175 "This object specifies the address type used for 1176 natAddrBindGlobalAddr." 1177 ::= { natAddrBindEntry 3 } 1179 natAddrBindGlobalAddr OBJECT-TYPE 1180 SYNTAX InetAddress 1181 MAX-ACCESS read-only 1182 STATUS deprecated 1183 DESCRIPTION 1184 "This object represents the public-realm network layer 1185 address that maps to the private-realm network layer 1186 address represented by natAddrBindLocalAddr. 1188 The type of this address is determined by the value of 1189 the natAddrBindGlobalAddrType object." 1190 ::= { natAddrBindEntry 4 } 1192 natAddrBindId OBJECT-TYPE 1193 SYNTAX NatBindId 1194 MAX-ACCESS read-only 1195 STATUS deprecated 1196 DESCRIPTION 1197 "This object represents a bind id that is dynamically 1198 assigned to each bind by a NAT enabled device. Each 1199 bind is represented by a bind id that is 1200 unique across both, the natAddrBindTable and the 1201 natAddrPortBindTable." 1202 ::= { natAddrBindEntry 5 } 1204 natAddrBindTranslationEntity OBJECT-TYPE 1205 SYNTAX NatTranslationEntity 1206 MAX-ACCESS read-only 1207 STATUS deprecated 1208 DESCRIPTION 1209 "This object represents the direction of sessions 1210 for which this bind is applicable and the endpoint 1211 entity (source or destination) within the sessions that 1212 is subject to translation using the BIND. 1214 Orientation of the bind can be a superset of 1215 translationEntity of the address map entry which 1216 forms the basis for this bind. 1218 For example, if the translationEntity of an 1219 address map entry is outboundSrcEndPoint, the 1220 translationEntity of a bind derived from this 1221 map entry may either be outboundSrcEndPoint or 1222 it may be bidirectional (a bitmask of 1223 outboundSrcEndPoint and inboundDstEndPoint)." 1224 ::= { natAddrBindEntry 6 } 1226 natAddrBindType OBJECT-TYPE 1227 SYNTAX NatAssociationType 1228 MAX-ACCESS read-only 1229 STATUS deprecated 1230 DESCRIPTION 1231 "This object indicates whether the bind is static or 1232 dynamic." 1233 ::= { natAddrBindEntry 7 } 1235 natAddrBindMapIndex OBJECT-TYPE 1236 SYNTAX NatAddrMapId 1237 MAX-ACCESS read-only 1238 STATUS deprecated 1239 DESCRIPTION 1240 "This object is a pointer to the natAddrMapTable entry 1241 (and the parameters of that entry) which was used in 1242 creating this BIND. This object, in conjunction with 1243 the ifIndex (which identifies a unique addrMapName) 1244 points to a unique entry in the natAddrMapTable." 1245 ::= { natAddrBindEntry 8 } 1247 natAddrBindSessions OBJECT-TYPE 1248 SYNTAX Gauge32 1249 MAX-ACCESS read-only 1250 STATUS deprecated 1251 DESCRIPTION 1252 "Number of sessions currently using this BIND." 1253 ::= { natAddrBindEntry 9 } 1255 natAddrBindMaxIdleTime OBJECT-TYPE 1256 SYNTAX TimeTicks 1257 MAX-ACCESS read-only 1258 STATUS deprecated 1259 DESCRIPTION 1260 "This object indicates the maximum time for 1261 which this bind can be idle with no sessions 1262 attached to it. 1264 The value of this object is of relevance only for 1265 dynamic NAT." 1266 ::= { natAddrBindEntry 10 } 1268 natAddrBindCurrentIdleTime OBJECT-TYPE 1269 SYNTAX TimeTicks 1270 MAX-ACCESS read-only 1271 STATUS deprecated 1272 DESCRIPTION 1273 "At any given instance, this object indicates the 1274 time that this bind has been idle without any sessions 1275 attached to it. 1277 The value of this object is of relevance only for 1278 dynamic NAT." 1279 ::= { natAddrBindEntry 11 } 1281 natAddrBindInTranslates OBJECT-TYPE 1282 SYNTAX Counter64 1283 MAX-ACCESS read-only 1284 STATUS deprecated 1285 DESCRIPTION 1286 "The number of inbound packets that were successfully 1287 translated by using this bind entry. 1289 Discontinuities in the value of this counter can occur 1290 at reinitialization of the management system and at 1291 other times, as indicated by the value of 1292 ifCounterDiscontinuityTime on the relevant interface." 1293 ::= { natAddrBindEntry 12 } 1295 natAddrBindOutTranslates OBJECT-TYPE 1296 SYNTAX Counter64 1297 MAX-ACCESS read-only 1298 STATUS deprecated 1299 DESCRIPTION 1300 "The number of outbound packets that were successfully 1301 translated using this bind entry. 1303 Discontinuities in the value of this counter can occur 1304 at reinitialization of the management system and at 1305 other times as indicated by the value of 1306 ifCounterDiscontinuityTime on the relevant interface." 1307 ::= { natAddrBindEntry 13 } 1309 -- 1310 -- Address Port Bind section 1311 -- 1313 natAddrPortBindNumberOfEntries OBJECT-TYPE 1314 SYNTAX Gauge32 1315 MAX-ACCESS read-only 1316 STATUS deprecated 1317 DESCRIPTION 1318 "This object maintains a count of the number of entries 1319 that currently exist in the natAddrPortBindTable." 1320 ::= { natMIBObjects 7 } 1322 -- 1323 -- The NAT Address Port Bind Table 1324 -- 1326 natAddrPortBindTable OBJECT-TYPE 1327 SYNTAX SEQUENCE OF NatAddrPortBindEntry 1328 MAX-ACCESS not-accessible 1329 STATUS deprecated 1330 DESCRIPTION 1331 "This table holds information about the currently 1332 active NAPT BINDs." 1333 ::= { natMIBObjects 8 } 1335 natAddrPortBindEntry OBJECT-TYPE 1336 SYNTAX NatAddrPortBindEntry 1337 MAX-ACCESS not-accessible 1338 STATUS deprecated 1339 DESCRIPTION 1340 "Each entry in the this table holds information 1341 about a NAPT bind that is currently active. 1342 These entries are lost upon agent restart. 1344 This row has indexing which may create variables with 1345 more than 128 subidentifiers. Implementers of this 1346 table must be careful not to create entries which would 1347 result in OIDs that exceed the 128 subidentifier limit. 1349 Otherwise, the information cannot be accessed using 1350 SNMPv1, SNMPv2c or SNMPv3." 1351 INDEX { ifIndex, natAddrPortBindLocalAddrType, 1352 natAddrPortBindLocalAddr, natAddrPortBindLocalPort, 1353 natAddrPortBindProtocol } 1354 ::= { natAddrPortBindTable 1 } 1356 NatAddrPortBindEntry ::= SEQUENCE { 1357 natAddrPortBindLocalAddrType InetAddressType, 1358 natAddrPortBindLocalAddr InetAddress, 1359 natAddrPortBindLocalPort InetPortNumber, 1360 natAddrPortBindProtocol NatProtocolType, 1361 natAddrPortBindGlobalAddrType InetAddressType, 1362 natAddrPortBindGlobalAddr InetAddress, 1363 natAddrPortBindGlobalPort InetPortNumber, 1364 natAddrPortBindId NatBindId, 1365 natAddrPortBindTranslationEntity NatTranslationEntity, 1366 natAddrPortBindType NatAssociationType, 1367 natAddrPortBindMapIndex NatAddrMapId, 1368 natAddrPortBindSessions Gauge32, 1369 natAddrPortBindMaxIdleTime TimeTicks, 1370 natAddrPortBindCurrentIdleTime TimeTicks, 1371 natAddrPortBindInTranslates Counter64, 1372 natAddrPortBindOutTranslates Counter64 1373 } 1375 natAddrPortBindLocalAddrType OBJECT-TYPE 1376 SYNTAX InetAddressType 1377 MAX-ACCESS not-accessible 1378 STATUS deprecated 1379 DESCRIPTION 1380 "This object specifies the address type used for 1381 natAddrPortBindLocalAddr." 1382 ::= { natAddrPortBindEntry 1 } 1384 natAddrPortBindLocalAddr OBJECT-TYPE 1385 SYNTAX InetAddress (SIZE (4|16)) 1386 MAX-ACCESS not-accessible 1387 STATUS deprecated 1388 DESCRIPTION 1389 "This object represents the private-realm specific 1390 network layer address which, in conjunction with 1391 natAddrPortBindLocalPort, maps to the public-realm 1392 network layer address and transport id represented by 1393 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort 1394 respectively. 1396 The type of this address is determined by the value of 1397 the natAddrPortBindLocalAddrType object." 1398 ::= { natAddrPortBindEntry 2 } 1400 natAddrPortBindLocalPort OBJECT-TYPE 1401 SYNTAX InetPortNumber 1402 MAX-ACCESS not-accessible 1403 STATUS deprecated 1404 DESCRIPTION 1405 "For a protocol value TCP or UDP, this object represents 1406 the private-realm specific port number. On the other 1407 hand, for ICMP a bind is created only for query/response 1408 type ICMP messages such as ICMP echo, Timestamp, and 1409 Information request messages, and this object represents 1410 the private-realm specific identifier in the ICMP 1411 message, as defined in RFC 792 for ICMPv4 and in RFC 1412 2463 for ICMPv6. 1414 This object, together with natAddrPortBindProtocol, 1415 natAddrPortBindLocalAddrType, and 1416 natAddrPortBindLocalAddr, constitutes a session endpoint 1417 in the private realm. A bind entry binds a private 1418 realm specific endpoint to a public realm specific 1419 endpoint, as represented by the tuple of 1420 (natAddrPortBindGlobalPort, natAddrPortBindProtocol, 1421 natAddrPortBindGlobalAddrType, and 1422 natAddrPortBindGlobalAddr)." 1423 ::= { natAddrPortBindEntry 3 } 1425 natAddrPortBindProtocol OBJECT-TYPE 1426 SYNTAX NatProtocolType 1427 MAX-ACCESS not-accessible 1428 STATUS deprecated 1429 DESCRIPTION 1430 "This object specifies a protocol identifier. If the 1431 value of this object is none(1), then this bind entry 1432 applies to all IP traffic. Any other value of this 1433 object specifies the class of IP traffic to which this 1434 BIND applies." 1435 ::= { natAddrPortBindEntry 4 } 1437 natAddrPortBindGlobalAddrType OBJECT-TYPE 1438 SYNTAX InetAddressType 1439 MAX-ACCESS read-only 1440 STATUS deprecated 1441 DESCRIPTION 1442 "This object specifies the address type used for 1443 natAddrPortBindGlobalAddr." 1445 ::= { natAddrPortBindEntry 5 } 1447 natAddrPortBindGlobalAddr OBJECT-TYPE 1448 SYNTAX InetAddress 1449 MAX-ACCESS read-only 1450 STATUS deprecated 1451 DESCRIPTION 1452 "This object represents the public-realm specific network 1453 layer address that, in conjunction with 1454 natAddrPortBindGlobalPort, maps to the private-realm 1456 network layer address and transport id represented by 1457 natAddrPortBindLocalAddr and natAddrPortBindLocalPort, 1458 respectively. 1460 The type of this address is determined by the value of 1461 the natAddrPortBindGlobalAddrType object." 1462 ::= { natAddrPortBindEntry 6 } 1464 natAddrPortBindGlobalPort OBJECT-TYPE 1465 SYNTAX InetPortNumber 1466 MAX-ACCESS read-only 1467 STATUS deprecated 1468 DESCRIPTION 1469 "For a protocol value TCP or UDP, this object represents 1470 the public-realm specific port number. On the other 1471 hand, for ICMP a bind is created only for query/response 1472 type ICMP messages such as ICMP echo, Timestamp, and 1473 Information request messages, and this object represents 1474 the public-realm specific identifier in the ICMP 1475 message, as defined in RFC 792 for ICMPv4 and in RFC 1476 2463 for ICMPv6. 1478 This object, together with natAddrPortBindProtocol, 1479 natAddrPortBindGlobalAddrType, and 1480 natAddrPortBindGlobalAddr, constitutes a session 1481 endpoint in the public realm. A bind entry binds a 1482 public realm specific endpoint to a private realm 1483 specific endpoint, as represented by the tuple of 1484 (natAddrPortBindLocalPort, natAddrPortBindProtocol, 1485 natAddrPortBindLocalAddrType, and 1486 natAddrPortBindLocalAddr)." 