idnits 2.17.1 draft-ietf-behave-nat-mib-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. -- The draft header indicates that this document obsoletes RFC4008, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (July 15, 2013) is 3937 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 4008 (Obsoleted by RFC 7658) Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Perreault 3 Internet-Draft Viagenie 4 Obsoletes: 4008 (if approved) T. Tsou 5 Intended status: Standards Track Huawei Technologies (USA) 6 Expires: January 16, 2014 S. Sivakumar 7 Cisco Systems 8 July 15, 2013 10 Additional Managed Objects for Network Address Translators (NAT) 11 draft-ietf-behave-nat-mib-07 13 Abstract 15 This memo defines a portion of the Management Information Base (MIB) 16 for devices implementing Network Address Translator (NAT) function. 17 This MIB module may be used for monitoring of a device capable of NAT 18 function. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on January 16, 2014. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. The Internet-Standard Management Framework . . . . . . . . . 2 56 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 58 3.2. New Features . . . . . . . . . . . . . . . . . . . . . . 4 59 3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . 4 60 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 61 5. Security Considerations . . . . . . . . . . . . . . . . . . . 77 62 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 79 63 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 79 64 7.1. Normative References . . . . . . . . . . . . . . . . . . 79 65 7.2. Informative References . . . . . . . . . . . . . . . . . 80 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 81 68 1. Introduction 70 This memo defines a portion of the Management Information Base (MIB) 71 for devices implementing NAT function. This MIB module may be used 72 for monitoring of a device capable of NAT function. Using it for 73 configuration is deprecated. NAT types and their characteristics are 74 defined in [RFC2663]. Traditional NAT function, in particular is 75 defined in [RFC3022]. This MIB does not address the firewall 76 functions and must not be used for configuring or monitoring these. 77 Section 2 provides references to the SNMP management framework, which 78 was used as the basis for the MIB module definition. Section 3 79 provides an overview of the MIB features. Lastly, Section 4 has the 80 complete NAT MIB definition. 82 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 83 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 84 document are to be interpreted as described in [RFC2119]. 86 2. The Internet-Standard Management Framework 88 For a detailed overview of the documents that describe the current 89 Internet-Standard Management Framework, please refer to section 7 of 90 RFC 3410 [RFC3410]. 92 Managed objects are accessed via a virtual information store, termed 93 the Management Information Base or MIB. MIB objects are generally 94 accessed through the Simple Network Management Protocol (SNMP). 95 Objects in the MIB are defined using the mechanisms defined in the 96 Structure of Management Information (SMI). This memo specifies a MIB 97 module that is compliant to the SMIv2, which is described in STD 58, 98 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 99 [RFC2580]. 101 3. Overview 103 3.1. Deprecated Features 105 All objects defined in [RFC4008] have been marked with "STATUS 106 deprecated" for the following reasons: 108 Writability: Experience with NAT has shown that implementations vary 109 tremendously. The NAT algorithms and data structures have little 110 in common across devices, and this results in wildly incompatible 111 configuration parameters. Therefore, few implementations were 112 ever able to claim full compliance. 114 Lesson learned: the MIB should be read-only as much as possible. 116 Exposing configuration parameters: Even in read-only mode, many 117 configuration parameters were exposed by [RFC4008] (e.g. 118 timeouts). Since implementations vary wildly in their sets of 119 configuration parameters, few implementations could claim even 120 basic compliance. 122 Lesson learned: the NAT MIB's purpose is not to expose 123 configuration parameters. 125 Interfaces: Objects from [RFC4008] tie NAT state with interfaces 126 (e.g. the interface table, the way map entries are grouped by 127 interface). Many NAT implementations either never keep track of 128 the interface or associate a mapping to a set of interfaces. 129 Since interfaces are at the core of [RFC4008], many NAT devices 130 were unable to have a proper implementation. 132 Lesson learned: NAT is a logical function that may be independent 133 of interfaces. Do not tie NAT state with interfaces. 135 NAT service types: [RFC4008] used four categories of NAT service: 136 basicNat, napt, bidirectionalNat, twiceNat. These are ill-defined 137 and many implementations either use different categories or do not 138 use categories at all. 140 Lesson learned: do not try to categorize NAT types. 142 Limited transport protocol set: The set of transport protocols was 143 defined as: other, icmp, udp, tcp. Furthermore, the numeric 144 values corresponding to those labels were arbitrary, without 145 relation to the actual standard protocol numbers. This meant that 146 NAT implementations were limited to those protocols and were 147 unable to expose information about DCCP, SCTP, etc. 149 Lesson learned: use standard transport protocol numbers. 151 3.2. New Features 153 New features in this module are as follows: 155 Counters: Many new counters are introduced. Most of them are 156 available in two variants: global and per-transport protocol. 158 Limits: A few limits on the quantity of state data stored by the NAT 159 device. Some of them can trigger notifications. 161 Address+Port Pools: Pools of external addresses and ports are often 162 used in enterprise and ISP settings. Pools are listed in a table, 163 each with its range of addresses and ports. It is possible to 164 inspect each pool's usage, to set limits, and to receive 165 notifications when thresholds are crossed. 167 Address Mappings: NATs that have an "IP address pooling" behavior of 168 "Paired" [RFC4787] maintain a mapping from internal address to 169 external address. This module allows inspection of this mapping 170 table. 172 Mapping table indexed by external 3-tuple: It is often necessary to 173 determine the internal address that is mapped to a given external 174 address and port. This MIB provides this table with an index to 175 accomplish this efficiently, without having to iterate over all 176 mappings. 178 Realms: See Section 3.3. 180 RFC 4787 terminology: Mapping table entries indicate the mapping 181 behavior, the filtering behavior, and the address pooling behavior 182 that were used to create the mapping. 184 Subscriber awareness: With the advent of CGN deployment, a set of 185 subscriber specific counters, limits and parameters are added. 187 3.3. Realms 189 Current NAT devices commonly allow the internal and external parts of 190 a mapping to come from different realms. The meaning of "realm" is 191 implementation-dependent. On some implementations it can be 192 equivalent to the name of a VPN Routing and Forwarding table (VRF). 194 On others it is simply the numeric index of a virtual routing table. 195 Note that this usage of "realm" is completely different from the one 196 in [RFC4008]. 198 This MIB allows the realm to be indicated where it makes sense. The 199 format is an SnmpAdminString. On platforms that identify realms with 200 integers, the string representation of the integer is used instead. 201 The empty string has special meaning: it refers to the default realm. 203 Note that many MIBs implicitly support realms in one form or another 204 by using SNMPv3 contexts. See for example the OSPFv2 MIB [RFC4750]. 205 This method cannot be used for the NAT MIB because mapppings can 206 belong to two realms simultaneously: the internal part can be in one 207 realm while the external part is in another. In such cases the NAT 208 function acts like a "wormhole" between two realms. Using contexts 209 would implicitly impose the restriction that all objects would have 210 to belong to the same realm. 212 4. Definitions 214 This MIB module IMPORTs objects from [RFC2578], [RFC2579], and 215 [RFC4001]. 217 NAT-MIB DEFINITIONS ::= BEGIN 219 IMPORTS 220 MODULE-IDENTITY, 221 OBJECT-TYPE, 222 Integer32, 223 Unsigned32, 224 Gauge32, 225 Counter64, 226 TimeTicks, 227 mib-2, 228 NOTIFICATION-TYPE 229 FROM SNMPv2-SMI 230 TEXTUAL-CONVENTION, 231 StorageType, 232 RowStatus 233 FROM SNMPv2-TC 234 MODULE-COMPLIANCE, 235 NOTIFICATION-GROUP, 236 OBJECT-GROUP 237 FROM SNMPv2-CONF 238 ifIndex, 239 ifCounterDiscontinuityGroup 240 FROM IF-MIB 241 SnmpAdminString 242 FROM SNMP-FRAMEWORK-MIB 243 InetAddressType, 244 InetAddress, 245 InetAddressPrefixLength, 246 InetPortNumber 247 FROM INET-ADDRESS-MIB; 249 natMIB MODULE-IDENTITY 250 LAST-UPDATED "201304260000Z" 251 -- RFC Ed.: set to publication date 252 ORGANIZATION 253 "IETF Behavior Engineering for Hindrance Avoidance 254 (BEHAVE) Working Group" 255 CONTACT-INFO 256 "Working Group Email: behave@ietf.org 258 Simon Perreault 259 Viagenie 260 246 Aberdeen 261 Quebec, QC G1R 2E1 262 Canada 264 Phone: +1 418 656 9254 265 Email: simon.perreault@viagenie.ca 266 URI: http://viagenie.ca 268 Tina Tsou 269 Huawei Technologies (USA) 270 2330 Central Expressway 271 Santa Clara, CA 95050 272 USA 274 Phone: +1 408 330 4424 275 Email: tina.tsou.zouting@huawei.com 277 Senthil Sivakumar 278 Cisco Systems 279 7100-8 Kit Creek Road 280 Research Triangle Park, North Carolina 27709 281 USA 283 Phone: +1 919 392 5158 284 Email: ssenthil@cisco.com" 285 DESCRIPTION 286 "This MIB module defines the generic managed objects 287 for NAT. 289 Copyright (C) The Internet Society (2013). This 290 version of this MIB module is part of RFC yyyy; see 291 the RFC itself for full legal notices." 292 -- RFC Ed.: replace yyyy with actual RFC number & remove this note" 293 REVISION "201304260000Z" 294 -- RFC Ed.: set to publication date 295 DESCRIPTION 296 "Complete rewrite, published as RFC yyyy." 297 -- RFC Ed.: replace yyyy with actual RFC number & set date" 298 REVISION "200503210000Z" -- 21th March 2005 299 DESCRIPTION 300 "Initial version, published as RFC 4008." 301 ::= { mib-2 123 } 303 natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 } 305 NatProtocolType ::= TEXTUAL-CONVENTION 306 STATUS deprecated 307 DESCRIPTION 308 "A list of protocols that support the network 309 address translation. Inclusion of the values is 310 not intended to imply that those protocols 311 need to be supported. Any change in this 312 TEXTUAL-CONVENTION should also be reflected in 313 the definition of NatProtocolMap, which is a 314 BITS representation of this." 315 SYNTAX INTEGER { 316 none (1), -- not specified 317 other (2), -- none of the following 318 icmp (3), 319 udp (4), 320 tcp (5) 321 } 323 NatProtocolMap ::= TEXTUAL-CONVENTION 324 STATUS deprecated 325 DESCRIPTION 326 "A bitmap of protocol identifiers that support 327 the network address translation. Any change 328 in this TEXTUAL-CONVENTION should also be 329 reflected in the definition of NatProtocolType." 330 SYNTAX BITS { 331 other (0), 332 icmp (1), 333 udp (2), 334 tcp (3) 335 } 337 NatAddrMapId ::= TEXTUAL-CONVENTION 338 DISPLAY-HINT "d" 339 STATUS deprecated 340 DESCRIPTION 341 "A unique id that is assigned to each address map 342 by a NAT enabled device." 343 SYNTAX Unsigned32 (1..4294967295) 345 NatBindIdOrZero ::= TEXTUAL-CONVENTION 346 DISPLAY-HINT "d" 347 STATUS deprecated 348 DESCRIPTION 349 "A unique id that is assigned to each bind by 350 a NAT enabled device. The bind id will be zero 351 in the case of a Symmetric NAT." 352 SYNTAX Unsigned32 (0..4294967295) 354 NatBindId ::= TEXTUAL-CONVENTION 355 DISPLAY-HINT "d" 356 STATUS deprecated 357 DESCRIPTION 358 "A unique id that is assigned to each bind by 359 a NAT enabled device." 360 SYNTAX Unsigned32 (1..4294967295) 362 NatSessionId ::= TEXTUAL-CONVENTION 363 DISPLAY-HINT "d" 364 STATUS deprecated 365 DESCRIPTION 366 "A unique id that is assigned to each session by 367 a NAT enabled device." 368 SYNTAX Unsigned32 (1..4294967295) 370 NatBindMode ::= TEXTUAL-CONVENTION 371 STATUS deprecated 372 DESCRIPTION 373 "An indication of whether the bind is 374 an address bind or an address port bind." 375 SYNTAX INTEGER { 376 addressBind (1), 377 addressPortBind (2) 378 } 380 NatAssociationType ::= TEXTUAL-CONVENTION 381 STATUS deprecated 382 DESCRIPTION 383 "An indication of whether the association is 384 static or dynamic." 386 SYNTAX INTEGER { 387 static (1), 388 dynamic (2) 389 } 391 NatTranslationEntity ::= TEXTUAL-CONVENTION 392 STATUS deprecated 393 DESCRIPTION 394 "An indication of a) the direction of a session for 395 which an address map entry, address bind or port 396 bind is applicable, and b) the entity (source or 397 destination) within the session that is subject to 398 translation." 399 SYNTAX BITS { 400 inboundSrcEndPoint (0), 401 outboundDstEndPoint(1), 402 inboundDstEndPoint (2), 403 outboundSrcEndPoint(3) 404 } 406 -- 407 -- Default Values for the Bind and NAT Protocol Timers 408 -- 410 natDefTimeouts OBJECT IDENTIFIER ::= { natMIBObjects 1 } 412 natNotifCtrl OBJECT IDENTIFIER ::= { natMIBObjects 2 } 414 -- 415 -- Address Bind and Port Bind related NAT configuration 416 -- 418 natBindDefIdleTimeout OBJECT-TYPE 419 SYNTAX Unsigned32 (0..4294967295) 420 UNITS "seconds" 421 MAX-ACCESS read-write 422 STATUS deprecated 423 DESCRIPTION 424 "The default Bind (Address Bind or Port Bind) idle 425 timeout parameter. 427 If the agent is capable of storing non-volatile 428 configuration, then the value of this object must be 429 restored after a re-initialization of the management 430 system." 431 DEFVAL { 0 } 432 ::= { natDefTimeouts 1 } 434 -- 435 -- UDP related NAT configuration 436 -- 438 natUdpDefIdleTimeout OBJECT-TYPE 439 SYNTAX Unsigned32 (1..4294967295) 440 UNITS "seconds" 441 MAX-ACCESS read-write 442 STATUS deprecated 443 DESCRIPTION 444 "The default UDP idle timeout parameter. 446 If the agent is capable of storing non-volatile 447 configuration, then the value of this object must be 448 restored after a re-initialization of the management 449 system." 450 DEFVAL { 300 } 451 ::= { natDefTimeouts 2 } 453 -- 454 -- ICMP related NAT configuration 455 -- 457 natIcmpDefIdleTimeout OBJECT-TYPE 458 SYNTAX Unsigned32 (1..4294967295) 459 UNITS "seconds" 460 MAX-ACCESS read-write 461 STATUS deprecated 462 DESCRIPTION 463 "The default ICMP idle timeout parameter. 465 If the agent is capable of storing non-volatile 466 configuration, then the value of this object must be 467 restored after a re-initialization of the management 468 system." 469 DEFVAL { 300 } 470 ::= { natDefTimeouts 3 } 472 -- 473 -- Other protocol parameters 474 -- 476 natOtherDefIdleTimeout OBJECT-TYPE 477 SYNTAX Unsigned32 (1..4294967295) 478 UNITS "seconds" 479 MAX-ACCESS read-write 480 STATUS deprecated 481 DESCRIPTION 482 "The default idle timeout parameter for protocols 483 represented by the value other (2) in 484 NatProtocolType. 486 If the agent is capable of storing non-volatile 487 configuration, then the value of this object must be 488 restored after a re-initialization of the management 489 system." 