1487 ::= { natAddrPortBindEntry 7 } 1489 natAddrPortBindId OBJECT-TYPE 1490 SYNTAX NatBindId 1491 MAX-ACCESS read-only 1492 STATUS deprecated 1493 DESCRIPTION 1494 "This object represents a bind id that is dynamically 1495 assigned to each bind by a NAT enabled device. Each 1496 bind is represented by a unique bind id across both 1497 the natAddrBindTable and the natAddrPortBindTable." 1498 ::= { natAddrPortBindEntry 8 } 1500 natAddrPortBindTranslationEntity OBJECT-TYPE 1501 SYNTAX NatTranslationEntity 1502 MAX-ACCESS read-only 1503 STATUS deprecated 1504 DESCRIPTION 1505 "This object represents the direction of sessions 1506 for which this bind is applicable and the entity 1507 (source or destination) within the sessions that is 1508 subject to translation with the BIND. 1510 Orientation of the bind can be a superset of the 1511 translationEntity of the address map entry that 1512 forms the basis for this bind. 1514 For example, if the translationEntity of an 1515 address map entry is outboundSrcEndPoint, the 1516 translationEntity of a bind derived from this 1517 map entry may either be outboundSrcEndPoint or 1518 may be bidirectional (a bitmask of 1519 outboundSrcEndPoint and inboundDstEndPoint)." 1520 ::= { natAddrPortBindEntry 9 } 1522 natAddrPortBindType OBJECT-TYPE 1523 SYNTAX NatAssociationType 1524 MAX-ACCESS read-only 1525 STATUS deprecated 1526 DESCRIPTION 1527 "This object indicates whether the bind is static or 1528 dynamic." 1529 ::= { natAddrPortBindEntry 10 } 1531 natAddrPortBindMapIndex OBJECT-TYPE 1532 SYNTAX NatAddrMapId 1533 MAX-ACCESS read-only 1534 STATUS deprecated 1535 DESCRIPTION 1536 "This object is a pointer to the natAddrMapTable entry 1537 (and the parameters of that entry) used in 1538 creating this BIND. This object, in conjunction with 1539 the ifIndex (which identifies a unique addrMapName), 1540 points to a unique entry in the natAddrMapTable." 1542 ::= { natAddrPortBindEntry 11 } 1544 natAddrPortBindSessions OBJECT-TYPE 1545 SYNTAX Gauge32 1546 MAX-ACCESS read-only 1547 STATUS deprecated 1548 DESCRIPTION 1549 "Number of sessions currently using this BIND." 1550 ::= { natAddrPortBindEntry 12 } 1552 natAddrPortBindMaxIdleTime OBJECT-TYPE 1553 SYNTAX TimeTicks 1554 MAX-ACCESS read-only 1555 STATUS deprecated 1557 DESCRIPTION 1558 "This object indicates the maximum time for 1559 which this bind can be idle without any sessions 1560 attached to it. 1561 The value of this object is of relevance 1562 only for dynamic NAT." 1563 ::= { natAddrPortBindEntry 13 } 1565 natAddrPortBindCurrentIdleTime OBJECT-TYPE 1566 SYNTAX TimeTicks 1567 MAX-ACCESS read-only 1568 STATUS deprecated 1569 DESCRIPTION 1570 "At any given instance, this object indicates the 1571 time that this bind has been idle without any sessions 1572 attached to it. 1574 The value of this object is of relevance 1575 only for dynamic NAT." 1576 ::= { natAddrPortBindEntry 14 } 1578 natAddrPortBindInTranslates OBJECT-TYPE 1579 SYNTAX Counter64 1580 MAX-ACCESS read-only 1581 STATUS deprecated 1582 DESCRIPTION 1583 "The number of inbound packets that were translated as 1584 per this bind entry. 1586 Discontinuities in the value of this counter can occur 1587 at reinitialization of the management system and at 1588 other times, as indicated by the value of 1589 ifCounterDiscontinuityTime on the relevant interface." 1591 ::= { natAddrPortBindEntry 15 } 1593 natAddrPortBindOutTranslates OBJECT-TYPE 1594 SYNTAX Counter64 1595 MAX-ACCESS read-only 1596 STATUS deprecated 1597 DESCRIPTION 1598 "The number of outbound packets that were translated as 1599 per this bind entry. 1601 Discontinuities in the value of this counter can occur 1602 at reinitialization of the management system and at 1603 other times, as indicated by the value of 1604 ifCounterDiscontinuityTime on the relevant interface." 1605 ::= { natAddrPortBindEntry 16 } 1607 -- 1608 -- The Session Table 1609 -- 1611 natSessionTable OBJECT-TYPE 1612 SYNTAX SEQUENCE OF NatSessionEntry 1613 MAX-ACCESS not-accessible 1614 STATUS deprecated 1615 DESCRIPTION 1616 "The (conceptual) table containing one entry for each 1617 NAT session currently active on this NAT device." 1618 ::= { natMIBObjects 9 } 1620 natSessionEntry OBJECT-TYPE 1621 SYNTAX NatSessionEntry 1622 MAX-ACCESS not-accessible 1623 STATUS deprecated 1624 DESCRIPTION 1625 "An entry (conceptual row) containing information 1626 about an active NAT session on this NAT device. 1627 These entries are lost upon agent restart." 1628 INDEX { ifIndex, natSessionIndex } 1629 ::= { natSessionTable 1 } 1631 NatSessionEntry ::= SEQUENCE { 1632 natSessionIndex NatSessionId, 1633 natSessionPrivateSrcEPBindId NatBindIdOrZero, 1634 natSessionPrivateSrcEPBindMode NatBindMode, 1635 natSessionPrivateDstEPBindId NatBindIdOrZero, 1636 natSessionPrivateDstEPBindMode NatBindMode, 1637 natSessionDirection INTEGER, 1638 natSessionUpTime TimeTicks, 1639 natSessionAddrMapIndex NatAddrMapId, 1640 natSessionProtocolType NatProtocolType, 1641 natSessionPrivateAddrType InetAddressType, 1642 natSessionPrivateSrcAddr InetAddress, 1643 natSessionPrivateSrcPort InetPortNumber, 1644 natSessionPrivateDstAddr InetAddress, 1645 natSessionPrivateDstPort InetPortNumber, 1646 natSessionPublicAddrType InetAddressType, 1647 natSessionPublicSrcAddr InetAddress, 1648 natSessionPublicSrcPort InetPortNumber, 1649 natSessionPublicDstAddr InetAddress, 1650 natSessionPublicDstPort InetPortNumber, 1651 natSessionMaxIdleTime TimeTicks, 1652 natSessionCurrentIdleTime TimeTicks, 1653 natSessionInTranslates Counter64, 1654 natSessionOutTranslates Counter64 1655 } 1657 natSessionIndex OBJECT-TYPE 1658 SYNTAX NatSessionId 1659 MAX-ACCESS not-accessible 1660 STATUS deprecated 1661 DESCRIPTION 1662 "The session ID for this NAT session." 1663 ::= { natSessionEntry 1 } 1665 natSessionPrivateSrcEPBindId OBJECT-TYPE 1666 SYNTAX NatBindIdOrZero 1667 MAX-ACCESS read-only 1668 STATUS deprecated 1669 DESCRIPTION 1670 "The bind id associated between private and public 1671 source end points. In the case of Symmetric-NAT, 1672 this should be set to zero." 1673 ::= { natSessionEntry 2 } 1675 natSessionPrivateSrcEPBindMode OBJECT-TYPE 1676 SYNTAX NatBindMode 1677 MAX-ACCESS read-only 1678 STATUS deprecated 1679 DESCRIPTION 1680 "This object indicates whether the bind indicated 1681 by the object natSessionPrivateSrcEPBindId 1682 is an address bind or an address port bind." 1683 ::= { natSessionEntry 3 } 1685 natSessionPrivateDstEPBindId OBJECT-TYPE 1686 SYNTAX NatBindIdOrZero 1687 MAX-ACCESS read-only 1688 STATUS deprecated 1689 DESCRIPTION 1690 "The bind id associated between private and public 1691 destination end points." 1692 ::= { natSessionEntry 4 } 1694 natSessionPrivateDstEPBindMode OBJECT-TYPE 1695 SYNTAX NatBindMode 1696 MAX-ACCESS read-only 1697 STATUS deprecated 1698 DESCRIPTION 1699 "This object indicates whether the bind indicated 1700 by the object natSessionPrivateDstEPBindId 1701 is an address bind or an address port bind." 1702 ::= { natSessionEntry 5 } 1704 natSessionDirection OBJECT-TYPE 1705 SYNTAX INTEGER { 1706 inbound (1), 1707 outbound (2) 1708 } 1710 MAX-ACCESS read-only 1711 STATUS deprecated 1712 DESCRIPTION 1713 "The direction of this session with respect to the 1714 local network. 'inbound' indicates that this session 1715 was initiated from the public network into the private 1716 network. 'outbound' indicates that this session was 1717 initiated from the private network into the public 1718 network." 1719 ::= { natSessionEntry 6 } 1721 natSessionUpTime OBJECT-TYPE 1722 SYNTAX TimeTicks 1723 MAX-ACCESS read-only 1724 STATUS deprecated 1725 DESCRIPTION 1726 "The up time of this session in one-hundredths of a 1727 second." 1728 ::= { natSessionEntry 7 } 1730 natSessionAddrMapIndex OBJECT-TYPE 1731 SYNTAX NatAddrMapId 1732 MAX-ACCESS read-only 1733 STATUS deprecated 1734 DESCRIPTION 1735 "This object is a pointer to the natAddrMapTable entry 1736 (and the parameters of that entry) used in 1737 creating this session. This object, in conjunction with 1738 the ifIndex (which identifies a unique addrMapName), 1739 points to a unique entry in the natAddrMapTable." 1740 ::= { natSessionEntry 8 } 1742 natSessionProtocolType OBJECT-TYPE 1743 SYNTAX NatProtocolType 1744 MAX-ACCESS read-only 1745 STATUS deprecated 1746 DESCRIPTION 1747 "The protocol type of this session." 1748 ::= { natSessionEntry 9 } 1750 natSessionPrivateAddrType OBJECT-TYPE 1751 SYNTAX InetAddressType 1752 MAX-ACCESS read-only 1753 STATUS deprecated 1754 DESCRIPTION 1755 "This object specifies the address type used for 1756 natSessionPrivateSrcAddr and natSessionPrivateDstAddr." 1757 ::= { natSessionEntry 10 } 1759 natSessionPrivateSrcAddr OBJECT-TYPE 1760 SYNTAX InetAddress 1761 MAX-ACCESS read-only 1762 STATUS deprecated 1763 DESCRIPTION 1764 "The source IP address of the session endpoint that 1765 lies in the private network. 1767 The value of this object must be zero only when the 1768 natSessionPrivateSrcEPBindId object has a zero value. 1769 When the value of this object is zero, the NAT session 1770 lookup will match any IP address to this field. 1772 The type of this address is determined by the value of 1773 the natSessionPrivateAddrType object." 1774 ::= { natSessionEntry 11 } 1776 natSessionPrivateSrcPort OBJECT-TYPE 1777 SYNTAX InetPortNumber 1778 MAX-ACCESS read-only 1779 STATUS deprecated 1780 DESCRIPTION 1781 "When the value of protocol is TCP or UDP, this object 1782 represents the source port in the first packet of 1783 session while in private-realm. On the other hand, when 1784 the protocol is ICMP, a NAT session is created only for 1785 query/response type ICMP messages such as ICMP echo, 1786 Timestamp, and Information request messages, and this 1787 object represents the private-realm specific identifier 1788 in the ICMP message, as defined in RFC 792 for ICMPv4 1789 and in RFC 2463 for ICMPv6. 1791 The value of this object must be zero when the 1792 natSessionPrivateSrcEPBindId object has zero value 1793 and value of natSessionPrivateSrcEPBindMode is 1794 addressPortBind(2). In such a case, the NAT session 1795 lookup will match any port number to this field. 1797 The value of this object must be zero when the object 1798 is not a representative field (SrcPort, DstPort, or 1799 ICMP identifier) of the session tuple in either the 1800 public realm or the private realm." 1801 ::= { natSessionEntry 12 } 1803 natSessionPrivateDstAddr OBJECT-TYPE 1804 SYNTAX InetAddress 1805 MAX-ACCESS read-only 1806 STATUS deprecated 1807 DESCRIPTION 1808 "The destination IP address of the session endpoint that 1809 lies in the private network. 1811 The value of this object must be zero when the 1812 natSessionPrivateDstEPBindId object has a zero value. 1813 In such a scenario, the NAT session lookup will match 1814 any IP address to this field. 1816 The type of this address is determined by the value of 1817 the natSessionPrivateAddrType object." 1818 ::= { natSessionEntry 13 } 1820 natSessionPrivateDstPort OBJECT-TYPE 1821 SYNTAX InetPortNumber 1822 MAX-ACCESS read-only 1823 STATUS deprecated 1824 DESCRIPTION 1825 "When the value of protocol is TCP or UDP, this object 1826 represents the destination port in the first packet 1827 of session while in private-realm. On the other hand, 1828 when the protocol is ICMP, this object is not relevant 1829 and should be set to zero. 1831 The value of this object must be zero when the 1832 natSessionPrivateDstEPBindId object has a zero 1833 value and natSessionPrivateDstEPBindMode is set to 1834 addressPortBind(2). In such a case, the NAT session 1835 lookup will match any port number to this field. 1837 The value of this object must be zero when the object 1838 is not a representative field (SrcPort, DstPort, or 1839 ICMP identifier) of the session tuple in either the 1840 public realm or the private realm." 1841 ::= { natSessionEntry 14 } 1843 natSessionPublicAddrType OBJECT-TYPE 1844 SYNTAX InetAddressType 1845 MAX-ACCESS read-only 1846 STATUS deprecated 1847 DESCRIPTION 1848 "This object specifies the address type used for 1849 natSessionPublicSrcAddr and natSessionPublicDstAddr." 1850 ::= { natSessionEntry 15 } 1852 natSessionPublicSrcAddr OBJECT-TYPE 1853 SYNTAX InetAddress 1854 MAX-ACCESS read-only 1855 STATUS deprecated 1856 DESCRIPTION 1857 "The source IP address of the session endpoint that 1858 lies in the public network. 1860 The value of this object must be zero when the 1861 natSessionPrivateSrcEPBindId object has a zero value. 1862 In such a scenario, the NAT session lookup will match 1863 any IP address to this field. 1865 The type of this address is determined by the value of 1866 the natSessionPublicAddrType object." 1867 ::= { natSessionEntry 16 } 1869 natSessionPublicSrcPort OBJECT-TYPE 1870 SYNTAX InetPortNumber 1871 MAX-ACCESS read-only 1872 STATUS deprecated 1873 DESCRIPTION 1874 "When the value of protocol is TCP or UDP, this object 1875 represents the source port in the first packet of 1876 session while in public-realm. On the other hand, when 1877 protocol is ICMP, a NAT session is created only for 1878 query/response type ICMP messages such as ICMP echo, 1879 Timestamp, and Information request messages, and this 1880 object represents the public-realm specific identifier 1881 in the ICMP message, as defined in RFC 792 for ICMPv4 1882 and in RFC 2463 for ICMPv6. 1884 The value of this object must be zero when the 1885 natSessionPrivateSrcEPBindId object has a zero value 1886 and natSessionPrivateSrcEPBindMode is set to 1887 addressPortBind(2). In such a scenario, the NAT 1888 session lookup will match any port number to this 1889 field. 1891 The value of this object must be zero when the object 1892 is not a representative field (SrcPort, DstPort or 1893 ICMP identifier) of the session tuple in either the 1894 public realm or the private realm." 1895 ::= { natSessionEntry 17 } 1897 natSessionPublicDstAddr OBJECT-TYPE 1898 SYNTAX InetAddress 1899 MAX-ACCESS read-only 1900 STATUS deprecated 1901 DESCRIPTION 1902 "The destination IP address of the session endpoint that 1903 lies in the public network. 1905 The value of this object must be non-zero when the 1906 natSessionPrivateDstEPBindId object has a non-zero 1907 value. If the value of this object and the 1908 corresponding natSessionPrivateDstEPBindId object value 1909 is zero, then the NAT session lookup will match any IP 1910 address to this field. 1912 The type of this address is determined by the value of 1913 the natSessionPublicAddrType object." 1914 ::= { natSessionEntry 18 } 1916 natSessionPublicDstPort OBJECT-TYPE 1917 SYNTAX InetPortNumber 1918 MAX-ACCESS read-only 1919 STATUS deprecated 1920 DESCRIPTION 1921 "When the value of protocol is TCP or UDP, this object 1922 represents the destination port in the first packet of 1923 session while in public-realm. On the other hand, when 1924 the protocol is ICMP, this object is not relevant for 1925 translation and should be zero. 1927 The value of this object must be zero when the 1928 natSessionPrivateDstEPBindId object has a zero value 1929 and natSessionPrivateDstEPBindMode is 1930 addressPortBind(2). In such a scenario, the NAT 1931 session lookup will match any port number to this 1932 field. 1934 The value of this object must be zero when the object 1935 is not a representative field (SrcPort, DstPort, or 1936 ICMP identifier) of the session tuple in either the 1937 public realm or the private realm." 1938 ::= { natSessionEntry 19 } 1940 natSessionMaxIdleTime OBJECT-TYPE 1941 SYNTAX TimeTicks 1942 MAX-ACCESS read-only 1943 STATUS deprecated 1944 DESCRIPTION 1945 "The max time for which this session can be idle 1946 without detecting a packet." 1947 ::= { natSessionEntry 20 } 1949 natSessionCurrentIdleTime OBJECT-TYPE 1950 SYNTAX TimeTicks 1951 MAX-ACCESS read-only 1952 STATUS deprecated 1953 DESCRIPTION 1954 "The time since a packet belonging to this session was 1955 last detected." 1956 ::= { natSessionEntry 21 } 1958 natSessionInTranslates OBJECT-TYPE 1959 SYNTAX Counter64 1960 MAX-ACCESS read-only 1961 STATUS deprecated 1962 DESCRIPTION 1963 "The number of inbound packets that were translated for 1964 this session. 1966 Discontinuities in the value of this counter can occur 1967 at reinitialization of the management system and at 1968 other times, as indicated by the value of 1969 ifCounterDiscontinuityTime on the relevant interface." 1970 ::= { natSessionEntry 22 } 1972 natSessionOutTranslates OBJECT-TYPE 1973 SYNTAX Counter64 1974 MAX-ACCESS read-only 1975 STATUS deprecated 1976 DESCRIPTION 1977 "The number of outbound packets that were translated for 1978 this session. 1980 Discontinuities in the value of this counter can occur 1981 at reinitialization of the management system and at 1982 other times, as indicated by the value of 1983 ifCounterDiscontinuityTime on the relevant interface." 1984 ::= { natSessionEntry 23 } 1986 -- 1987 -- The Protocol table 1988 -- 1990 natProtocolTable OBJECT-TYPE 1991 SYNTAX SEQUENCE OF NatProtocolEntry 1992 MAX-ACCESS not-accessible 1993 STATUS deprecated 1994 DESCRIPTION 1995 "The (conceptual) table containing per protocol NAT 1996 statistics." 1997 ::= { natMIBObjects 10 } 1999 natProtocolEntry OBJECT-TYPE 2000 SYNTAX NatProtocolEntry 2001 MAX-ACCESS not-accessible 2002 STATUS deprecated 2003 DESCRIPTION 2004 "An entry (conceptual row) containing NAT statistics 2005 pertaining to a particular protocol." 2006 INDEX { natProtocol } 2007 ::= { natProtocolTable 1 } 2009 NatProtocolEntry ::= SEQUENCE { 2010 natProtocol NatProtocolType, 2011 natProtocolInTranslates Counter64, 2012 natProtocolOutTranslates Counter64, 2013 natProtocolDiscards Counter64 2014 } 2016 natProtocol OBJECT-TYPE 2017 SYNTAX NatProtocolType 2018 MAX-ACCESS not-accessible 2019 STATUS deprecated 2020 DESCRIPTION 2021 "This object represents the protocol pertaining to which 2022 parameters are reported." 2024 ::= { natProtocolEntry 1 } 2026 natProtocolInTranslates OBJECT-TYPE 2027 SYNTAX Counter64 2028 MAX-ACCESS read-only 2029 STATUS deprecated 2030 DESCRIPTION 2031 "The number of inbound packets pertaining to the protocol 2032 identified by natProtocol that underwent NAT. 2034 Discontinuities in the value of this counter can occur 2035 at reinitialization of the management system and at 2036 other times, as indicated by the value of 2037 ifCounterDiscontinuityTime on the relevant interface." 2038 ::= { natProtocolEntry 2 } 2040 natProtocolOutTranslates OBJECT-TYPE 2041 SYNTAX Counter64 2042 MAX-ACCESS read-only 2043 STATUS deprecated 2044 DESCRIPTION 2045 "The number of outbound packets pertaining to the 2046 protocol identified by natProtocol that underwent NAT. 2048 Discontinuities in the value of this counter can occur 2049 at reinitialization of the management system and at 2050 other times, as indicated by the value of 2051 ifCounterDiscontinuityTime on the relevant interface." 2052 ::= { natProtocolEntry 3 } 2054 natProtocolDiscards OBJECT-TYPE 2055 SYNTAX Counter64 2056 MAX-ACCESS read-only 2057 STATUS deprecated 2058 DESCRIPTION 2059 "The number of packets pertaining to the protocol 2060 identified by natProtocol that had to be 2061 rejected/dropped due to lack of resources. These 2062 rejections could be due to session timeout, resource 2063 unavailability, lack of address space, etc. 2065 Discontinuities in the value of this counter can occur 2066 at reinitialization of the management system and at 2067 other times, as indicated by the value of 2068 ifCounterDiscontinuityTime on the relevant interface." 2069 ::= { natProtocolEntry 4 } 2071 -- 2072 -- Notifications section 2073 -- 2075 natMIBNotifications OBJECT IDENTIFIER ::= { natMIB 0 } 2077 -- 2078 -- Notifications 2079 -- 2081 natPacketDiscard NOTIFICATION-TYPE 2082 OBJECTS { ifIndex } 2083 STATUS deprecated 2084 DESCRIPTION 2085 "This notification is generated when IP packets are 2086 discarded by the NAT function; e.g., due to lack of 2087 mapping space when NAT is out of addresses or ports. 2089 Note that the generation of natPacketDiscard 2090 notifications is throttled by the agent, as specified 2091 by the 'natNotifThrottlingInterval' object." 2092 ::= { natMIBNotifications 1 } 2094 -- 2095 -- Conformance information. 2096 -- 2098 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 } 2100 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } 2101 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } 2103 -- 2104 -- Units of conformance 2105 -- 2107 natConfigGroup OBJECT-GROUP 2108 OBJECTS { natInterfaceRealm, 2109 natInterfaceServiceType, 2110 natInterfaceStorageType, 2111 natInterfaceRowStatus, 2112 natAddrMapName, 2113 natAddrMapEntryType, 2114 natAddrMapTranslationEntity, 2115 natAddrMapLocalAddrType, 2116 natAddrMapLocalAddrFrom, 2117 natAddrMapLocalAddrTo, 2118 natAddrMapLocalPortFrom, 2119 natAddrMapLocalPortTo, 2120 natAddrMapGlobalAddrType, 2121 natAddrMapGlobalAddrFrom, 2122 natAddrMapGlobalAddrTo, 2123 natAddrMapGlobalPortFrom, 2124 natAddrMapGlobalPortTo, 2125 natAddrMapProtocol, 2126 natAddrMapStorageType, 2127 natAddrMapRowStatus, 2128 natBindDefIdleTimeout, 2129 natUdpDefIdleTimeout, 2130 natIcmpDefIdleTimeout, 2131 natOtherDefIdleTimeout, 2132 natTcpDefIdleTimeout, 2133 natTcpDefNegTimeout, 2134 natNotifThrottlingInterval } 2135 STATUS deprecated 2136 DESCRIPTION 2137 "A collection of configuration-related information 2138 required to support management of devices supporting 2139 NAT." 2140 ::= { natMIBGroups 1 } 2142 natTranslationGroup OBJECT-GROUP 2143 OBJECTS { natAddrBindNumberOfEntries, 2144 natAddrBindGlobalAddrType, 2145 natAddrBindGlobalAddr, 2146 natAddrBindId, 2147 natAddrBindTranslationEntity, 2148 natAddrBindType, 2149 natAddrBindMapIndex, 2150 natAddrBindSessions, 2151 natAddrBindMaxIdleTime, 2152 natAddrBindCurrentIdleTime, 2153 natAddrBindInTranslates, 2154 natAddrBindOutTranslates, 2155 natAddrPortBindNumberOfEntries, 2156 natAddrPortBindGlobalAddrType, 2157 natAddrPortBindGlobalAddr, 2158 natAddrPortBindGlobalPort, 2159 natAddrPortBindId, 2160 natAddrPortBindTranslationEntity, 2161 natAddrPortBindType, 2162 natAddrPortBindMapIndex, 2163 natAddrPortBindSessions, 2164 natAddrPortBindMaxIdleTime, 2165 natAddrPortBindCurrentIdleTime, 2166 natAddrPortBindInTranslates, 2167 natAddrPortBindOutTranslates, 2168 natSessionPrivateSrcEPBindId, 2169 natSessionPrivateSrcEPBindMode, 2170 natSessionPrivateDstEPBindId, 2171 natSessionPrivateDstEPBindMode, 2172 natSessionDirection, 2173 natSessionUpTime, 2174 natSessionAddrMapIndex, 2175 natSessionProtocolType, 2176 natSessionPrivateAddrType, 2177 natSessionPrivateSrcAddr, 2178 natSessionPrivateSrcPort, 2179 natSessionPrivateDstAddr, 2180 natSessionPrivateDstPort, 2181 natSessionPublicAddrType, 2182 natSessionPublicSrcAddr, 2183 natSessionPublicSrcPort, 2184 natSessionPublicDstAddr, 2185 natSessionPublicDstPort, 2186 natSessionMaxIdleTime, 2187 natSessionCurrentIdleTime, 2188 natSessionInTranslates, 2189 natSessionOutTranslates } 2190 STATUS deprecated 2192 DESCRIPTION 2193 "A collection of BIND-related objects required to support 2194 management of devices supporting NAT." 2195 ::= { natMIBGroups 2 } 2197 natStatsInterfaceGroup OBJECT-GROUP 2198 OBJECTS { natInterfaceInTranslates, 2199 natInterfaceOutTranslates, 2200 natInterfaceDiscards } 2201 STATUS deprecated 2202 DESCRIPTION 2203 "A collection of NAT statistics associated with the 2204 interface on which NAT is configured, to aid 2205 troubleshooting/monitoring of the NAT operation." 