490 DEFVAL { 60 } 491 ::= { natDefTimeouts 4 } 493 -- 494 -- TCP related NAT Timers 495 -- 497 natTcpDefIdleTimeout OBJECT-TYPE 498 SYNTAX Unsigned32 (1..4294967295) 499 UNITS "seconds" 500 MAX-ACCESS read-write 501 STATUS deprecated 502 DESCRIPTION 503 "The default time interval that a NAT session for an 504 established TCP connection is allowed to remain 505 valid without any activity on the TCP connection. 507 If the agent is capable of storing non-volatile 508 configuration, then the value of this object must be 509 restored after a re-initialization of the management 510 system." 511 DEFVAL { 86400 } 512 ::= { natDefTimeouts 5 } 514 natTcpDefNegTimeout OBJECT-TYPE 515 SYNTAX Unsigned32 (1..4294967295) 516 UNITS "seconds" 517 MAX-ACCESS read-write 518 STATUS deprecated 519 DESCRIPTION 520 "The default time interval that a NAT session for a TCP 521 connection that is not in the established state 522 is allowed to remain valid without any activity on 523 the TCP connection. 525 If the agent is capable of storing non-volatile 526 configuration, then the value of this object must be 527 restored after a re-initialization of the management 528 system." 529 DEFVAL { 60 } 530 ::= { natDefTimeouts 6 } 532 natNotifThrottlingInterval OBJECT-TYPE 533 SYNTAX Integer32 (0 | 5..3600) 534 UNITS "seconds" 535 MAX-ACCESS read-write 536 STATUS deprecated 537 DESCRIPTION 538 "This object controls the generation of the 539 natPacketDiscard notification. 541 If this object has a value of zero, then no 542 natPacketDiscard notifications will be transmitted by 543 the agent. 545 If this object has a non-zero value, then the agent must 546 not generate more than one natPacketDiscard 547 'notification-event' in the indicated period, where a 548 'notification-event' is the generation of a single 549 notification PDU type to a list of notification 550 destinations. If additional NAT packets are discarded 551 within the throttling period, then notification-events 552 for these changes must be suppressed by the agent until 553 the current throttling period expires. 555 If natNotifThrottlingInterval notification generation 556 is enabled, the suggested default throttling period is 557 60 seconds, but generation of the natPacketDiscard 558 notification should be disabled by default. 560 If the agent is capable of storing non-volatile 561 configuration, then the value of this object must be 562 restored after a re-initialization of the management 563 system. 565 The actual transmission of notifications is controlled 566 via the MIB modules in RFC 3413." 567 DEFVAL { 0 } 568 ::= { natNotifCtrl 1 } 570 -- 571 -- The NAT Interface Table 572 -- 574 natInterfaceTable OBJECT-TYPE 575 SYNTAX SEQUENCE OF NatInterfaceEntry 576 MAX-ACCESS not-accessible 577 STATUS deprecated 578 DESCRIPTION 579 "This table specifies the attributes for interfaces on a 580 device supporting NAT function." 581 ::= { natMIBObjects 3 } 583 natInterfaceEntry OBJECT-TYPE 584 SYNTAX NatInterfaceEntry 585 MAX-ACCESS not-accessible 586 STATUS deprecated 587 DESCRIPTION 588 "Each entry in the natInterfaceTable holds a set of 589 parameters for an interface, instantiated by 590 ifIndex. Therefore, the interface index must have been 591 assigned, according to the applicable procedures, 592 before it can be meaningfully used. 593 Generally, this means that the interface must exist. 595 When natStorageType is of type nonVolatile, however, 596 this may reflect the configuration for an interface 597 whose ifIndex has been assigned but for which the 598 supporting implementation is not currently present." 599 INDEX { ifIndex } 600 ::= { natInterfaceTable 1 } 602 NatInterfaceEntry ::= SEQUENCE { 603 natInterfaceRealm INTEGER, 604 natInterfaceServiceType BITS, 605 natInterfaceInTranslates Counter64, 606 natInterfaceOutTranslates Counter64, 607 natInterfaceDiscards Counter64, 608 natInterfaceStorageType StorageType, 609 natInterfaceRowStatus RowStatus 610 } 612 natInterfaceRealm OBJECT-TYPE 613 SYNTAX INTEGER { 614 private (1), 615 public (2) 616 } 617 MAX-ACCESS read-create 618 STATUS deprecated 619 DESCRIPTION 620 "This object identifies whether this interface is 621 connected to the private or the public realm." 622 DEFVAL { public } 623 ::= { natInterfaceEntry 1 } 625 natInterfaceServiceType OBJECT-TYPE 626 SYNTAX BITS { 627 basicNat (0), 628 napt (1), 629 bidirectionalNat (2), 630 twiceNat (3) 631 } 632 MAX-ACCESS read-create 633 STATUS deprecated 634 DESCRIPTION 635 "An indication of the direction in which new sessions 636 are permitted and the extent of translation done within 637 the IP and transport headers." 638 ::= { natInterfaceEntry 2 } 640 natInterfaceInTranslates OBJECT-TYPE 641 SYNTAX Counter64 642 MAX-ACCESS read-only 643 STATUS deprecated 644 DESCRIPTION 645 "Number of packets received on this interface that 646 were translated. 647 Discontinuities in the value of this counter can occur 648 at reinitialization of the management system and at 649 other times as indicated by the value of 650 ifCounterDiscontinuityTime on the relevant interface." 651 ::= { natInterfaceEntry 3 } 653 natInterfaceOutTranslates OBJECT-TYPE 654 SYNTAX Counter64 655 MAX-ACCESS read-only 656 STATUS deprecated 657 DESCRIPTION 658 "Number of translated packets that were sent out this 659 interface. 661 Discontinuities in the value of this counter can occur 662 at reinitialization of the management system and at 663 other times as indicated by the value of 664 ifCounterDiscontinuityTime on the relevant interface." 665 ::= { natInterfaceEntry 4 } 667 natInterfaceDiscards OBJECT-TYPE 668 SYNTAX Counter64 669 MAX-ACCESS read-only 670 STATUS deprecated 671 DESCRIPTION 672 "Number of packets that had to be rejected/dropped due to 673 a lack of resources for this interface. 675 Discontinuities in the value of this counter can occur 676 at reinitialization of the management system and at 677 other times as indicated by the value of 678 ifCounterDiscontinuityTime on the relevant interface." 679 ::= { natInterfaceEntry 5 } 681 natInterfaceStorageType OBJECT-TYPE 682 SYNTAX StorageType 683 MAX-ACCESS read-create 684 STATUS deprecated 685 DESCRIPTION 686 "The storage type for this conceptual row. 687 Conceptual rows having the value 'permanent' 688 need not allow write-access to any columnar objects 689 in the row." 690 REFERENCE 691 "Textual Conventions for SMIv2, Section 2." 692 DEFVAL { nonVolatile } 693 ::= { natInterfaceEntry 6 } 695 natInterfaceRowStatus OBJECT-TYPE 696 SYNTAX RowStatus 697 MAX-ACCESS read-create 698 STATUS deprecated 699 DESCRIPTION 700 "The status of this conceptual row. 702 Until instances of all corresponding columns are 703 appropriately configured, the value of the 704 corresponding instance of the natInterfaceRowStatus 705 column is 'notReady'. 707 In particular, a newly created row cannot be made 708 active until the corresponding instance of 709 natInterfaceServiceType has been set. 711 None of the objects in this row may be modified 712 while the value of this object is active(1)." 713 REFERENCE 714 "Textual Conventions for SMIv2, Section 2." 715 ::= { natInterfaceEntry 7 } 717 -- 718 -- The Address Map Table 719 -- 720 natAddrMapTable OBJECT-TYPE 721 SYNTAX SEQUENCE OF NatAddrMapEntry 722 MAX-ACCESS not-accessible 723 STATUS deprecated 724 DESCRIPTION 725 "This table lists address map parameters for NAT." 726 ::= { natMIBObjects 4 } 728 natAddrMapEntry OBJECT-TYPE 729 SYNTAX NatAddrMapEntry 730 MAX-ACCESS not-accessible 731 STATUS deprecated 732 DESCRIPTION 733 "This entry represents an address map to be used for 734 NAT and contributes to the dynamic and/or static 735 address mapping tables of the NAT device." 736 INDEX { ifIndex, natAddrMapIndex } 737 ::= { natAddrMapTable 1 } 739 NatAddrMapEntry ::= SEQUENCE { 740 natAddrMapIndex NatAddrMapId, 741 natAddrMapName SnmpAdminString, 742 natAddrMapEntryType NatAssociationType, 743 natAddrMapTranslationEntity NatTranslationEntity, 744 natAddrMapLocalAddrType InetAddressType, 745 natAddrMapLocalAddrFrom InetAddress, 746 natAddrMapLocalAddrTo InetAddress, 747 natAddrMapLocalPortFrom InetPortNumber, 748 natAddrMapLocalPortTo InetPortNumber, 749 natAddrMapGlobalAddrType InetAddressType, 750 natAddrMapGlobalAddrFrom InetAddress, 751 natAddrMapGlobalAddrTo InetAddress, 752 natAddrMapGlobalPortFrom InetPortNumber, 753 natAddrMapGlobalPortTo InetPortNumber, 754 natAddrMapProtocol NatProtocolMap, 755 natAddrMapInTranslates Counter64, 756 natAddrMapOutTranslates Counter64, 757 natAddrMapDiscards Counter64, 758 natAddrMapAddrUsed Gauge32, 759 natAddrMapStorageType StorageType, 760 natAddrMapRowStatus RowStatus 761 } 763 natAddrMapIndex OBJECT-TYPE 764 SYNTAX NatAddrMapId 765 MAX-ACCESS not-accessible 766 STATUS deprecated 767 DESCRIPTION 768 "Along with ifIndex, this object uniquely 769 identifies an entry in the natAddrMapTable. 770 Address map entries are applied in the order 771 specified by natAddrMapIndex." 772 ::= { natAddrMapEntry 1 } 774 natAddrMapName OBJECT-TYPE 775 SYNTAX SnmpAdminString (SIZE(1..32)) 776 MAX-ACCESS read-create 777 STATUS deprecated 778 DESCRIPTION 779 "Name identifying all map entries in the table associated 780 with the same interface. All map entries with the same 781 ifIndex MUST have the same map name." 782 ::= { natAddrMapEntry 2 } 784 natAddrMapEntryType OBJECT-TYPE 785 SYNTAX NatAssociationType 786 MAX-ACCESS read-create 787 STATUS deprecated 788 DESCRIPTION 789 "This parameter can be used to set up static 790 or dynamic address maps." 791 ::= { natAddrMapEntry 3 } 793 natAddrMapTranslationEntity OBJECT-TYPE 794 SYNTAX NatTranslationEntity 795 MAX-ACCESS read-create 796 STATUS deprecated 797 DESCRIPTION 798 "The end-point entity (source or destination) in 799 inbound or outbound sessions (i.e., first packets) that 800 may be translated by an address map entry. 802 Session direction (inbound or outbound) is 803 derived from the direction of the first packet 804 of a session traversing a NAT interface. 805 NAT address (and Transport-ID) maps may be defined 806 to effect inbound or outbound sessions. 808 Traditionally, address maps for Basic NAT and NAPT are 809 configured on a public interface for outbound sessions, 810 effecting translation of source end-point. The value of 811 this object must be set to outboundSrcEndPoint for 812 those interfaces. 814 Alternately, if address maps for Basic NAT and NAPT were 815 to be configured on a private interface, the desired 816 value for this object for the map entries 817 would be inboundSrcEndPoint (i.e., effecting translation 818 of source end-point for inbound sessions). 820 If TwiceNAT were to be configured on a private 821 interface, the desired value for this object for the map 822 entries would be a bitmask of inboundSrcEndPoint and 823 inboundDstEndPoint." 824 ::= { natAddrMapEntry 4 } 826 natAddrMapLocalAddrType OBJECT-TYPE 827 SYNTAX InetAddressType 828 MAX-ACCESS read-create 829 STATUS deprecated 830 DESCRIPTION 831 "This object specifies the address type used for 832 natAddrMapLocalAddrFrom and natAddrMapLocalAddrTo." 833 ::= { natAddrMapEntry 5 } 835 natAddrMapLocalAddrFrom OBJECT-TYPE 836 SYNTAX InetAddress 837 MAX-ACCESS read-create 838 STATUS deprecated 839 DESCRIPTION 840 "This object specifies the first IP address of the range 841 of IP addresses mapped by this translation entry. The 842 value of this object must be less than or equal to the 843 value of the natAddrMapLocalAddrTo object. 845 The type of this address is determined by the value of 846 the natAddrMapLocalAddrType object." 847 ::= { natAddrMapEntry 6 } 849 natAddrMapLocalAddrTo OBJECT-TYPE 850 SYNTAX InetAddress 851 MAX-ACCESS read-create 852 STATUS deprecated 853 DESCRIPTION 854 "This object specifies the last IP address of the range 855 of IP addresses mapped by this translation entry. If 856 only a single address is being mapped, the value of this 857 object is equal to the value of natAddrMapLocalAddrFrom. 858 For a static NAT, the number of addresses in the range 859 defined by natAddrMapLocalAddrFrom and 860 natAddrMapLocalAddrTo must be equal to the number of 861 addresses in the range defined by 862 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo. 863 The value of this object must be greater than or equal 864 to the value of the natAddrMapLocalAddrFrom object. 866 The type of this address is determined by the value of 867 the natAddrMapLocalAddrType object." 868 ::= { natAddrMapEntry 7 } 870 natAddrMapLocalPortFrom OBJECT-TYPE 871 SYNTAX InetPortNumber 872 MAX-ACCESS read-create 873 STATUS deprecated 874 DESCRIPTION 875 "If this conceptual row describes a Basic NAT address 876 mapping, then the value of this object must be zero. If 877 this conceptual row describes NAPT, then the value of 878 this object specifies the first port number in the range 879 of ports being mapped. 881 The value of this object must be less than or equal to 882 the value of the natAddrMapLocalPortTo object. If the 883 translation specifies a single port, then the value of 884 this object is equal to the value of 885 natAddrMapLocalPortTo." 886 DEFVAL { 0 } 887 ::= { natAddrMapEntry 8 } 889 natAddrMapLocalPortTo OBJECT-TYPE 890 SYNTAX InetPortNumber 891 MAX-ACCESS read-create 892 STATUS deprecated 893 DESCRIPTION 894 "If this conceptual row describes a Basic NAT address 895 mapping, then the value of this object must be zero. If 896 this conceptual row describes NAPT, then the value of 897 this object specifies the last port number in the range 898 of ports being mapped. 900 The value of this object must be greater than or equal 901 to the value of the natAddrMapLocalPortFrom object. If 902 the translation specifies a single port, then the value 903 of this object is equal to the value of 904 natAddrMapLocalPortFrom." 905 DEFVAL { 0 } 906 ::= { natAddrMapEntry 9 } 908 natAddrMapGlobalAddrType OBJECT-TYPE 909 SYNTAX InetAddressType 910 MAX-ACCESS read-create 911 STATUS deprecated 912 DESCRIPTION 913 "This object specifies the address type used for 914 natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo." 915 ::= { natAddrMapEntry 10 } 917 natAddrMapGlobalAddrFrom OBJECT-TYPE 918 SYNTAX InetAddress 919 MAX-ACCESS read-create 920 STATUS deprecated 921 DESCRIPTION 922 "This object specifies the first IP address of the range 923 of IP addresses being mapped to. The value of this 924 object must be less than or equal to the value of the 925 natAddrMapGlobalAddrTo object. 927 The type of this address is determined by the value of 928 the natAddrMapGlobalAddrType object." 929 ::= { natAddrMapEntry 11 } 931 natAddrMapGlobalAddrTo OBJECT-TYPE 932 SYNTAX InetAddress 933 MAX-ACCESS read-create 934 STATUS deprecated 935 DESCRIPTION 936 "This object specifies the last IP address of the range 937 of IP addresses being mapped to. If only a single 938 address is being mapped to, the value of this object is 939 equal to the value of natAddrMapGlobalAddrFrom. For a 940 static NAT, the number of addresses in the range defined 941 by natAddrMapGlobalAddrFrom and natAddrMapGlobalAddrTo 942 must be equal to the number of addresses in the range 943 defined by natAddrMapLocalAddrFrom and 944 natAddrMapLocalAddrTo. The value of this object must be 945 greater than or equal to the value of the 946 natAddrMapGlobalAddrFrom object. 948 The type of this address is determined by the value of 949 the natAddrMapGlobalAddrType object." 