2206 ::= { natMIBGroups 3 } 2208 natStatsProtocolGroup OBJECT-GROUP 2209 OBJECTS { natProtocolInTranslates, 2210 natProtocolOutTranslates, 2211 natProtocolDiscards } 2212 STATUS deprecated 2213 DESCRIPTION 2214 "A collection of protocol specific NAT statistics, 2215 to aid troubleshooting/monitoring of NAT operation." 2216 ::= { natMIBGroups 4 } 2218 natStatsAddrMapGroup OBJECT-GROUP 2219 OBJECTS { natAddrMapInTranslates, 2220 natAddrMapOutTranslates, 2221 natAddrMapDiscards, 2222 natAddrMapAddrUsed } 2223 STATUS deprecated 2224 DESCRIPTION 2225 "A collection of address map specific NAT statistics, 2226 to aid troubleshooting/monitoring of NAT operation." 2227 ::= { natMIBGroups 5 } 2229 natMIBNotificationGroup NOTIFICATION-GROUP 2230 NOTIFICATIONS { natPacketDiscard } 2231 STATUS deprecated 2232 DESCRIPTION 2233 "A collection of notifications generated by 2234 devices supporting this MIB." 2235 ::= { natMIBGroups 6 } 2237 -- 2238 -- Compliance statements 2239 -- 2241 natMIBFullCompliance MODULE-COMPLIANCE 2242 STATUS deprecated 2243 DESCRIPTION 2244 "When this MIB is implemented with support for 2245 read-create, then such an implementation can claim 2246 full compliance. Such devices can then be both 2247 monitored and configured with this MIB. 2249 The following index objects cannot be added as OBJECT 2250 clauses but nevertheless have the compliance 2251 requirements: 2252 " 2253 -- OBJECT natAddrBindLocalAddrType 2254 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2255 -- DESCRIPTION 2256 -- "An implementation is required to support 2257 -- global IPv4 and/or IPv6 addresses, depending 2258 -- on its support for IPv4 and IPv6." 2260 -- OBJECT natAddrBindLocalAddr 2261 -- SYNTAX InetAddress (SIZE(4|16)) 2262 -- DESCRIPTION 2263 -- "An implementation is required to support 2264 -- global IPv4 and/or IPv6 addresses, depending 2265 -- on its support for IPv4 and IPv6." 2267 -- OBJECT natAddrPortBindLocalAddrType 2268 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2269 -- DESCRIPTION 2270 -- "An implementation is required to support 2271 -- global IPv4 and/or IPv6 addresses, depending 2272 -- on its support for IPv4 and IPv6." 2274 -- OBJECT natAddrPortBindLocalAddr 2275 -- SYNTAX InetAddress (SIZE(4|16)) 2276 -- DESCRIPTION 2277 -- "An implementation is required to support 2278 -- global IPv4 and/or IPv6 addresses, depending 2279 -- on its support for IPv4 and IPv6." 2281 MODULE IF-MIB -- The interfaces MIB, RFC2863 2282 MANDATORY-GROUPS { 2283 ifCounterDiscontinuityGroup 2284 } 2286 MODULE -- this module 2287 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2288 natStatsInterfaceGroup } 2290 GROUP natStatsProtocolGroup 2291 DESCRIPTION 2292 "This group is optional." 2293 GROUP natStatsAddrMapGroup 2294 DESCRIPTION 2295 "This group is optional." 2296 GROUP natMIBNotificationGroup 2297 DESCRIPTION 2298 "This group is optional." 2300 OBJECT natAddrMapLocalAddrType 2301 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2302 DESCRIPTION 2303 "An implementation is required to support global IPv4 2304 and/or IPv6 addresses, depending on its support 2305 for IPv4 and IPv6." 2307 OBJECT natAddrMapLocalAddrFrom 2308 SYNTAX InetAddress (SIZE(4|16)) 2309 DESCRIPTION 2310 "An implementation is required to support global IPv4 2311 and/or IPv6 addresses, depending on its support 2312 for IPv4 and IPv6." 2314 OBJECT natAddrMapLocalAddrTo 2315 SYNTAX InetAddress (SIZE(4|16)) 2316 DESCRIPTION 2317 "An implementation is required to support global IPv4 2318 and/or IPv6 addresses, depending on its support 2319 for IPv4 and IPv6." 2321 OBJECT natAddrMapGlobalAddrType 2322 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2323 DESCRIPTION 2324 "An implementation is required to support global IPv4 2325 and/or IPv6 addresses, depending on its support 2326 for IPv4 and IPv6." 2328 OBJECT natAddrMapGlobalAddrFrom 2329 SYNTAX InetAddress (SIZE(4|16)) 2330 DESCRIPTION 2331 "An implementation is required to support global IPv4 2332 and/or IPv6 addresses, depending on its support 2333 for IPv4 and IPv6." 2335 OBJECT natAddrMapGlobalAddrTo 2336 SYNTAX InetAddress (SIZE(4|16)) 2337 DESCRIPTION 2338 "An implementation is required to support global IPv4 2339 and/or IPv6 addresses, depending on its support 2340 for IPv4 and IPv6." 2342 OBJECT natAddrBindGlobalAddrType 2343 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2344 DESCRIPTION 2345 "An implementation is required to support global IPv4 2346 and/or IPv6 addresses, depending on its support 2347 for IPv4 and IPv6." 2349 OBJECT natAddrBindGlobalAddr 2350 SYNTAX InetAddress (SIZE(4|16)) 2351 DESCRIPTION 2352 "An implementation is required to support global IPv4 2353 and/or IPv6 addresses, depending on its support 2354 for IPv4 and IPv6." 2356 OBJECT natAddrPortBindGlobalAddrType 2357 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2358 DESCRIPTION 2359 "An implementation is required to support global IPv4 2360 and/or IPv6 addresses, depending on its support 2361 for IPv4 and IPv6." 2363 OBJECT natAddrPortBindGlobalAddr 2364 SYNTAX InetAddress (SIZE(4|16)) 2365 DESCRIPTION 2366 "An implementation is required to support global IPv4 2367 and/or IPv6 addresses, depending on its support 2368 for IPv4 and IPv6." 2370 OBJECT natSessionPrivateAddrType 2371 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2372 DESCRIPTION 2373 "An implementation is required to support global IPv4 2374 and/or IPv6 addresses, depending on its support 2375 for IPv4 and IPv6." 2377 OBJECT natSessionPrivateSrcAddr 2378 SYNTAX InetAddress (SIZE(4|16)) 2379 DESCRIPTION 2380 "An implementation is required to support global IPv4 2381 and/or IPv6 addresses, depending on its support 2382 for IPv4 and IPv6." 2384 OBJECT natSessionPrivateDstAddr 2385 SYNTAX InetAddress (SIZE(4|16)) 2386 DESCRIPTION 2387 "An implementation is required to support global IPv4 2388 and/or IPv6 addresses, depending on its support 2389 for IPv4 and IPv6." 2391 OBJECT natSessionPublicAddrType 2392 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2393 DESCRIPTION 2394 "An implementation is required to support global IPv4 2395 and/or IPv6 addresses, depending on its support 2396 for IPv4 and IPv6." 2398 OBJECT natSessionPublicSrcAddr 2399 SYNTAX InetAddress (SIZE(4|16)) 2400 DESCRIPTION 2401 "An implementation is required to support global IPv4 2402 and/or IPv6 addresses, depending on its support 2403 for IPv4 and IPv6." 2405 OBJECT natSessionPublicDstAddr 2406 SYNTAX InetAddress (SIZE(4|16)) 2407 DESCRIPTION 2408 "An implementation is required to support global IPv4 2409 and/or IPv6 addresses, depending on its support 2410 for IPv4 and IPv6." 2412 ::= { natMIBCompliances 1 } 2414 natMIBReadOnlyCompliance MODULE-COMPLIANCE 2415 STATUS deprecated 2416 DESCRIPTION 2417 "When this MIB is implemented without support for 2418 read-create (i.e., in read-only mode), then such an 2419 implementation can claim read-only compliance. 2420 Such a device can then be monitored but cannot be 2421 configured with this MIB. 2423 The following index objects cannot be added as OBJECT 2424 clauses but nevertheless have the compliance 2425 requirements: 2426 " 2427 -- OBJECT natAddrBindLocalAddrType 2428 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2429 -- DESCRIPTION 2430 -- "An implementation is required to support 2431 -- global IPv4 and/or IPv6 addresses, depending 2432 -- on its support for IPv4 and IPv6." 2434 -- OBJECT natAddrBindLocalAddr 2435 -- SYNTAX InetAddress (SIZE(4|16)) 2437 -- DESCRIPTION 2438 -- "An implementation is required to support 2439 -- global IPv4 and/or IPv6 addresses, depending 2440 -- on its support for IPv4 and IPv6." 2442 -- OBJECT natAddrPortBindLocalAddrType 2443 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2444 -- DESCRIPTION 2445 -- "An implementation is required to support 2446 -- global IPv4 and/or IPv6 addresses, depending 2447 -- on its support for IPv4 and IPv6." 2448 -- OBJECT natAddrPortBindLocalAddr 2449 -- SYNTAX InetAddress (SIZE(4|16)) 2450 -- DESCRIPTION 2451 -- "An implementation is required to support 2452 -- global IPv4 and/or IPv6 addresses, depending 2453 -- on its support for IPv4 and IPv6." 2455 MODULE IF-MIB -- The interfaces MIB, RFC2863 2456 MANDATORY-GROUPS { 2457 ifCounterDiscontinuityGroup 2458 } 2460 MODULE -- this module 2461 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2462 natStatsInterfaceGroup } 2464 GROUP natStatsProtocolGroup 2465 DESCRIPTION 2466 "This group is optional." 2467 GROUP natStatsAddrMapGroup 2468 DESCRIPTION 2469 "This group is optional." 2470 GROUP natMIBNotificationGroup 2471 DESCRIPTION 2472 "This group is optional." 2473 OBJECT natInterfaceRowStatus 2474 SYNTAX RowStatus { active(1) } 2475 MIN-ACCESS read-only 2476 DESCRIPTION 2477 "Write access is not required, and active is the only 2478 status that needs to be supported." 2480 OBJECT natAddrMapLocalAddrType 2481 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2482 MIN-ACCESS read-only 2483 DESCRIPTION 2484 "Write access is not required. An implementation is 2485 required to support global IPv4 and/or IPv6 addresses, 2486 depending on its support for IPv4 and IPv6." 2488 OBJECT natAddrMapLocalAddrFrom 2489 SYNTAX InetAddress (SIZE(4|16)) 2490 MIN-ACCESS read-only 2491 DESCRIPTION 2492 "Write access is not required. An implementation is 2493 required to support global IPv4 and/or IPv6 addresses, 2494 depending on its support for IPv4 and IPv6." 2496 OBJECT natAddrMapLocalAddrTo 2497 SYNTAX InetAddress (SIZE(4|16)) 2498 MIN-ACCESS read-only 2499 DESCRIPTION 2500 "Write access is not required. An implementation is 2501 required to support global IPv4 and/or IPv6 addresses, 2502 depending on its support for IPv4 and IPv6." 2504 OBJECT natAddrMapGlobalAddrType 2505 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2506 MIN-ACCESS read-only 2507 DESCRIPTION 2508 "Write access is not required. An implementation is 2509 required to support global IPv4 and/or IPv6 addresses, 2510 depending on its support for IPv4 and IPv6." 2512 OBJECT natAddrMapGlobalAddrFrom 2513 SYNTAX InetAddress (SIZE(4|16)) 2514 MIN-ACCESS read-only 2515 DESCRIPTION 2516 "Write access is not required. An implementation is 2517 required to support global IPv4 and/or IPv6 addresses, 2518 depending on its support for IPv4 and IPv6." 2520 OBJECT natAddrMapGlobalAddrTo 2521 SYNTAX InetAddress (SIZE(4|16)) 2522 MIN-ACCESS read-only 2523 DESCRIPTION 2524 "Write access is not required. An implementation is 2525 required to support global IPv4 and/or IPv6 addresses, 2526 depending on its support for IPv4 and IPv6." 2528 OBJECT natAddrMapRowStatus 2529 SYNTAX RowStatus { active(1) } 2530 MIN-ACCESS read-only 2531 DESCRIPTION 2532 "Write access is not required, and active is the only 2533 status that needs to be supported." 2535 OBJECT natAddrBindGlobalAddrType 2536 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2537 DESCRIPTION 2538 "An implementation is required to support global IPv4 2539 and/or IPv6 addresses, depending on its support for 2540 IPv4 and IPv6." 2542 OBJECT natAddrBindGlobalAddr 2543 SYNTAX InetAddress (SIZE(4|16)) 2544 DESCRIPTION 2545 "An implementation is required to support global IPv4 2546 and/or IPv6 addresses, depending on its support for 2547 IPv4 and IPv6." 2549 OBJECT natAddrPortBindGlobalAddrType 2550 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2551 DESCRIPTION 2552 "An implementation is required to support global IPv4 2553 and/or IPv6 addresses, depending on its support for 2554 IPv4 and IPv6." 2556 OBJECT natAddrPortBindGlobalAddr 2557 SYNTAX InetAddress (SIZE(4|16)) 2558 DESCRIPTION 2559 "An implementation is required to support global IPv4 2560 and/or IPv6 addresses, depending on its support for 2561 IPv4 and IPv6." 2563 OBJECT natSessionPrivateAddrType 2564 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2565 DESCRIPTION 2566 "An implementation is required to support global IPv4 2567 and/or IPv6 addresses, depending on its support for 2568 IPv4 and IPv6." 2570 OBJECT natSessionPrivateSrcAddr 2571 SYNTAX InetAddress (SIZE(4|16)) 2572 DESCRIPTION 2573 "An implementation is required to support global IPv4 2574 and/or IPv6 addresses, depending on its support for 2575 IPv4 and IPv6." 2577 OBJECT natSessionPrivateDstAddr 2578 SYNTAX InetAddress (SIZE(4|16)) 2579 DESCRIPTION 2580 "An implementation is required to support global IPv4 2581 and/or IPv6 addresses, depending on its support for 2582 IPv4 and IPv6." 2584 OBJECT natSessionPublicAddrType 2585 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2586 DESCRIPTION 2587 "An implementation is required to support global IPv4 2588 and/or IPv6 addresses, depending on its support for 2589 IPv4 and IPv6." 2591 OBJECT natSessionPublicSrcAddr 2592 SYNTAX InetAddress (SIZE(4|16)) 2593 DESCRIPTION 2594 "An implementation is required to support global IPv4 2595 and/or IPv6 addresses, depending on its support for 2596 IPv4 and IPv6." 2598 OBJECT natSessionPublicDstAddr 2599 SYNTAX InetAddress (SIZE(4|16)) 2600 DESCRIPTION 2601 "An implementation is required to support global IPv4 2602 and/or IPv6 addresses, depending on its support for 2603 IPv4 and IPv6." 2605 ::= { natMIBCompliances 2 } 2607 --=================================================================== 2608 -- END OF DEPRECATED OBJECTS. CURRENT OBJECTS FOLLOW. 2610 -- textual conventions 2612 ProtocolNumber ::= TEXTUAL-CONVENTION 2613 DISPLAY-HINT "d" 2614 STATUS current 2615 DESCRIPTION 2616 "A transport protocol number, from the 'protocol-numbers' 2617 IANA registry." 2618 SYNTAX Unsigned32 (0..255) 2620 NatPoolId ::= TEXTUAL-CONVENTION 2621 DISPLAY-HINT "d" 2622 STATUS current 2623 DESCRIPTION 2624 "A unique ID that is assigned to each pool." 2625 SYNTAX Unsigned32 (1..4294967295) 2627 NatBehaviorType ::= TEXTUAL-CONVENTION 2628 STATUS current 2629 DESCRIPTION 2630 "Behavior type as described in [RFC4787] sections 4.1 and 5." 2631 SYNTAX INTEGER { 2632 endpointIndependent (0), 2633 addressDependent (1), 2634 addressAndPortDependent (2) 2635 } 2637 NatPoolingType ::= TEXTUAL-CONVENTION 2638 STATUS current 2639 DESCRIPTION 2640 "Pooling type as described in [RFC4787] sections 4.1." 2641 SYNTAX INTEGER { 2642 arbitrary (0), 2643 paired (1) 2645 } 2647 -- notifications 2649 natNotifPoolWatermarkLow NOTIFICATION-TYPE 2650 OBJECTS { natPoolIndex } 2651 STATUS current 2652 DESCRIPTION 2653 "This notification is generated when the specified pool's 2654 number of free addresses becomes lower than or equal to the 2655 specified threshold. The threshold is specified by the 2656 natPoolWatermarkLow object" 2657 ::= { natMIBNotifications 2 } 2659 natNotifPoolWatermarkHigh NOTIFICATION-TYPE 2660 OBJECTS { natPoolIndex } 2661 STATUS current 2662 DESCRIPTION 2663 "This notification is generated when the specified pool's 2664 number of free addresses becomes greater than or equal to 2665 the specified threshold. The threshold is specified by the 2666 natPoolWatermarkHigh object" 2667 ::= { natMIBNotifications 3 } 2669 natNotifMappings NOTIFICATION-TYPE 2670 OBJECTS { natCntMappings } 2671 STATUS current 2672 DESCRIPTION 2673 "This notification is generated when natCntMappings exceeds 2674 the value of natMappingsNotifyThreshold." 2675 ::= { natMIBNotifications 4 } 2677 natNotifAddrMappings NOTIFICATION-TYPE 2678 OBJECTS { natCntAddressMappings } 2679 STATUS current 2680 DESCRIPTION 2681 "This notification is generated when natCntAddressMappings 2682 exceeds the value of natAddrMapNotifyThreshold." 2683 ::= { natMIBNotifications 5 } 2685 natNotifSubscriberMappings NOTIFICATION-TYPE 2686 OBJECTS { natSubscriberCntMappings } 2687 STATUS current 2688 DESCRIPTION 2689 "This notification is generated when natSubscriberCntMappings 2690 exceeds the value of natSubscriberMapNotifyThresh, unless 2691 natSubscriberMapNotifyThresh is zero.." 2693 ::= { natMIBNotifications 6 } 2695 -- counters 2697 natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 } 2699 natCntTranslates OBJECT-TYPE 2700 SYNTAX Counter64 2701 MAX-ACCESS read-only 2702 STATUS current 2703 DESCRIPTION 2704 "The number of packets to which NAT has been applied." 2705 ::= { natCounters 1 } 2707 natCntOOP OBJECT-TYPE 2708 SYNTAX Counter64 2709 MAX-ACCESS read-only 2710 STATUS current 2711 DESCRIPTION 2712 "The number of packets to which NAT could not be applied 2713 because no external port was available, excluding quota 2714 limitations." 2715 ::= { natCounters 2 } 2717 natCntResource OBJECT-TYPE 2718 SYNTAX Counter64 2719 MAX-ACCESS read-only 2720 STATUS current 2721 DESCRIPTION 2722 "The number of packets to which NAT could not be applied 2723 because of resource constraints (excluding out-of-ports 2724 condition)." 2725 ::= { natCounters 3 } 2727 natCntStateMismatch OBJECT-TYPE 2728 SYNTAX Counter64 2729 MAX-ACCESS read-only 2730 STATUS current 2731 DESCRIPTION 2732 "The number of packets to which NAT could not be applied 2733 because of mapping state mismatch. For example, a TCP packet 2734 that matches an existing mapping but is dropped because its 2735 flags are incompatible with the current state of the mapping 2736 would cause this counter to be incremented." 2737 ::= { natCounters 4 } 2739 natCntQuota OBJECT-TYPE 2740 SYNTAX Counter64 2741 MAX-ACCESS read-only 2742 STATUS current 2743 DESCRIPTION 2744 "The number of packets to which NAT could not be applied 2745 because of quota limitations. Quotas include absolute limits 2746 as well as limits on rate of allocation." 2747 ::= { natCounters 5 } 2749 natCntMappings OBJECT-TYPE 2750 SYNTAX Gauge32 2751 MAX-ACCESS read-only 2752 STATUS current 2753 DESCRIPTION 2754 "Number of currently active mappings. 2756 Equal to natCntMapRemovals - natCntMapCreations." 2757 ::= { natCounters 6 } 2759 natCntMapCreations OBJECT-TYPE 2760 SYNTAX Counter64 2761 MAX-ACCESS read-only 2762 STATUS current 2763 DESCRIPTION 2764 "Number of mapping creations. This includes static mappings." 2765 ::= { natCounters 7 } 2767 natCntMapRemovals OBJECT-TYPE 2768 SYNTAX Counter64 2769 MAX-ACCESS read-only 2770 STATUS current 2771 DESCRIPTION 2772 "Number of mapping removals. This includes static mappings." 2773 ::= { natCounters 8 } 2775 natCntAddressMappings OBJECT-TYPE 2776 SYNTAX Gauge32 2777 MAX-ACCESS read-only 2778 STATUS current 2779 DESCRIPTION 2780 "Number of active address mappings. 2782 Equal to natCntAddrMapRemovals - natCntAddrMapCreations." 2783 ::= { natCounters 9 } 2785 natCntAddrMapCreations OBJECT-TYPE 2786 SYNTAX Counter64 2787 MAX-ACCESS read-only 2788 STATUS current 2789 DESCRIPTION 2790 "Number of address mapping creations. This includes static 2791 mappings." 2792 ::= { natCounters 10 } 2794 natCntAddrMapRemovals OBJECT-TYPE 2795 SYNTAX Counter64 2796 MAX-ACCESS read-only 2797 STATUS current 2798 DESCRIPTION 2799 "Number of address mapping removals. This includes static 2800 mappings." 2801 ::= { natCounters 11 } 2803 natCntProtocolTable OBJECT-TYPE 2804 SYNTAX SEQUENCE OF NatCntProtocolEntry 2805 MAX-ACCESS not-accessible 2806 STATUS current 2807 DESCRIPTION 2808 "Table of protocols with per-protocol counters." 2809 ::= { natCounters 128 } 2811 natCntProtocolEntry OBJECT-TYPE 2812 SYNTAX NatCntProtocolEntry 2813 MAX-ACCESS not-accessible 2814 STATUS current 2815 DESCRIPTION 2816 "Per-protocol counters." 2817 INDEX { natCntProtocolNumber } 2818 ::= { natCntProtocolTable 1 } 2820 NatCntProtocolEntry ::= 2821 SEQUENCE { 2822 natCntProtocolNumber ProtocolNumber, 2823 natCntProtocolTranslates Counter64, 2824 natCntProtocolOOP Counter64, 2825 natCntProtocolResource Counter64, 2826 natCntProtocolStateMismatch Counter64, 2827 natCntProtocolQuota Counter64, 2828 natCntProtocolMappings Gauge32, 2829 natCntProtocolMapCreations Counter64, 2830 natCntProtocolMapRemovals Counter64 2831 } 2833 natCntProtocolNumber OBJECT-TYPE 2834 SYNTAX ProtocolNumber 2835 MAX-ACCESS not-accessible 2836 STATUS current 2837 DESCRIPTION 2838 "Counters in this conceptual row apply to packets using the 2839 transport protocol identified by this object's value." 2840 ::= { natCntProtocolEntry 1 } 2842 natCntProtocolTranslates OBJECT-TYPE 2843 SYNTAX Counter64 2844 MAX-ACCESS read-only 2845 STATUS current 2846 DESCRIPTION 2847 "The number of packets to which NAT has been applied." 2848 ::= { natCntProtocolEntry 2 } 2850 natCntProtocolOOP OBJECT-TYPE 2851 SYNTAX Counter64 2852 MAX-ACCESS read-only 2853 STATUS current 2854 DESCRIPTION 2855 "The number of packets to which NAT could not be applied 2856 because no external port was available." 