950 ::= { natAddrMapEntry 12 } 952 natAddrMapGlobalPortFrom OBJECT-TYPE 953 SYNTAX InetPortNumber 954 MAX-ACCESS read-create 955 STATUS deprecated 956 DESCRIPTION 957 "If this conceptual row describes a Basic NAT address 958 mapping, then the value of this object must be zero. If 959 this conceptual row describes NAPT, then the value of 960 this object specifies the first port number in the range 961 of ports being mapped to. 963 The value of this object must be less than or equal to 964 the value of the natAddrMapGlobalPortTo object. If the 965 translation specifies a single port, then the value of 966 this object is equal to the value 967 natAddrMapGlobalPortTo." 968 DEFVAL { 0 } 969 ::= { natAddrMapEntry 13 } 971 natAddrMapGlobalPortTo OBJECT-TYPE 972 SYNTAX InetPortNumber 973 MAX-ACCESS read-create 974 STATUS deprecated 975 DESCRIPTION 976 "If this conceptual row describes a Basic NAT address 977 mapping, then the value of this object must be zero. If 978 this conceptual row describes NAPT, then the value of 979 this object specifies the last port number in the range 980 of ports being mapped to. 982 The value of this object must be greater than or equal 983 to the value of the natAddrMapGlobalPortFrom object. If 984 the translation specifies a single port, then the value 985 of this object is equal to the value of 986 natAddrMapGlobalPortFrom." 987 DEFVAL { 0 } 988 ::= { natAddrMapEntry 14 } 990 natAddrMapProtocol OBJECT-TYPE 991 SYNTAX NatProtocolMap 992 MAX-ACCESS read-create 993 STATUS deprecated 994 DESCRIPTION 995 "This object specifies a bitmap of protocol identifiers." 996 ::= { natAddrMapEntry 15 } 998 natAddrMapInTranslates OBJECT-TYPE 999 SYNTAX Counter64 1000 MAX-ACCESS read-only 1001 STATUS deprecated 1002 DESCRIPTION 1003 "The number of inbound packets pertaining to this address 1004 map entry that were translated. 1006 Discontinuities in the value of this counter can occur 1007 at reinitialization of the management system and at 1008 other times, as indicated by the value of 1009 ifCounterDiscontinuityTime on the relevant interface." 1010 ::= { natAddrMapEntry 16 } 1012 natAddrMapOutTranslates OBJECT-TYPE 1013 SYNTAX Counter64 1014 MAX-ACCESS read-only 1015 STATUS deprecated 1016 DESCRIPTION 1017 "The number of outbound packets pertaining to this 1018 address map entry that were translated. 1020 Discontinuities in the value of this counter can occur 1021 at reinitialization of the management system and at 1022 other times, as indicated by the value of 1023 ifCounterDiscontinuityTime on the relevant interface." 1024 ::= { natAddrMapEntry 17 } 1026 natAddrMapDiscards OBJECT-TYPE 1027 SYNTAX Counter64 1028 MAX-ACCESS read-only 1029 STATUS deprecated 1030 DESCRIPTION 1031 "The number of packets pertaining to this address map 1032 entry that were dropped due to lack of addresses in the 1033 address pool identified by this address map. The value 1034 of this object must always be zero in case of static 1035 address map. 1037 Discontinuities in the value of this counter can occur 1038 at reinitialization of the management system and at 1039 other times, as indicated by the value of 1040 ifCounterDiscontinuityTime on the relevant interface." 1041 ::= { natAddrMapEntry 18 } 1043 natAddrMapAddrUsed OBJECT-TYPE 1044 SYNTAX Gauge32 1045 MAX-ACCESS read-only 1046 STATUS deprecated 1047 DESCRIPTION 1048 "The number of addresses pertaining to this address map 1049 that are currently being used from the NAT pool. 1050 The value of this object must always be zero in the case 1051 of a static address map." 1052 ::= { natAddrMapEntry 19 } 1054 natAddrMapStorageType OBJECT-TYPE 1055 SYNTAX StorageType 1056 MAX-ACCESS read-create 1057 STATUS deprecated 1058 DESCRIPTION 1059 "The storage type for this conceptual row. 1060 Conceptual rows having the value 'permanent' 1061 need not allow write-access to any columnar objects 1062 in the row." 1063 REFERENCE 1064 "Textual Conventions for SMIv2, Section 2." 1065 DEFVAL { nonVolatile } 1066 ::= { natAddrMapEntry 20 } 1068 natAddrMapRowStatus OBJECT-TYPE 1069 SYNTAX RowStatus 1070 MAX-ACCESS read-create 1071 STATUS deprecated 1072 DESCRIPTION 1073 "The status of this conceptual row. 1075 Until instances of all corresponding columns are 1076 appropriately configured, the value of the 1077 corresponding instance of the natAddrMapRowStatus 1078 column is 'notReady'. 1080 None of the objects in this row may be modified 1081 while the value of this object is active(1)." 1082 REFERENCE 1083 "Textual Conventions for SMIv2, Section 2." 1084 ::= { natAddrMapEntry 21 } 1086 -- 1087 -- Address Bind section 1088 -- 1090 natAddrBindNumberOfEntries OBJECT-TYPE 1091 SYNTAX Gauge32 1092 MAX-ACCESS read-only 1093 STATUS deprecated 1094 DESCRIPTION 1095 "This object maintains a count of the number of entries 1096 that currently exist in the natAddrBindTable." 1097 ::= { natMIBObjects 5 } 1099 -- 1100 -- The NAT Address BIND Table 1101 -- 1102 natAddrBindTable OBJECT-TYPE 1103 SYNTAX SEQUENCE OF NatAddrBindEntry 1104 MAX-ACCESS not-accessible 1105 STATUS deprecated 1106 DESCRIPTION 1107 "This table holds information about the currently 1108 active NAT BINDs." 1109 ::= { natMIBObjects 6 } 1111 natAddrBindEntry OBJECT-TYPE 1112 SYNTAX NatAddrBindEntry 1113 MAX-ACCESS not-accessible 1114 STATUS deprecated 1115 DESCRIPTION 1116 "Each entry in this table holds information about 1117 an active address BIND. These entries are lost 1118 upon agent restart. 1120 This row has indexing which may create variables with 1121 more than 128 subidentifiers. Implementers of this 1122 table must be careful not to create entries that would 1123 result in OIDs which exceed the 128 subidentifier limit. 1124 Otherwise, the information cannot be accessed using 1125 SNMPv1, SNMPv2c or SNMPv3." 1127 INDEX { ifIndex, 1128 natAddrBindLocalAddrType, 1129 natAddrBindLocalAddr } 1130 ::= { natAddrBindTable 1 } 1132 NatAddrBindEntry ::= SEQUENCE { 1133 natAddrBindLocalAddrType InetAddressType, 1134 natAddrBindLocalAddr InetAddress, 1135 natAddrBindGlobalAddrType InetAddressType, 1136 natAddrBindGlobalAddr InetAddress, 1137 natAddrBindId NatBindId, 1138 natAddrBindTranslationEntity NatTranslationEntity, 1139 natAddrBindType NatAssociationType, 1140 natAddrBindMapIndex NatAddrMapId, 1141 natAddrBindSessions Gauge32, 1142 natAddrBindMaxIdleTime TimeTicks, 1143 natAddrBindCurrentIdleTime TimeTicks, 1144 natAddrBindInTranslates Counter64, 1145 natAddrBindOutTranslates Counter64 1146 } 1148 natAddrBindLocalAddrType OBJECT-TYPE 1149 SYNTAX InetAddressType 1150 MAX-ACCESS not-accessible 1151 STATUS deprecated 1152 DESCRIPTION 1153 "This object specifies the address type used for 1154 natAddrBindLocalAddr." 1155 ::= { natAddrBindEntry 1 } 1157 natAddrBindLocalAddr OBJECT-TYPE 1158 SYNTAX InetAddress (SIZE (4|16)) 1159 MAX-ACCESS not-accessible 1160 STATUS deprecated 1161 DESCRIPTION 1162 "This object represents the private-realm specific 1163 network layer address, which maps to the public-realm 1164 address represented by natAddrBindGlobalAddr. 1166 The type of this address is determined by the value of 1167 the natAddrBindLocalAddrType object." 1168 ::= { natAddrBindEntry 2 } 1170 natAddrBindGlobalAddrType OBJECT-TYPE 1171 SYNTAX InetAddressType 1172 MAX-ACCESS read-only 1173 STATUS deprecated 1174 DESCRIPTION 1175 "This object specifies the address type used for 1176 natAddrBindGlobalAddr." 1177 ::= { natAddrBindEntry 3 } 1179 natAddrBindGlobalAddr OBJECT-TYPE 1180 SYNTAX InetAddress 1181 MAX-ACCESS read-only 1182 STATUS deprecated 1183 DESCRIPTION 1184 "This object represents the public-realm network layer 1185 address that maps to the private-realm network layer 1186 address represented by natAddrBindLocalAddr. 1188 The type of this address is determined by the value of 1189 the natAddrBindGlobalAddrType object." 1190 ::= { natAddrBindEntry 4 } 1192 natAddrBindId OBJECT-TYPE 1193 SYNTAX NatBindId 1194 MAX-ACCESS read-only 1195 STATUS deprecated 1196 DESCRIPTION 1197 "This object represents a bind id that is dynamically 1198 assigned to each bind by a NAT enabled device. Each 1199 bind is represented by a bind id that is 1200 unique across both, the natAddrBindTable and the 1201 natAddrPortBindTable." 1202 ::= { natAddrBindEntry 5 } 1204 natAddrBindTranslationEntity OBJECT-TYPE 1205 SYNTAX NatTranslationEntity 1206 MAX-ACCESS read-only 1207 STATUS deprecated 1208 DESCRIPTION 1209 "This object represents the direction of sessions 1210 for which this bind is applicable and the endpoint 1211 entity (source or destination) within the sessions that 1212 is subject to translation using the BIND. 1214 Orientation of the bind can be a superset of 1215 translationEntity of the address map entry which 1216 forms the basis for this bind. 1218 For example, if the translationEntity of an 1219 address map entry is outboundSrcEndPoint, the 1220 translationEntity of a bind derived from this 1221 map entry may either be outboundSrcEndPoint or 1222 it may be bidirectional (a bitmask of 1223 outboundSrcEndPoint and inboundDstEndPoint)." 1224 ::= { natAddrBindEntry 6 } 1226 natAddrBindType OBJECT-TYPE 1227 SYNTAX NatAssociationType 1228 MAX-ACCESS read-only 1229 STATUS deprecated 1230 DESCRIPTION 1231 "This object indicates whether the bind is static or 1232 dynamic." 1233 ::= { natAddrBindEntry 7 } 1235 natAddrBindMapIndex OBJECT-TYPE 1236 SYNTAX NatAddrMapId 1237 MAX-ACCESS read-only 1238 STATUS deprecated 1239 DESCRIPTION 1240 "This object is a pointer to the natAddrMapTable entry 1241 (and the parameters of that entry) which was used in 1242 creating this BIND. This object, in conjunction with 1243 the ifIndex (which identifies a unique addrMapName) 1244 points to a unique entry in the natAddrMapTable." 1245 ::= { natAddrBindEntry 8 } 1247 natAddrBindSessions OBJECT-TYPE 1248 SYNTAX Gauge32 1249 MAX-ACCESS read-only 1250 STATUS deprecated 1251 DESCRIPTION 1252 "Number of sessions currently using this BIND." 1253 ::= { natAddrBindEntry 9 } 1255 natAddrBindMaxIdleTime OBJECT-TYPE 1256 SYNTAX TimeTicks 1257 MAX-ACCESS read-only 1258 STATUS deprecated 1259 DESCRIPTION 1260 "This object indicates the maximum time for 1261 which this bind can be idle with no sessions 1262 attached to it. 1264 The value of this object is of relevance only for 1265 dynamic NAT." 1266 ::= { natAddrBindEntry 10 } 1268 natAddrBindCurrentIdleTime OBJECT-TYPE 1269 SYNTAX TimeTicks 1270 MAX-ACCESS read-only 1271 STATUS deprecated 1272 DESCRIPTION 1273 "At any given instance, this object indicates the 1274 time that this bind has been idle without any sessions 1275 attached to it. 1277 The value of this object is of relevance only for 1278 dynamic NAT." 1279 ::= { natAddrBindEntry 11 } 1281 natAddrBindInTranslates OBJECT-TYPE 1282 SYNTAX Counter64 1283 MAX-ACCESS read-only 1284 STATUS deprecated 1285 DESCRIPTION 1286 "The number of inbound packets that were successfully 1287 translated by using this bind entry. 1289 Discontinuities in the value of this counter can occur 1290 at reinitialization of the management system and at 1291 other times, as indicated by the value of 1292 ifCounterDiscontinuityTime on the relevant interface." 1293 ::= { natAddrBindEntry 12 } 1295 natAddrBindOutTranslates OBJECT-TYPE 1296 SYNTAX Counter64 1297 MAX-ACCESS read-only 1298 STATUS deprecated 1299 DESCRIPTION 1300 "The number of outbound packets that were successfully 1301 translated using this bind entry. 1303 Discontinuities in the value of this counter can occur 1304 at reinitialization of the management system and at 1305 other times as indicated by the value of 1306 ifCounterDiscontinuityTime on the relevant interface." 1307 ::= { natAddrBindEntry 13 } 1309 -- 1310 -- Address Port Bind section 1311 -- 1313 natAddrPortBindNumberOfEntries OBJECT-TYPE 1314 SYNTAX Gauge32 1315 MAX-ACCESS read-only 1316 STATUS deprecated 1317 DESCRIPTION 1318 "This object maintains a count of the number of entries 1319 that currently exist in the natAddrPortBindTable." 1320 ::= { natMIBObjects 7 } 1322 -- 1323 -- The NAT Address Port Bind Table 1324 -- 1326 natAddrPortBindTable OBJECT-TYPE 1327 SYNTAX SEQUENCE OF NatAddrPortBindEntry 1328 MAX-ACCESS not-accessible 1329 STATUS deprecated 1330 DESCRIPTION 1331 "This table holds information about the currently 1332 active NAPT BINDs." 1333 ::= { natMIBObjects 8 } 1335 natAddrPortBindEntry OBJECT-TYPE 1336 SYNTAX NatAddrPortBindEntry 1337 MAX-ACCESS not-accessible 1338 STATUS deprecated 1339 DESCRIPTION 1340 "Each entry in the this table holds information 1341 about a NAPT bind that is currently active. 1342 These entries are lost upon agent restart. 1344 This row has indexing which may create variables with 1345 more than 128 subidentifiers. Implementers of this 1346 table must be careful not to create entries which would 1347 result in OIDs that exceed the 128 subidentifier limit. 1348 Otherwise, the information cannot be accessed using 1349 SNMPv1, SNMPv2c or SNMPv3." 1350 INDEX { ifIndex, natAddrPortBindLocalAddrType, 1351 natAddrPortBindLocalAddr, natAddrPortBindLocalPort, 1352 natAddrPortBindProtocol } 1353 ::= { natAddrPortBindTable 1 } 1355 NatAddrPortBindEntry ::= SEQUENCE { 1356 natAddrPortBindLocalAddrType InetAddressType, 1357 natAddrPortBindLocalAddr InetAddress, 1358 natAddrPortBindLocalPort InetPortNumber, 1359 natAddrPortBindProtocol NatProtocolType, 1360 natAddrPortBindGlobalAddrType InetAddressType, 1361 natAddrPortBindGlobalAddr InetAddress, 1362 natAddrPortBindGlobalPort InetPortNumber, 1363 natAddrPortBindId NatBindId, 1364 natAddrPortBindTranslationEntity NatTranslationEntity, 1365 natAddrPortBindType NatAssociationType, 1366 natAddrPortBindMapIndex NatAddrMapId, 1367 natAddrPortBindSessions Gauge32, 1368 natAddrPortBindMaxIdleTime TimeTicks, 1369 natAddrPortBindCurrentIdleTime TimeTicks, 1370 natAddrPortBindInTranslates Counter64, 1371 natAddrPortBindOutTranslates Counter64 1372 } 1374 natAddrPortBindLocalAddrType OBJECT-TYPE 1375 SYNTAX InetAddressType 1376 MAX-ACCESS not-accessible 1377 STATUS deprecated 1378 DESCRIPTION 1379 "This object specifies the address type used for 1380 natAddrPortBindLocalAddr." 1381 ::= { natAddrPortBindEntry 1 } 1383 natAddrPortBindLocalAddr OBJECT-TYPE 1384 SYNTAX InetAddress 1385 MAX-ACCESS not-accessible 1386 STATUS deprecated 1387 DESCRIPTION 1388 "This object represents the private-realm specific 1389 network layer address which, in conjunction with 1390 natAddrPortBindLocalPort, maps to the public-realm 1391 network layer address and transport id represented by 1392 natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort 1393 respectively. 1395 The type of this address is determined by the value of 1396 the natAddrPortBindLocalAddrType object." 1397 ::= { natAddrPortBindEntry 2 } 1399 natAddrPortBindLocalPort OBJECT-TYPE 1400 SYNTAX InetPortNumber 1401 MAX-ACCESS not-accessible 1402 STATUS deprecated 1403 DESCRIPTION 1404 "For a protocol value TCP or UDP, this object represents 1405 the private-realm specific port number. On the other 1406 hand, for ICMP a bind is created only for query/response 1407 type ICMP messages such as ICMP echo, Timestamp, and 1408 Information request messages, and this object represents 1409 the private-realm specific identifier in the ICMP 1410 message, as defined in RFC 792 for ICMPv4 and in RFC 1411 2463 for ICMPv6. 1413 This object, together with natAddrPortBindProtocol, 1414 natAddrPortBindLocalAddrType, and 1415 natAddrPortBindLocalAddr, constitutes a session endpoint 1416 in the private realm. A bind entry binds a private 1417 realm specific endpoint to a public realm specific 1418 endpoint, as represented by the tuple of 1419 (natAddrPortBindGlobalPort, natAddrPortBindProtocol, 1420 natAddrPortBindGlobalAddrType, and 1421 natAddrPortBindGlobalAddr)." 1422 ::= { natAddrPortBindEntry 3 } 1424 natAddrPortBindProtocol OBJECT-TYPE 1425 SYNTAX NatProtocolType 1426 MAX-ACCESS not-accessible 1427 STATUS deprecated 1428 DESCRIPTION 1429 "This object specifies a protocol identifier. If the 1430 value of this object is none(1), then this bind entry 1431 applies to all IP traffic. Any other value of this 1432 object specifies the class of IP traffic to which this 1433 BIND applies." 1434 ::= { natAddrPortBindEntry 4 } 1436 natAddrPortBindGlobalAddrType OBJECT-TYPE 1437 SYNTAX InetAddressType 1438 MAX-ACCESS read-only 1439 STATUS deprecated 1440 DESCRIPTION 1441 "This object specifies the address type used for 1442 natAddrPortBindGlobalAddr." 1443 ::= { natAddrPortBindEntry 5 } 1445 natAddrPortBindGlobalAddr OBJECT-TYPE 1446 SYNTAX InetAddress 1447 MAX-ACCESS read-only 1448 STATUS deprecated 1449 DESCRIPTION 1450 "This object represents the public-realm specific network 1451 layer address that, in conjunction with 1452 natAddrPortBindGlobalPort, maps to the private-realm 1454 network layer address and transport id represented by 1455 natAddrPortBindLocalAddr and natAddrPortBindLocalPort, 1456 respectively. 1458 The type of this address is determined by the value of 1459 the natAddrPortBindGlobalAddrType object." 1460 ::= { natAddrPortBindEntry 6 } 1462 natAddrPortBindGlobalPort OBJECT-TYPE 1463 SYNTAX InetPortNumber 1464 MAX-ACCESS read-only 1465 STATUS deprecated 1466 DESCRIPTION 1467 "For a protocol value TCP or UDP, this object represents 1468 the public-realm specific port number. On the other 1469 hand, for ICMP a bind is created only for query/response 1470 type ICMP messages such as ICMP echo, Timestamp, and 1471 Information request messages, and this object represents 1472 the public-realm specific identifier in the ICMP 1473 message, as defined in RFC 792 for ICMPv4 and in RFC 1474 2463 for ICMPv6. 1476 This object, together with natAddrPortBindProtocol, 1477 natAddrPortBindGlobalAddrType, and 1478 natAddrPortBindGlobalAddr, constitutes a session 1479 endpoint in the public realm. A bind entry binds a 1480 public realm specific endpoint to a private realm 1481 specific endpoint, as represented by the tuple of 1482 (natAddrPortBindLocalPort, natAddrPortBindProtocol, 1483 natAddrPortBindLocalAddrType, and 1484 natAddrPortBindLocalAddr)." 1485 ::= { natAddrPortBindEntry 7 } 1487 natAddrPortBindId OBJECT-TYPE 1488 SYNTAX NatBindId 1489 MAX-ACCESS read-only 1490 STATUS deprecated 1491 DESCRIPTION 1492 "This object represents a bind id that is dynamically 1493 assigned to each bind by a NAT enabled device. Each 1494 bind is represented by a unique bind id across both 1495 the natAddrBindTable and the natAddrPortBindTable." 1496 ::= { natAddrPortBindEntry 8 } 1498 natAddrPortBindTranslationEntity OBJECT-TYPE 1499 SYNTAX NatTranslationEntity 1500 MAX-ACCESS read-only 1501 STATUS deprecated 1502 DESCRIPTION 1503 "This object represents the direction of sessions 1504 for which this bind is applicable and the entity 1505 (source or destination) within the sessions that is 1506 subject to translation with the BIND. 1508 Orientation of the bind can be a superset of the 1509 translationEntity of the address map entry that 1510 forms the basis for this bind. 1512 For example, if the translationEntity of an 1513 address map entry is outboundSrcEndPoint, the 1514 translationEntity of a bind derived from this 1515 map entry may either be outboundSrcEndPoint or 1516 may be bidirectional (a bitmask of 1517 outboundSrcEndPoint and inboundDstEndPoint)." 1518 ::= { natAddrPortBindEntry 9 } 1520 natAddrPortBindType OBJECT-TYPE 1521 SYNTAX NatAssociationType 1522 MAX-ACCESS read-only 1523 STATUS deprecated 1524 DESCRIPTION 1525 "This object indicates whether the bind is static or 1526 dynamic." 1527 ::= { natAddrPortBindEntry 10 } 1529 natAddrPortBindMapIndex OBJECT-TYPE 1530 SYNTAX NatAddrMapId 1531 MAX-ACCESS read-only 1532 STATUS deprecated 1533 DESCRIPTION 1534 "This object is a pointer to the natAddrMapTable entry 1535 (and the parameters of that entry) used in 1536 creating this BIND. This object, in conjunction with 1537 the ifIndex (which identifies a unique addrMapName), 1538 points to a unique entry in the natAddrMapTable." 1539 ::= { natAddrPortBindEntry 11 } 1541 natAddrPortBindSessions OBJECT-TYPE 1542 SYNTAX Gauge32 1543 MAX-ACCESS read-only 1544 STATUS deprecated 1545 DESCRIPTION 1546 "Number of sessions currently using this BIND." 1547 ::= { natAddrPortBindEntry 12 } 1549 natAddrPortBindMaxIdleTime OBJECT-TYPE 1550 SYNTAX TimeTicks 1551 MAX-ACCESS read-only 1552 STATUS deprecated 1554 DESCRIPTION 1555 "This object indicates the maximum time for 1556 which this bind can be idle without any sessions 1557 attached to it. 1558 The value of this object is of relevance 1559 only for dynamic NAT." 1560 ::= { natAddrPortBindEntry 13 } 1562 natAddrPortBindCurrentIdleTime OBJECT-TYPE 1563 SYNTAX TimeTicks 1564 MAX-ACCESS read-only 1565 STATUS deprecated 1566 DESCRIPTION 1567 "At any given instance, this object indicates the 1568 time that this bind has been idle without any sessions 1569 attached to it. 1571 The value of this object is of relevance 1572 only for dynamic NAT." 1573 ::= { natAddrPortBindEntry 14 } 1575 natAddrPortBindInTranslates OBJECT-TYPE 1576 SYNTAX Counter64 1577 MAX-ACCESS read-only 1578 STATUS deprecated 1579 DESCRIPTION 1580 "The number of inbound packets that were translated as 1581 per this bind entry. 1583 Discontinuities in the value of this counter can occur 1584 at reinitialization of the management system and at 1585 other times, as indicated by the value of 1586 ifCounterDiscontinuityTime on the relevant interface." 1587 ::= { natAddrPortBindEntry 15 } 1589 natAddrPortBindOutTranslates OBJECT-TYPE 1590 SYNTAX Counter64 1591 MAX-ACCESS read-only 1592 STATUS deprecated 1593 DESCRIPTION 1594 "The number of outbound packets that were translated as 1595 per this bind entry. 1597 Discontinuities in the value of this counter can occur 1598 at reinitialization of the management system and at 1599 other times, as indicated by the value of 1600 ifCounterDiscontinuityTime on the relevant interface." 1601 ::= { natAddrPortBindEntry 16 } 1603 -- 1604 -- The Session Table 1605 -- 1607 natSessionTable OBJECT-TYPE 1608 SYNTAX SEQUENCE OF NatSessionEntry 1609 MAX-ACCESS not-accessible 1610 STATUS deprecated 1611 DESCRIPTION 1612 "The (conceptual) table containing one entry for each 1613 NAT session currently active on this NAT device." 1614 ::= { natMIBObjects 9 } 1616 natSessionEntry OBJECT-TYPE 1617 SYNTAX NatSessionEntry 1618 MAX-ACCESS not-accessible 1619 STATUS deprecated 1620 DESCRIPTION 1621 "An entry (conceptual row) containing information 1622 about an active NAT session on this NAT device. 1623 These entries are lost upon agent restart." 1624 INDEX { ifIndex, natSessionIndex } 1625 ::= { natSessionTable 1 } 1627 NatSessionEntry ::= SEQUENCE { 1628 natSessionIndex NatSessionId, 1629 natSessionPrivateSrcEPBindId NatBindIdOrZero, 1630 natSessionPrivateSrcEPBindMode NatBindMode, 1631 natSessionPrivateDstEPBindId NatBindIdOrZero, 1632 natSessionPrivateDstEPBindMode NatBindMode, 1633 natSessionDirection INTEGER, 1634 natSessionUpTime TimeTicks, 1635 natSessionAddrMapIndex NatAddrMapId, 1636 natSessionProtocolType NatProtocolType, 1637 natSessionPrivateAddrType InetAddressType, 1638 natSessionPrivateSrcAddr InetAddress, 1639 natSessionPrivateSrcPort InetPortNumber, 1640 natSessionPrivateDstAddr InetAddress, 1641 natSessionPrivateDstPort InetPortNumber, 1642 natSessionPublicAddrType InetAddressType, 1643 natSessionPublicSrcAddr InetAddress, 1644 natSessionPublicSrcPort InetPortNumber, 1645 natSessionPublicDstAddr InetAddress, 1646 natSessionPublicDstPort InetPortNumber, 1647 natSessionMaxIdleTime TimeTicks, 1648 natSessionCurrentIdleTime TimeTicks, 1649 natSessionInTranslates Counter64, 1650 natSessionOutTranslates Counter64 1651 } 1653 natSessionIndex OBJECT-TYPE 1654 SYNTAX NatSessionId 1655 MAX-ACCESS not-accessible 1656 STATUS deprecated 1657 DESCRIPTION 1658 "The session ID for this NAT session." 1659 ::= { natSessionEntry 1 } 1661 natSessionPrivateSrcEPBindId OBJECT-TYPE 1662 SYNTAX NatBindIdOrZero 1663 MAX-ACCESS read-only 1664 STATUS deprecated 1665 DESCRIPTION 1666 "The bind id associated between private and public 1667 source end points. In the case of Symmetric-NAT, 1668 this should be set to zero." 1669 ::= { natSessionEntry 2 } 1671 natSessionPrivateSrcEPBindMode OBJECT-TYPE 1672 SYNTAX NatBindMode 1673 MAX-ACCESS read-only 1674 STATUS deprecated 1675 DESCRIPTION 1676 "This object indicates whether the bind indicated 1677 by the object natSessionPrivateSrcEPBindId 1678 is an address bind or an address port bind." 1680 ::= { natSessionEntry 3 } 1682 natSessionPrivateDstEPBindId OBJECT-TYPE 1683 SYNTAX NatBindIdOrZero 1684 MAX-ACCESS read-only 1685 STATUS deprecated 1686 DESCRIPTION 1687 "The bind id associated between private and public 1688 destination end points." 1689 ::= { natSessionEntry 4 } 1691 natSessionPrivateDstEPBindMode OBJECT-TYPE 1692 SYNTAX NatBindMode 1693 MAX-ACCESS read-only 1694 STATUS deprecated 1695 DESCRIPTION 1696 "This object indicates whether the bind indicated 1697 by the object natSessionPrivateDstEPBindId 1698 is an address bind or an address port bind." 1699 ::= { natSessionEntry 5 } 1701 natSessionDirection OBJECT-TYPE 1702 SYNTAX INTEGER { 1703 inbound (1), 1704 outbound (2) 1705 } 1707 MAX-ACCESS read-only 1708 STATUS deprecated 1709 DESCRIPTION 1710 "The direction of this session with respect to the 1711 local network. 'inbound' indicates that this session 1712 was initiated from the public network into the private 1713 network. 'outbound' indicates that this session was 1714 initiated from the private network into the public 1715 network." 1716 ::= { natSessionEntry 6 } 1718 natSessionUpTime OBJECT-TYPE 1719 SYNTAX TimeTicks 1720 MAX-ACCESS read-only 1721 STATUS deprecated 1722 DESCRIPTION 1723 "The up time of this session in one-hundredths of a 1724 second." 1725 ::= { natSessionEntry 7 } 1727 natSessionAddrMapIndex OBJECT-TYPE 1728 SYNTAX NatAddrMapId 1729 MAX-ACCESS read-only 1730 STATUS deprecated 1731 DESCRIPTION 1732 "This object is a pointer to the natAddrMapTable entry 1733 (and the parameters of that entry) used in 1734 creating this session. This object, in conjunction with 1735 the ifIndex (which identifies a unique addrMapName), 1736 points to a unique entry in the natAddrMapTable." 1737 ::= { natSessionEntry 8 } 1739 natSessionProtocolType OBJECT-TYPE 1740 SYNTAX NatProtocolType 1741 MAX-ACCESS read-only 1742 STATUS deprecated 1743 DESCRIPTION 1744 "The protocol type of this session." 1745 ::= { natSessionEntry 9 } 1747 natSessionPrivateAddrType OBJECT-TYPE 1748 SYNTAX InetAddressType 1749 MAX-ACCESS read-only 1750 STATUS deprecated 1751 DESCRIPTION 1752 "This object specifies the address type used for 1753 natSessionPrivateSrcAddr and natSessionPrivateDstAddr." 1754 ::= { natSessionEntry 10 } 1756 natSessionPrivateSrcAddr OBJECT-TYPE 1757 SYNTAX InetAddress 1758 MAX-ACCESS read-only 1759 STATUS deprecated 1760 DESCRIPTION 1761 "The source IP address of the session endpoint that 1762 lies in the private network. 1764 The value of this object must be zero only when the 1765 natSessionPrivateSrcEPBindId object has a zero value. 1766 When the value of this object is zero, the NAT session 1767 lookup will match any IP address to this field. 1769 The type of this address is determined by the value of 1770 the natSessionPrivateAddrType object." 1771 ::= { natSessionEntry 11 } 1773 natSessionPrivateSrcPort OBJECT-TYPE 1774 SYNTAX InetPortNumber 1775 MAX-ACCESS read-only 1776 STATUS deprecated 1777 DESCRIPTION 1778 "When the value of protocol is TCP or UDP, this object 1779 represents the source port in the first packet of 1780 session while in private-realm. On the other hand, when 1781 the protocol is ICMP, a NAT session is created only for 1782 query/response type ICMP messages such as ICMP echo, 1783 Timestamp, and Information request messages, and this 1784 object represents the private-realm specific identifier 1785 in the ICMP message, as defined in RFC 792 for ICMPv4 1786 and in RFC 2463 for ICMPv6. 1788 The value of this object must be zero when the 1789 natSessionPrivateSrcEPBindId object has zero value 1790 and value of natSessionPrivateSrcEPBindMode is 1791 addressPortBind(2). In such a case, the NAT session 1792 lookup will match any port number to this field. 1794 The value of this object must be zero when the object 1795 is not a representative field (SrcPort, DstPort, or 1796 ICMP identifier) of the session tuple in either the 1797 public realm or the private realm." 1798 ::= { natSessionEntry 12 } 1800 natSessionPrivateDstAddr OBJECT-TYPE 1801 SYNTAX InetAddress 1802 MAX-ACCESS read-only 1803 STATUS deprecated 1804 DESCRIPTION 1805 "The destination IP address of the session endpoint that 1806 lies in the private network. 1808 The value of this object must be zero when the 1809 natSessionPrivateDstEPBindId object has a zero value. 1810 In such a scenario, the NAT session lookup will match 1811 any IP address to this field. 1813 The type of this address is determined by the value of 1814 the natSessionPrivateAddrType object." 1815 ::= { natSessionEntry 13 } 1817 natSessionPrivateDstPort OBJECT-TYPE 1818 SYNTAX InetPortNumber 1819 MAX-ACCESS read-only 1820 STATUS deprecated 1821 DESCRIPTION 1822 "When the value of protocol is TCP or UDP, this object 1823 represents the destination port in the first packet 1824 of session while in private-realm. On the other hand, 1825 when the protocol is ICMP, this object is not relevant 1826 and should be set to zero. 1828 The value of this object must be zero when the 1829 natSessionPrivateDstEPBindId object has a zero 1830 value and natSessionPrivateDstEPBindMode is set to 1831 addressPortBind(2). In such a case, the NAT session 1832 lookup will match any port number to this field. 1834 The value of this object must be zero when the object 1835 is not a representative field (SrcPort, DstPort, or 1836 ICMP identifier) of the session tuple in either the 1837 public realm or the private realm." 1838 ::= { natSessionEntry 14 } 1840 natSessionPublicAddrType OBJECT-TYPE 1841 SYNTAX InetAddressType 1842 MAX-ACCESS read-only 1843 STATUS deprecated 1844 DESCRIPTION 1845 "This object specifies the address type used for 1846 natSessionPublicSrcAddr and natSessionPublicDstAddr." 1847 ::= { natSessionEntry 15 } 1849 natSessionPublicSrcAddr OBJECT-TYPE 1850 SYNTAX InetAddress 1851 MAX-ACCESS read-only 1852 STATUS deprecated 1853 DESCRIPTION 1854 "The source IP address of the session endpoint that 1855 lies in the public network. 1857 The value of this object must be zero when the 1858 natSessionPrivateSrcEPBindId object has a zero value. 1859 In such a scenario, the NAT session lookup will match 1860 any IP address to this field. 1862 The type of this address is determined by the value of 1863 the natSessionPublicAddrType object." 1864 ::= { natSessionEntry 16 } 1866 natSessionPublicSrcPort OBJECT-TYPE 1867 SYNTAX InetPortNumber 1868 MAX-ACCESS read-only 1869 STATUS deprecated 1870 DESCRIPTION 1871 "When the value of protocol is TCP or UDP, this object 1872 represents the source port in the first packet of 1873 session while in public-realm. On the other hand, when 1874 protocol is ICMP, a NAT session is created only for 1875 query/response type ICMP messages such as ICMP echo, 1876 Timestamp, and Information request messages, and this 1877 object represents the public-realm specific identifier 1878 in the ICMP message, as defined in RFC 792 for ICMPv4 1879 and in RFC 2463 for ICMPv6. 