2857 ::= { natCntProtocolEntry 3 } 2859 natCntProtocolResource OBJECT-TYPE 2860 SYNTAX Counter64 2861 MAX-ACCESS read-only 2862 STATUS current 2863 DESCRIPTION 2864 "The number of packets to which NAT could not be applied 2865 because of resource constraints (excluding out-of-ports 2866 condition)." 2867 ::= { natCntProtocolEntry 4 } 2869 natCntProtocolStateMismatch OBJECT-TYPE 2870 SYNTAX Counter64 2871 MAX-ACCESS read-only 2872 STATUS current 2873 DESCRIPTION 2874 "The number of packets to which NAT could not be applied 2875 because of state table mismatch. For example, a TCP packet 2876 that matches an existing mapping but is dropped because its 2877 flags are incompatible with the current state of the mapping 2878 would cause this counter to be incremented." 2879 ::= { natCntProtocolEntry 5 } 2881 natCntProtocolQuota OBJECT-TYPE 2882 SYNTAX Counter64 2883 MAX-ACCESS read-only 2884 STATUS current 2885 DESCRIPTION 2886 "The number of packets to which NAT could not be applied 2887 because of exceeded quotas. Quotas include absolute limits 2888 as well as limits on rate of allocation." 2889 ::= { natCntProtocolEntry 6 } 2891 natCntProtocolMappings OBJECT-TYPE 2892 SYNTAX Gauge32 2893 MAX-ACCESS read-only 2894 STATUS current 2895 DESCRIPTION 2896 "Number of active mappings. 2898 Equal to natCntMapRemovals - natCntMapCreations." 2899 ::= { natCntProtocolEntry 7 } 2901 natCntProtocolMapCreations OBJECT-TYPE 2902 SYNTAX Counter64 2903 MAX-ACCESS read-only 2904 STATUS current 2905 DESCRIPTION 2906 "Number of mapping creations. This includes static mappings." 2907 ::= { natCntProtocolEntry 8 } 2909 natCntProtocolMapRemovals OBJECT-TYPE 2910 SYNTAX Counter64 2911 MAX-ACCESS read-only 2912 STATUS current 2913 DESCRIPTION 2914 "Number of mapping removals. This includes statis mappings." 2915 ::= { natCntProtocolEntry 9 } 2917 -- limits 2919 natLimits OBJECT IDENTIFIER ::= { natMIBObjects 12 } 2921 natLimitMappings OBJECT-TYPE 2922 SYNTAX Unsigned32 2923 MAX-ACCESS read-write 2924 STATUS current 2925 DESCRIPTION 2926 "Global limit on the total number of mappings. Zero means 2927 unlimited." 2928 ::= { natLimits 1 } 2930 natMappingsNotifyThreshold OBJECT-TYPE 2931 SYNTAX Unsigned32 2932 MAX-ACCESS read-write 2933 STATUS current 2934 DESCRIPTION 2935 "See natNotifMappings." 2936 ::= { natLimits 2 } 2938 natLimitAddressMappings OBJECT-TYPE 2939 SYNTAX Unsigned32 2940 MAX-ACCESS read-write 2941 STATUS current 2942 DESCRIPTION 2943 "Global limit on the total number of internal-to-external 2944 address mappings. Zero means unlimited. 2946 This limit is only applicable to NATs that have an 'IP 2947 address pooling' behavior of 'Paired' [RFC4787]." 2948 ::= { natLimits 3 } 2950 natAddrMapNotifyThreshold OBJECT-TYPE 2951 SYNTAX Unsigned32 2952 MAX-ACCESS read-write 2953 STATUS current 2954 DESCRIPTION 2955 "See natNotifAddrMappings." 2956 ::= { natLimits 4 } 2958 natLimitFragments OBJECT-TYPE 2959 SYNTAX Unsigned32 2960 MAX-ACCESS read-write 2961 STATUS current 2962 DESCRIPTION 2963 "Global limit on the total number of fragments pending 2964 reassembly. Zero means unlimited. 2966 This limit is only applicable to NATs having 'Receive 2967 Fragments Out of Order' behavior [RFC4787]." 2968 ::= { natLimits 5 } 2970 natLimitSubscribers OBJECT-TYPE 2971 SYNTAX Unsigned32 2972 MAX-ACCESS read-write 2973 STATUS current 2974 DESCRIPTION 2975 "Global limit on the number of subscribers with active 2976 mappings. Zero means unlimited." 2977 ::= { natLimits 6 } 2979 -- pools 2981 natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 } 2983 natPoolTable OBJECT-TYPE 2984 SYNTAX SEQUENCE OF NatPoolEntry 2985 MAX-ACCESS not-accessible 2986 STATUS current 2987 DESCRIPTION 2988 "Table of pools." 2989 ::= { natPoolObjects 1 } 2991 natPoolEntry OBJECT-TYPE 2992 SYNTAX NatPoolEntry 2993 MAX-ACCESS not-accessible 2994 STATUS current 2995 DESCRIPTION 2996 "Entry in the table of pools." 2997 INDEX { natPoolIndex } 2998 ::= { natPoolTable 1 } 3000 NatPoolEntry ::= 3001 SEQUENCE { 3002 natPoolIndex NatPoolId, 3003 natPoolRealm SnmpAdminString, 3004 natPoolUsage Integer32, 3005 natPoolWatermarkLow Integer32, 3006 natPoolWatermarkHigh Integer32, 3007 natPoolPortMin InetPortNumber, 3008 natPoolPortMax InetPortNumber 3009 } 3011 natPoolIndex OBJECT-TYPE 3012 SYNTAX NatPoolId 3013 MAX-ACCESS read-only 3014 STATUS current 3015 DESCRIPTION 3016 "Index of an address pool." 3017 ::= { natPoolEntry 1 } 3019 natPoolRealm OBJECT-TYPE 3020 SYNTAX SnmpAdminString (SIZE (0..32)) 3021 MAX-ACCESS read-only 3022 STATUS current 3023 DESCRIPTION 3024 "Realm to which this pool's addresses belong." 3025 ::= { natPoolEntry 2 } 3027 natPoolUsage OBJECT-TYPE 3028 SYNTAX Integer32 (0..100) 3029 MAX-ACCESS read-only 3030 STATUS current 3031 DESCRIPTION 3032 "Percentage of the pool's total number of external ports 3033 currently mapped." 3034 ::= { natPoolEntry 3 } 3036 natPoolWatermarkLow OBJECT-TYPE 3037 SYNTAX Integer32 (-1|0..100) 3038 MAX-ACCESS read-create 3039 STATUS current 3040 DESCRIPTION 3041 "Low watermark on a pool's usage, in percentage of the total 3042 number of ports available. If set to -1, the watermark is 3043 disabled. Otherwise when natPoolUsage becomes lower than or 3044 equal to natPoolWatermarkLow, a notification is sent. The 3045 NAT may also start behaving in low usage mode (this is 3046 implementation-defined)." 3047 ::= { natPoolEntry 4 } 3049 natPoolWatermarkHigh OBJECT-TYPE 3050 SYNTAX Integer32 (-1|0..100) 3051 MAX-ACCESS read-create 3052 STATUS current 3053 DESCRIPTION 3054 "High watermark on a pool's usage, in percentage of the total 3055 number of ports available. If set to -1, the watermark is 3056 disabled. Otherwise, when natPoolUsage becomes higher than 3057 or equal to natPoolWatermarkHigh, a notification is sent. 3058 The NAT may also start behaving in high usage mode (this is 3059 implementation-defined)." 3060 ::= { natPoolEntry 5 } 3062 natPoolPortMin OBJECT-TYPE 3063 SYNTAX InetPortNumber 3064 MAX-ACCESS read-create 3065 STATUS current 3066 DESCRIPTION 3067 "Minimal port number to be allocated in this pool." 3068 ::= { natPoolEntry 6 } 3070 natPoolPortMax OBJECT-TYPE 3071 SYNTAX InetPortNumber 3072 MAX-ACCESS read-create 3073 STATUS current 3074 DESCRIPTION 3075 "Maximal port number to be allocated in this pool." 3076 ::= { natPoolEntry 7 } 3078 natPoolRangeTable OBJECT-TYPE 3079 SYNTAX SEQUENCE OF NatPoolRangeEntry 3080 MAX-ACCESS not-accessible 3081 STATUS current 3082 DESCRIPTION 3083 "This table contains address ranges used by pool entries." 3084 ::= { natPoolObjects 2 } 3086 natPoolRangeEntry OBJECT-TYPE 3087 SYNTAX NatPoolRangeEntry 3088 MAX-ACCESS not-accessible 3089 STATUS current 3090 DESCRIPTION 3091 "NAT pool address range." 3092 INDEX { natPoolRangeType, 3093 natPoolRangeBegin } 3094 ::= { natPoolRangeTable 1 } 3096 NatPoolRangeEntry ::= 3097 SEQUENCE { 3098 natPoolRangePoolIndex NatPoolId, 3099 natPoolRangeType InetAddressType, 3100 natPoolRangeBegin InetAddress, 3101 natPoolRangeEnd InetAddress, 3102 natPoolRangeAllocatedPorts Gauge32 3103 } 3105 natPoolRangePoolIndex OBJECT-TYPE 3106 SYNTAX NatPoolId 3107 MAX-ACCESS read-only 3108 STATUS current 3109 DESCRIPTION 3110 "Index of the address pool to which this address range 3111 belongs. See natPoolIndex." 3112 ::= { natPoolRangeEntry 1 } 3114 natPoolRangeType OBJECT-TYPE 3115 SYNTAX InetAddressType 3116 MAX-ACCESS not-accessible 3117 STATUS current 3118 DESCRIPTION 3119 "The address type of natPoolRangeBegin and 3120 natPoolRangeEnd." 3121 ::= { natPoolRangeEntry 2 } 3123 natPoolRangeBegin OBJECT-TYPE 3124 SYNTAX InetAddress (SIZE (4|16)) 3125 MAX-ACCESS not-accessible 3126 STATUS current 3127 DESCRIPTION 3128 "Lowest address included in this range." 3129 ::= { natPoolRangeEntry 3 } 3131 natPoolRangeEnd OBJECT-TYPE 3132 SYNTAX InetAddress (SIZE (4|16)) 3133 MAX-ACCESS read-only 3134 STATUS current 3135 DESCRIPTION 3136 "Highest address included in this range." 3137 ::= { natPoolRangeEntry 4 } 3139 natPoolRangeAllocatedPorts OBJECT-TYPE 3140 SYNTAX Gauge32 3141 MAX-ACCESS read-only 3142 STATUS current 3143 DESCRIPTION 3144 "Number of ports currently allocated on the addresses in this 3145 range." 3146 ::= { natPoolRangeEntry 5 } 3148 -- indexed mapping tables 3150 natMapObjects OBJECT IDENTIFIER ::= { natMIBObjects 14 } 3152 natMapIntAddrTable OBJECT-TYPE 3153 SYNTAX SEQUENCE OF NatMapIntAddrEntry 3154 MAX-ACCESS not-accessible 3155 STATUS current 3156 DESCRIPTION 3157 "Table of mappings from internal to external address. 3159 This table is only applicable to NATs that have an 'IP 3160 address pooling' behavior of 'Paired' [RFC4787]." 3161 ::= { natMapObjects 1 } 3163 natMapIntAddrEntry OBJECT-TYPE 3164 SYNTAX NatMapIntAddrEntry 3165 MAX-ACCESS not-accessible 3166 STATUS current 3167 DESCRIPTION 3168 "Mapping from internal to external address." 3169 INDEX { natMapIntAddrIntRealm, 3170 natMapIntAddrType, 3171 natMapIntAddrInt } 3172 ::= { natMapIntAddrTable 1 } 3174 NatMapIntAddrEntry ::= 3175 SEQUENCE { 3176 natMapIntAddrIntRealm SnmpAdminString, 3177 natMapIntAddrExtRealm SnmpAdminString, 3178 natMapIntAddrType InetAddressType, 3179 natMapIntAddrInt InetAddress, 3180 natMapIntAddrExt InetAddress 3181 } 3183 natMapIntAddrIntRealm OBJECT-TYPE 3184 SYNTAX SnmpAdminString (SIZE(0..32)) 3185 MAX-ACCESS not-accessible 3186 STATUS current 3187 DESCRIPTION 3188 "Realm to which natMapIntAddrInt belongs." 3189 ::= { natMapIntAddrEntry 1 } 3191 natMapIntAddrExtRealm OBJECT-TYPE 3192 SYNTAX SnmpAdminString 3193 MAX-ACCESS read-only 3194 STATUS current 3195 DESCRIPTION 3196 "Realm to which natMapIntAddrExt belongs." 3197 ::= { natMapIntAddrEntry 2 } 3199 natMapIntAddrType OBJECT-TYPE 3200 SYNTAX InetAddressType 3201 MAX-ACCESS not-accessible 3202 STATUS current 3203 DESCRIPTION 3204 "Address type for natMapIntAddrInt and natMapIntAddrExt." 3205 ::= { natMapIntAddrEntry 3 } 3207 natMapIntAddrInt OBJECT-TYPE 3208 SYNTAX InetAddress (SIZE (4|16)) 3209 MAX-ACCESS not-accessible 3210 STATUS current 3211 DESCRIPTION 3212 "Internal address." 3213 ::= { natMapIntAddrEntry 4 } 3215 natMapIntAddrExt OBJECT-TYPE 3216 SYNTAX InetAddress 3217 MAX-ACCESS read-only 3218 STATUS current 3219 DESCRIPTION 3220 "External address." 3221 ::= { natMapIntAddrEntry 5 } 3223 natMappingTable OBJECT-TYPE 3224 SYNTAX SEQUENCE OF NatMappingTableEntry 3225 MAX-ACCESS not-accessible 3226 STATUS current 3227 DESCRIPTION 3228 "Table of mappings indexed by external 3-tuple." 3229 ::= { natMapObjects 2 } 3231 natMappingTableEntry OBJECT-TYPE 3232 SYNTAX NatMappingTableEntry 3233 MAX-ACCESS not-accessible 3234 STATUS current 3235 DESCRIPTION 3236 "A single NAT mapping." 