1881 The value of this object must be zero when the 1882 natSessionPrivateSrcEPBindId object has a zero value 1883 and natSessionPrivateSrcEPBindMode is set to 1884 addressPortBind(2). In such a scenario, the NAT 1885 session lookup will match any port number to this 1886 field. 1888 The value of this object must be zero when the object 1889 is not a representative field (SrcPort, DstPort or 1890 ICMP identifier) of the session tuple in either the 1891 public realm or the private realm." 1892 ::= { natSessionEntry 17 } 1894 natSessionPublicDstAddr OBJECT-TYPE 1895 SYNTAX InetAddress 1896 MAX-ACCESS read-only 1897 STATUS deprecated 1898 DESCRIPTION 1899 "The destination IP address of the session endpoint that 1900 lies in the public network. 1902 The value of this object must be non-zero when the 1903 natSessionPrivateDstEPBindId object has a non-zero 1904 value. If the value of this object and the 1905 corresponding natSessionPrivateDstEPBindId object value 1906 is zero, then the NAT session lookup will match any IP 1907 address to this field. 1909 The type of this address is determined by the value of 1910 the natSessionPublicAddrType object." 1911 ::= { natSessionEntry 18 } 1913 natSessionPublicDstPort OBJECT-TYPE 1914 SYNTAX InetPortNumber 1915 MAX-ACCESS read-only 1916 STATUS deprecated 1917 DESCRIPTION 1918 "When the value of protocol is TCP or UDP, this object 1919 represents the destination port in the first packet of 1920 session while in public-realm. On the other hand, when 1921 the protocol is ICMP, this object is not relevant for 1922 translation and should be zero. 1924 The value of this object must be zero when the 1925 natSessionPrivateDstEPBindId object has a zero value 1926 and natSessionPrivateDstEPBindMode is 1927 addressPortBind(2). In such a scenario, the NAT 1928 session lookup will match any port number to this 1929 field. 1931 The value of this object must be zero when the object 1932 is not a representative field (SrcPort, DstPort, or 1933 ICMP identifier) of the session tuple in either the 1934 public realm or the private realm." 1935 ::= { natSessionEntry 19 } 1937 natSessionMaxIdleTime OBJECT-TYPE 1938 SYNTAX TimeTicks 1939 MAX-ACCESS read-only 1940 STATUS deprecated 1941 DESCRIPTION 1942 "The max time for which this session can be idle 1943 without detecting a packet." 1944 ::= { natSessionEntry 20 } 1946 natSessionCurrentIdleTime OBJECT-TYPE 1947 SYNTAX TimeTicks 1948 MAX-ACCESS read-only 1949 STATUS deprecated 1950 DESCRIPTION 1951 "The time since a packet belonging to this session was 1952 last detected." 1953 ::= { natSessionEntry 21 } 1955 natSessionInTranslates OBJECT-TYPE 1956 SYNTAX Counter64 1957 MAX-ACCESS read-only 1958 STATUS deprecated 1959 DESCRIPTION 1960 "The number of inbound packets that were translated for 1961 this session. 1963 Discontinuities in the value of this counter can occur 1964 at reinitialization of the management system and at 1965 other times, as indicated by the value of 1966 ifCounterDiscontinuityTime on the relevant interface." 1967 ::= { natSessionEntry 22 } 1969 natSessionOutTranslates OBJECT-TYPE 1970 SYNTAX Counter64 1971 MAX-ACCESS read-only 1972 STATUS deprecated 1973 DESCRIPTION 1974 "The number of outbound packets that were translated for 1975 this session. 1977 Discontinuities in the value of this counter can occur 1978 at reinitialization of the management system and at 1979 other times, as indicated by the value of 1980 ifCounterDiscontinuityTime on the relevant interface." 1981 ::= { natSessionEntry 23 } 1983 -- 1984 -- The Protocol table 1985 -- 1987 natProtocolTable OBJECT-TYPE 1988 SYNTAX SEQUENCE OF NatProtocolEntry 1989 MAX-ACCESS not-accessible 1990 STATUS deprecated 1991 DESCRIPTION 1992 "The (conceptual) table containing per protocol NAT 1993 statistics." 1994 ::= { natMIBObjects 10 } 1996 natProtocolEntry OBJECT-TYPE 1997 SYNTAX NatProtocolEntry 1998 MAX-ACCESS not-accessible 1999 STATUS deprecated 2000 DESCRIPTION 2001 "An entry (conceptual row) containing NAT statistics 2002 pertaining to a particular protocol." 2003 INDEX { natProtocol } 2004 ::= { natProtocolTable 1 } 2006 NatProtocolEntry ::= SEQUENCE { 2007 natProtocol NatProtocolType, 2008 natProtocolInTranslates Counter64, 2009 natProtocolOutTranslates Counter64, 2010 natProtocolDiscards Counter64 2011 } 2013 natProtocol OBJECT-TYPE 2014 SYNTAX NatProtocolType 2015 MAX-ACCESS not-accessible 2016 STATUS deprecated 2017 DESCRIPTION 2018 "This object represents the protocol pertaining to which 2019 parameters are reported." 2020 ::= { natProtocolEntry 1 } 2022 natProtocolInTranslates OBJECT-TYPE 2023 SYNTAX Counter64 2024 MAX-ACCESS read-only 2025 STATUS deprecated 2026 DESCRIPTION 2027 "The number of inbound packets pertaining to the protocol 2028 identified by natProtocol that underwent NAT. 2030 Discontinuities in the value of this counter can occur 2031 at reinitialization of the management system and at 2032 other times, as indicated by the value of 2033 ifCounterDiscontinuityTime on the relevant interface." 2034 ::= { natProtocolEntry 2 } 2036 natProtocolOutTranslates OBJECT-TYPE 2037 SYNTAX Counter64 2038 MAX-ACCESS read-only 2039 STATUS deprecated 2040 DESCRIPTION 2041 "The number of outbound packets pertaining to the 2042 protocol identified by natProtocol that underwent NAT. 2044 Discontinuities in the value of this counter can occur 2045 at reinitialization of the management system and at 2046 other times, as indicated by the value of 2047 ifCounterDiscontinuityTime on the relevant interface." 2048 ::= { natProtocolEntry 3 } 2050 natProtocolDiscards OBJECT-TYPE 2051 SYNTAX Counter64 2052 MAX-ACCESS read-only 2053 STATUS deprecated 2054 DESCRIPTION 2055 "The number of packets pertaining to the protocol 2056 identified by natProtocol that had to be 2057 rejected/dropped due to lack of resources. These 2058 rejections could be due to session timeout, resource 2059 unavailability, lack of address space, etc. 2061 Discontinuities in the value of this counter can occur 2062 at reinitialization of the management system and at 2063 other times, as indicated by the value of 2064 ifCounterDiscontinuityTime on the relevant interface." 2066 ::= { natProtocolEntry 4 } 2068 -- 2069 -- Notifications section 2070 -- 2072 natMIBNotifications OBJECT IDENTIFIER ::= { natMIB 0 } 2074 -- 2075 -- Notifications 2076 -- 2078 natPacketDiscard NOTIFICATION-TYPE 2079 OBJECTS { ifIndex } 2080 STATUS deprecated 2081 DESCRIPTION 2082 "This notification is generated when IP packets are 2083 discarded by the NAT function; e.g., due to lack of 2084 mapping space when NAT is out of addresses or ports. 2086 Note that the generation of natPacketDiscard 2087 notifications is throttled by the agent, as specified 2088 by the 'natNotifThrottlingInterval' object." 2089 ::= { natMIBNotifications 1 } 2091 -- 2092 -- Conformance information. 2093 -- 2095 natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 } 2097 natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } 2098 natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } 2100 -- 2101 -- Units of conformance 2102 -- 2104 natConfigGroup OBJECT-GROUP 2105 OBJECTS { natInterfaceRealm, 2106 natInterfaceServiceType, 2107 natInterfaceStorageType, 2108 natInterfaceRowStatus, 2109 natAddrMapName, 2110 natAddrMapEntryType, 2111 natAddrMapTranslationEntity, 2112 natAddrMapLocalAddrType, 2113 natAddrMapLocalAddrFrom, 2114 natAddrMapLocalAddrTo, 2115 natAddrMapLocalPortFrom, 2116 natAddrMapLocalPortTo, 2117 natAddrMapGlobalAddrType, 2118 natAddrMapGlobalAddrFrom, 2119 natAddrMapGlobalAddrTo, 2120 natAddrMapGlobalPortFrom, 2121 natAddrMapGlobalPortTo, 2122 natAddrMapProtocol, 2123 natAddrMapStorageType, 2124 natAddrMapRowStatus, 2125 natBindDefIdleTimeout, 2126 natUdpDefIdleTimeout, 2127 natIcmpDefIdleTimeout, 2128 natOtherDefIdleTimeout, 2129 natTcpDefIdleTimeout, 2130 natTcpDefNegTimeout, 2131 natNotifThrottlingInterval } 2132 STATUS deprecated 2133 DESCRIPTION 2134 "A collection of configuration-related information 2135 required to support management of devices supporting 2136 NAT." 2137 ::= { natMIBGroups 1 } 2139 natTranslationGroup OBJECT-GROUP 2140 OBJECTS { natAddrBindNumberOfEntries, 2141 natAddrBindGlobalAddrType, 2142 natAddrBindGlobalAddr, 2143 natAddrBindId, 2144 natAddrBindTranslationEntity, 2145 natAddrBindType, 2146 natAddrBindMapIndex, 2147 natAddrBindSessions, 2148 natAddrBindMaxIdleTime, 2149 natAddrBindCurrentIdleTime, 2150 natAddrBindInTranslates, 2151 natAddrBindOutTranslates, 2152 natAddrPortBindNumberOfEntries, 2153 natAddrPortBindGlobalAddrType, 2154 natAddrPortBindGlobalAddr, 2155 natAddrPortBindGlobalPort, 2156 natAddrPortBindId, 2157 natAddrPortBindTranslationEntity, 2158 natAddrPortBindType, 2159 natAddrPortBindMapIndex, 2160 natAddrPortBindSessions, 2161 natAddrPortBindMaxIdleTime, 2162 natAddrPortBindCurrentIdleTime, 2163 natAddrPortBindInTranslates, 2164 natAddrPortBindOutTranslates, 2165 natSessionPrivateSrcEPBindId, 2166 natSessionPrivateSrcEPBindMode, 2167 natSessionPrivateDstEPBindId, 2168 natSessionPrivateDstEPBindMode, 2169 natSessionDirection, 2170 natSessionUpTime, 2171 natSessionAddrMapIndex, 2172 natSessionProtocolType, 2173 natSessionPrivateAddrType, 2174 natSessionPrivateSrcAddr, 2175 natSessionPrivateSrcPort, 2176 natSessionPrivateDstAddr, 2177 natSessionPrivateDstPort, 2178 natSessionPublicAddrType, 2179 natSessionPublicSrcAddr, 2180 natSessionPublicSrcPort, 2181 natSessionPublicDstAddr, 2182 natSessionPublicDstPort, 2183 natSessionMaxIdleTime, 2184 natSessionCurrentIdleTime, 2185 natSessionInTranslates, 2186 natSessionOutTranslates } 2187 STATUS deprecated 2189 DESCRIPTION 2190 "A collection of BIND-related objects required to support 2191 management of devices supporting NAT." 2192 ::= { natMIBGroups 2 } 2194 natStatsInterfaceGroup OBJECT-GROUP 2195 OBJECTS { natInterfaceInTranslates, 2196 natInterfaceOutTranslates, 2197 natInterfaceDiscards } 2198 STATUS deprecated 2199 DESCRIPTION 2200 "A collection of NAT statistics associated with the 2201 interface on which NAT is configured, to aid 2202 troubleshooting/monitoring of the NAT operation." 2203 ::= { natMIBGroups 3 } 2205 natStatsProtocolGroup OBJECT-GROUP 2206 OBJECTS { natProtocolInTranslates, 2207 natProtocolOutTranslates, 2208 natProtocolDiscards } 2209 STATUS deprecated 2210 DESCRIPTION 2211 "A collection of protocol specific NAT statistics, 2212 to aid troubleshooting/monitoring of NAT operation." 2213 ::= { natMIBGroups 4 } 2215 natStatsAddrMapGroup OBJECT-GROUP 2216 OBJECTS { natAddrMapInTranslates, 2217 natAddrMapOutTranslates, 2218 natAddrMapDiscards, 2219 natAddrMapAddrUsed } 2220 STATUS deprecated 2221 DESCRIPTION 2222 "A collection of address map specific NAT statistics, 2223 to aid troubleshooting/monitoring of NAT operation." 2224 ::= { natMIBGroups 5 } 2226 natMIBNotificationGroup NOTIFICATION-GROUP 2227 NOTIFICATIONS { natPacketDiscard } 2228 STATUS deprecated 2229 DESCRIPTION 2230 "A collection of notifications generated by 2231 devices supporting this MIB." 2232 ::= { natMIBGroups 6 } 2234 -- 2235 -- Compliance statements 2236 -- 2238 natMIBFullCompliance MODULE-COMPLIANCE 2239 STATUS deprecated 2240 DESCRIPTION 2241 "When this MIB is implemented with support for 2242 read-create, then such an implementation can claim 2243 full compliance. Such devices can then be both 2244 monitored and configured with this MIB. 2246 The following index objects cannot be added as OBJECT 2247 clauses but nevertheless have the compliance 2248 requirements: 2249 " 2250 -- OBJECT natAddrBindLocalAddrType 2251 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2252 -- DESCRIPTION 2253 -- "An implementation is required to support 2254 -- global IPv4 and/or IPv6 addresses, depending 2255 -- on its support for IPv4 and IPv6." 2257 -- OBJECT natAddrBindLocalAddr 2258 -- SYNTAX InetAddress (SIZE(4|16)) 2259 -- DESCRIPTION 2260 -- "An implementation is required to support 2261 -- global IPv4 and/or IPv6 addresses, depending 2262 -- on its support for IPv4 and IPv6." 2264 -- OBJECT natAddrPortBindLocalAddrType 2265 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2266 -- DESCRIPTION 2267 -- "An implementation is required to support 2268 -- global IPv4 and/or IPv6 addresses, depending 2269 -- on its support for IPv4 and IPv6." 2271 -- OBJECT natAddrPortBindLocalAddr 2272 -- SYNTAX InetAddress (SIZE(4|16)) 2273 -- DESCRIPTION 2274 -- "An implementation is required to support 2275 -- global IPv4 and/or IPv6 addresses, depending 2276 -- on its support for IPv4 and IPv6." 2278 MODULE IF-MIB -- The interfaces MIB, RFC2863 2279 MANDATORY-GROUPS { 2280 ifCounterDiscontinuityGroup 2281 } 2283 MODULE -- this module 2284 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2285 natStatsInterfaceGroup } 2287 GROUP natStatsProtocolGroup 2288 DESCRIPTION 2289 "This group is optional." 2290 GROUP natStatsAddrMapGroup 2291 DESCRIPTION 2292 "This group is optional." 2293 GROUP natMIBNotificationGroup 2294 DESCRIPTION 2295 "This group is optional." 2297 OBJECT natAddrMapLocalAddrType 2298 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2299 DESCRIPTION 2300 "An implementation is required to support global IPv4 2301 and/or IPv6 addresses, depending on its support 2302 for IPv4 and IPv6." 2304 OBJECT natAddrMapLocalAddrFrom 2305 SYNTAX InetAddress (SIZE(4|16)) 2306 DESCRIPTION 2307 "An implementation is required to support global IPv4 2308 and/or IPv6 addresses, depending on its support 2309 for IPv4 and IPv6." 2311 OBJECT natAddrMapLocalAddrTo 2312 SYNTAX InetAddress (SIZE(4|16)) 2313 DESCRIPTION 2314 "An implementation is required to support global IPv4 2315 and/or IPv6 addresses, depending on its support 2316 for IPv4 and IPv6." 2318 OBJECT natAddrMapGlobalAddrType 2319 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2320 DESCRIPTION 2321 "An implementation is required to support global IPv4 2322 and/or IPv6 addresses, depending on its support 2323 for IPv4 and IPv6." 2325 OBJECT natAddrMapGlobalAddrFrom 2326 SYNTAX InetAddress (SIZE(4|16)) 2327 DESCRIPTION 2328 "An implementation is required to support global IPv4 2329 and/or IPv6 addresses, depending on its support 2330 for IPv4 and IPv6." 2332 OBJECT natAddrMapGlobalAddrTo 2333 SYNTAX InetAddress (SIZE(4|16)) 2334 DESCRIPTION 2335 "An implementation is required to support global IPv4 2336 and/or IPv6 addresses, depending on its support 2337 for IPv4 and IPv6." 2339 OBJECT natAddrBindGlobalAddrType 2340 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2341 DESCRIPTION 2342 "An implementation is required to support global IPv4 2343 and/or IPv6 addresses, depending on its support 2344 for IPv4 and IPv6." 2346 OBJECT natAddrBindGlobalAddr 2347 SYNTAX InetAddress (SIZE(4|16)) 2348 DESCRIPTION 2349 "An implementation is required to support global IPv4 2350 and/or IPv6 addresses, depending on its support 2351 for IPv4 and IPv6." 2353 OBJECT natAddrPortBindGlobalAddrType 2354 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2355 DESCRIPTION 2356 "An implementation is required to support global IPv4 2357 and/or IPv6 addresses, depending on its support 2358 for IPv4 and IPv6." 2360 OBJECT natAddrPortBindGlobalAddr 2361 SYNTAX InetAddress (SIZE(4|16)) 2362 DESCRIPTION 2363 "An implementation is required to support global IPv4 2364 and/or IPv6 addresses, depending on its support 2365 for IPv4 and IPv6." 2367 OBJECT natSessionPrivateAddrType 2368 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2369 DESCRIPTION 2370 "An implementation is required to support global IPv4 2371 and/or IPv6 addresses, depending on its support 2372 for IPv4 and IPv6." 2374 OBJECT natSessionPrivateSrcAddr 2375 SYNTAX InetAddress (SIZE(4|16)) 2376 DESCRIPTION 2377 "An implementation is required to support global IPv4 2378 and/or IPv6 addresses, depending on its support 2379 for IPv4 and IPv6." 2381 OBJECT natSessionPrivateDstAddr 2382 SYNTAX InetAddress (SIZE(4|16)) 2383 DESCRIPTION 2384 "An implementation is required to support global IPv4 2385 and/or IPv6 addresses, depending on its support 2386 for IPv4 and IPv6." 2388 OBJECT natSessionPublicAddrType 2389 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2390 DESCRIPTION 2391 "An implementation is required to support global IPv4 2392 and/or IPv6 addresses, depending on its support 2393 for IPv4 and IPv6." 2395 OBJECT natSessionPublicSrcAddr 2396 SYNTAX InetAddress (SIZE(4|16)) 2397 DESCRIPTION 2398 "An implementation is required to support global IPv4 2399 and/or IPv6 addresses, depending on its support 2400 for IPv4 and IPv6." 2402 OBJECT natSessionPublicDstAddr 2403 SYNTAX InetAddress (SIZE(4|16)) 2404 DESCRIPTION 2405 "An implementation is required to support global IPv4 2406 and/or IPv6 addresses, depending on its support 2407 for IPv4 and IPv6." 2409 ::= { natMIBCompliances 1 } 2411 natMIBReadOnlyCompliance MODULE-COMPLIANCE 2412 STATUS deprecated 2413 DESCRIPTION 2414 "When this MIB is implemented without support for 2415 read-create (i.e., in read-only mode), then such an 2416 implementation can claim read-only compliance. 2417 Such a device can then be monitored but cannot be 2418 configured with this MIB. 2420 The following index objects cannot be added as OBJECT 2421 clauses but nevertheless have the compliance 2422 requirements: 2423 " 2424 -- OBJECT natAddrBindLocalAddrType 2425 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2426 -- DESCRIPTION 2427 -- "An implementation is required to support 2428 -- global IPv4 and/or IPv6 addresses, depending 2429 -- on its support for IPv4 and IPv6." 2431 -- OBJECT natAddrBindLocalAddr 2432 -- SYNTAX InetAddress (SIZE(4|16)) 2434 -- DESCRIPTION 2435 -- "An implementation is required to support 2436 -- global IPv4 and/or IPv6 addresses, depending 2437 -- on its support for IPv4 and IPv6." 2439 -- OBJECT natAddrPortBindLocalAddrType 2440 -- SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2441 -- DESCRIPTION 2442 -- "An implementation is required to support 2443 -- global IPv4 and/or IPv6 addresses, depending 2444 -- on its support for IPv4 and IPv6." 2445 -- OBJECT natAddrPortBindLocalAddr 2446 -- SYNTAX InetAddress (SIZE(4|16)) 2447 -- DESCRIPTION 2448 -- "An implementation is required to support 2449 -- global IPv4 and/or IPv6 addresses, depending 2450 -- on its support for IPv4 and IPv6." 2452 MODULE IF-MIB -- The interfaces MIB, RFC2863 2453 MANDATORY-GROUPS { 2454 ifCounterDiscontinuityGroup 2455 } 2457 MODULE -- this module 2458 MANDATORY-GROUPS { natConfigGroup, natTranslationGroup, 2459 natStatsInterfaceGroup } 2461 GROUP natStatsProtocolGroup 2462 DESCRIPTION 2463 "This group is optional." 2464 GROUP natStatsAddrMapGroup 2465 DESCRIPTION 2466 "This group is optional." 2467 GROUP natMIBNotificationGroup 2468 DESCRIPTION 2469 "This group is optional." 2470 OBJECT natInterfaceRowStatus 2471 SYNTAX RowStatus { active(1) } 2472 MIN-ACCESS read-only 2473 DESCRIPTION 2474 "Write access is not required, and active is the only 2475 status that needs to be supported." 2477 OBJECT natAddrMapLocalAddrType 2478 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2479 MIN-ACCESS read-only 2480 DESCRIPTION 2481 "Write access is not required. An implementation is 2482 required to support global IPv4 and/or IPv6 addresses, 2483 depending on its support for IPv4 and IPv6." 2485 OBJECT natAddrMapLocalAddrFrom 2486 SYNTAX InetAddress (SIZE(4|16)) 2487 MIN-ACCESS read-only 2488 DESCRIPTION 2489 "Write access is not required. An implementation is 2490 required to support global IPv4 and/or IPv6 addresses, 2491 depending on its support for IPv4 and IPv6." 2493 OBJECT natAddrMapLocalAddrTo 2494 SYNTAX InetAddress (SIZE(4|16)) 2495 MIN-ACCESS read-only 2496 DESCRIPTION 2497 "Write access is not required. An implementation is 2498 required to support global IPv4 and/or IPv6 addresses, 2499 depending on its support for IPv4 and IPv6." 2501 OBJECT natAddrMapGlobalAddrType 2502 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2503 MIN-ACCESS read-only 2504 DESCRIPTION 2505 "Write access is not required. An implementation is 2506 required to support global IPv4 and/or IPv6 addresses, 2507 depending on its support for IPv4 and IPv6." 2509 OBJECT natAddrMapGlobalAddrFrom 2510 SYNTAX InetAddress (SIZE(4|16)) 2511 MIN-ACCESS read-only 2512 DESCRIPTION 2513 "Write access is not required. An implementation is 2514 required to support global IPv4 and/or IPv6 addresses, 2515 depending on its support for IPv4 and IPv6." 2517 OBJECT natAddrMapGlobalAddrTo 2518 SYNTAX InetAddress (SIZE(4|16)) 2519 MIN-ACCESS read-only 2520 DESCRIPTION 2521 "Write access is not required. An implementation is 2522 required to support global IPv4 and/or IPv6 addresses, 2523 depending on its support for IPv4 and IPv6." 2525 OBJECT natAddrMapRowStatus 2526 SYNTAX RowStatus { active(1) } 2527 MIN-ACCESS read-only 2528 DESCRIPTION 2529 "Write access is not required, and active is the only 2530 status that needs to be supported." 2532 OBJECT natAddrBindGlobalAddrType 2533 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2534 DESCRIPTION 2535 "An implementation is required to support global IPv4 2536 and/or IPv6 addresses, depending on its support for 2537 IPv4 and IPv6." 2539 OBJECT natAddrBindGlobalAddr 2540 SYNTAX InetAddress (SIZE(4|16)) 2541 DESCRIPTION 2542 "An implementation is required to support global IPv4 2543 and/or IPv6 addresses, depending on its support for 2544 IPv4 and IPv6." 2546 OBJECT natAddrPortBindGlobalAddrType 2547 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2548 DESCRIPTION 2549 "An implementation is required to support global IPv4 2550 and/or IPv6 addresses, depending on its support for 2551 IPv4 and IPv6." 2553 OBJECT natAddrPortBindGlobalAddr 2554 SYNTAX InetAddress (SIZE(4|16)) 2555 DESCRIPTION 2556 "An implementation is required to support global IPv4 2557 and/or IPv6 addresses, depending on its support for 2558 IPv4 and IPv6." 2560 OBJECT natSessionPrivateAddrType 2561 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2562 DESCRIPTION 2563 "An implementation is required to support global IPv4 2564 and/or IPv6 addresses, depending on its support for 2565 IPv4 and IPv6." 2567 OBJECT natSessionPrivateSrcAddr 2568 SYNTAX InetAddress (SIZE(4|16)) 2569 DESCRIPTION 2570 "An implementation is required to support global IPv4 2571 and/or IPv6 addresses, depending on its support for 2572 IPv4 and IPv6." 2574 OBJECT natSessionPrivateDstAddr 2575 SYNTAX InetAddress (SIZE(4|16)) 2576 DESCRIPTION 2577 "An implementation is required to support global IPv4 2578 and/or IPv6 addresses, depending on its support for 2579 IPv4 and IPv6." 2581 OBJECT natSessionPublicAddrType 2582 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 2583 DESCRIPTION 2584 "An implementation is required to support global IPv4 2585 and/or IPv6 addresses, depending on its support for 2586 IPv4 and IPv6." 2588 OBJECT natSessionPublicSrcAddr 2589 SYNTAX InetAddress (SIZE(4|16)) 2590 DESCRIPTION 2591 "An implementation is required to support global IPv4 2592 and/or IPv6 addresses, depending on its support for 2593 IPv4 and IPv6." 2595 OBJECT natSessionPublicDstAddr 2596 SYNTAX InetAddress (SIZE(4|16)) 2597 DESCRIPTION 2598 "An implementation is required to support global IPv4 2599 and/or IPv6 addresses, depending on its support for 2600 IPv4 and IPv6." 2602 ::= { natMIBCompliances 2 } 2604 --=================================================================== 2605 -- END OF DEPRECATED OBJECTS. CURRENT OBJECTS FOLLOW. 2607 -- textual conventions 2609 ProtocolNumber ::= TEXTUAL-CONVENTION 2610 DISPLAY-HINT "d" 2611 STATUS current 2612 DESCRIPTION 2613 "A transport protocol number, from the 'protocol-numbers' 2614 IANA registry." 2615 SYNTAX Unsigned32 (0..255) 2617 NatPoolId ::= TEXTUAL-CONVENTION 2618 DISPLAY-HINT "d" 2619 STATUS current 2620 DESCRIPTION 2621 "A unique ID that is assigned to each pool." 2622 SYNTAX Unsigned32 (1..4294967295) 2624 NatBehaviorType ::= TEXTUAL-CONVENTION 2625 STATUS current 2626 DESCRIPTION 2627 "Behavior type as described in [RFC4787] sections 4.1 and 5." 2628 SYNTAX INTEGER { 2629 endpointIndependent (0), 2630 addressDependent (1), 2631 addressAndPortDependent (2) 2632 } 2634 NatPoolingType ::= TEXTUAL-CONVENTION 2635 STATUS current 2636 DESCRIPTION 2637 "Pooling type as described in [RFC4787] sections 4.1." 2639 SYNTAX INTEGER { 2640 arbitrary (0), 2641 paired (1) 2642 } 2644 -- notifications 2646 natNotifPoolWatermarkLow NOTIFICATION-TYPE 2647 OBJECTS { natPoolIndex } 2648 STATUS current 2649 DESCRIPTION 2650 "This notification is generated when the specified pool's 2651 number of free addresses becomes lower than or equal to the 2652 specified threshold. The threshold is specified by the 2653 natPoolWatermarkLow object" 2654 ::= { natMIBNotifications 2 } 2656 natNotifPoolWatermarkHigh NOTIFICATION-TYPE 2657 OBJECTS { natPoolIndex } 2658 STATUS current 2659 DESCRIPTION 2660 "This notification is generated when the specified pool's 2661 number of free addresses becomes greater than or equal to 2662 the specified threshold. The threshold is specified by the 2663 natPoolWatermarkHigh object" 2664 ::= { natMIBNotifications 3 } 2666 natNotifMappings NOTIFICATION-TYPE 2667 OBJECTS { natMappingCreations, natMappingRemovals } 2668 STATUS current 2669 DESCRIPTION 2670 "This notification is generated when the number of active 2671 mappings exceeds the value of natMappingsNotifyThreshold." 2672 ::= { natMIBNotifications 4 } 2674 natNotifAddrMappings NOTIFICATION-TYPE 2675 OBJECTS { natAddressMappings } 2676 STATUS current 2677 DESCRIPTION 2678 "This notification is generated when natAddressMappings 2679 exceeds the value of natAddrMapNotifyThreshold." 2680 ::= { natMIBNotifications 5 } 2682 natNotifSubscriberMappings NOTIFICATION-TYPE 2683 OBJECTS { natSubscriberMappingCreations, 2684 natSubscriberMappingRemovals } 2685 STATUS current 2686 DESCRIPTION 2687 "This notification is generated when the number of active 2688 mappings exceeds the value of natSubscriberMapNotifyThresh, 2689 unless natSubscriberMapNotifyThresh is zero.." 2690 ::= { natMIBNotifications 6 } 2692 -- counters 2694 natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 } 2696 natTranslations OBJECT-TYPE 2697 SYNTAX Counter64 2698 MAX-ACCESS read-only 2699 STATUS current 2700 DESCRIPTION 2701 "The number of packets translated." 2702 ::= { natCounters 1 } 2704 natOutOfPortErrors OBJECT-TYPE 2705 SYNTAX Counter64 2706 MAX-ACCESS read-only 2707 STATUS current 2708 DESCRIPTION 2709 "The number of packets not translated because no external 2710 port was available, excluding quota limitations." 2711 ::= { natCounters 2 } 2713 natResourceErrors OBJECT-TYPE 2714 SYNTAX Counter64 2715 MAX-ACCESS read-only 2716 STATUS current 2717 DESCRIPTION 2718 "The number of packets not translated because of resource 2719 constraints (excluding out-of-ports condition)." 2720 ::= { natCounters 3 } 2722 natQuotaDrops OBJECT-TYPE 2723 SYNTAX Counter64 2724 MAX-ACCESS read-only 2725 STATUS current 2726 DESCRIPTION 2727 "The number of incoming packets not translated because of 2728 quota limitations. Quotas include absolute limits as well 2729 as limits on rate of allocation." 2730 ::= { natCounters 4 } 2732 natMappingCreations OBJECT-TYPE 2733 SYNTAX Counter64 2734 MAX-ACCESS read-only 2735 STATUS current 2736 DESCRIPTION 2737 "Number of mapping creations. This includes static mappings." 2738 ::= { natCounters 5 } 2740 natMappingRemovals OBJECT-TYPE 2741 SYNTAX Counter64 2742 MAX-ACCESS read-only 2743 STATUS current 2744 DESCRIPTION 2745 "Number of mapping removals. This includes static mappings." 2746 ::= { natCounters 6 } 2748 natAddressMappingCreations OBJECT-TYPE 2749 SYNTAX Counter64 2750 MAX-ACCESS read-only 2751 STATUS current 2752 DESCRIPTION 2753 "Number of address mapping creations. This includes static 2754 mappings." 2755 ::= { natCounters 7 } 2757 natAddressMappingRemovals OBJECT-TYPE 2758 SYNTAX Counter64 2759 MAX-ACCESS read-only 2760 STATUS current 2761 DESCRIPTION 2762 "Number of address mapping removals. This includes static 2763 mappings. 2765 The number of active mappings is equal to 2766 natAddressMappingCreations - natAddressMappingRemovals." 2767 ::= { natCounters 8 } 2769 natProtocolTable OBJECT-TYPE 2770 SYNTAX SEQUENCE OF NatProtocolEntry 2771 MAX-ACCESS not-accessible 2772 STATUS current 2773 DESCRIPTION 2774 "Table of protocols with per-protocol counters." 2775 ::= { natCounters 128 } 2777 natProtocolEntry OBJECT-TYPE 2778 SYNTAX NatProtocolEntry 2779 MAX-ACCESS not-accessible 2780 STATUS current 2781 DESCRIPTION 2782 "Per-protocol counters." 2783 INDEX { natProtocolNumber } 2784 ::= { natProtocolTable 1 } 2786 NatProtocolEntry ::= 2787 SEQUENCE { 2788 natProtocolNumber ProtocolNumber, 2789 natProtocolTranslations Counter64, 2790 natProtocolOutOfPortErrors Counter64, 2791 natProtocolResourceErrors Counter64, 2792 natProtocolQuotaDrops Counter64, 2793 natProtocolMappingCreations Counter64, 2794 natProtocolMappingRemovals Counter64 2795 } 2797 natProtocolNumber OBJECT-TYPE 2798 SYNTAX ProtocolNumber 2799 MAX-ACCESS not-accessible 2800 STATUS current 2801 DESCRIPTION 2802 "Counters in this conceptual row apply to packets using the 2803 transport protocol identified by this object's value." 2804 ::= { natProtocolEntry 1 } 2806 natProtocolTranslations OBJECT-TYPE 2807 SYNTAX Counter64 2808 MAX-ACCESS read-only 2809 STATUS current 2810 DESCRIPTION 2811 "The number of packets translated." 2812 ::= { natProtocolEntry 2 } 2814 natProtocolOutOfPortErrors OBJECT-TYPE 2815 SYNTAX Counter64 2816 MAX-ACCESS read-only 2817 STATUS current 2818 DESCRIPTION 2819 "The number of packets not translated because no external 2820 port was available." 2821 ::= { natProtocolEntry 3 } 2823 natProtocolResourceErrors OBJECT-TYPE 2824 SYNTAX Counter64 2825 MAX-ACCESS read-only 2826 STATUS current 2827 DESCRIPTION 2828 "The number of packets not translated because of resource 2829 constraints (excluding out-of-ports condition)." 2830 ::= { natProtocolEntry 4 } 2832 natProtocolQuotaDrops OBJECT-TYPE 2833 SYNTAX Counter64 2834 MAX-ACCESS read-only 2835 STATUS current 2836 DESCRIPTION 2837 "The number of incoming packets not translated because of 2838 exceeded quotas. Quotas include absolute limits as well as 2839 limits on rate of allocation." 2840 ::= { natProtocolEntry 5 } 2842 natProtocolMappingCreations OBJECT-TYPE 2843 SYNTAX Counter64 2844 MAX-ACCESS read-only 2845 STATUS current 2846 DESCRIPTION 2847 "Number of mapping creations. This includes static mappings." 2848 ::= { natProtocolEntry 6 } 2850 natProtocolMappingRemovals OBJECT-TYPE 2851 SYNTAX Counter64 2852 MAX-ACCESS read-only 2853 STATUS current 2854 DESCRIPTION 2855 "Number of mapping removals. This includes static mappings. 2857 The number of active mappings is equal to 2858 natProtocolMappingCreations - natProtocolMappingRemovals." 