3237 INDEX { natMappingProto, 3238 natMappingExtRealm, 3239 natMappingExtAddressType, 3240 natMappingExtAddress, 3241 natMappingExtPort } 3242 ::= { natMappingTable 1 } 3244 NatMappingTableEntry ::= 3245 SEQUENCE { 3246 natMappingProto ProtocolNumber, 3247 natMappingExtRealm SnmpAdminString, 3248 natMappingExtAddressType InetAddressType, 3249 natMappingExtAddress InetAddress, 3250 natMappingExtPort InetPortNumber, 3251 natMappingIntRealm SnmpAdminString, 3252 natMappingIntAddressType InetAddressType, 3253 natMappingIntAddress InetAddress, 3254 natMappingIntPort InetPortNumber, 3255 natMappingPool NatPoolId, 3256 natMappingMapBehavior NatBehaviorType, 3257 natMappingFilterBehavior NatBehaviorType, 3258 natMappingAddressPooling NatPoolingType 3259 } 3261 natMappingProto OBJECT-TYPE 3262 SYNTAX ProtocolNumber 3263 MAX-ACCESS not-accessible 3264 STATUS current 3265 DESCRIPTION 3266 "The mapping's transport protocol number." 3267 ::= { natMappingTableEntry 1 } 3269 natMappingExtRealm OBJECT-TYPE 3270 SYNTAX SnmpAdminString (SIZE(0..32)) 3271 MAX-ACCESS not-accessible 3272 STATUS current 3273 DESCRIPTION 3274 "The realm to which natMappingExtAddress belongs." 3275 ::= { natMappingTableEntry 2 } 3277 natMappingExtAddressType OBJECT-TYPE 3278 SYNTAX InetAddressType 3279 MAX-ACCESS not-accessible 3280 STATUS current 3281 DESCRIPTION 3282 "Type of the mapping's external address." 3283 ::= { natMappingTableEntry 3 } 3285 natMappingExtAddress OBJECT-TYPE 3286 SYNTAX InetAddress (SIZE (4|16)) 3287 MAX-ACCESS not-accessible 3288 STATUS current 3289 DESCRIPTION 3290 "The mapping's external address. If this is the undefined 3291 address, all external addresses are mapped to the internal 3292 address." 3293 ::= { natMappingTableEntry 4 } 3295 natMappingExtPort OBJECT-TYPE 3296 SYNTAX InetPortNumber 3297 MAX-ACCESS not-accessible 3298 STATUS current 3299 DESCRIPTION 3300 "The mapping's external port number. If this is zero, all 3301 external ports are mapped to the internal port." 3302 ::= { natMappingTableEntry 5 } 3304 natMappingIntRealm OBJECT-TYPE 3305 SYNTAX SnmpAdminString 3306 MAX-ACCESS read-only 3307 STATUS current 3308 DESCRIPTION 3309 "The realm to which natMappingIntAddress belongs." 3310 ::= { natMappingTableEntry 6 } 3312 natMappingIntAddressType OBJECT-TYPE 3313 SYNTAX InetAddressType 3314 MAX-ACCESS read-only 3315 STATUS current 3316 DESCRIPTION 3317 "Type of the mapping's internal address." 3318 ::= { natMappingTableEntry 7 } 3320 natMappingIntAddress OBJECT-TYPE 3321 SYNTAX InetAddress 3322 MAX-ACCESS read-only 3323 STATUS current 3324 DESCRIPTION 3325 "The mapping's internal address. If this is the undefined 3326 address, addresses are not translated." 3327 ::= { natMappingTableEntry 8 } 3329 natMappingIntPort OBJECT-TYPE 3330 SYNTAX InetPortNumber 3331 MAX-ACCESS read-only 3332 STATUS current 3333 DESCRIPTION 3334 "The mapping's internal port number. If this is zero, ports 3335 are not translated." 3336 ::= { natMappingTableEntry 9 } 3338 natMappingPool OBJECT-TYPE 3339 SYNTAX NatPoolId (0|1..4294967295) 3340 MAX-ACCESS read-only 3341 STATUS current 3342 DESCRIPTION 3343 "Index of the pool that contains this mapping's external 3344 address and port. If zero, no pool is associated with this 3345 mapping." 3346 ::= { natMappingTableEntry 10 } 3348 natMappingMapBehavior OBJECT-TYPE 3349 SYNTAX NatBehaviorType 3350 MAX-ACCESS read-only 3351 STATUS current 3352 DESCRIPTION 3353 "Mapping behavior as described in [RFC4787] section 4.1." 3354 ::= { natMappingTableEntry 11 } 3356 natMappingFilterBehavior OBJECT-TYPE 3357 SYNTAX NatBehaviorType 3358 MAX-ACCESS read-only 3359 STATUS current 3360 DESCRIPTION 3361 "Filtering behavior as described in [RFC4787] section 5." 3363 ::= { natMappingTableEntry 12 } 3365 natMappingAddressPooling OBJECT-TYPE 3366 SYNTAX NatPoolingType 3367 MAX-ACCESS read-only 3368 STATUS current 3369 DESCRIPTION 3370 "Type of address pooling behavior that was used to create 3371 this mapping." 3372 ::= { natMappingTableEntry 13 } 3374 -- subscribers 3376 natSubscribers OBJECT IDENTIFIER ::= { natMIBObjects 15 } 3378 natSubscribersTable OBJECT-TYPE 3379 SYNTAX SEQUENCE OF NatSubscribersTableEntry 3380 MAX-ACCESS not-accessible 3381 STATUS current 3382 DESCRIPTION 3383 "Table of CGN subscribers." 3384 ::= { natSubscribers 1 } 3386 natSubscribersTableEntry OBJECT-TYPE 3387 SYNTAX NatSubscribersTableEntry 3388 MAX-ACCESS not-accessible 3389 STATUS current 3390 DESCRIPTION 3391 "Each entry describes a single CGN subscriber." 3392 INDEX { natSubscriberIdentifierType, 3393 natSubscriberIdentifier } 3394 ::= { natSubscribersTable 1 } 3396 NatSubscribersTableEntry ::= 3397 SEQUENCE { 3398 natSubscriberIdentifierType InetAddressType, 3399 natSubscriberIdentifier InetAddress, 3400 natSubscriberIntPrefixType InetAddressType, 3401 natSubscriberIntPrefix InetAddress, 3402 natSubscriberIntPrefixLength InetAddressPrefixLength, 3403 natSubscriberPool NatPoolId, 3404 natSubscriberCntTranslates Counter64, 3405 natSubscriberCntOOP Counter64, 3406 natSubscriberCntResource Counter64, 3407 natSubscriberCntStateMismatch Counter64, 3408 natSubscriberCntQuota Counter64, 3409 natSubscriberCntMappings Gauge32, 3410 natSubscriberCntMapCreations Counter64, 3411 natSubscriberCntMapRemovals Counter64, 3412 natSubscriberLimitMappings Unsigned32, 3413 natSubscriberMapNotifyThresh Unsigned32 3414 } 3416 natSubscriberIdentifierType OBJECT-TYPE 3417 SYNTAX InetAddressType 3418 MAX-ACCESS not-accessible 3419 STATUS current 3420 DESCRIPTION 3421 "Address type of the subscriber identifier." 3422 ::= { natSubscribersTableEntry 1 } 3424 natSubscriberIdentifier OBJECT-TYPE 3425 SYNTAX InetAddress (SIZE (4|16)) 3426 MAX-ACCESS not-accessible 3427 STATUS current 3428 DESCRIPTION 3429 "Address used for uniquely identifying the subscriber. 3431 In traditional NAT, this is the internal address assigned to 3432 the CPE. In case an address range is assigned to a 3433 subscriber, the first address in the range is used as 3434 identifier. For tunnelled connectivity (e.g., DS-Lite 3435 [RFC6333]), the outer address is used as identifier (i.e., 3436 the IPv6 address in the case of DS-Lite)." 3437 ::= { natSubscribersTableEntry 2 } 3439 natSubscriberIntPrefixType OBJECT-TYPE 3440 SYNTAX InetAddressType 3441 MAX-ACCESS read-only 3442 STATUS current 3443 DESCRIPTION 3444 "Subscriber's internal prefix type." 3445 ::= { natSubscribersTableEntry 3 } 3447 natSubscriberIntPrefix OBJECT-TYPE 3448 SYNTAX InetAddress 3449 MAX-ACCESS read-only 3450 STATUS current 3451 DESCRIPTION 3452 "Prefix assigned to a subscriber's CPE." 3453 ::= { natSubscribersTableEntry 4 } 3455 natSubscriberIntPrefixLength OBJECT-TYPE 3456 SYNTAX InetAddressPrefixLength 3457 MAX-ACCESS read-only 3458 STATUS current 3459 DESCRIPTION 3460 "Length of the prefix assigned to a subscriber's CPE, in 3461 bits. In case a single address is assigned, this will be 32 3462 for IPv4 and 128 for IPv6." 3463 ::= { natSubscribersTableEntry 5 } 3465 natSubscriberPool OBJECT-TYPE 3466 SYNTAX NatPoolId 3467 MAX-ACCESS read-only 3468 STATUS current 3469 DESCRIPTION 3470 "External address pool to which this subscriber belongs." 3471 ::= { natSubscribersTableEntry 6 } 3473 natSubscriberCntTranslates OBJECT-TYPE 3474 SYNTAX Counter64 3475 MAX-ACCESS read-only 3476 STATUS current 3477 DESCRIPTION 3478 "The number of packets received from or sent to this 3479 subscriber and to which NAT has been applied." 3480 ::= { natSubscribersTableEntry 7 } 3482 natSubscriberCntOOP OBJECT-TYPE 3483 SYNTAX Counter64 3484 MAX-ACCESS read-only 3485 STATUS current 3486 DESCRIPTION 3487 "The number of packets received from this subscriber to which 3488 NAT could not be applied because no external port was 3489 available, excluding quota limitations." 3490 ::= { natSubscribersTableEntry 8 } 3492 natSubscriberCntResource OBJECT-TYPE 3493 SYNTAX Counter64 3494 MAX-ACCESS read-only 3495 STATUS current 3496 DESCRIPTION 3497 "The number of packets received from this subscriber to which 3498 NAT could not be applied because of resource constraints 3499 (excluding out-of-ports condition)." 3500 ::= { natSubscribersTableEntry 9 } 3502 natSubscriberCntStateMismatch OBJECT-TYPE 3503 SYNTAX Counter64 3504 MAX-ACCESS read-only 3505 STATUS current 3506 DESCRIPTION 3507 "The number of packets received from or destined to this 3508 subscriber to which NAT could not be applied because of 3509 mapping state mismatch. For example, a TCP packet that 3510 matches an existing mapping but is dropped because its flags 3511 are incompatible with the current state of the mapping would 3512 cause this counter to be incremented." 3513 ::= { natSubscribersTableEntry 10 } 3515 natSubscriberCntQuota OBJECT-TYPE 3516 SYNTAX Counter64 3517 MAX-ACCESS read-only 3518 STATUS current 3519 DESCRIPTION 3520 "The number of packets received from or destined to this 3521 subscriber to which NAT could not be applied because of 3522 quota limitations. Quotas include absolute limits as well as 3523 limits on the rate of allocation." 3524 ::= { natSubscribersTableEntry 11 } 3526 natSubscriberCntMappings OBJECT-TYPE 3527 SYNTAX Gauge32 3528 MAX-ACCESS read-only 3529 STATUS current 3530 DESCRIPTION 3531 "Number of currently active mappings created by or for this 3532 subscriber. 3534 Equal to natSubscriberCntMapRemovals - 3535 natSubscriberCntMapCreations." 3536 ::= { natSubscribersTableEntry 12 } 3538 natSubscriberCntMapCreations OBJECT-TYPE 3539 SYNTAX Counter64 3540 MAX-ACCESS read-only 3541 STATUS current 3542 DESCRIPTION 3543 "Number of mappings created by or for this subscriber." 3544 ::= { natSubscribersTableEntry 13 } 3546 natSubscriberCntMapRemovals OBJECT-TYPE 3547 SYNTAX Counter64 3548 MAX-ACCESS read-only 3549 STATUS current 3550 DESCRIPTION 3551 "Number of mappings removed by or for this subscriber." 3552 ::= { natSubscribersTableEntry 14 } 3554 natSubscriberLimitMappings OBJECT-TYPE 3555 SYNTAX Unsigned32 3556 MAX-ACCESS read-write 3557 STATUS current 3558 DESCRIPTION 3559 "Limit on the number of active mappings created by or for 3560 this subscriber. Zero means unlimited." 3561 ::= { natSubscribersTableEntry 15 } 3563 natSubscriberMapNotifyThresh OBJECT-TYPE 3564 SYNTAX Unsigned32 3565 MAX-ACCESS read-write 3566 STATUS current 3567 DESCRIPTION 3568 "See natNotifSubscriberMappings." 3569 ::= { natSubscribersTableEntry 16 } 3571 -- object groups 3573 natGroupBasicObjects OBJECT-GROUP 3574 OBJECTS { natCntTranslates, 3575 natCntOOP, 3576 natCntResource, 3577 natCntStateMismatch, 3578 natCntQuota, 3579 natCntMappings, 3580 natCntMapCreations, 3581 natCntMapRemovals, 3582 natCntProtocolTranslates, 3583 natCntProtocolOOP, 3584 natCntProtocolResource, 3585 natCntProtocolStateMismatch, 3586 natCntProtocolQuota, 3587 natCntProtocolMappings, 3588 natCntProtocolMapCreations, 3589 natCntProtocolMapRemovals, 3590 natLimitMappings, 3591 natMappingsNotifyThreshold, 3592 natPoolIndex, 3593 natPoolRealm, 3594 natPoolUsage, 3595 natPoolWatermarkLow, 3596 natPoolWatermarkHigh, 3597 natPoolPortMin, 3598 natPoolPortMax, 3599 natPoolRangePoolIndex, 3600 natPoolRangeEnd, 3601 natPoolRangeAllocatedPorts, 3602 natMappingIntRealm, 3603 natMappingIntAddressType, 3604 natMappingIntAddress, 3605 natMappingIntPort, 3606 natMappingPool, 3607 natMappingMapBehavior, 3608 natMappingFilterBehavior, 3609 natMappingAddressPooling } 3610 STATUS current 3611 DESCRIPTION 3612 "Basic counters, limits, and thresholds." 3613 ::= { natMIBGroups 7 } 3615 natGroupAddrMapObjects OBJECT-GROUP 3616 OBJECTS { natCntAddressMappings, 3617 natCntAddrMapCreations, 3618 natCntAddrMapRemovals, 3619 natLimitAddressMappings, 3620 natAddrMapNotifyThreshold, 3621 natMapIntAddrExtRealm, 3622 natMapIntAddrExt } 3623 STATUS current 3624 DESCRIPTION 3625 "Objects that require 'Paired IP address pooling' behavior 3626 [RFC4787]." 3627 ::= { natMIBGroups 8 } 3629 natGroupFragmentObjects OBJECT-GROUP 3630 OBJECTS { natLimitFragments } 3631 STATUS current 3632 DESCRIPTION 3633 "Objects that require 'Receive Fragments Out of Order' 3634 behavior [RFC4787]." 3635 ::= { natMIBGroups 9 } 3637 natGroupBasicNotifications NOTIFICATION-GROUP 3638 NOTIFICATIONS { natNotifPoolWatermarkLow, 3639 natNotifPoolWatermarkHigh, 3640 natNotifMappings } 3641 STATUS current 3642 DESCRIPTION 3643 "Basic notifications." 3644 ::= { natMIBGroups 11 } 3646 natGroupAddrMapNotifications NOTIFICATION-GROUP 3647 NOTIFICATIONS { natNotifAddrMappings } 3648 STATUS current 3649 DESCRIPTION 3650 "Notifications about address mappings." 3651 ::= { natMIBGroups 12 } 3653 natGroupSubscriberObjects OBJECT-GROUP 3654 OBJECTS { natSubscriberIntPrefixType, 3655 natSubscriberIntPrefix, 3656 natSubscriberIntPrefixLength, 3657 natSubscriberPool, 3658 natSubscriberCntTranslates, 3659 natSubscriberCntOOP, 3660 natSubscriberCntResource, 3661 natSubscriberCntStateMismatch, 3662 natSubscriberCntQuota, 3663 natSubscriberCntMappings, 3664 natSubscriberCntMapCreations, 3665 natSubscriberCntMapRemovals, 3666 natSubscriberLimitMappings, 3667 natLimitSubscribers, 3668 natSubscriberMapNotifyThresh } 3669 STATUS current 3670 DESCRIPTION 3671 "Per-subscriber counters, limits, and thresholds." 3672 ::= { natMIBGroups 13 } 3674 natGroupSubscriberNotifications NOTIFICATION-GROUP 3675 NOTIFICATIONS { natNotifSubscriberMappings } 3676 STATUS current 3677 DESCRIPTION 3678 "Subscriber notifications." 3679 ::= { natMIBGroups 14 } 3681 -- compliance statements 3683 natBasicCompliance MODULE-COMPLIANCE 3684 STATUS current 3685 DESCRIPTION 3686 "Basic compliance with this MIB is attained when the objects 3687 contained in the mandatory groups are implemented." 3688 MODULE -- this module 3689 MANDATORY-GROUPS { natGroupBasicObjects, 3690 natGroupBasicNotifications } 3691 ::= { natMIBCompliances 3 } 3693 natAddrMapCompliance MODULE-COMPLIANCE 3694 STATUS current 3695 DESCRIPTION 3696 "NATs that have 'Paired IP address pooling' behavior 3698 [RFC4787] and implement the objects in this group can claim 3699 this level of compliance." 3700 MODULE -- this module 3701 MANDATORY-GROUPS { natGroupBasicObjects, 3702 natGroupBasicNotifications, 3703 natGroupAddrMapObjects, 3704 natGroupAddrMapNotifications } 3705 ::= { natMIBCompliances 4 } 3707 natFragmentsCompliance MODULE-COMPLIANCE 3708 STATUS current 3709 DESCRIPTION 3710 "NATs that have 'Receive Fragments Out of Order' behavior 3711 [RFC4787] and implement the objects in this group can claim 3712 this level of compliance." 3713 MODULE -- this module 3714 MANDATORY-GROUPS { natGroupBasicObjects, 3715 natGroupBasicNotifications, 3716 natGroupFragmentObjects } 3717 ::= { natMIBCompliances 5 } 3719 natCGNCompliance MODULE-COMPLIANCE 3720 STATUS current 3721 DESCRIPTION 3722 "NATs that have 'Paired IP address pooling' and 'Receive 3723 Fragments Out of Order' behavior [RFC4787] and implement the 3724 objects in this group can claim this level of compliance. 3726 This level of compliance is to be expected of a CGN 3727 compliant with [I-D.ietf-behave-lsn-requiremnents]." 3728 MODULE -- this module 3729 MANDATORY-GROUPS { natGroupBasicObjects, 3730 natGroupBasicNotifications, 3731 natGroupAddrMapObjects, 3732 natGroupAddrMapNotifications, 3733 natGroupFragmentObjects, 3734 natGroupSubscriberObjects, 3735 natGroupSubscriberNotifications } 3736 ::= { natMIBCompliances 6 } 3738 END 3740 5. Security Considerations 3742 There are a number of management objects defined in this MIB module 3743 with a MAX-ACCESS clause of read-write and/or read-create. Such 3744 objects may be considered sensitive or vulnerable in some network 3745 environments. The support for SET operations in a non-secure 3746 environment without proper protection can have a negative effect on 3747 network operations. These are the tables and objects and their 3748 sensitivity/vulnerability: 3750 Limits: An attacker setting a very low or very high limit can easily 3751 cause a denial-of-service situation. 3753 * natLimitMappings 3755 * natLimitAddressMappings 3757 * natLimitFragments 3759 * natLimitSubscribers 3761 * natSubscriberLimitMappings 3763 Notification thresholds: An attacker setting an arbitrarily low 3764 treshold can cause many useless notifications to be generated. 3765 Setting an arbitrarily high threshold can effectively disable 3766 notifications, which could be used to hide another attack. 3768 * natMappingsNotifyThreshold 3770 * natAddrMapNotifyThreshold 3772 * natSubscriberMapNotifyThresh 3774 Some of the readable objects in this MIB module (i.e., objects with a 3775 MAX-ACCESS other than not-accessible) may be considered sensitive or 3776 vulnerable in some network environments. It is thus important to 3777 control even GET and/or NOTIFY access to these objects and possibly 3778 to even encrypt the values of these objects when sending them over 3779 the network via SNMP. 3781 There are a number of managed objects in this MIB that may contain 3782 information that may be sensitive from a business perspective, in 3783 that they may represent NAT state information. Various objects can 3784 reveal the identity of private hosts that are engaged in a session 3785 with external end nodes. A curious outsider could monitor these to 3786 assess the number of private hosts being supported by the NAT device. 3787 Further, a disgruntled former employee of an enterprise could use the 3788 information to break into specific private hosts by intercepting the 3789 existing sessions or originating new sessions into the host. There 3790 are no objects that are sensitive in their own right, such as 3791 passwords or monetary amounts. It may even be important to control 3792 GET access to these objects and possibly to encrypt the values of 3793 these objects when they are sent over the network via SNMP. Not all 3794 versions of SNMP provide features for such a secure environment. 3796 SNMP versions prior to SNMPv3 did not include adequate security. 3797 Even if the network itself is secure (for example by using IPsec), 3798 there is no control as to who on the secure network is allowed to 3799 access and GET/SET (read/change/create/delete) the objects in this 3800 MIB module. 3802 Implementations SHOULD provide the security features described by the 3803 SNMPv3 framework (see [RFC3410]), and implementations claiming 3804 compliance to the SNMPv3 standard MUST include full support for 3805 authentication and privacy via the User-based Security Model (USM) 3806 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 3807 MAY also provide support for the Transport Security Model (TSM) 3808 [RFC5591] in combination with a secure transport such as SSH 3809 [RFC5592] or TLS/DTLS [RFC6353]. 3811 Further, deployment of SNMP versions prior to SNMPv3 is NOT 3812 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 3813 enable cryptographic security. It is then a customer/operator 3814 responsibility to ensure that the SNMP entity giving access to an 3815 instance of this MIB module is properly configured to give access to 3816 the objects only to those principals (users) that have legitimate 3817 rights to indeed GET or SET (change/create/delete) them. 3819 6. IANA Considerations 3821 IANA has assigned object identifier 123 to the natMIB module, with 3822 prefix iso.org.dod.internet.mgmt.mib-2 in the Network Management 3823 Parameters registry [1]. 3825 7. References 3827 7.1. Normative References 3829 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3830 Schoenwaelder, Ed., "Structure of Management Information 3831 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 3833 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3834 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 3835 58, RFC 2579, April 1999. 3837 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 3838 "Conformance Statements for SMIv2", STD 58, RFC 2580, 3839 April 1999. 3841 [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address 3842 Translator (NAT) Terminology and Considerations", RFC 3843 2663, August 1999. 3845 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 3846 Address Translator (Traditional NAT)", RFC 3022, January 3847 2001. 3849 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 3850 (USM) for version 3 of the Simple Network Management 3851 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 3853 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 3854 Advanced Encryption Standard (AES) Cipher Algorithm in the 3855 SNMP User-based Security Model", RFC 3826, June 2004. 3857 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 3858 Schoenwaelder, "Textual Conventions for Internet Network 3859 Addresses", RFC 4001, February 2005. 3861 [RFC4750] Joyal, D., Galecki, P., Giacalone, S., Coltun, R., and F. 3862 Baker, "OSPF Version 2 Management Information Base", RFC 3863 4750, December 2006. 3865 [RFC4787] Audet, F. and C. Jennings, "Network Address Translation 3866 (NAT) Behavioral Requirements for Unicast UDP", BCP 127, 3867 RFC 4787, January 2007. 3869 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 3870 for the Simple Network Management Protocol (SNMP)", RFC 3871 5591, June 2009. 3873 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 3874 Shell Transport Model for the Simple Network Management 3875 Protocol (SNMP)", RFC 5592, June 2009. 3877 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 3878 Model for the Simple Network Management Protocol (SNMP)", 3879 RFC 6353, July 2011. 3881 7.2. Informative References 3883 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 3884 "Introduction and Applicability Statements for Internet- 3885 Standard Management Framework", RFC 3410, December 2002. 3887 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and 3888 C. Wang, "Definitions of Managed Objects for Network 3889 Address Translators (NAT)", RFC 4008, March 2005. 3891 Authors' Addresses 3893 Simon Perreault 3894 Viagenie 3895 246 Aberdeen 3896 Quebec, QC G1R 2E1 3897 Canada 3899 Phone: +1 418 656 9254 3900 Email: simon.perreault@viagenie.ca 3901 URI: http://viagenie.ca 3903 Tina Tsou 3904 Huawei Technologies (USA) 3905 2330 Central Expressway 3906 Santa Clara, CA 95050 3907 USA 3909 Phone: +1 408 330 4424 3910 Email: tina.tsou.zouting@huawei.com 3912 Senthil Sivakumar 3913 Cisco Systems 3914 7100-8 Kit Creek Road 3915 Research Triangle Park, North Carolina 27709 3916 USA 3918 Phone: +1 919 392 5158 3919 Email: ssenthil@cisco.com