2859 ::= { natProtocolEntry 7 } 2861 -- limits 2863 natLimits OBJECT IDENTIFIER ::= { natMIBObjects 12 } 2865 natLimitMappings OBJECT-TYPE 2866 SYNTAX Unsigned32 2867 MAX-ACCESS read-write 2868 STATUS current 2869 DESCRIPTION 2870 "Global limit on the total number of mappings. Zero means 2871 unlimited." 2872 ::= { natLimits 1 } 2874 natMappingsNotifyThreshold OBJECT-TYPE 2875 SYNTAX Unsigned32 2876 MAX-ACCESS read-write 2877 STATUS current 2878 DESCRIPTION 2879 "See natNotifMappings." 2880 ::= { natLimits 2 } 2882 natLimitAddressMappings OBJECT-TYPE 2883 SYNTAX Unsigned32 2884 MAX-ACCESS read-write 2885 STATUS current 2886 DESCRIPTION 2887 "Global limit on the total number of internal-to-external 2888 address mappings. Zero means unlimited. 2890 This limit is only applicable to NATs that have an 'IP 2891 address pooling' behavior of 'Paired' [RFC4787]." 2892 ::= { natLimits 3 } 2894 natAddrMapNotifyThreshold OBJECT-TYPE 2895 SYNTAX Unsigned32 2896 MAX-ACCESS read-write 2897 STATUS current 2898 DESCRIPTION 2899 "See natNotifAddrMappings." 2900 ::= { natLimits 4 } 2902 natLimitFragments OBJECT-TYPE 2903 SYNTAX Unsigned32 2904 MAX-ACCESS read-write 2905 STATUS current 2906 DESCRIPTION 2907 "Global limit on the total number of fragments pending 2908 reassembly. Zero means unlimited. 2910 This limit is only applicable to NATs having 'Receive 2911 Fragments Out of Order' behavior [RFC4787]." 2912 ::= { natLimits 5 } 2914 natLimitSubscribers OBJECT-TYPE 2915 SYNTAX Unsigned32 2916 MAX-ACCESS read-write 2917 STATUS current 2918 DESCRIPTION 2919 "Global limit on the number of subscribers with active 2920 mappings. Zero means unlimited." 2921 ::= { natLimits 6 } 2923 -- pools 2925 natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 } 2927 natPoolTable OBJECT-TYPE 2928 SYNTAX SEQUENCE OF NatPoolEntry 2929 MAX-ACCESS not-accessible 2930 STATUS current 2931 DESCRIPTION 2932 "Table of pools." 2933 ::= { natPoolObjects 1 } 2935 natPoolEntry OBJECT-TYPE 2936 SYNTAX NatPoolEntry 2937 MAX-ACCESS not-accessible 2938 STATUS current 2939 DESCRIPTION 2940 "Entry in the table of pools." 2941 INDEX { natPoolIndex } 2942 ::= { natPoolTable 1 } 2944 NatPoolEntry ::= 2945 SEQUENCE { 2946 natPoolIndex NatPoolId, 2947 natPoolRealm SnmpAdminString, 2948 natPoolUsage Integer32, 2949 natPoolWatermarkLow Integer32, 2950 natPoolWatermarkHigh Integer32, 2951 natPoolPortMin InetPortNumber, 2952 natPoolPortMax InetPortNumber 2953 } 2955 natPoolIndex OBJECT-TYPE 2956 SYNTAX NatPoolId 2957 MAX-ACCESS read-only 2958 STATUS current 2959 DESCRIPTION 2960 "Index of an address pool." 2961 ::= { natPoolEntry 1 } 2963 natPoolRealm OBJECT-TYPE 2964 SYNTAX SnmpAdminString (SIZE (0..32)) 2965 MAX-ACCESS read-only 2966 STATUS current 2967 DESCRIPTION 2968 "Realm to which this pool's addresses belong." 2969 ::= { natPoolEntry 2 } 2971 natPoolUsage OBJECT-TYPE 2972 SYNTAX Integer32 (0..100) 2973 MAX-ACCESS read-only 2974 STATUS current 2975 DESCRIPTION 2976 "Percentage of the pool's total number of external ports 2977 currently mapped." 2978 ::= { natPoolEntry 3 } 2980 natPoolWatermarkLow OBJECT-TYPE 2981 SYNTAX Integer32 (-1|0..100) 2982 MAX-ACCESS read-create 2983 STATUS current 2984 DESCRIPTION 2985 "Low watermark on a pool's usage, in percentage of the total 2986 number of ports available. If set to -1, the watermark is 2987 disabled. Otherwise when natPoolUsage becomes lower than or 2988 equal to natPoolWatermarkLow, a notification is sent. The 2989 NAT may also start behaving in low usage mode (this is 2990 implementation-defined)." 2991 ::= { natPoolEntry 4 } 2993 natPoolWatermarkHigh OBJECT-TYPE 2994 SYNTAX Integer32 (-1|0..100) 2995 MAX-ACCESS read-create 2996 STATUS current 2997 DESCRIPTION 2998 "High watermark on a pool's usage, in percentage of the total 2999 number of ports available. If set to -1, the watermark is 3000 disabled. Otherwise, when natPoolUsage becomes higher than 3001 or equal to natPoolWatermarkHigh, a notification is sent. 3002 The NAT may also start behaving in high usage mode (this is 3003 implementation-defined)." 3004 ::= { natPoolEntry 5 } 3006 natPoolPortMin OBJECT-TYPE 3007 SYNTAX InetPortNumber 3008 MAX-ACCESS read-create 3009 STATUS current 3010 DESCRIPTION 3011 "Minimal port number to be allocated in this pool." 3012 ::= { natPoolEntry 6 } 3014 natPoolPortMax OBJECT-TYPE 3015 SYNTAX InetPortNumber 3016 MAX-ACCESS read-create 3017 STATUS current 3018 DESCRIPTION 3019 "Maximal port number to be allocated in this pool." 3020 ::= { natPoolEntry 7 } 3022 natPoolRangeTable OBJECT-TYPE 3023 SYNTAX SEQUENCE OF NatPoolRangeEntry 3024 MAX-ACCESS not-accessible 3025 STATUS current 3026 DESCRIPTION 3027 "This table contains address ranges used by pool entries." 3028 ::= { natPoolObjects 2 } 3030 natPoolRangeEntry OBJECT-TYPE 3031 SYNTAX NatPoolRangeEntry 3032 MAX-ACCESS not-accessible 3033 STATUS current 3034 DESCRIPTION 3035 "NAT pool address range." 3036 INDEX { natPoolRangeType, 3037 natPoolRangeBegin } 3038 ::= { natPoolRangeTable 1 } 3040 NatPoolRangeEntry ::= 3041 SEQUENCE { 3042 natPoolRangePoolIndex NatPoolId, 3043 natPoolRangeType InetAddressType, 3044 natPoolRangeBegin InetAddress, 3045 natPoolRangeEnd InetAddress, 3046 natPoolRangeAllocatedPorts Gauge32 3047 } 3049 natPoolRangePoolIndex OBJECT-TYPE 3050 SYNTAX NatPoolId 3051 MAX-ACCESS read-only 3052 STATUS current 3053 DESCRIPTION 3054 "Index of the address pool to which this address range 3055 belongs. See natPoolIndex." 3056 ::= { natPoolRangeEntry 1 } 3058 natPoolRangeType OBJECT-TYPE 3059 SYNTAX InetAddressType 3060 MAX-ACCESS not-accessible 3061 STATUS current 3062 DESCRIPTION 3063 "The address type of natPoolRangeBegin and 3064 natPoolRangeEnd." 3065 ::= { natPoolRangeEntry 2 } 3067 natPoolRangeBegin OBJECT-TYPE 3068 SYNTAX InetAddress (SIZE (4|16)) 3069 MAX-ACCESS not-accessible 3070 STATUS current 3071 DESCRIPTION 3072 "Lowest address included in this range." 3073 ::= { natPoolRangeEntry 3 } 3075 natPoolRangeEnd OBJECT-TYPE 3076 SYNTAX InetAddress (SIZE (4|16)) 3077 MAX-ACCESS read-only 3078 STATUS current 3079 DESCRIPTION 3080 "Highest address included in this range." 3081 ::= { natPoolRangeEntry 4 } 3083 natPoolRangeAllocatedPorts OBJECT-TYPE 3084 SYNTAX Gauge32 3085 MAX-ACCESS read-only 3086 STATUS current 3087 DESCRIPTION 3088 "Number of ports currently allocated on the addresses in this 3089 range." 3090 ::= { natPoolRangeEntry 5 } 3092 -- indexed mapping tables 3094 natMapObjects OBJECT IDENTIFIER ::= { natMIBObjects 14 } 3096 natMapIntAddrTable OBJECT-TYPE 3097 SYNTAX SEQUENCE OF NatMapIntAddrEntry 3098 MAX-ACCESS not-accessible 3099 STATUS current 3100 DESCRIPTION 3101 "Table of mappings from internal to external address. 3103 This table is only applicable to NATs that have an 'IP 3104 address pooling' behavior of 'Paired' [RFC4787]." 3105 ::= { natMapObjects 1 } 3107 natMapIntAddrEntry OBJECT-TYPE 3108 SYNTAX NatMapIntAddrEntry 3109 MAX-ACCESS not-accessible 3110 STATUS current 3111 DESCRIPTION 3112 "Mapping from internal to external address." 3113 INDEX { natMapIntAddrIntRealm, 3114 natMapIntAddrType, 3115 natMapIntAddrInt } 3116 ::= { natMapIntAddrTable 1 } 3118 NatMapIntAddrEntry ::= 3119 SEQUENCE { 3120 natMapIntAddrIntRealm SnmpAdminString, 3121 natMapIntAddrExtRealm SnmpAdminString, 3122 natMapIntAddrType InetAddressType, 3123 natMapIntAddrInt InetAddress, 3124 natMapIntAddrExt InetAddress 3125 } 3127 natMapIntAddrIntRealm OBJECT-TYPE 3128 SYNTAX SnmpAdminString (SIZE(0..32)) 3129 MAX-ACCESS not-accessible 3130 STATUS current 3131 DESCRIPTION 3132 "Realm to which natMapIntAddrInt belongs." 3133 ::= { natMapIntAddrEntry 1 } 3135 natMapIntAddrExtRealm OBJECT-TYPE 3136 SYNTAX SnmpAdminString 3137 MAX-ACCESS read-only 3138 STATUS current 3139 DESCRIPTION 3140 "Realm to which natMapIntAddrExt belongs." 3141 ::= { natMapIntAddrEntry 2 } 3143 natMapIntAddrType OBJECT-TYPE 3144 SYNTAX InetAddressType 3145 MAX-ACCESS not-accessible 3146 STATUS current 3147 DESCRIPTION 3148 "Address type for natMapIntAddrInt and natMapIntAddrExt." 3149 ::= { natMapIntAddrEntry 3 } 3151 natMapIntAddrInt OBJECT-TYPE 3152 SYNTAX InetAddress (SIZE (4|16)) 3153 MAX-ACCESS not-accessible 3154 STATUS current 3155 DESCRIPTION 3156 "Internal address." 3157 ::= { natMapIntAddrEntry 4 } 3159 natMapIntAddrExt OBJECT-TYPE 3160 SYNTAX InetAddress 3161 MAX-ACCESS read-only 3162 STATUS current 3163 DESCRIPTION 3164 "External address." 3165 ::= { natMapIntAddrEntry 5 } 3167 natMappingTable OBJECT-TYPE 3168 SYNTAX SEQUENCE OF NatMappingTableEntry 3169 MAX-ACCESS not-accessible 3170 STATUS current 3171 DESCRIPTION 3172 "Table of mappings indexed by external 3-tuple." 3173 ::= { natMapObjects 2 } 3175 natMappingTableEntry OBJECT-TYPE 3176 SYNTAX NatMappingTableEntry 3177 MAX-ACCESS not-accessible 3178 STATUS current 3179 DESCRIPTION 3180 "A single NAT mapping." 3181 INDEX { natMappingProto, 3182 natMappingExtRealm, 3183 natMappingExtAddressType, 3184 natMappingExtAddress, 3185 natMappingExtPort } 3186 ::= { natMappingTable 1 } 3188 NatMappingTableEntry ::= 3189 SEQUENCE { 3190 natMappingProto ProtocolNumber, 3191 natMappingExtRealm SnmpAdminString, 3192 natMappingExtAddressType InetAddressType, 3193 natMappingExtAddress InetAddress, 3194 natMappingExtPort InetPortNumber, 3195 natMappingIntRealm SnmpAdminString, 3196 natMappingIntAddressType InetAddressType, 3197 natMappingIntAddress InetAddress, 3198 natMappingIntPort InetPortNumber, 3199 natMappingPool NatPoolId, 3200 natMappingMapBehavior NatBehaviorType, 3201 natMappingFilterBehavior NatBehaviorType, 3202 natMappingAddressPooling NatPoolingType 3203 } 3205 natMappingProto OBJECT-TYPE 3206 SYNTAX ProtocolNumber 3207 MAX-ACCESS not-accessible 3208 STATUS current 3209 DESCRIPTION 3210 "The mapping's transport protocol number." 3211 ::= { natMappingTableEntry 1 } 3213 natMappingExtRealm OBJECT-TYPE 3214 SYNTAX SnmpAdminString (SIZE(0..32)) 3215 MAX-ACCESS not-accessible 3216 STATUS current 3217 DESCRIPTION 3218 "The realm to which natMappingExtAddress belongs." 3219 ::= { natMappingTableEntry 2 } 3221 natMappingExtAddressType OBJECT-TYPE 3222 SYNTAX InetAddressType 3223 MAX-ACCESS not-accessible 3224 STATUS current 3225 DESCRIPTION 3226 "Type of the mapping's external address." 3227 ::= { natMappingTableEntry 3 } 3229 natMappingExtAddress OBJECT-TYPE 3230 SYNTAX InetAddress (SIZE (4|16)) 3231 MAX-ACCESS not-accessible 3232 STATUS current 3233 DESCRIPTION 3234 "The mapping's external address. If this is the undefined 3235 address, all external addresses are mapped to the internal 3236 address." 3237 ::= { natMappingTableEntry 4 } 3239 natMappingExtPort OBJECT-TYPE 3240 SYNTAX InetPortNumber 3241 MAX-ACCESS not-accessible 3242 STATUS current 3243 DESCRIPTION 3244 "The mapping's external port number. If this is zero, all 3245 external ports are mapped to the internal port." 3246 ::= { natMappingTableEntry 5 } 3248 natMappingIntRealm OBJECT-TYPE 3249 SYNTAX SnmpAdminString 3250 MAX-ACCESS read-only 3251 STATUS current 3252 DESCRIPTION 3253 "The realm to which natMappingIntAddress belongs." 3254 ::= { natMappingTableEntry 6 } 3256 natMappingIntAddressType OBJECT-TYPE 3257 SYNTAX InetAddressType 3258 MAX-ACCESS read-only 3259 STATUS current 3260 DESCRIPTION 3261 "Type of the mapping's internal address." 3262 ::= { natMappingTableEntry 7 } 3264 natMappingIntAddress OBJECT-TYPE 3265 SYNTAX InetAddress 3266 MAX-ACCESS read-only 3267 STATUS current 3268 DESCRIPTION 3269 "The mapping's internal address. If this is the undefined 3270 address, addresses are not translated." 3271 ::= { natMappingTableEntry 8 } 3273 natMappingIntPort OBJECT-TYPE 3274 SYNTAX InetPortNumber 3275 MAX-ACCESS read-only 3276 STATUS current 3277 DESCRIPTION 3278 "The mapping's internal port number. If this is zero, ports 3279 are not translated." 3280 ::= { natMappingTableEntry 9 } 3282 natMappingPool OBJECT-TYPE 3283 SYNTAX Unsigned32 3284 MAX-ACCESS read-only 3285 STATUS current 3286 DESCRIPTION 3287 "Index of the pool that contains this mapping's external 3288 address and port. If zero, no pool is associated with this 3289 mapping." 3290 ::= { natMappingTableEntry 10 } 3292 natMappingMapBehavior OBJECT-TYPE 3293 SYNTAX NatBehaviorType 3294 MAX-ACCESS read-only 3295 STATUS current 3296 DESCRIPTION 3297 "Mapping behavior as described in [RFC4787] section 4.1." 3298 ::= { natMappingTableEntry 11 } 3300 natMappingFilterBehavior OBJECT-TYPE 3301 SYNTAX NatBehaviorType 3302 MAX-ACCESS read-only 3303 STATUS current 3304 DESCRIPTION 3305 "Filtering behavior as described in [RFC4787] section 5." 3307 ::= { natMappingTableEntry 12 } 3309 natMappingAddressPooling OBJECT-TYPE 3310 SYNTAX NatPoolingType 3311 MAX-ACCESS read-only 3312 STATUS current 3313 DESCRIPTION 3314 "Type of address pooling behavior that was used to create 3315 this mapping." 3316 ::= { natMappingTableEntry 13 } 3318 -- subscribers 3320 natSubscribers OBJECT IDENTIFIER ::= { natMIBObjects 15 } 3322 natSubscribersTable OBJECT-TYPE 3323 SYNTAX SEQUENCE OF NatSubscribersTableEntry 3324 MAX-ACCESS not-accessible 3325 STATUS current 3326 DESCRIPTION 3327 "Table of CGN subscribers." 3328 ::= { natSubscribers 1 } 3330 natSubscribersTableEntry OBJECT-TYPE 3331 SYNTAX NatSubscribersTableEntry 3332 MAX-ACCESS not-accessible 3333 STATUS current 3334 DESCRIPTION 3335 "Each entry describes a single CGN subscriber." 3336 INDEX { natSubscriberIdentifierType, 3337 natSubscriberIdentifier } 3338 ::= { natSubscribersTable 1 } 3340 NatSubscribersTableEntry ::= 3341 SEQUENCE { 3342 natSubscriberIdentifierType InetAddressType, 3343 natSubscriberIdentifier InetAddress, 3344 natSubscriberIntPrefixType InetAddressType, 3345 natSubscriberIntPrefix InetAddress, 3346 natSubscriberIntPrefixLength InetAddressPrefixLength, 3347 natSubscriberPool NatPoolId, 3348 natSubscriberTranslations Counter64, 3349 natSubscriberOutOfPortErrors Counter64, 3350 natSubscriberResourceErrors Counter64, 3351 natSubscriberQuotaDrops Counter64, 3352 natSubscriberMappingCreations Counter64, 3353 natSubscriberMappingRemovals Counter64, 3354 natSubscriberLimitMappings Unsigned32, 3355 natSubscriberMapNotifyThresh Unsigned32 3356 } 3358 natSubscriberIdentifierType OBJECT-TYPE 3359 SYNTAX InetAddressType 3360 MAX-ACCESS not-accessible 3361 STATUS current 3362 DESCRIPTION 3363 "Address type of the subscriber identifier." 3364 ::= { natSubscribersTableEntry 1 } 3366 natSubscriberIdentifier OBJECT-TYPE 3367 SYNTAX InetAddress (SIZE (4|16)) 3368 MAX-ACCESS not-accessible 3369 STATUS current 3370 DESCRIPTION 3371 "Address used for uniquely identifying the subscriber. 3373 In traditional NAT, this is the internal address assigned to 3374 the CPE. In case an address range is assigned to a 3375 subscriber, the first address in the range is used as 3376 identifier. For tunnelled connectivity (e.g., DS-Lite 3377 [RFC6333]), the outer address is used as identifier (i.e., 3378 the IPv6 address in the case of DS-Lite)." 3379 ::= { natSubscribersTableEntry 2 } 3381 natSubscriberIntPrefixType OBJECT-TYPE 3382 SYNTAX InetAddressType 3383 MAX-ACCESS read-only 3384 STATUS current 3385 DESCRIPTION 3386 "Subscriber's internal prefix type." 3387 ::= { natSubscribersTableEntry 3 } 3389 natSubscriberIntPrefix OBJECT-TYPE 3390 SYNTAX InetAddress 3391 MAX-ACCESS read-only 3392 STATUS current 3393 DESCRIPTION 3394 "Prefix assigned to a subscriber's CPE." 3395 ::= { natSubscribersTableEntry 4 } 3397 natSubscriberIntPrefixLength OBJECT-TYPE 3398 SYNTAX InetAddressPrefixLength 3399 MAX-ACCESS read-only 3400 STATUS current 3401 DESCRIPTION 3402 "Length of the prefix assigned to a subscriber's CPE, in 3403 bits. In case a single address is assigned, this will be 32 3404 for IPv4 and 128 for IPv6." 3405 ::= { natSubscribersTableEntry 5 } 3407 natSubscriberPool OBJECT-TYPE 3408 SYNTAX NatPoolId 3409 MAX-ACCESS read-only 3410 STATUS current 3411 DESCRIPTION 3412 "External address pool to which this subscriber belongs." 3413 ::= { natSubscribersTableEntry 6 } 3415 natSubscriberTranslations OBJECT-TYPE 3416 SYNTAX Counter64 3417 MAX-ACCESS read-only 3418 STATUS current 3419 DESCRIPTION 3420 "The number of translated packets received from or sent to 3421 this subscriber." 3422 ::= { natSubscribersTableEntry 7 } 3424 natSubscriberOutOfPortErrors OBJECT-TYPE 3425 SYNTAX Counter64 3426 MAX-ACCESS read-only 3427 STATUS current 3428 DESCRIPTION 3429 "The number of packets received from this subscriber not 3430 translated because no external port was available, excluding 3431 quota limitations." 3432 ::= { natSubscribersTableEntry 8 } 3434 natSubscriberResourceErrors OBJECT-TYPE 3435 SYNTAX Counter64 3436 MAX-ACCESS read-only 3437 STATUS current 3438 DESCRIPTION 3439 "The number of packets received from this subscriber not 3440 translated because of resource constraints (excluding 3441 out-of-ports condition)." 3442 ::= { natSubscribersTableEntry 9 } 3444 natSubscriberQuotaDrops OBJECT-TYPE 3445 SYNTAX Counter64 3446 MAX-ACCESS read-only 3447 STATUS current 3448 DESCRIPTION 3449 "The number of incoming packets received from or destined to 3450 this subscriber not translated because of quota limitations. 3452 Quotas include absolute limits as well as limits on the rate 3453 of allocation." 3454 ::= { natSubscribersTableEntry 10 } 3456 natSubscriberMappingCreations OBJECT-TYPE 3457 SYNTAX Counter64 3458 MAX-ACCESS read-only 3459 STATUS current 3460 DESCRIPTION 3461 "Number of mappings created by or for this subscriber." 3462 ::= { natSubscribersTableEntry 11 } 3464 natSubscriberMappingRemovals OBJECT-TYPE 3465 SYNTAX Counter64 3466 MAX-ACCESS read-only 3467 STATUS current 3468 DESCRIPTION 3469 "Number of mappings removed by or for this subscriber." 3470 ::= { natSubscribersTableEntry 12 } 3472 natSubscriberLimitMappings OBJECT-TYPE 3473 SYNTAX Unsigned32 3474 MAX-ACCESS read-write 3475 STATUS current 3476 DESCRIPTION 3477 "Limit on the number of active mappings created by or for 3478 this subscriber. Zero means unlimited." 3479 ::= { natSubscribersTableEntry 13 } 3481 natSubscriberMapNotifyThresh OBJECT-TYPE 3482 SYNTAX Unsigned32 3483 MAX-ACCESS read-write 3484 STATUS current 3485 DESCRIPTION 3486 "See natNotifSubscriberMappings." 3487 ::= { natSubscribersTableEntry 14 } 3489 -- object groups 3491 natGroupBasicObjects OBJECT-GROUP 3492 OBJECTS { natTranslations, 3493 natOutOfPortErrors, 3494 natResourceErrors, 3495 natQuotaDrops, 3496 natMappingCreations, 3497 natMappingRemovals, 3498 natProtocolTranslations , 3499 natProtocolOutOfPortErrors, 3500 natProtocolResourceErrors, 3501 natProtocolQuotaDrops, 3502 natProtocolMappingCreations, 3503 natProtocolMappingRemovals, 3504 natLimitMappings, 3505 natMappingsNotifyThreshold, 3506 natPoolIndex, 3507 natPoolRealm, 3508 natPoolUsage, 3509 natPoolWatermarkLow, 3510 natPoolWatermarkHigh, 3511 natPoolPortMin, 3512 natPoolPortMax, 3513 natPoolRangePoolIndex, 3514 natPoolRangeEnd, 3515 natPoolRangeAllocatedPorts, 3516 natMappingIntRealm, 3517 natMappingIntAddressType, 3518 natMappingIntAddress, 3519 natMappingIntPort, 3520 natMappingPool, 3521 natMappingMapBehavior, 3522 natMappingFilterBehavior, 3523 natMappingAddressPooling } 3524 STATUS current 3525 DESCRIPTION 3526 "Basic counters, limits, and thresholds." 3527 ::= { natMIBGroups 7 } 3529 natGroupAddrMapObjects OBJECT-GROUP 3530 OBJECTS { natAddressMappings, 3531 natAddressMappingCreations, 3532 natAddressMappingRemovals, 3533 natLimitAddressMappings, 3534 natAddrMapNotifyThreshold, 3535 natMapIntAddrExtRealm, 3536 natMapIntAddrExt } 3537 STATUS current 3538 DESCRIPTION 3539 "Objects that require 'Paired IP address pooling' behavior 3540 [RFC4787]." 3541 ::= { natMIBGroups 8 } 3543 natGroupFragmentObjects OBJECT-GROUP 3544 OBJECTS { natLimitFragments } 3545 STATUS current 3546 DESCRIPTION 3547 "Objects that require 'Receive Fragments Out of Order' 3548 behavior [RFC4787]." 3549 ::= { natMIBGroups 9 } 3551 natGroupBasicNotifications NOTIFICATION-GROUP 3552 NOTIFICATIONS { natNotifPoolWatermarkLow, 3553 natNotifPoolWatermarkHigh, 3554 natNotifMappings } 3555 STATUS current 3556 DESCRIPTION 3557 "Basic notifications." 3558 ::= { natMIBGroups 11 } 3560 natGroupAddrMapNotifications NOTIFICATION-GROUP 3561 NOTIFICATIONS { natNotifAddrMappings } 3562 STATUS current 3563 DESCRIPTION 3564 "Notifications about address mappings." 3565 ::= { natMIBGroups 12 } 3567 natGroupSubscriberObjects OBJECT-GROUP 3568 OBJECTS { natSubscriberIntPrefixType, 3569 natSubscriberIntPrefix, 3570 natSubscriberIntPrefixLength, 3571 natSubscriberPool, 3572 natSubscriberTranslations, 3573 natSubscriberOutOfPortErrors, 3574 natSubscriberResourceErrors, 3575 natSubscriberQuotaDrops, 3576 natSubscriberMappingCreations, 3577 natSubscriberMappingRemovals, 3578 natSubscriberLimitMappings, 3579 natLimitSubscribers, 3580 natSubscriberMapNotifyThresh } 3581 STATUS current 3582 DESCRIPTION 3583 "Per-subscriber counters, limits, and thresholds." 3584 ::= { natMIBGroups 13 } 3586 natGroupSubscriberNotifications NOTIFICATION-GROUP 3587 NOTIFICATIONS { natNotifSubscriberMappings } 3588 STATUS current 3589 DESCRIPTION 3590 "Subscriber notifications." 3591 ::= { natMIBGroups 14 } 3593 -- compliance statements 3594 natBasicCompliance MODULE-COMPLIANCE 3595 STATUS current 3596 DESCRIPTION 3597 "Basic compliance with this MIB is attained when the objects 3598 contained in the mandatory groups are implemented." 3599 MODULE -- this module 3600 MANDATORY-GROUPS { natGroupBasicObjects, 3601 natGroupBasicNotifications } 3602 ::= { natMIBCompliances 3 } 3604 natAddrMapCompliance MODULE-COMPLIANCE 3605 STATUS current 3606 DESCRIPTION 3607 "NATs that have 'Paired IP address pooling' behavior 3608 [RFC4787] and implement the objects in this group can claim 3609 this level of compliance." 3610 MODULE -- this module 3611 MANDATORY-GROUPS { natGroupBasicObjects, 3612 natGroupBasicNotifications, 3613 natGroupAddrMapObjects, 3614 natGroupAddrMapNotifications } 3615 ::= { natMIBCompliances 4 } 3617 natFragmentsCompliance MODULE-COMPLIANCE 3618 STATUS current 3619 DESCRIPTION 3620 "NATs that have 'Receive Fragments Out of Order' behavior 3621 [RFC4787] and implement the objects in this group can claim 3622 this level of compliance." 3623 MODULE -- this module 3624 MANDATORY-GROUPS { natGroupBasicObjects, 3625 natGroupBasicNotifications, 3626 natGroupFragmentObjects } 3627 ::= { natMIBCompliances 5 } 3629 natCGNCompliance MODULE-COMPLIANCE 3630 STATUS current 3631 DESCRIPTION 3632 "NATs that have 'Paired IP address pooling' and 'Receive 3633 Fragments Out of Order' behavior [RFC4787] and implement the 3634 objects in this group can claim this level of compliance. 3636 This level of compliance is to be expected of a CGN 3637 compliant with [RFC6888]." 3638 MODULE -- this module 3639 MANDATORY-GROUPS { natGroupBasicObjects, 3640 natGroupBasicNotifications, 3641 natGroupAddrMapObjects, 3642 natGroupAddrMapNotifications, 3643 natGroupFragmentObjects, 3644 natGroupSubscriberObjects, 3645 natGroupSubscriberNotifications } 3646 ::= { natMIBCompliances 6 } 3648 END 3650 5. Security Considerations 3652 There are a number of management objects defined in this MIB module 3653 with a MAX-ACCESS clause of read-write and/or read-create. Such 3654 objects may be considered sensitive or vulnerable in some network 3655 environments. The support for SET operations in a non-secure 3656 environment without proper protection can have a negative effect on 3657 network operations. These are the tables and objects and their 3658 sensitivity/vulnerability: 3660 Limits: An attacker setting a very low or very high limit can easily 3661 cause a denial-of-service situation. 3663 * natLimitMappings 3665 * natLimitAddressMappings 3667 * natLimitFragments 3669 * natLimitSubscribers 3671 * natSubscriberLimitMappings 3673 Notification thresholds: An attacker setting an arbitrarily low 3674 treshold can cause many useless notifications to be generated. 3675 Setting an arbitrarily high threshold can effectively disable 3676 notifications, which could be used to hide another attack. 3678 * natMappingsNotifyThreshold 3680 * natAddrMapNotifyThreshold 3682 * natSubscriberMapNotifyThresh 3684 Some of the readable objects in this MIB module (i.e., objects with a 3685 MAX-ACCESS other than not-accessible) may be considered sensitive or 3686 vulnerable in some network environments. It is thus important to 3687 control even GET and/or NOTIFY access to these objects and possibly 3688 to even encrypt the values of these objects when sending them over 3689 the network via SNMP. These are the tables and objects and their 3690 sensitivity/vulnerability: 3692 Objects that reveal host identities: Various objects can reveal the 3693 identity of private hosts that are engaged in a session with 3694 external end nodes. A curious outsider could monitor these to 3695 assess the number of private hosts being supported by the NAT 3696 device. Further, a disgruntled former employee of an enterprise 3697 could use the information to break into specific private hosts by 3698 intercepting the existing sessions or originating new sessions 3699 into the host. 3701 * natMapIntAddrType 3703 * natMapIntAddrInt 3705 * natMapIntAddrExt 3707 * natMappingIntRealm 3709 * natMappingIntAddressType 3711 * natMappingIntAddress 3713 * natMappingIntPort 3715 * natMappingMapBehavior 3717 * natMappingFilterBehavior 3719 * natMappingAddressPooling 3721 * natSubscriberIntPrefixType 3723 * natSubscriberIntPrefix 3725 * natSubscriberIntPrefixLength 3727 Other objects that reveal NAT state: Other managed objects in this 3728 MIB may contain information that may be sensitive from a business 3729 perspective, in that they may represent NAT state information. 3731 * natCntAddressMappings 3733 * natCntProtocolMappings 3735 * natPoolUsage 3736 * natPoolRangeAllocatedPorts 3738 * natSubscriberCntMappings 3740 There are no objects that are sensitive in their own right, such as 3741 passwords or monetary amounts. 3743 SNMP versions prior to SNMPv3 did not include adequate security. 3744 Even if the network itself is secure (for example by using IPsec), 3745 there is no control as to who on the secure network is allowed to 3746 access and GET/SET (read/change/create/delete) the objects in this 3747 MIB module. 3749 Implementations SHOULD provide the security features described by the 3750 SNMPv3 framework (see [RFC3410]), and implementations claiming 3751 compliance to the SNMPv3 standard MUST include full support for 3752 authentication and privacy via the User-based Security Model (USM) 3753 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 3754 MAY also provide support for the Transport Security Model (TSM) 3755 [RFC5591] in combination with a secure transport such as SSH 3756 [RFC5592] or TLS/DTLS [RFC6353]. 3758 Further, deployment of SNMP versions prior to SNMPv3 is NOT 3759 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 3760 enable cryptographic security. It is then a customer/operator 3761 responsibility to ensure that the SNMP entity giving access to an 3762 instance of this MIB module is properly configured to give access to 3763 the objects only to those principals (users) that have legitimate 3764 rights to indeed GET or SET (change/create/delete) them. 3766 6. IANA Considerations 3768 IANA has assigned object identifier 123 to the natMIB module, with 3769 prefix iso.org.dod.internet.mgmt.mib-2 in the Network Management 3770 Parameters registry [SMI-NUMBERS]. 3772 No IANA actions are required by this document. 3774 7. References 3776 7.1. Normative References 3778 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 3779 Requirement Levels", BCP 14, RFC 2119, March 1997. 3781 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3782 Schoenwaelder, Ed., "Structure of Management Information 3783 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 3785 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 3786 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 3787 58, RFC 2579, April 1999. 3789 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 3790 "Conformance Statements for SMIv2", STD 58, RFC 2580, 3791 April 1999. 3793 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 3794 (USM) for version 3 of the Simple Network Management 3795 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 3797 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 3798 Advanced Encryption Standard (AES) Cipher Algorithm in the 3799 SNMP User-based Security Model", RFC 3826, June 2004. 3801 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 3802 Schoenwaelder, "Textual Conventions for Internet Network 3803 Addresses", RFC 4001, February 2005. 3805 [RFC4750] Joyal, D., Galecki, P., Giacalone, S., Coltun, R., and F. 3806 Baker, "OSPF Version 2 Management Information Base", RFC 3807 4750, December 2006. 3809 [RFC4787] Audet, F. and C. Jennings, "Network Address Translation 3810 (NAT) Behavioral Requirements for Unicast UDP", BCP 127, 3811 RFC 4787, January 2007. 3813 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 3814 for the Simple Network Management Protocol (SNMP)", RFC 3815 5591, June 2009. 3817 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 3818 Shell Transport Model for the Simple Network Management 3819 Protocol (SNMP)", RFC 5592, June 2009. 3821 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 3822 Model for the Simple Network Management Protocol (SNMP)", 3823 RFC 6353, July 2011. 3825 7.2. Informative References 3827 [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address 3828 Translator (NAT) Terminology and Considerations", RFC 3829 2663, August 1999. 3831 [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network 3832 Address Translator (Traditional NAT)", RFC 3022, January 3833 2001. 3835 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 3836 "Introduction and Applicability Statements for Internet- 3837 Standard Management Framework", RFC 3410, December 2002. 3839 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and 3840 C. Wang, "Definitions of Managed Objects for Network 3841 Address Translators (NAT)", RFC 4008, March 2005. 3843 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 3844 Stack Lite Broadband Deployments Following IPv4 3845 Exhaustion", RFC 6333, August 2011. 3847 [RFC6888] Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A., 3848 and H. Ashida, "Common Requirements for Carrier-Grade NATs 3849 (CGNs)", BCP 127, RFC 6888, April 2013. 3851 [SMI-NUMBERS] 3852 , "Network Management Parameters registry at IANA", , 3853 . 3855 Authors' Addresses 3857 Simon Perreault 3858 Viagenie 3859 246 Aberdeen 3860 Quebec, QC G1R 2E1 3861 Canada 3863 Phone: +1 418 656 9254 3864 Email: simon.perreault@viagenie.ca 3865 URI: http://viagenie.ca 3867 Tina Tsou 3868 Huawei Technologies (USA) 3869 2330 Central Expressway 3870 Santa Clara, CA 95050 3871 USA 3873 Phone: +1 408 330 4424 3874 Email: tina.tsou.zouting@huawei.com 3875 Senthil Sivakumar 3876 Cisco Systems 3877 7100-8 Kit Creek Road 3878 Research Triangle Park, North Carolina 27709 3879 USA 3881 Phone: +1 919 392 5158 3882 Email: ssenthil@cisco.com